======================================
Sat, 10 Jan 2026 - Debian 12.13 released
======================================
=========================================================================
[Date: Sat, 10 Jan 2026 11:18:02 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

libclamav11 | 1.0.9+dfsg-1~deb12u1 | amd64, arm64, armhf, i386, ppc64el, s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by clamav)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 11:18:25 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

libclamunrar11 | 1.0.3-1~deb12u1 | amd64, arm64, armhf, i386, ppc64el, s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by libclamunrar)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 10:55:43 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

    pagure | 5.11.3+dfsg-2.1 | source, all
 pagure-ci | 5.11.3+dfsg-2.1 | all
pagure-doc | 5.11.3+dfsg-2.1 | all
pagure-ev-server | 5.11.3+dfsg-2.1 | all
pagure-loadjson | 5.11.3+dfsg-2.1 | all
pagure-logcom | 5.11.3+dfsg-2.1 | all
pagure-milters | 5.11.3+dfsg-2.1 | all
pagure-mirror | 5.11.3+dfsg-2.1 | all
pagure-webhook | 5.11.3+dfsg-2.1 | all
Closed bugs: 1118671

------------------- Reason -------------------
RoST; broken, security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 10:55:56 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

libc-icap-mod-virus-scan | 1:0.5.5-2+b1 | armel, mips64el, mipsel
Closed bugs: 1124691

------------------- Reason -------------------
RoSRM; NBS; depends on to-be-removed clamav
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 10:56:09 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

postgresql-15-snakeoil |   1.3-4+b1 | armel, mips64el, mipsel
Closed bugs: 1124692

------------------- Reason -------------------
RoSRM; depends on to-be-removed clamav
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 10:56:21 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

libclamunrar11 | 1.0.3-1~deb12u1 | armel, mips64el, mipsel
Closed bugs: 1124701

------------------- Reason -------------------
RoSRM; depends on to-be-removed clamav
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 10:56:31 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

  clamsmtp |  1.10-17.2 | armel, mips64el, mipsel
Closed bugs: 1124705

------------------- Reason -------------------
RoSRM; depends on to-be-removed clamav
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Jan 2026 11:00:32 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

    clamav | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
clamav-daemon | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
clamav-freshclam | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
clamav-milter | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
 clamdscan | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
libclamav-dev | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
libclamav11 | 1.0.9+dfsg-1~deb12u1 | armel, mips64el, mipsel
Closed bugs: 1124689

------------------- Reason -------------------
RoSRM; no longer supportable on architectures without current Rust
----------------------------------------------
=========================================================================

allow-html-temp (10.0.8-1~deb12u1) bookworm; urgency=medium
 .
   [ Mechtilde ]
   * [d894bae] Rebased to new upstream version 10.0.8
   * [385a188] Added d/dpb.conf to use debian-package-scripts
allow-html-temp (10.0.7-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [acc0078] New upstream version 10.0.7
   * [1eecb0d] Bumped standard version - no changes needed
   * [1812b91] Bumped usable version of thunderbird
allow-html-temp (10.0.6-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [1e0a456] New upstream version 10.0.6
   * [136335b] Bumped max. version for thunderbird
allow-html-temp (10.0.5-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [80b13e6] New upstream version 10.0.5
allow-html-temp (10.0.4-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [9600c16] New upstream version 10.0.4
   * [6fbc1c4] Added Link to a.t.n
   * [dfdd43f] Bumped year of copyright
   * [f18e5c4] Bumped standard version - no changes needed
   * [50fede0] Bumped to recent thunderbird esr version
   * [1bf6b7b] Improved d/watch
   * [c6b36d3] Fixed version number in d/control

angular.js (1.8.3-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Move to js team umbrella
   * Fix CVE-2022-25844 (Closes: #1014779)
     A Regular Expression Denial of Service vulnerability (ReDoS)
     was found by providing a custom locale rule that makes
     it possible to assign the parameter in posPre: ' '.repeat()
     of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
   * Fix CVE-2023-26116 (Closes: #1036694)
     A Regular Expression Denial of Service (ReDoS) was found
     via the angular.copy() utility function due to the usage
     of an insecure regular expression.
   * Fix CVE-2023-26117:
     A Regular Expression Denial of Service (ReDoS) was found
     via the $resource service due to the usage of an insecure
     regular expression.
   * Fix CVE-2023-26118:
     A Regular Expression Denial of Service (ReDoS) was found
     via the <input type="url"> element due to the usage of an
     insecure regular expression in the input[url] functionality.
     Exploiting this vulnerability is possible by a large
     carefully-crafted input, which can result in catastrophic
     backtracking.
   * Fix CVE-2024-8372: (Closes: #1088804)
     Improper sanitization of the value of the 'srcset'
     attribute in AngularJS allows attackers to bypass
     common image source restrictions, which can also
     lead to a form of Content Spoofing
   * Fix CVE-2024-8373: (Closes: #1088805)
     Improper sanitization of the value of the [srcset]
     attribute in <source> HTML elements in AngularJS allows
     attackers to bypass common image source restrictions,
     which can also lead to a form of Content Spoofing
   * Fix CVE-2024-21490:
     A regular expression used to split
     the value of the ng-srcset directive is vulnerable to
     super-linear runtime due to backtracking. With large
     carefully-crafted input, this can result in catastrophic
     backtracking and cause a denial of service.
   * Fix CVE-2025-0716: (Closes: #1104485)
     Improper sanitization of the value of the 'href'
     and 'xlink:href' attributes in '<image>' SVG elements
     in AngularJS allows attackers to bypass common image
     source restrictions. This can lead to a form of
     Content Spoofing .
   * Fix CVE-2025-2336:
     An improper sanitization vulnerability has been identified
     in ngSanitize module, which allows attackers to bypass
     common image source restrictions normally
     applied to image elements. This bypass can further lead to a form of
     Content Spoofing. Similarly, the application's performance and behavior
     could be negatively affected by using too large or slow-to-load images.

apache2 (2.4.66-1~deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098,
     CVE-2025-59775, CVE-2025-65082, CVE-2025-66200)
   * Update test framework
apache2 (2.4.65-3) unstable; urgency=medium
 .
   * Change default LANG in envvars from C to C.UTF-8
     (Closes: #787584)
   * systemd service apache2 is aliased to httpd
     (Closes: #915855)
   * document a2* environment files in man page
     (Closes: #880421)
   * Failing test in its test suite
     (Closes: #1107289, LP: #2112429)
   * Restart on-abnormal instead of on-abort
     (Closes: #1106280)
   * Allow triggers to use maintscript helper to restart apache
     (LP: #2038912)
apache2 (2.4.65-2) unstable; urgency=high
 .
   * Fix SSLProtocol has a duplicate "all"
     (Closes: #1109839)
   * Warn about misconfigured load balancer following fix of
     CVE-2025-23048.
apache2 (2.4.65-1) unstable; urgency=medium
 .
   * New upstream version 2.4.65 (Closes: CVE-2025-54090)
   * Unfuzz patch

ark (4:22.12.3-1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-57966 (Closes: #1106104)

base-files (12.4+deb12u13) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.13, for Debian 12.13 point release.

bind9 (1:9.18.41-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 9.18.41
    - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid
      DNSKEY is found
    - [CVE-2025-40778]: Address various spoofing attacks.
    - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number
      generator

btrfs-progs (6.2-1+deb12u2) bookworm; urgency=medium
 .
   * Acknowledge NMU.
   * Cherry pick upstream commit:cba1ef1 "btrfs-progs: dev stats: fix printing
     wrong values in tabular output" because this bug hides file and/or
     metadata corruption that requires sysadmin action; That action is `btrfs
     scrub`, which repairs the bad data (when there is a 2nd copy ie: raid1
     profile).  If a 2nd copy is not available then the necessity of having to
     restore corrupted files from backup (in profile=single) will no longer be
     hidden.  Thanks to Craig Hesling for reporting the bug and identifying the
     commit of the fix (Closes: #1116278).
   * Update the Maintainer field, because Adam Borowski is no longer
     maintaining this package in Debian.

c-icap-modules (1:0.5.5-2+deb12u1) bookworm; urgency=medium
 .
   * Disable clamav support on armel, mipsel and mips64el. See #1123789 for
     details.

calibre (6.13.0+repack-2+deb12u5) bookworm; urgency=medium
 .
   * Fix CVE-2025-64486

chromium (143.0.7499.169-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous.
     - CVE-2025-14766: Out of bounds read and write in V8.
       Reported by Shaheen Fazim.
   * d/rules: change (google-specific) upstream tarball url.
 .
   [ Daniel Richard G. ]
   * d/patches/debianization/cross-build.patch: Update changes to the protoc
     wrapper to cover additional cases of non-emulated Python execution.
chromium (143.0.7499.109-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-????-?????: Under coordination.
     - CVE-2025-14372: Use after free in Password Manager.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2025-14373: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
 .
   [ Jianfeng Liu ]
   * set use_av1_hw_decoder=true for arm64 and add build dep
     linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1
     decoder found on some arm SoCs.
   * d/patches:
     - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue
       https://crbug.com/464638992. This patch is backported from v145
       and will fix green frame issue when playing av1 video on RK3588.
     - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch:
       fix FTBFS on ppc64el related to conflicting kernel_stat patches.
chromium (143.0.7499.109-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-????-?????: Under coordination.
     - CVE-2025-14372: Use after free in Password Manager.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2025-14373: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
 .
   [ Jianfeng Liu ]
   * set use_av1_hw_decoder=true for arm64 and add build dep
     linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1
     decoder found on some arm SoCs.
   * d/patches:
     - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue
       https://crbug.com/464638992. This patch is backported from v145
       and will fix green frame issue when playing av1 video on RK3588.
     - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch:
       fix FTBFS on ppc64el related to conflicting kernel_stat patches.
chromium (143.0.7499.109-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-????-?????: Under coordination.
     - CVE-2025-14372: Use after free in Password Manager.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2025-14373: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
chromium (143.0.7499.40-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
 .
   [ Jianfeng Liu ]
   * Add loong64 support, with patches in d/patches/loongarch64/.
chromium (143.0.7499.40-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
     - trixie/rust-is-multiple-of.patch: add more workarounds for missing
       rustc features.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
 .
   [ Jianfeng Liu ]
   * Add loong64 support, with patches in d/patches/loongarch64/.
chromium (143.0.7499.40-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
     - trixie/rust-is-multiple-of.patch: add more workarounds for missing
       rustc features.
     - bookworm/constexpr.patch: Refresh (source file moved).
     - bookworm/gn-absl.patch: Refresh.
     - bookworm/gn-path-exists2.patch: Refresh.
     - bookworm/rust-unsafe-extern.patch: add workaround for older rust code
       convention generated by bookworm's version of rust-bindgen.
     - bookworm/node-esm-dirname.patch: add workaround for older node 18.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
chromium (142.0.7444.175-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13223: Type Confusion in V8.
       Reported by Clément Lecigne of Google's Threat Analysis Group.
     - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep.
chromium (142.0.7444.175-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13223: Type Confusion in V8.
       Reported by Clément Lecigne of Google's Threat Analysis Group.
     - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep.
chromium (142.0.7444.175-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13223: Type Confusion in V8.
       Reported by Clément Lecigne of Google's Threat Analysis Group.
     - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep.
chromium (142.0.7444.162-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13042: Inappropriate implementation in V8.
       Reported by 303f06e3.
chromium (142.0.7444.162-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13042: Inappropriate implementation in V8.
       Reported by 303f06e3.
chromium (142.0.7444.162-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-13042: Inappropriate implementation in V8.
       Reported by 303f06e3.
chromium (142.0.7444.134-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous.
     - CVE-2025-12726: Inappropriate implementation in Views.
       Reported by Alesandro Ortiz.
     - CVE-2025-12727: Inappropriate implementation in V8.
       Reported by 303f06e3.
     - CVE-2025-12728: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-12729: Inappropriate implementation in Omnibox.
       Reported by Khalil Zhani.
chromium (142.0.7444.134-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous.
     - CVE-2025-12726: Inappropriate implementation in Views.
       Reported by Alesandro Ortiz.
     - CVE-2025-12727: Inappropriate implementation in V8.
       Reported by 303f06e3.
     - CVE-2025-12728: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-12729: Inappropriate implementation in Omnibox.
       Reported by Khalil Zhani.
chromium (142.0.7444.134-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous.
     - CVE-2025-12726: Inappropriate implementation in Views.
       Reported by Alesandro Ortiz.
     - CVE-2025-12727: Inappropriate implementation in V8.
       Reported by 303f06e3.
     - CVE-2025-12728: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-12729: Inappropriate implementation in Omnibox.
       Reported by Khalil Zhani.
chromium (142.0.7444.59-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - trixie/rust-no-alloc-shim.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
chromium (142.0.7444.59-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
     - bookworm/gn-path-exists2.patch: add another workaround for lack of
       path_exists() in older gn.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
chromium (141.0.7390.122-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
chromium (141.0.7390.122-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
chromium (141.0.7390.122-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
chromium (141.0.7390.107-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine.
   * Suggest --disable-gpu to bug reporters and in README.Debian.
chromium (141.0.7390.107-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine.
   * Suggest --disable-gpu to bug reporters and in README.Debian.
chromium (141.0.7390.107-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine.
   * Suggest --disable-gpu to bug reporters and in README.Debian.
chromium (141.0.7390.65-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11458: Heap buffer overflow in Sync.
       Reported by raven at KunLun lab.
     - CVE-2025-11460: Use after free in Storage. Reported by Sombra.
     - CVE-2025-11211: Out of bounds read in WebCodecs.
       Reported by Jakob Košir.
chromium (141.0.7390.65-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11458: Heap buffer overflow in Sync.
       Reported by raven at KunLun lab.
     - CVE-2025-11460: Use after free in Storage. Reported by Sombra.
     - CVE-2025-11211: Out of bounds read in WebCodecs.
       Reported by Jakob Košir.
chromium (141.0.7390.65-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-11458: Heap buffer overflow in Sync.
       Reported by raven at KunLun lab.
     - CVE-2025-11460: Use after free in Storage. Reported by Sombra.
     - CVE-2025-11211: Out of bounds read in WebCodecs.
       Reported by Jakob Košir.
chromium (141.0.7390.54-1) unstable; urgency=high
 .
   * New upstream stable release.
   * d/patches:
     - fixes/rust-clanglib.patch: refresh.
     - trixie/rust-no-alloc-shim.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build.
     - fixes/libcpp-headers.patch: add build fix for unbundling clang.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for
       upstream changes
     - fixes/fix-rustc.patch: Refresh for upstream changes
chromium (141.0.7390.54-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-11205: Heap buffer overflow in WebGPU.
       Reported by Atte Kettunen of OUSPG.
     - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl.
     - CVE-2025-11207: Side-channel information leakage in Storage.
       Reported by Alesandro Ortiz.
     - CVE-2025-11208: Inappropriate implementation in Media.
       Reported by Kevin Joensen.
     - CVE-2025-11209: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-11210: Side-channel information leakage in Tab.
       Reported by Umar Farooq.
     - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob.
     - CVE-2025-11212: Inappropriate implementation in Media.
       Reported by Ameen Basha M K.
     - CVE-2025-11213: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep.
     - CVE-2025-11216: Inappropriate implementation in Storage.
       Reported by Farras Givari.
     - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep.
   * d/patches:
     - fixes/rust-clanglib.patch: refresh.
     - trixie/rust-no-alloc-shim.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build.
     - fixes/libcpp-headers.patch: add build fix for unbundling clang.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for
       upstream changes
     - fixes/fix-rustc.patch: Refresh for upstream changes
chromium (141.0.7390.54-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-11205: Heap buffer overflow in WebGPU.
       Reported by Atte Kettunen of OUSPG.
     - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl.
     - CVE-2025-11207: Side-channel information leakage in Storage.
       Reported by Alesandro Ortiz.
     - CVE-2025-11208: Inappropriate implementation in Media.
       Reported by Kevin Joensen.
     - CVE-2025-11209: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-11210: Side-channel information leakage in Tab.
       Reported by Umar Farooq.
     - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob.
     - CVE-2025-11212: Inappropriate implementation in Media.
       Reported by Ameen Basha M K.
     - CVE-2025-11213: Inappropriate implementation in Omnibox.
       Reported by Hafiizh.
     - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep.
     - CVE-2025-11216: Inappropriate implementation in Storage.
       Reported by Farras Givari.
     - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep.
   * d/patches:
     - fixes/rust-clanglib.patch: refresh.
     - trixie/rust-no-alloc-shim.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build.
     - fixes/libcpp-headers.patch: add build fix for unbundling clang.
   * d/rules: set rtc_video_psnr=false for bookworm's older openh264.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for
       upstream changes
     - fixes/fix-rustc.patch: Refresh for upstream changes
chromium (140.0.7339.207-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10890: Side-channel information leakage in V8.
       Reported by Mate Marjanović (SharpEdged).
     - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep.
     - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep.
chromium (140.0.7339.207-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10890: Side-channel information leakage in V8.
       Reported by Mate Marjanović (SharpEdged).
     - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep.
     - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep.
chromium (140.0.7339.207-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10890: Side-channel information leakage in V8.
       Reported by Mate Marjanović (SharpEdged).
     - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep.
     - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep.
chromium (140.0.7339.185-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10585: Type Confusion in V8.
       Reported by Google Threat Analysis Group.
     - CVE-2025-10500: Use after free in Dawn.
       Reported by Giunash (Gyujeong Jin).
     - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito.
     - CVE-2025-10502: Heap buffer overflow in ANGLE.
       Reported by Google Big Sleep.
chromium (140.0.7339.185-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10585: Type Confusion in V8.
       Reported by Google Threat Analysis Group.
     - CVE-2025-10500: Use after free in Dawn.
       Reported by Giunash (Gyujeong Jin).
     - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito.
     - CVE-2025-10502: Heap buffer overflow in ANGLE.
       Reported by Google Big Sleep.
chromium (140.0.7339.185-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-10585: Type Confusion in V8.
       Reported by Google Threat Analysis Group.
     - CVE-2025-10500: Use after free in Dawn.
       Reported by Giunash (Gyujeong Jin).
     - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito.
     - CVE-2025-10502: Heap buffer overflow in ANGLE.
       Reported by Google Big Sleep.
chromium (140.0.7339.127-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-10200: Use after free in Serviceworker.
       Reported by Looben Yang.
     - CVE-2025-10201: Inappropriate implementation in Mojo.
       Reported by Sahan Fernando & Anon.
 .
   [ Jianfeng Liu ]
   * drop not working fixes/libsync-rk3588-panthor.patch.
   * drop fixes/strlcpy.patch, which isn't needed w/ clang-19.
chromium (140.0.7339.127-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-10200: Use after free in Serviceworker.
       Reported by Looben Yang.
     - CVE-2025-10201: Inappropriate implementation in Mojo.
       Reported by Sahan Fernando & Anon.
 .
   [ Jianfeng Liu ]
   * drop not working fixes/libsync-rk3588-panthor.patch.
   * drop fixes/strlcpy.patch, which isn't needed w/ clang-19.
chromium (140.0.7339.127-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-10200: Use after free in Serviceworker.
       Reported by Looben Yang.
     - CVE-2025-10201: Inappropriate implementation in Mojo.
       Reported by Sahan Fernando & Anon.
 .
   [ Jianfeng Liu ]
   * drop not working fixes/libsync-rk3588-panthor.patch.
   * drop fixes/strlcpy.patch, which isn't needed w/ clang-19.
chromium (140.0.7339.80-1) unstable; urgency=medium
 .
   * New upstream stable release.
   * d/patches:
     - fixes/armhf-icf.patch: refresh.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh (and make it shorter).
     - bookworm/clang19.patch: refresh.
     - disable/android.patch: delete a new reference to chrome/android/.
     - disable/buildtools-libc.patch: drop due to upstream cleanups.
     - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
     - fixes/fix-study-crash.patch: Refresh for upstream changes
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
     - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch:
       Regenerate from new upstream version
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from new upstream version
chromium (140.0.7339.80-1~deb13u1) trixie-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2025-9864: Use after free in V8.
       Reported by Pavel Kuzmin of Yandex Security Team.
     - CVE-2025-9865: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
     - CVE-2025-9866: Inappropriate implementation in Extensions.
       Reported by NDevTK.
     - CVE-2025-9867: Inappropriate implementation in Downloads.
       Reported by Farras Givari.
   * d/patches:
     - fixes/armhf-icf.patch: refresh.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh (and make it shorter).
     - bookworm/clang19.patch: refresh.
     - disable/android.patch: delete a new reference to chrome/android/.
     - disable/buildtools-libc.patch: drop due to upstream cleanups.
     - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
     - fixes/fix-study-crash.patch: Refresh for upstream changes
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
     - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch:
       Regenerate from new upstream version
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from new upstream version
chromium (140.0.7339.80-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2025-9864: Use after free in V8.
       Reported by Pavel Kuzmin of Yandex Security Team.
     - CVE-2025-9865: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
     - CVE-2025-9866: Inappropriate implementation in Extensions.
       Reported by NDevTK.
     - CVE-2025-9867: Inappropriate implementation in Downloads.
       Reported by Farras Givari.
   * d/patches:
     - fixes/armhf-icf.patch: refresh.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh (and make it shorter).
     - bookworm/clang19.patch: refresh.
     - disable/android.patch: delete a new reference to chrome/android/.
     - disable/buildtools-libc.patch: drop due to upstream cleanups.
     - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc.
     - bookworm/rust-visibility.patch: drop, not needed w/ new rust 1.85.
     - bookworm/crabbyav1f.patch: drop, not needed w/ new rust 1.85.
     - bookworm/toktrie-utf8chunks.patch: drop, not needed w/ new rust.
     - bookworm/derivre-create.patch: drop, not needed w/ new rust.
     - bookworm/rust-split-at-checked.patch: drop, not needed w/ new rust.
     - bookworm/crabbyav1f-macro-scope.patch: drop, not needed w/ new rust.
     - bookworm/rust-box-to-vec.patch: drop, not needed w/ new rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
     - fixes/fix-study-crash.patch: Refresh for upstream changes
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
     - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch:
       Regenerate from new upstream version
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from new upstream version
chromium (139.0.7258.154-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9478: Use after free in ANGLE.
       Reported by Google Big Sleep.
chromium (139.0.7258.154-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9478: Use after free in ANGLE.
       Reported by Google Big Sleep.

cjson (1.7.15-1+deb12u4) bookworm-security; urgency=medium
 .
   * CVE-2025-57052 (Closes: #1114757)

clamav (1.4.3+dfsg-1~deb12u2) bookworm; urgency=medium
 .
   * Revert moving files to usr/lib
clamav (1.4.3+dfsg-1~deb12u1) bookworm; urgency=medium
 .
   * Import 1.4.3
     - CVE-2025-20234 (Fixed a possible buffer overflow read bug in the UDF
       file parser that may write to a temp file and thus disclose information,
       or it may crash and cause a denial-of-service (DoS) condition.)
       Closes: #1108045
   * Move files from lib to usr/lib (Closes: #1073612).
   * Mark clamav-base as foreign (Closes: #1060889).
   * Add libclamav12 after so bump.
   * Move documentation to clamav-doc.
clamav (1.4.2+dfsg-1) unstable; urgency=medium
 .
   * Import 1.4.2 (Closes: #1093880)
     - CVE-2025-20128 (buffer overflow read bug in the OLE2 file parser).
clamav (1.4.1+dfsg-1) unstable; urgency=medium
 .
   * Import 1.4.1 (Closes: #1080962)
     - CVE-2024-20506 (Changed the logging module to disable following symlinks
       on Linux)
     - CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
       parser).
clamav (1.3.1+dfsg-5) unstable; urgency=medium
 .
   * Update expired certs (Closes: #1078274).
clamav (1.3.1+dfsg-4) unstable; urgency=medium
 .
   * Move files from lib to usr/lib (Closes: #1073612).
   * Apply patch against unaligned access. Credits to Vladimir Petko and
     Gianfranco Costamagna (Closes: #1073128).
clamav (1.3.1+dfsg-3) unstable; urgency=medium
 .
   * Upload to unstable.
clamav (1.3.1+dfsg-2) experimental; urgency=medium
 .
   * Revert the t64 suffix (Closes: #1071232).
clamav (1.3.1+dfsg-1) experimental; urgency=medium
 .
   * Import 1.3.1
   * Add systemd-dev to Build-Depends (Closes: #1060559).
   * Mark clamav-base as foreign (Closes: #1060889).
   * Bump standards-version to 4.7.0 without changes.
clamav (1.2.1+dfsg-3) experimental; urgency=medium
 .
   * Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by
     Andreas Beckmann (Closes: #1055494).
   * Update Swedish translation. Updated by Martin Bagge and Anders Jonsson
     (Closes: #1062665).
   * Rename libraries for 64-bit time_t transition. Based on NMU from Steve
     Langasek (Closes: #1062072).
clamav (1.2.1+dfsg-2) experimental; urgency=medium
 .
   * Drop the PE patches, an alternative patch went upstream.
   * Add proper Breaks/Replaces for the docs transitional packages. Rightfully
     reported by Andreas Beckmann (Closes: #1055494).
clamav (1.2.1+dfsg-1) experimental; urgency=medium
 .
   * Import 1.2.1
   * Add libclamav12 after so bump.
   * Move documentation to clamav-doc.

composer (2.5.5-1+deb12u3) bookworm; urgency=medium
 .
   * Backport fix from composer 2.2.26:
     Fixed ANSI sequence injection [CVE-2025-67746]

containerd (1.6.20~ds1-1+deb12u2) bookworm-security; urgency=medium
 .
   * Fix overly broad directory permissions, Fixes: CVE-2024-25621
   * Fix bug in the CRI Attach implementation, Fixes: CVE-2025-64329
     Closes: #1120343

cups (2.4.2-3+deb12u9) bookworm-security; urgency=high
 .
   * CVE-2025-58060
     fix authentication bypass with AuthType Negotiate
   * CVE-2025-58364
     fix remote DoS via null dereference

cups-filters (1.28.17-3+deb12u2) bookworm; urgency=high
 .
   * CVE-2025-64503
     fix an out of bounds write vulnerability when processing crafted
     PDF files containing a large 'Mediabox' value.
     (Closes: #1120698)
 .
   * CVE-2025-57812
     fix an out of bounds read/write vulnerability in the processing
     of TIFF image files.
     (Closes: #1120704)
 .
   * CVE-2025-64524
     fix infinite loop with crafted input raster file, that resuls
     into a heap buffer overflow

cyrus-imapd (3.6.1-4+deb12u4) bookworm; urgency=medium
 .
   * Disable clamav support on armel, mipsel and mips64el. See #1123789 for
     details.

debian-installer (20230607+deb12u13) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-42.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u13) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u13, from bookworm-proposed-updates.

debian-security-support (1:12+2026.01.04) bookworm; urgency=medium
 .
   [ Holger Levsen ]
   * Mark zabbix as limited support, thanks to Moritz Muehlenhoff.
     Closes: #1124558.
   * Mark hdf5 as limited supported, thanks to Jochen Sprickerhof.
     Closes: #1117607.
   * Mark dnsdist, pdns, pdns-recursor as EOL. Thanks to Bastien Roucariès.
     Closes: #1119290.
   * Add libsoup2.4 and libsoup3 to limited support. Thanks to Simon McVittie.
     Closes: #1109118.

distro-info-data (0.58+deb12u6) bookworm; urgency=medium
 .
   * Update data to 0.68:
     - Update the bookworm EoL
     - Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)

dpdk (22.11.11-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream release 22.11.11; for a full list of changes see:
     http://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html
   * Refresh 0001-eal-linux-force-iova-mode-va-with-no-huge-option.patch to
     remove fuzz from 22.11.11

e2guardian (5.3.5-4+deb12u1) bookworm; urgency=medium
 .
   * Disable clamav support on armel, mipsel and mips64el. See #1123789 for
     details.

emacs-libvterm (0.0.2+git20230217.3e5a9b7-1+deb12u1) bookworm; urgency=medium
 .
   * Backport fix for #1115607 from forky/sid
     - Make elpa-vterm arch:any: elpa-vterm sets the shard library path
       according to the host arch.  Previously when set as arch:all, the
       `load-path' is set once during building arch:all package and won't
       change based on the host arch, resulting in wrong `load-path' in
       non-amd64 archs.
     - Add `Multi-Arch: no' hint to elpa-vterm.
     - Add `Multi-Arch: same' hint to emacs-libvterm. (Closes: #1115607)

evolution (3.46.4-2+deb12u1) bookworm-security; urgency=medium
 .
   * Add patch to fix crash with webkit2gtk 2.50 (Closes: #1116301)

ffmpeg (7:5.1.8-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 5.1.8

freerdp2 (2.11.7+dfsg1-6~deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload by the LTS Team for stable proposed updates.
   * Revert time64_t transition commits, as they are not applicable to bookworm.
   * Revert turning on keberos support.
   * Reverting B-D: Depend on pkg-config instead of pkgconf.
   * Do not use ffmpeg7 patch, bookworm is still at ffmpeg5.
 .
 freerdp2 (2.11.7+dfsg1-6) unstable; urgency=medium
 .
   * Team upload
   * d/tests/connect: use /cert-tofu to avoid errors with proxies
 .
 freerdp2 (2.11.7+dfsg1-5) unstable; urgency=medium
 .
   * autopkgtest: add Depends: ca-certificates
 .
 freerdp2 (2.11.7+dfsg1-4) unstable; urgency=medium
 .
   * Replace autopkgtests with the tests used by freerdp3 (Closes: #1079025)
 .
 freerdp2 (2.11.7+dfsg1-3) unstable; urgency=high
 .
   * Team upload
 .
   [ Jeremy Bícha ]
   * SECURITY UPDATE: NULL access and crash (Closes: #1072112
     - debian/patches/CVE-2024-32661.patch: fix missing check in
       rdp_write_logon_info_v1 in libfreerdp/core/info.c.
     - CVE-2024-32661
   * Cherry-pick several patches to fix build with gcc-14
     (Closes: #1074969) (LP: #2075965)
   * Remove obsolete 32-bit time transition lintian overrides
 .
   [ Sébastien Noel ]
   * Add patch to fix build with ffmpeg 7 (Closes: #1072413)
 .
   [ Bernhard Übelacker ]
   * Apply multiple fixes to autopkgtests (Closes: #1079025)
 .
 freerdp2 (2.11.7+dfsg1-2) unstable; urgency=medium
 .
   * debian/tests/control:
     + Add xauth. Fix tests on Debian, where xvfb does not pull-in xauth as
       dependency (other than in Ubuntu).
 .
 freerdp2 (2.11.7+dfsg1-1) unstable; urgency=medium
 .
   [ Mike Gabriel ]
   * New upstream release. (Closes: #1069728).
     + CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment.
     + CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in
       clear_decompress_residual_data.
     + CVE-2024-32040 [Low] integer underflow in nsc_rle_decode.
     + CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle.
     + CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress.
     + CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress.
 .
   [ Nathan Pratta Teodosio ]
   * Add autopkgtest to test whether a client can connect
     to an XRDP server via freerdp2 and that the login screen shows up
     (Closes: #1073156) (LP: #2060976)
 .
 freerdp2 (2.11.5+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release.
     - CVE-2024-22211: Fix integer overflow in progressive decoder. (Closes:
       #1061173).
   * Upload time_t64 changes to unstable. (Closes: #1061952).
   * debian/watch:
     + Adjust so we only see 2.x release.
   * debian/control:
     + Switch from pkg-config to pkgconf. Thanks, lintian.
 .
 freerdp2 (2.11.2+dfsg1-1.1~exp2) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
   * Account for additional t64 Breaks/Replaces (Closes #1061982).
 .
 freerdp2 (2.11.2+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #1051638).
   * Fixed security issues since v2.11.0:
     - CVE-2023-40589: [codec,ncrush] fix index checks properly verify all
       offsets while decoding data.
     - CVE-2023-40567: Fix out-of-bounds write in the
       `clear_decompress_bands_data` function.
     - CVE-2023-40188: Fix out-of-bounds read in the `general_LumaToYUV444`
       function.
     - CVE-2023-40186: Fix out-of-bounds write in the `gdi_CreateSurface`
       function.
     - CVE-2023-40181: Fix out-of-bounds read in the `zgfx_decompress_segment`
       function.
     - CVE-2023-39356: Fix out-of-bounds read in the `gdi_multi_opaque_rect`
       function.
     - CVE-2023-39355: Fix use-after-free in processing
       `RDPGFX_CMDID_RESETGRAPHICS` packets.
     - CVE-2023-39354: Fix out-of-bounds read in the `nsc_rle_decompress_data`
       function.
     - CVE-2023-39353: Fix missing offset validation leading to out-of-bounds
       read in the `libfreerdp/codec/rfx.c` file.
     - CVE-2023-39352: Fix invalid offset validation leading to out-of-bounds
       write.
     - CVE-2023-39351: Fix null-pointer-dereference leading a crash in the
       RemoteFX (rfx) handling.
     - CVE-2023-39350: Fix integer underflow leading to DOS (e.g. abort due to
       `WINPR_ASSERT` with default compilation flags).
   * debian/patches:
     + Drop 0001_fix_ftbfs_1041377.patch. Applied upstream.
   * debian/control:
     + Add B-D: libkrb5-dev.
   * debian/rules:
     + Add -DWITH_KERBEROS=ON configure option. (Closes: #1036095).
   * debian/watch:
     + Rework file. Find all released versions of freerdp2. (Closes: #1053317).
       Thanks to Tobias Frost for sending a patch.
 .
 freerdp2 (2.10.0+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patches/0001_fix_ftbfs_1041377.patch:
     - include upstream fix for FTBFS with FFmpeg 6.0
       (Closes: #1041377)
freerdp2 (2.11.7+dfsg1-5) unstable; urgency=medium
 .
   * autopkgtest: add Depends: ca-certificates
freerdp2 (2.11.7+dfsg1-4) unstable; urgency=medium
 .
   * Replace autopkgtests with the tests used by freerdp3 (Closes: #1079025)
freerdp2 (2.11.7+dfsg1-3) unstable; urgency=high
 .
   * Team upload
 .
   [ Jeremy Bícha ]
   * SECURITY UPDATE: NULL access and crash (Closes: #1072112
     - debian/patches/CVE-2024-32661.patch: fix missing check in
       rdp_write_logon_info_v1 in libfreerdp/core/info.c.
     - CVE-2024-32661
   * Cherry-pick several patches to fix build with gcc-14
     (Closes: #1074969) (LP: #2075965)
   * Remove obsolete 32-bit time transition lintian overrides
 .
   [ Sébastien Noel ]
   * Add patch to fix build with ffmpeg 7 (Closes: #1072413)
 .
   [ Bernhard Übelacker ]
   * Apply multiple fixes to autopkgtests (Closes: #1079025)
freerdp2 (2.11.7+dfsg1-2) unstable; urgency=medium
 .
   * debian/tests/control:
     + Add xauth. Fix tests on Debian, where xvfb does not pull-in xauth as
       dependency (other than in Ubuntu).
freerdp2 (2.11.7+dfsg1-1) unstable; urgency=medium
 .
   [ Mike Gabriel ]
   * New upstream release. (Closes: #1069728).
     + CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment.
     + CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in
       clear_decompress_residual_data.
     + CVE-2024-32040 [Low] integer underflow in nsc_rle_decode.
     + CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle.
     + CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress.
     + CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress.
 .
   [ Nathan Pratta Teodosio ]
   * Add autopkgtest to test whether a client can connect
     to an XRDP server via freerdp2 and that the login screen shows up
     (Closes: #1073156) (LP: #2060976)
freerdp2 (2.11.5+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release.
     - CVE-2024-22211: Fix integer overflow in progressive decoder. (Closes:
       #1061173).
   * Upload time_t64 changes to unstable. (Closes: #1061952).
   * debian/watch:
     + Adjust so we only see 2.x release.
   * debian/control:
     + Switch from pkg-config to pkgconf. Thanks, lintian.
freerdp2 (2.11.2+dfsg1-1.1~exp2) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
   * Account for additional t64 Breaks/Replaces (Closes #1061982).
freerdp2 (2.11.2+dfsg1-1.1~exp1) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
freerdp2 (2.11.2+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #1051638).
   * Fixed security issues since v2.11.0:
     - CVE-2023-40589: [codec,ncrush] fix index checks properly verify all
       offsets while decoding data.
     - CVE-2023-40567: Fix out-of-bounds write in the
       `clear_decompress_bands_data` function.
     - CVE-2023-40188: Fix out-of-bounds read in the `general_LumaToYUV444`
       function.
     - CVE-2023-40186: Fix out-of-bounds write in the `gdi_CreateSurface`
       function.
     - CVE-2023-40181: Fix out-of-bounds read in the `zgfx_decompress_segment`
       function.
     - CVE-2023-39356: Fix out-of-bounds read in the `gdi_multi_opaque_rect`
       function.
     - CVE-2023-39355: Fix use-after-free in processing
       `RDPGFX_CMDID_RESETGRAPHICS` packets.
     - CVE-2023-39354: Fix out-of-bounds read in the `nsc_rle_decompress_data`
       function.
     - CVE-2023-39353: Fix missing offset validation leading to out-of-bounds
       read in the `libfreerdp/codec/rfx.c` file.
     - CVE-2023-39352: Fix invalid offset validation leading to out-of-bounds
       write.
     - CVE-2023-39351: Fix null-pointer-dereference leading a crash in the
       RemoteFX (rfx) handling.
     - CVE-2023-39350: Fix integer underflow leading to DOS (e.g. abort due to
       `WINPR_ASSERT` with default compilation flags).
   * debian/patches:
     + Drop 0001_fix_ftbfs_1041377.patch. Applied upstream.
   * debian/control:
     + Add B-D: libkrb5-dev.
   * debian/rules:
     + Add -DWITH_KERBEROS=ON configure option. (Closes: #1036095).
   * debian/watch:
     + Rework file. Find all released versions of freerdp2. (Closes: #1053317).
       Thanks to Tobias Frost for sending a patch.
freerdp2 (2.10.0+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * debian/patches/0001_fix_ftbfs_1041377.patch:
     - include upstream fix for FTBFS with FFmpeg 6.0
       (Closes: #1041377)

gdk-pixbuf (2.42.10+dfsg-1+deb12u3) bookworm; urgency=medium
 .
   * Team upload.
 .
   [ Jeremy Bícha ]
   * debian/gbp.conf: Branch for bookworm.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2025-7345.patch: import patch from upstream.
       - CVE-2025-7345: A flaw exists in gdk‑pixbuf within the
         gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in
         glib’s g_base64_encode_step (glib/gbase64.c) potentially leading to a
         buffer overflow. (Closes: #1109262)
   * debian/salsa-ci.yml: build with nocheck and pass SALSA_CI=true for
     autopkgtest job.
   * debian/tests/installed-tests{,flaky}: check SALSA_CI variable to decide
     what is flaky or not.

gegl (1:0.4.42-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2025-10921 (Closes: #1116470)

ghostscript (10.0.0~dfsg-11+deb12u8) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Catch a null file pointer closing pdfwrite (CVE-2025-7462)
     (Closes: #1109270)
   * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443)
   * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444)

gimp (2.10.34-1+deb12u5) bookworm-security; urgency=medium
 .
   * CVE-2025-10934 (Closes: #1119661)
gimp (2.10.34-1+deb12u4) bookworm-security; urgency=medium
 .
   * CVE-2025-10922 (Closes: #1116459)
   * CVE-2025-6035
   * CVE-2025-2760 32bit followup

git (1:2.39.5-0+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Add debian/gbp.conf
   * Fix CVE-2025-27613
   * Fix CVE-2025-46835
   * Fix CVE-2025-48384
   * Fix CVE-2025-48385

glib2.0 (2.74.6-2+deb12u8) bookworm; urgency=medium
 .
   * Team upload.
   * CVE-2025-13601: integer overflow into heap buffer overflow escaping
     very large strings in g_escape_uri_string (Closes: #1121488).
   * CVE-2025-14087: buffer overwrite when processing large GVariant strings.
     (Closes: #1122347).
   * CVE-2025-14512: interger overflow into buffer overwrite when processing
     file attributes in GIO's escape_byte_string (Closes: #1122346).

gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high
 .
   * Address four issues from https://gpg.fail, including:
     + Fix CVE-2025-68973 (Closes: #1124221)
     + Avoid potential downgrade to SHA1 in 3rd party key signatures.
     + Error out on unverified output for non-detached signatures.
     + Do not use a default when asking for another output filename.
   * d/control: Point Vcs-Git to the correct branch

haproxy (2.6.12-1+deb12u3) bookworm-security; urgency=high
 .
   * CVE-2025-11230: fix possible DoS when parsing JSON numbers.

imagemagick (8:6.9.11.60+dfsg-1.6+deb12u5) bookworm; urgency=medium
 .
   * Fix CVE-2025-62171 (Closes: #1118340)
     Integer Overflow in BMP Decoder (ReadBMP):
     CVE-2025-57803 claims to be patched, but the fix is incomplete
     and ineffective.
     .
     The patch added BMPOverflowCheck() but placed it
     after the overflow occurs, making it useless.
     A malicious 58-byte BMP file can trigger AddressSanitizer
     crashes and DoS.
   * Fix CVE-2025-65955 (Closes: #1122827)
     A vulnerability was found in ImageMagick’s Magick++ layer that
     manifests when Options::fontFamily is invoked with an empty
     string. Clearing a font family calls RelinquishMagickMemory on
     _drawInfo->font, freeing the font string but leaving _drawInfo->font
     pointing to freed memory while _drawInfo->family is set to that
     (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font
     re-frees or dereferences dangling memory. DestroyDrawInfo and other
     setters (Options::font, Image::font) assume _drawInfo->font remains
     valid, so destruction or subsequent updates trigger crashes or heap
     corruption
   * Fix CVE-2025-66628 (Closes: #1122584)
     The TIM (PSX TIM) image parser contains a critical integer overflow
     vulnerability in its ReadTIMImage function (coders/tim.c). The code
     reads width and height (16-bit values) from the file header and
     calculates image_size = 2 * width * height without checking for
     overflow. On 32-bit systems (or where size_t is 32-bit), this
     calculation can overflow if width and height are large (e.g., 65535),
     wrapping around to a small value
   * Fix CVE-2025-68469
     ImageMagick crashes when processing a crafted TIFF file.
   * Fix CVE-2025-68618:
     Magick's failure to limit the depth of SVG file reads caused
     a DoS attack.
   * Fix CVE-2025-68950:
     Magick's failure to limit MVG mutual references forming a loop
   * Fix CVE-2025-69204:
     Converting a malicious MVG file to SVG caused an integer overflow.
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u4) bookworm-security; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that causes
     out-of-bounds memory access when processing format strings
     containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     ImageMagick's `magick stream` command, specifying multiple
     consecutive `%d` format specifiers in a filename template
     causes a memory leak
   * Fix CVE-2025-53101:
     ImageMagick's `magick mogrify` command, specifying
     multiple consecutive `%d` format specifiers in a filename
     template causes internal pointer arithmetic to generate
     an address below the beginning of the stack buffer,
     resulting in a stack overflow through `vsnprintf()`.
   * Fix CVE-2025-55154:
     the magnified size calculations in ReadOneMNGIMage
     (in coders/png.c) are unsafe and can overflow,
     leading to memory corruption.
     (Closes: #1111103)
   * Fix CVE-2025-55212:
     passing a geometry string containing only a colon (":")
     to montage -geometry leads GetGeometry() to set width/height
     to 0. Later, ThumbnailImage() divides by these zero dimensions,
     triggering a crash (SIGFPE/abort)
     (Closes: #1111587)
   * Fix CVE-2025-55298:
     A format string bug vulnerability exists in InterpretImageFilename
     function where user input is directly passed to FormatLocaleString
     without proper sanitization. An attacker can overwrite arbitrary
     memory regions, enabling a wide range of attacks from heap
     overflow to remote code execution.
     (Closes: #1111586)
   * Fix CVE-2025-57803:
     A 32-bit integer overflow in the BMP encoder’s scanline-stride
     computation collapses bytes_per_line (stride) to a tiny
     value while the per-row writer still emits 3 × width bytes
     for 24-bpp images. The row base pointer advances using the
     (overflowed) stride, so the first row immediately writes
     past its slot and into adjacent heap memory with
     attacker-controlled bytes.
     (Closes: #1112469)
   * Fix CVE-2025-57807:
     A security problem was found in SeekBlob(), which permits
     advancing the stream offset beyond the current end without
     increasing capacity, and WriteBlob(), which then expands by
     quantum + length (amortized) instead of offset + length,
     and copies to data + offset. When offset ≫ extent, the
     copy targets memory beyond the allocation, producing a
     deterministic heap write on 64-bit builds. No 2⁶⁴
     arithmetic wrap, external delegates, or policy settings
     are required.
     (Closes: #1114520)

intel-microcode (3.20251111.1~deb12u1) bookworm; urgency=medium
 .
   * Backport to bookworm
   * debian/rules: revert use of /usr/lib/firmware for deb12
intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
intel-microcode (3.20250812.1~deb13u1) trixie-security; urgency=medium
 .
   * Security upload, no changes.
 .
 intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
intel-microcode (3.20250812.1~deb12u1) bookworm-security; urgency=medium
 .
   * Backport to bookworm-security
   * debian/rules: revert use of /usr/lib/firmware for deb12
 .
 intel-microcode (3.20250812.1) unstable; urgency=medium
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20250812 (closes: #1110983, #1112168)
     - Mitgations for INTEL-SA-01249 (processor Stream Cache):
       CVE-2025-20109: Improper Isolation or Compartmentalization in the
       stream cache mechanism for some Intel Processors may allow an
       authenticated user to potentially enable escalation of privilege via
       local access.  Intel also disclosed that several processors models
       had already received this mitigation on the previous microcode
       release, 20250512.
     - Mitigations for INTEL-SA-01308:
       CVE-2025-22840: Sequence of processor instructions leads to
       unexpected behavior for some Intel Xeon 6 Scalable processors may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01310 (OOBM services module):
       CVE-2025-22839: Insufficient granularity of access control in the
       OOB-MSM for some Intel Xeon 6 Scalable processors may allow a
       privileged user to potentially enable escalation of privilege via
       adjacent access.
     - Mitigations for INTEL-SA-01311 (Intel TDX):
       CVE-2025-22889: Improper handling of overlap between protected
       memory ranges for some Intel Xeon 6 processors with Intel TDX may
       allow a privileged user to potentially enable escalation of
       privilege via local access.
     - Mitigations for INTEL-SA-01313:
       CVE-2025-20053: Improper buffer restrictions for some Intel Xeon
       Processor firmware with SGX enabled may allow a privileged user to
       potentially enable escalation of privilege via local access.
       CVE-2025-21090: Missing reference to active allocated resource for
       some Intel Xeon processors may allow an authenticated user to
       potentially enable denial of service via local access.
       CVE-2025-24305: Insufficient control flow management in the Alias
       Checking Trusted Module (ACTM) firmware for some Intel Xeon
       processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01367 (Intel SGX, TDX):
       CVE-2025-26403: Out-of-bounds write in the memory subsystem for some
       Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow
       a privileged user to potentially enable escalation of privilege via
       local access.
       CVE-2025-32086: Improperly implemented security check for standard
       in the DDRIO configuration for some Intel Xeon 6 Processors when
       using Intel SGX or Intel TDX may allow a privileged user to
       potentially enable escalation of privilege via local access.
     - Fixes for unspecified functional issues on several Intel Core and
       Intel Xeon processor models.
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056
     sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896
     sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643
     sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664
     sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401
     sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288
     sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072
     sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400
     sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880
     sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129
     sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896
     sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119
     sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224
     sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3
   * update entry for 3.20250512.1 with new information
   * source: update symlinks to reflect id of the latest release, 20250812
 .
   [ Ben Hutchings ]
   * debian/tests/initramfs: Update to work with forky's initramfs-tools.
     In version 0.149 of initramfs-tools, unmkinitramfs was changed to no
     longer create early/ and main/ subdirectories.  Update the microcode
     file check to work with both old and new behaviours.
intel-microcode (3.20250512.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20250512 (closes: #1105172)
     - Mitigations for INTEL-SA-01153 (ITS: Indirect Target Selection):
       CVE-2024-28956: Processor may incompletely mitigate Branch Target
       Injection due to indirect branch predictions that are not fully
       constrained by eIBRS nor by the IBPB barrier.  Part of the "Training
       Solo" set of vulnerabilities.
     - Mitigations for INTEL-SA-01244:
       CVE-2025-20103: Insufficient resource pool in the core management
       mechanism for some Intel Processors may allow an authenticated user
       to potentially enable denial of service via local access.
       CVE-2025-20054: Uncaught exception in the core management mechanism
       for some Intel Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     - Mitigations for INTEL-SA-01247:
       CVE-2024-43420, CVE-2025-20623: Exposure of sensitive information
       caused by shared microarchitectural predictor state that influences
       transient execution for some Intel Atom and some Intel Core
       processors (10th Generation) may allow an authenticated user to
       potentially enable information disclosure via local access.
       CVE-2024-45332 (Branch Privilege Injection): Exposure of sensitive
       information caused by shared microarchitectural predictor state that
       influences transient execution in the indirect branch predictors for
       some Intel Processors may allow an authenticated user to potentially
       enable information disclosure via local access.
     - Mitigations for INTEL-SA-01322:
       CVE-2025-24495 (Training Solo): Incorrect initialization of resource
       in the branch prediction unit for some Intel Core Ultra Processors
       may allow an authenticated user to potentially enable information
       disclosure via local access (IBPB bypass)
       CVE-2025-20012 (Training Solo): Incorrect behavior order for some
       Intel Core Ultra Processors may allow an unauthenticated user to
       potentially enable information disclosure via physical access.
     - Improved fix for the Vmin Shift Instability for the Intel Core 13th
       and 14th gen processors under low-activity scenarios (sig 0xb0671).
       This microcode update is supposed to be delivered as a system
       firmware update, but according to Intel it should be effective when
       loaded by the operating system if the system firmware has revision
       0x12e.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000
     sig 0x000a06d1, pf_mask 0x20, 2025-02-07, rev 0xa0000d1, size 1635328
     sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192
     sig 0x000b06d1, pf_mask 0x80, 2025-03-18, rev 0x011f, size 79872
     sig 0x000c0662, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0652, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0664, pf_mask 0x82, 2025-03-20, rev 0x0118
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-12-12, rev 0x5003901, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-12-12, rev 0x7002b01, size 30720
     sig 0x000606a6, pf_mask 0x87, 2025-01-07, rev 0xd000404, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-01-07, rev 0x10002d0, size 300032
     sig 0x000706a8, pf_mask 0x01, 2024-12-05, rev 0x0026, size 76800
     sig 0x000706e5, pf_mask 0x80, 2025-01-07, rev 0x00ca, size 115712
     sig 0x000806c1, pf_mask 0x80, 2024-12-01, rev 0x00bc, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-12-01, rev 0x003c, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-12-11, rev 0x0056, size 105472
     sig 0x000806ec, pf_mask 0x94, 2024-11-17, rev 0x0100, size 106496
     sig 0x000806f8, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872
     sig 0x000806f7, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f6, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f5, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f4, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f8, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640
     sig 0x000806f6, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f5, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f4, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x00090672, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304
     sig 0x00090675, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f2, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f5, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f6, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f7, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000906a3, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256
     sig 0x000906a4, pf_mask 0x80, 2024-12-12, rev 0x0437
     sig 0x000906a4, pf_mask 0x40, 2024-12-06, rev 0x000a, size 119808
     sig 0x000906ed, pf_mask 0x22, 2024-11-14, rev 0x0104, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-11-14, rev 0x0100, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-11-14, rev 0x0102, size 98304
     sig 0x000a0661, pf_mask 0x80, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-12-01, rev 0x0064, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2025-02-13, rev 0x0024, size 140288
     sig 0x000a06f3, pf_mask 0x01, 2025-02-10, rev 0x3000341, size 1542144
     sig 0x000b0671, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136
     sig 0x000b0674, pf_mask 0x32, 2025-03-17, rev 0x012f
     sig 0x000b06a2, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06a8, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06e0, pf_mask 0x19, 2024-12-06, rev 0x001d, size 139264
     sig 0x000c06f2, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9
   * Removed microcodes (ES/QS steppings):
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9 [EXCLUDED]
   * Makefile: exclude QS/ES steppings 0x50656, 0xc06f1.
   * Makefile: add targets to create split F-M-S /lib/firmware dir
   * debian/rules: use new intel-ucode-{fw,fw64} Makefile targets
     Removes from the binary package the F-M-S files for extended signatures
     that were excluded by IUC_EXCLUDE.
   * source: update symlinks to reflect id of the latest release, 20250512

jetty9 (9.4.57-1.1~deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm-security.
 .
 jetty9 (9.4.57-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766)
jetty9 (9.4.57-1) unstable; urgency=medium
 .
   * New upstream release

keystone (2:22.0.2-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Blacklist failing SAMLGenerationTests test:
     - test_sign_assertion_logs_message_if_xmlsec1_is_not_installed
   * Add xmlsec1 as build-depends.
   * kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By
     sending those endpoints a valid AWS Signature (e.g., from a presigned S3
     URL), an unauthenticated attacker may obtain Keystone authorization
     (ec2tokens can yield a fully scoped token; s3tokens can reveal scope
     accepted by some services), resulting in unauthorized access and privilege
     escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable
     by unauthenticated clients (e.g., exposed on a public API) are affected.
     Applied upstream patch (Closes: #XXXXXXX):
     - Consistent_and_Secure_RBAC_Phase_1.patch
     - Fix_policies_for_groups.patch
     - Allow_admin_to_access_tokens_and_credentials.patch
     - Dont_enforce_when_HTTP_GET_on_s3tokens_and_ec2tokens.patch
     - keystone-bug-2119646-stable-2024.1.patch (backported by me)

krita (1:5.1.5+dfsg-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2025-59820

lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * tests: test that inserted comment do not change node value and still
     validate signature
   * xml: prevent assignment of attribute value inside any attribute
     (CVE-2025-47151)
   * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404)
   * xml: do not terminate on an unknown XML node type (CVE-2025-46705)

lemonldap-ng (2.16.1+ds-deb12u7) bookworm; urgency=medium
 .
   * Fix sessions tablename when not default
   * Fix OpenID-Connect flow when user encountered an error on server side
   * Fix Kerberos JavaScript when used with "Choice"
   * Improve CORS check
   * Fix path_info
   * Fix shell injection issue CVE-2025-59518
   * Hide is from Ajax responses

libclamunrar (1.3.1-1~deb12u1) bookworm; urgency=medium
 .
   * Import 1.3.1
libclamunrar (1.0.3-2) unstable; urgency=medium
 .
   * Update manual libclamav depends to libclamav11t64 for t64 transition
libclamunrar (1.0.3-1) unstable; urgency=medium
 .
   [ Scott Kitterman ]
   * Remove Stphen Gran from uploaders, add myself (Closes: #964554)
     - Thanks for all your contributions over the years
 .
   [ Sebastian Andrzej Siewior ]
   * Import 1.0.3

libcommons-lang-java (2.6-10+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924.
     - Fix an uncontrolled recursion vulnerability (closes: 1109126).

libcommons-lang3-java (3.12.0-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924.
     - Fix an uncontrolled recursion vulnerability (closes: 1109125).

libcpanel-json-xs-perl (4.35-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix json_atof_scan1 overflows (CVE-2025-40929)

libhtp (1:0.5.42-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-23837: DoS due to unbounded folded header handling
   * CVE-2024-45797: DoS due to unbounded header handling

libjson-xs-perl (4.040-1~deb12u1) bookworm-security; urgency=high
 .
   * Rebuild for bookworm-security
 .
 libjson-xs-perl (4.040-1) unstable; urgency=medium
 .
   * Team upload.
   * Import upstream version 4.040.
     - Fix json_atof_scan1 overflows (CVE-2025-40928)
   * Drop initial patch for CVE-2025-40928 in favour of upstream changes
   * Drop patches applied upstream
 .
 libjson-xs-perl (4.030-3) unstable; urgency=medium
 .
   * Team upload.
   * Fix json_atof_scan1 overflows (CVE-2025-40928)
libjson-xs-perl (4.030-3) unstable; urgency=medium
 .
   * Team upload.
   * Fix json_atof_scan1 overflows (CVE-2025-40928)

libnginx-mod-http-lua (1:0.10.23-1+deb12u1) bookworm; urgency=medium
 .
   * d/p/CVE-2024-33452.patch add, fix HTTP HEAD request smuggling issue
     (CVE-2024-33452).

libphp-adodb (5.21.4-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2025-54119: SQL injection in sqlite drivers (Closes: #1110464)
     + Both sqlite and sqlite3 drivers have patched to fix the issue.

libpng1.6 (1.6.39-2+deb12u1) bookworm-security; urgency=high
 .
   * Security upload targeting boowkorm.
   * Backport fixes for:
     - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219)
     - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218)
     - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217)
     - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216)
     - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877)
   * Set gbp.conf for bookworm and enable salsa CI

libreoffice (4:7.4.7-1+deb12u10) bookworm; urgency=medium
 .
    * debian/patches/add-EUR-for-Bulgaria-Lew.diff: fix typo: s/BLN/BGN/, thanks
      Xisco Fauli
    * debian/patches/default-to-EUR-for-Bulgaria.diff: as name says

libssh (0.10.6-0+deb12u2) bookworm; urgency=medium
 .
   [ Martin Pitt ]
   * stable-security → bookworm-security
   * Backport security patches from 0.11.2.
      - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions
      - CVE-2025-4878: Use of uninitialized variable in privatekey_from_file()
      - CVE-2025-5318: Likely read beyond bounds in sftp server handle management
      - CVE-2025-5351: Double free in functions exporting keys
      - CVE-2025-5372: ssh_kdf() returns a success code on certain failures
      - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend
     https://www.libssh.org/2025/06/24/libssh-0-11-2-security-and-bugfix-release/
     (Closes: #1108407)
 .
   [ Emilio Pozuelo Monfort ]
   * Add patch for CVE-2025-8114
   * Add patches for CVE-2025-8277

libxml2 (2.9.14+dfsg-1.3~deb12u5) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2025-9714: Denial of service vulnerability via uncontrolled
     recursion in XPath evaluation.
   * Amend d/p/CVE-2025-7425.patch to better reflect the original fix.

libxslt (1.1.35-1+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix regression in the backport of upstream change for issue #123
     "generate-id() is non-deterministic".

libyaml-syck-perl (1.34-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Address memory corruption leading to 'str' value being set on empty keys
     (CVE-2025-11683)

linux (6.1.159-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.159
     - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
     - perf: Have get_perf_callchain() return NULL if crosstask and user are set
     - [x86] bugs: Fix reporting of LFENCE retpoline
     - EDAC/mc_sysfs: Increase legacy channel support to 16
     - btrfs: zoned: refine extent allocator hint selection
     - btrfs: scrub: replace max_t()/min_t() with clamp() in
       scrub_throttle_dev_io()
     - btrfs: always drop log root tree reference in btrfs_replay_log()
     - btrfs: use smp_mb__after_atomic() when forcing COW in
       create_pending_snapshot()
     - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
     - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
     - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
     - xhci: dbc: Provide sysfs option to configure dbc descriptors
     - xhci: dbc: poll at different rate depending on data transfer activity
     - xhci: dbc: Allow users to modify DbC poll interval via sysfs
     - xhci: dbc: Improve performance by removing delay in transfer event
       polling.
     - xhci: dbc: Avoid event polling busyloop if pending rx transfers are
       inactive.
     - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
       event
     - NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
     - net: usb: asix_devices: Check return value of usbnet_get_endpoints
     - fbcon: Set fb_display[i]->mode to NULL when the mode is released
     - fbdev: atyfb: Check if pll_ops->init_pll failed
     - ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
       (CVE-2025-40211)
     - fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)*
     - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
       Mode (CVE-2025-40321)
     - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
     - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
     - mptcp: restore window probe
     - [x86] fpu: Ensure XFD state on signal delivery
     - wifi: ath10k: Fix memory leak on unsupported WMI command
     - [arm64] drm/msm/a6xx: Fix GMU firmware parser
     - ALSA: usb-audio: fix control pipe direction
     - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
     - scsi: ufs: core: Initialize value of an attribute returned by uic cmd
     - bpf: Do not audit capability check in do_jit()
     - [arm64] ASoC: fsl_sai: fix bit order for DSD format
     - libbpf: Fix powerpc's stack register definition in bpf_tracing.h
     - usbnet: Prevents free active kevent
     - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
       (CVE-2025-40318)
     - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
     - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
     - Bluetooth: ISO: Add support for periodic adv reports processing
     - Bluetooth: ISO: Fix another instance of dst_type handling
     - [arm64,armhf] drm/etnaviv: fix flush sequence logic
     - [arm64] net: hns3: return error code when function fails
     - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
     - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
     - block: make REQ_OP_ZONE_OPEN a write operation
     - regmap: slimbus: fix bus_context pointer in regmap init calls
       (CVE-2025-40317)
     - Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"
       (Closes: #1119232)
     - [s390x] pci: Restore IRQ unconditionally for the zPCI device
     - net: phy: dp83867: Disable EEE support as not implemented
     - mptcp: change 'first' as a parameter
     - mptcp: drop bogus optimization in __mptcp_check_push()
     - can: gs_usb: increase max interface to U8_MAX
     - cacheinfo: Return error code in init_of_cache_level()
     - cacheinfo: Check 'cache-unified' property to count cache leaves
     - ACPI: PPTT: Remove acpi_find_cache_levels()
     - ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info()
     - arch_topology: Build cacheinfo from primary CPU
     - cacheinfo: Initialize variables in fetch_cache_info()
     - cacheinfo: Fix LLC is not exported through sysfs
     - drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug
     - [arm64] tegra: Update cache properties
     - filemap: add a kiocb_invalidate_pages helper
     - filemap: add a kiocb_invalidate_post_direct_write helper
     - filemap: update ki_pos in generic_perform_write
     - fs: factor out a direct_write_fallback helper
     - direct_write_fallback(): on error revert the ->ki_pos update from buffered
       write
     - block: open code __generic_file_write_iter for blkdev writes
     - block: fix race between set_blocksize and read paths (CVE-2025-38073)
     - nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()
     - usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
       (CVE-2025-40315)
     - drm/sysfb: Do not dereference NULL pointer in plane reset
     - drm/sched: Fix race in drm_sched_entity_select_rq()
     - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump
     - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs
     - bpf: Don't use %pK through printk
     - pinctrl: single: fix bias pull up/down handling in pin_config_set
     - [arm64] mmc: host: renesas_sdhi: Fix the actual clock
     - memstick: Add timeout to prevent indefinite waiting
     - cpufreq/longhaul: handle NULL policy in longhaul_exit
     - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
     - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
     - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
     - hwmon: (sbtsi_temp) AMD CPU extended temperature range support
     - power: supply: sbs-charger: Support multiple devices
     - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
     - ACPICA: dispatcher: Use acpi_ds_clear_operands() in
       acpi_ds_call_control_method()
     - [arm64] tee: allow a driver to allocate a tee_device without a pool
     - nvmet-fc: avoid scheduling association deletion twice (CVE-2025-40343)
     - nvme-fc: use lock accessing port_state and rport state (CVE-2025-40342)
     - [arm64] video: backlight: lp855x_bl: Set correct EPROM start for LP8556
     - tools/cpupower: fix error return value in cpupower_write_sysfs()
     - cpuidle: Fail cpuidle device registration if there is one already
     - futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
     - bpf: Clear pfmemalloc flag when freeing all fragments
     - nvme: Use non zero KATO for persistent discovery connections
     - uprobe: Do not emulate/sstep original instruction when ip is changed
     - [x86] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
     - [x86] hwmon: (dell-smm) Add support for Dell OptiPlex 7040
     - [x86] tools/cpupower: Fix incorrect size in cpuidle_state_disable()
     - [x86] tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
     - [x86] tools/power x86_energy_perf_policy: Enhance HWP enable
     - [x86] tools/power x86_energy_perf_policy: Prefer driver HWP limits
     - [armhf] mfd: stmpe: Remove IRQ domain upon removal
     - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE
     - drm/amd/display: add more cyan skillfish devices
     - drm/amd/pm: Use cached metrics data on aldebaran
     - drm/amd/pm: Use cached metrics data on arcturus
     - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
     - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
     - PCI: Disable MSI on RDC PCI to PCIe bridges
     - drm/amdkfd: return -ENOTTY for unsupported IOCTLs
     - media: pci: ivtv: Don't create fake v4l2_fh
     - [x86] vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
     - net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
     - ice: Don't use %pK through printk or tracepoints
     - thunderbolt: Use is_pciehp instead of is_hotplug_bridge
     - [powerpc*] eeh: Use result of error_detected() in uevent
     - [s390x] pci: Use pci_uevent_ers() in PCI recovery
     - bridge: Redirect to backup port when port is administratively down
     - net: ipv6: fix field-spanning memcpy warning in AH output
     - media: imon: make send_packet() more robust
     - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
     - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
     - char: misc: Does not request module for miscdevice with dynamic minor
     - net: When removing nexthops, don't call synchronize_net if it is not
       necessary
     - net: Call trace_sock_exceed_buf_limit() for memcg failure with
       SK_MEM_RECV.
     - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
     - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
     - rds: Fix endianness annotation for RDS_MPATH_HASH
     - scsi: mpi3mr: Fix controller init failure on fault during queue creation
     - scsi: pm80xx: Fix race condition caused by static variables
     - extcon: adc-jack: Fix wakeup source leaks on device unbind
     - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
     - drm/amdkfd: fix vram allocation failure for a special case
     - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
     - media: fix uninitialized symbol warnings
     - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
     - scsi: pm8001: Use int instead of u32 to store error codes
     - ptp: Limit time setting of PTP clocks
     - dmaengine: sh: setup_xref error handling
     - dmaengine: mv_xor: match alloc_wc and free_wc
     - dmaengine: dw-edma: Set status for callback_result
     - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
     - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
     - drm/amdgpu: Allow kfd CRIU with no buffer objects
     - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
     - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
     - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls
       for decoders
     - ALSA: usb-audio: apply quirk for MOONDROP Quark2
     - net: call cond_resched() less often in __release_sock()
     - smsc911x: add second read of EEPROM mac when possible corruption seen
     - [amd64] iommu/amd: Skip enabling command/event buffers for kdump
     - drm/amd: add more cyan skillfish PCI ids
     - drm/amdgpu: don't enable SMU on cyan skillfish
     - drm/amdgpu: add support for cyan skillfish gpu_info
     - usb: gadget: f_hid: Fix zero length packet transfer
     - usb: cdns3: gadget: Use-after-free during failed initialization and exit
       of cdnsp gadget (CVE-2025-40314)
     - [arm64] drm/msm: make sure to not queue up recovery more than once
     - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
     - net: phy: marvell: Fix 88e1510 downshift counter errata
     - wifi: mac80211: Fix HE capabilities element check
     - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
       register 0
     - net: sh_eth: Disable WoL if system can not suspend
     - media: redrat3: use int type to store negative error codes
     - netfilter: nf_reject: don't reply to icmp error messages
     - [x86] kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
       PV_UNHALT
     - udp_tunnel: use netdev_warn() instead of netdev_WARN()
     - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
     - net/cls_cgroup: Fix task_get_classid() during qdisc run
     - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
     - ALSA: serial-generic: remove shared static buffer
     - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
     - drm/amd: Avoid evicting resources at S5
     - page_pool: always add GFP_NOWARN for ATOMIC allocations
     - ethernet: Extend device_get_mac_address() to use NVMEM
     - drm/amdgpu: reject gang submissions under SRIOV
     - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
       TGT_RESET
     - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
       lpfc_cleanup
     - scsi: lpfc: Define size of debugfs entry for xri rebalancing
     - allow finish_no_open(file, ERR_PTR(-E...))
     - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
     - [arm64,armhf] usb: xhci: plat: Facilitate using autosuspend for xhci plat
       devices
     - ipv6: np->rxpmtu race annotation
     - jfs: Verify inode mode when loading from disk (CVE-2025-40312)
     - jfs: fix uninitialized waitqueue in transaction manager
     - [amd64] iommu/vt-d: Replace snprintf with scnprintf in
       dmar_latency_snapshot()
     - wifi: ath10k: Fix connection after GTK rekeying
     - net: intel: fm10k: Fix parameter idx set but not used
     - r8169: set EEE speed down ratio to 1
     - [arm64] PCI: cadence: Check for the existence of cdns_pcie::ops before
       using it
     - vfio: return -ENOTTY for unsupported device feature
     - PCI/PM: Skip resuming to D0 if device is disconnected
     - NFSv4: handle ERR_GRACE on delegation recalls
     - NFSv4.1: fix mount hang after CREATE_SESSION failure
     - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
       dereferencing
     - net: bridge: Install FDB for bridge MAC on VLAN 0
     - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
     - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
     - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
     - ext4: increase IO priority of fastcommit
     - net/mlx5e: Don't query FEC statistics when FEC is disabled
     - net: macb: avoid dealing with endianness in macb_set_hwaddr()
     - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
     - Bluetooth: SCO: Fix UAF on sco_conn_free (CVE-2025-40309)
     - Bluetooth: bcsp: receive data only if registered (CVE-2025-40308)
     - ALSA: usb-audio: add mono main switch to Presonus S1824c
     - exfat: limit log print for IO error
     - 6pack: drop redundant locking and refcounting
     - page_pool: Clamp pool size to max 16K pages
     - orangefs: fix xattr related buffer overflow... (CVE-2025-40306)
     - ftrace: Fix softlockup in ftrace_module_enable
     - ksmbd: use sock_create_kern interface to create kernel socket
     - smb: client: transport: avoid reconnects triggered by pending task work
     - ACPICA: Update dsmethod.c to get rid of unused variable warning
     - RDMA/irdma: Fix SD index calculation
     - RDMA/irdma: Remove unused struct irdma_cq fields
     - RDMA/irdma: Set irdma_cq cq_num field during CQ create
     - [arm64] RDMA/hns: Fix the modification of max_send_sge
     - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around
     - btrfs: mark dirty extent range for out of bound prealloc extents
     - fs/hpfs: Fix error code for new_inode() failure in
       mkdir/create/mknod/symlink
     - [arm64] rtc: pcf2127: clear minute/second interrupt
     - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
     - NTB: epf: Allow arbitrary BAR mapping
     - 9p: fix /sys/fs/9p/caches overwriting itself
     - 9p: sysfs_init: don't hardcode error to ENOMEM
     - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
     - ACPI: property: Return present device nodes only on fwnode interface
     - tools bitmap: Add missing asm-generic/bitsperlong.h include
     - tools: lib: thermal: don't preserve owner in install
     - tools: lib: thermal: use pkg-config to locate libnl3
     - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
       (CVE-2025-40304)
     - kbuild: uapi: Strip comments before size type check
     - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
     - ceph: add checking of wait_for_completion_killable() return value
     - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
     - Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
       (Closes: #1120680)
     - Bluetooth: hci_event: validate skb length for unknown CC opcode
       (CVE-2025-40301)
     - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
       bcm63xx
     - net: vlan: sync VLAN features with lower device
     - [armhf] net: dsa: b53: fix resetting speed and pause on forced link
     - [armhf] net: dsa: b53: fix enabling ip multicast
     - [armhf] net: dsa: b53: stop reading ARL entries if search is done
     - sctp: Hold RCU read lock while iterating over address list
     - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
     - sctp: Hold sock lock while iterating over address list
     - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
     - bnxt_en: Fix a possible memory leak in bnxt_ptp_init
     - net/mlx5e: SHAMPO, Fix skb size check for 64K pages
     - net: bridge: fix use-after-free due to MST port state bypass
       (CVE-2025-40297)
     - net: bridge: fix MST static key usage
     - tracing: Fix memory leaks in create_field_var()
     - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
       (CVE-2025-40294)
     - rtc: rx8025: fix incorrect register reference
     - smb: client: validate change notify buffer before copy
     - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
     - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
     - PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM
     - extcon: adc-jack: Cleanup wakeup source only if it was enabled
     - drm/amdgpu: Fix function header names in amdgpu_connectors.c
     - [x86] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
     - [x86] drm/i915: Fix conversion between clock ticks and nanoseconds
     - smb: client: fix refcount leak in smb2_set_path_attr
     - drm/amd: Fix suspend failure with secure display TA
     - compiler_types: Move unused static inline functions warning to W=2
     - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
     - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
       (CVE-2025-40288)
     - NFS4: Fix state renewals missing after boot
     - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
     - NFS: check if suid/sgid was cleared after a write as needed
     - smb/server: fix possible memory leak in smb2_read() (CVE-2025-40286)
     - smb/server: fix possible refcount leak in smb2_sess_setup()
       (CVE-2025-40285)
     - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
     - wifi: ath11k: Add tx ack signal support for management packets
     - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
     - net: fec: correct rx_bytes statistic for the case SHIFT16 is set
     - Bluetooth: MGMT: cancel mesh send timer when hdev removed (CVE-2025-40284)
     - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
       (CVE-2025-40283)
     - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
       (CVE-2025-40282)
     - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
     - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
     - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
       (CVE-2025-40281)
     - net/smc: fix mismatch between CLC header and proposal
     - tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)).
     - net: mdio: fix resource leak in mdiobus_register_device()
     - wifi: mac80211: skip rate verification for not captured PSDUs
     - af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)).
     - net/sched: act_connmark: transition to percpu stats and rcu
     - net_sched: act_connmark: use RCU in tcf_connmark_dump()
     - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
       (CVE-2025-40279)
     - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
       (CVE-2025-40278)
     - net/mlx5e: Fix maxrate wraparound in threshold between units
     - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
     - net/mlx5: Expose shared buffer registers bits and structs
     - net/mlx5e: Add API to query/modify SBPR and SBCM registers
     - net/mlx5e: Update shared buffer along with device buffer changes
     - net/mlx5e: Consider internal buffers size in port buffer calculations
     - net/mlx5e: Remove mlx5e_dbg() and msglvl support
     - net/mlx5e: Fix potentially misleading debug message
     - net_sched: limit try_bulk_dequeue_skb() batches
     - hsr: Fix supervision frame sending on HSRv0
     - ACPI: CPPC: Check _CPC validity for only the online CPUs
     - ACPI: CPPC: Perform fast check switch only for online CPUs
     - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
     - Bluetooth: L2CAP: export l2cap_chan_hold for modules
     - acpi,srat: Fix incorrect device handle check for Generic Initiator
     - regulator: fixed: fix GPIO descriptor leak on register failure
     - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
       (CVE-2025-40277)
     - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
     - ALSA: usb-audio: Fix NULL pointer dereference in
       snd_usb_mixer_controls_badd (CVE-2025-40275)
     - bpf: Add bpf_prog_run_data_pointers()
     - softirq: Add trace points for tasklet entry/exit
     - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
     - espintcp: fix skb leaks (CVE-2025-38057)
     - lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
     - asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch
     - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
     - HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
     - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
     - ksmbd: close accepted socket when per-IP limit rejects connection
     - strparser: Fix signed/unsigned mismatch bug
     - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
     - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
     - wifi: mac80211: reject address change while connecting
     - fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
     - [arm64] mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
     - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
       (CVE-2025-40269)
     - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
     - spi: Try to get ACPI GPIO IRQ earlier
     - btrfs: do not update last_log_commit when logging inode due to a new name
     - virtio-net: fix received length check in big packets (CVE-2025-40292)
     - scsi: ufs: core: Add a quirk to suppress link_startup_again
     - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel
       ADL
     - iommufd: Don't overflow during division for dirty tracking
       (CVE-2025-40293)
     - [x86] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
     - net: netpoll: fix incorrect refcount handling causing incorrect cleanup
     - eventpoll: Replace rwlock with spinlock
     - mm, percpu: do not consider sleepable allocations atomic
     - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
     - asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv
       and loongarch"
     - net/mlx5: Fix memory leak in error flow of port set buffer
     - net/sched: act_connmark: handle errno on tcf_idr_check_alloc
     - net/mlx5e: Do not update SBCM when prio2buffer command is invalid
     - net/mlx5e: Preserve shared buffer capacity during headroom updates
     - timers: Fix NULL function pointer race in timer_shutdown_sync()
     - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
       (Closes: #1114557)
     - mtdchar: fix integer overflow in read/write ioctls
     - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
     - mptcp: Disallow MPTCP subflows from sockmap
     - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
     - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
     - Input: cros_ec_keyb - fix an invalid memory access (CVE-2025-40263)
     - Input: imx_sc_key - fix memory corruption on unload (CVE-2025-40262)
     - Input: pegasus-notetaker - fix potential out-of-bounds access
     - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
       (CVE-2025-40261)
     - scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
     - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
     - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
     - mptcp: fix ack generation for fallback msk
     - mptcp: fix premature close in case of fallback
     - mptcp: avoid unneeded subflow-level drops
     - mptcp: do not fallback when OoO is present
     - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple()
     - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
     - xfrm: Determine inner GSO type from packet inner protocol
     - [arm64,armhf] gpu: host1x: Select context device based on attached IOMMU
     - [arm64,armhf] drm/tegra: Add call to put_pid()
     - net: openvswitch: remove never-working support for setting nsh fields
       (CVE-2025-40254)
     - nvme-multipath: fix lockdep WARN due to partition scan work
     - [s390x] ctcm: Fix double-kfree (CVE-2025-40253)
     - [x86] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes
       to errnos
     - kernel.h: Move ARRAY_SIZE() to a separate header
     - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and
       qede_tpa_end()
     - vsock: Ignore signal/timeout on connect() if already established
     - bcma: don't register devices disabled in OF
     - cifs: fix typo in enable_gcm_256 module parameter
     - scsi: core: Fix a regression triggered by scsi_host_busy()
     - net: tls: Cancel RX async resync request on rcd_delta overflow
     - mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
     - mm/mm_init: fix hash table order logging in alloc_large_system_hash()
     - ALSA: usb-audio: fix uac2 clock source at terminal parser
     - tracing/tools: Fix incorrcet short option in usage text for --threads
     - uio_hv_generic: Set event for all channels on the device
       (Closes: #1120602)
     - mm/truncate: unmap large folio on split failure
     - maple_tree: fix tracepoint string pointers
     - mptcp: decouple mptcp fastclose from tcp close
     - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
     - mm/mempool: replace kmap_atomic() with kmap_local_page()
     - mm/mempool: fix poisoning order>0 pages with HIGHMEM
     - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
     - ata: libata-scsi: Fix system suspend for a security locked drive
     - HID: amd_sfh: Stop sensor before starting
     - [armhf] pmdomain: samsung: plug potential memleak during probe
     - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration
       failure
     - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove
     - filemap: cap PTE range to be created to allowed zero fill in
       folio_map_range()
     - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
     - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted
       URBs
     - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
       accessing header
     - Bluetooth: SMP: Fix not generating mackey and ltk when repairing
     - [x86] platform/x86: intel: punit_ipc: fix memory corruption
     - net: aquantia: Add missing descriptor cache invalidation on ATL2
     - net/mlx5e: Fix validation logic in rate limiting
     - net: sxgbe: fix potential NULL dereference in sxgbe_rx()
     - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
     - net: atlantic: fix fragment overflow handling in RX path
     - mailbox: Allow direct registration to a channel
     - [amd64,arm64] mailbox: pcc: Use mbox_bind_client
     - [amd64,arm64] mailbox: pcc: Add support for platform notification handling
     - [amd64,arm64] mailbox: pcc: Support shared interrupt for multiple
       subspaces
     - ACPI: PCC: Add PCC shared memory region command and status bitfields
     - [amd64,arm64] mailbox: pcc: Check before sending MCTP PCC response ACK
     - [amd64,arm64] mailbox: pcc: Refactor error handling in irq handler into
       separate function
     - [amd64,arm64] mailbox: pcc: don't zero error register
     - [x86] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
     - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
     - iio:common:ssp_sensors: Fix an error handling path ssp_probe()
     - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411)
     - iio: accel: fix ADXL355 startup race condition
     - iio: adc: ad7280a: fix ad7280_store_balance_timer()
     - [mips*] mm: Prevent a TLB shutdown on initial uniquification
     - [mips*] mm: kmalloc tlb_vpn array to avoid stack overflow
     - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
     - atm/fore200e: Fix possible data race in fore200e_open()
     - can: sja1000: fix max irq loop handling
     - [armhf] can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
     - dm-verity: fix unreliable memory allocation
     - [arm64,armhf] drivers/usb/dwc3: fix PCI parent check
     - smb: client: fix memory leak in cifs_construct_tcon()
     - [x86] thunderbolt: Add support for Intel Wildcat Lake
     - firmware: stratix10-svc: fix bug in saving controller data
     - [arm64,armhf] serial: amba-pl011: prefer dma_mapping_error() over explicit
       address checking
     - usb: cdns3: Fix double resource release in cdns3_pci_probe
     - usb: gadget: f_eem: Fix memory leak in eem_unwrap
     - usb: storage: Fix memory leak in USB bulk transport
     - USB: storage: Remove subclass and protocol overrides from Novatek quirk
     - usb: storage: sddr55: Reject out-of-bound new_pba
     - usb: uas: fix urb unmapping issue when the uas device is remove during
       ongoing data transfer
     - [arm64,armhf] usb: dwc3: Fix race condition between concurrent
       dwc3_remove_requests() call paths
     - USB: serial: ftdi_sio: add support for u-blox EVK-M101
     - USB: serial: option: add support for Rolling RW101R-GL
     - drm/amd/display: Check NULL before accessing
     - libceph: fix potential use-after-free in have_mon_and_osd_map()
     - libceph: prevent potential out-of-bounds writes in
       handle_auth_session_key()
     - libceph: replace BUG_ON with bounds check for map->max_osd
     - nfsd: Replace clamp_t in nfsd4_get_drc_mem()
     - net: macb: fix unregister_netdev call order in macb_remove()
       (CVE-2025-39805)
     - mptcp: fix duplicate reset on fastclose
     - mptcp: Fix proto fallback detection with BPF
     - staging: rtl8712: Remove driver using deprecated API wext
     - ksmbd: fix use-after-free in session logoff (CVE-2025-37899)
     - usb: typec: ucsi: psy: Set max current to zero when disconnected
     - usb: udc: Add trace event for usb_gadget_set_state
     - usb: gadget: udc: fix use-after-free in usb_gadget_state_work
     - scsi: pm80xx: Set phy->enable_completion only when we
     - [arm64] i2c: xgene-slimpro: Migrate to use generic PCC shmem related
       macros
     - HID: core: Harden s32ton() against conversion to 0 bits
 .
   [ Ben Hutchings ]
   * tools/hv: Make the sample hv_get_dhcp_info script more useful
   * hyperv-daemons: Install the sample network info scripts (Closes: #919350)
linux (6.1.158-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.154
     - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
       supported
     - wifi: mac80211: increase scan_ies_len for S1G
     - wifi: mac80211: fix incorrect type for ret
     - cgroup: split cgroup_destroy_wq into 3 workqueues
     - btrfs: fix invalid extref key setup when replaying dentry
     - qed: Don't collect too many protection override GRC elements
     - mptcp: set remote_deny_join_id0 on SYN recv
     - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
     - i40e: remove redundant memory barrier when cleaning Tx descs
     - bonding: don't set oif to bond dev when getting NS target destination
     - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
     - tls: make sure to abort the stream if headers are bogus
     - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
     - net: liquidio: fix overflow in octeon_init_instr_queue()
     - cnic: Fix use-after-free bugs in cnic_delete_task
     - ksmbd: smbdirect: validate data_offset and data_length field of
       smb_direct_data_transfer
     - ksmbd: smbdirect: verify remaining_data_length respects
       max_fragmented_recv_size
     - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
     - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
     - power: supply: bq27xxx: restrict no-battery detection to bq27000
     - [x86] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
     - btrfs: tree-checker: fix the incorrect inode ref size check
     - mmc: mvsdio: Fix dma_unmap_sg() nents value
     - [x86] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is
       active
     - rds: ib: Increment i_fastreg_wrs before bailing out
     - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
     - io_uring: backport io_should_terminate_tw()
     - io_uring: include dying ring in task_work "should cancel" state
     - [x86] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
       message
     - [arm64] drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
     - crypto: af_alg: Indent the loop in af_alg_sendmsg()
     - crypto: af_alg - Set merge to zero early in af_alg_sendmsg
     - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
     - mptcp: pm: nl: announce deny-join-id0 flag
     - phy: Use device_get_match_data()
     - [armhf] phy: ti: omap-usb2: fix device leak at unbind
     - xhci: dbc: decouple endpoint allocation from initialization
     - xhci: dbc: Fix full DbC transfer ring after several reconnects
     - mptcp: propagate shutdown to subflows when possible
     - net: rfkill: gpio: add DT support
     - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
     - crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES
     - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.155
     - ALSA: usb-audio: Fix block comments in mixer_quirks
     - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
     - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
     - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
     - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
     - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
     - ALSA: usb-audio: Convert comma to semicolon
     - ALSA: usb-audio: Fix build with CONFIG_INPUT=n
     - usb: core: Add 0x prefix to quirks debug output
     - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
     - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
     - ALSA: usb-audio: Add mute TLV for playback volumes on more devices
     - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
     - mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
     - mm: add folio_expected_ref_count() for reference count calculation
     - mm/gup: check ref_count instead of lru before migration
     - mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
     - mm: folio_may_be_lru_cached() unless folio_test_large()
     - cpufreq: Initialize cpufreq-based invariance before subsys
     - smb: server: don't use delayed_work for post_recv_credits_work
     - bpf: Reject bpf_timer for PREEMPT_RT
     - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
     - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer
       overflow
     - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
     - can: peak_usb: fix shift-out-of-bounds issue
     - Bluetooth: hci_sync: Fix hci_resume_advertising_sync
     - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
     - bnxt_en: correct offset handling for IPv6 destination address
     - nexthop: Forbid FDB status change while nexthop is in a group
     - [x86] drm/gma500: Fix null dereference in hdmi teardown
     - futex: Prevent use-after-free during requeue-PI
     - i40e: fix idx validation in i40e_validate_queue_map
     - i40e: fix input validation logic for action_meta
     - i40e: add max boundary check for VF filters
     - i40e: add mask to apply valid bits for itr_idx
     - i40e: improve VF MAC filters accounting
     - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
     - tracing: dynevent: Add a missing lockdown check on dynevent
     - afs: Fix potential null pointer dereference in afs_put_server
     - mm/hugetlb: fix folio is still mapped when deleted
     - fbcon: fix integer overflow in fbcon_do_set_font
     - fbcon: Fix OOB access in font allocation
     - [s390x] cpum_cf: Fix uninitialized warning after backport of ce971233242b
     - mm: migrate_device: use more folio in migrate_device_finalize()
     - mm/migrate_device: don't add folio to be freed to LRU in
       migrate_device_finalize() (CVE-2025-21861)
     - minmax: add in_range() macro
     - minmax: Introduce {min,max}_array()
     - minmax: deduplicate __unconst_integer_typeof()
     - minmax: fix indentation of __cmp_once() and __clamp_once()
     - minmax: avoid overly complicated constant expressions in VM code
     - drm/ast: Use msleep instead of mdelay for edid read
     - i40e: fix validation of VF state in get resources
     - i40e: fix idx validation in config queues msg
     - i40e: increase max descriptors for XL710
     - i40e: add validation for ring_len param
     - minmax: make generic MIN() and MAX() macros available everywhere
     - minmax: add a few more MIN_T/MAX_T users
     - minmax: simplify and clarify min_t()/max_t() implementation
     - [x86] drm/i915/backlight: Return immediately when scale() finds invalid
       parameters
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.156
     - crypto: sha256 - fix crash at kexec
     - scsi: target: target_core_configfs: Add length check to avoid buffer
       overflow (CVE-2025-39998)
     - media: b2c2: Fix use-after-free causing by irq_check_work in
       flexcop_pci_remove (CVE-2025-39996)
     - media: rc: fix races with imon_disconnect() (CVE-2025-39993)
     - [arm64] KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
     - media: tunner: xc5000: Refactor firmware load
     - media: tuner: xc5000: Fix use-after-free in xc5000_release
       (CVE-2025-39994)
     - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
       probe (CVE-2025-39995)
     - minmax: don't use max() in situations that want a C constant expression
     - minmax: simplify min()/max()/clamp() implementation
     - minmax: improve macro expansion and type checking
     - minmax: fix up min3() and max3() too
     - minmax.h: add whitespace around operators and after commas
     - minmax.h: update some comments
     - minmax.h: reduce the #define expansion of min(), max() and clamp()
     - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
     - minmax.h: move all the clamp() definitions after the min/max() ones
     - minmax.h: simplify the variants of clamp()
     - minmax.h: remove some #defines that are only expanded once
     - USB: serial: option: add SIMCom 8230C compositions
     - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
     - dm-integrity: limit MAX_TAG_SIZE to 255
     - perf subcmd: avoid crash in exclude_cmds when excludes is empty
     - [x86] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
     - btrfs: ref-verify: handle damaged extent root tree
     - can: hi311x: fix null pointer dereference when resuming from sleep before
       interface was enabled
     - hid: fix I2C read buffer overflow in raw_event() for mcp2221
     - driver core/PM: Set power.no_callbacks along with power.no_pm
     - crypto: rng - Ensure set_ent is always present
     - net/9p: fix double req put in p9_fd_cancelled
     - filelock: add FL_RECLAIM to show_fl_flags() macro
     - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
     - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast
     - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF()
     - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
     - smb: server: fix IRD/ORD negotiation with the client
     - [x86] vdso: Fix output operand size of RDPID
     - regmap: Remove superfluous check for !config in __regmap_init()
     - bpf: Remove migrate_disable in kprobe_multi_link_prog_run
     - libbpf: Fix reuse of DEVMAP
     - ACPI: processor: idle: Fix memory leak when register cpuidle device failed
     - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
     - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux
     - blk-mq: check kobject state_in_sysfs before deleting in
       blk_mq_unregister_hctx
     - block: use int to store blk_stack_limits() return value
     - PM: sleep: core: Clear power.must_resume in noirq suspend error path
     - [arm64] power: supply: cw2015: Fix a alignment coding style issue
     - [arm64] pinctrl: renesas: Use int type to store negative error codes
     - null_blk: Fix the description of the cache_size module argument
     - nbd: restrict sockets to TCP and UDP
     - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation
     - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
     - i3c: master: svc: Use manual response for IBI events
     - i3c: master: svc: Recycle unused IBI slot
     - bpf: Explicitly check accesses to bpf_sock_addr
     - smp: Fix up and expand the smp_call_function_many() kerneldoc
     - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host
       headers
     - i2c: designware: Add disabling clocks when probe fails
     - bpf: Enforce expected_attach_type for tailcall compatibility
     - drm/radeon/r600_cs: clean up of dead code in r600_cs
     - drm/amd/display: Remove redundant semicolons
     - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
     - scsi: myrs: Fix dma_alloc_coherent() error check
     - ALSA: lx_core: use int type to store negative error codes
     - media: st-delta: avoid excessive stack usage
     - drm/amdgpu: Power up UVD 3 for FW validation (v2)
     - drm/amd/pm: Disable ULV even if unsupported (v3)
     - drm/amd/pm: Fix si_upload_smc_data (v3)
     - drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
     - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
     - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
     - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
     - wifi: mwifiex: send world regulatory domain to driver
     - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys
       allocation
     - tcp: fix __tcp_close() to only send RST when required
     - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
     - [armhf] usb: phy: twl6030: Fix incorrect type for ret
     - usb: gadget: configfs: Correctly set use_os_string at bind
     - misc: genwqe: Fix incorrect cmd field being reported in error
     - pps: fix warning in pps_register_cdev when register device fail
     - [x86] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
     - [arm64] drm/msm/dpu: fix incorrect type for ret
     - iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
     - netfilter: ipset: Remove unused htable_bits in macro ahash_region
     - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
       watchdog
     - drivers/base/node: handle error properly in register_one_node()
     - RDMA/cm: Rate limit destroy CM ID timeout error message
     - wifi: mt76: fix potential memory leak in mt76_wmac_probe()
     - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
     - scsi: qla2xxx: edif: Fix incorrect sign of error code
     - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
     - f2fs: fix zero-sized extent for precache extents
     - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems
       Running"
     - RDMA/core: Resolve MAC of next-hop device without ARP support
     - IB/sa: Fix sa_local_svc_timeout_ms read race
     - Documentation: trace: historgram-design: Separate sched_waking histogram
       section heading and the following diagram
     - wifi: ath10k: avoid unnecessary wait for service ready message
     - wifi: mac80211: fix Rx packet handling when pubsta information is not
       available
     - wifi: rtw89: avoid circular locking dependency in ser_state_run()
     - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR
     - [arm64] coresight: trbe: Return NULL pointer for allocation failures
     - NFSv4.1: fix backchannel max_resp_sz verification check
     - ipvs: Defer ip_vs_ftp unregister during netns cleanup
     - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
     - usb: vhci-hcd: Prevent suspending virtually attached devices
     - RDMA/siw: Always report immediate post SQ errors
     - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
     - Bluetooth: MGMT: Fix not exposing debug UUID on
       MGMT_OP_READ_EXP_FEATURES_INFO
     - Bluetooth: ISO: Fix possible UAF on iso_conn_free
     - Bluetooth: ISO: don't leak skb in ISO_CONT RX
     - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
     - ocfs2: fix double free in user_cluster_connect()
     - drivers/base/node: fix double free in register_one_node()
     - nfp: fix RSS hash key size when RSS is not supported
     - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
       configurable
     - net: dlink: handle copy_thresh allocation failure
     - net/mlx5: Stop polling for command response if interface goes down
     - net/mlx5: pagealloc: Fix reclaim race during command interface teardown
     - net/mlx5: fw reset, add reset timeout work
     - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
     - Squashfs: fix uninit-value in squashfs_get_parent
     - uio_hv_generic: Let userspace take care of interrupt mask
     - fs: udf: fix OOB read in lengthAllocDescs handling
     - net: nfc: nci: Add parameter validation for packet data
     - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of
       devm_gpiochip_add_data()
     - dm: fix queue start/stop imbalance under suspend/load/resume races
     - dm: fix NULL pointer dereference in __dm_suspend()
     - ksmbd: fix error code overwriting in smb2_get_info_filesystem()
     - ext4: fix checks for orphan inodes
     - mm: hugetlb: avoid soft lockup when mprotect to large memory area
     - Input: atmel_mxt_ts - allow reset GPIO to sleep
     - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
     - pinctrl: check the return value of pinmux_ops::get_function_name()
     - [arm64] bus: fsl-mc: Check return value of platform_get_resource()
     - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
     - [x86] usb: typec: tipd: Clear interrupts first
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.157
     - fs: always return zero on success from replace_fd()
     - fscontext: do not consume log entries when returning -EMSGSIZE
     - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
     - media: v4l2-subdev: Fix alloc failure check in
       v4l2_subdev_call_state_try()
     - perf evsel: Avoid container_of on a NULL leader
     - libperf event: Ensure tracing data is multiple of 8 sized
     - perf util: Fix compression checks returning -1 as bool
     - [mips*] rtc: x1205: Fix Xicor X1205 vendor prefix
         - perf session: Fix handling when buffer exceeds 2 GiB
     - scsi: libsas: Add sas_task_find_rq()
     - scsi: mvsas: Delete mvs_tag_init()
     - scsi: mvsas: Use sas_task_find_rq() for tagging
     - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001)
     - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
     - drm/vmwgfx: Fix Use-after-free in validation
     - drm/vmwgfx: Fix copy-paste typo in validation
     - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
     - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
     - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister()
       call
     - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in
       zynqmp_ipi_free_mboxes
     - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
     - drm/amdgpu: Add additional DCE6 SCL registers
     - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
     - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
     - drm/amd/display: Properly disable scaling on DCE6
     - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
     - crypto: essiv - Check ssize for decryption and in-place encryption
     - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
     - bpf: Avoid RCU context warning when unpinning htab with internal structs
     - ACPI: property: Fix buffer properties extraction for subnodes
     - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
     - ACPI: debug: fix signedness issues in read/write helpers
     - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in
       amx3_idle_init
     - cpuidle: governors: menu: Avoid using invalid recent intervals data
     - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required
     - xen/events: Cleanup find_virq() return codes
     - xen/manage: Fix suspend error path
     - [arm64] firmware: meson_sm: fix device leak at probe
     - drm/nouveau: fix bad ret code in nouveau_bo_move_prep
     - blk-crypto: fix missing blktrace bio split events
     - btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
     - bus: mhi: host: Do not use uninitialized 'dev' pointer in
       mhi_init_irq_setup()
     - copy_sighand: Handle architectures where sizeof(unsigned long) <
       sizeof(u64)
     - [x86] cpufreq: intel_pstate: Fix object lifecycle issue in
       update_qos_request()
     - init: handle bootloader identifier in kernel parameters
     - [x86] iommu/vt-d: PRS isn't usable if PDS isn't supported
     - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in
       sys_prlimit64() paths
     - KEYS: trusted_tpm1: Compare HMAC values in constant time
     - lib/genalloc: fix device leak in of_gen_pool_get()
     - openat2: don't trigger automounts with RESOLVE_NO_XDEV
     - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
     - [powerpc*] powernv/pci: Fix underflow and leak issue
     - [powerpc*] pseries/msi: Fix potential underflow and leak issue
     - pwm: berlin: Fix wrong register in suspend/resume
     - sched/deadline: Fix race in push_dl_task()
     - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
     - sctp: Fix MAC comparison to be constant-time
     - mmc: core: SPI mode remove cmd7
     - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in
       exynos_srom_probe
     - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw
       spinlock
     - PCI/sysfs: Ensure devices are powered for config reads
     - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
     - PCI/ERR: Fix uevent on failure to recover
     - PCI/AER: Fix missing uevent on recovery when a reset is requested
     - PCI/AER: Support errors introduced by PCIe r6.0
     - spi: cadence-quadspi: Flush posted register writes before INDAC access
     - spi: cadence-quadspi: Flush posted register writes before DAC access
     - [x86] umip: Check that the instruction opcode is at least two bytes
     - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
       aliases)
     - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
     - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
     - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when
       max_huge_pages=0
     - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
     - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
     - ext4: verify orphan file size is not too big
     - ext4: increase i_disksize to offset + len in
       ext4_update_disksize_before_punch()
     - ext4: correctly handle queries for metadata mappings
     - ext4: guard against EA inode refcount underflow in xattr update
     - ACPICA: Allow to skip Global Lock initialization
     - ext4: free orphan info with kvfree
     - [x86] KVM: x86: Don't (re)check L1 intercepts when completing userspace
       I/O
     - Squashfs: add additional inode sanity checking
     - Squashfs: reject negative file sizes in squashfs_read_inode()
     - tracing: Fix race condition in kprobe initialization causing NULL pointer
       dereference
     - ksmbd: add max ip connections parameter
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
       value
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
       cache_type
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
     - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
     - rseq: Protect event mask against membarrier IPI
     - ipmi: Rework user message limit handling
     - ipmi: Fix handling of messages with provided receive message pointer
     - ACPI: property: Disregard references in data-only subnode lists
     - ACPI: property: Add code comments explaining what is going on
     - ACPI: property: Do not pass NULL handles to acpi_attach_data()
     - asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info
     - asm-generic/io.h: suppress endianness warnings for relaxed accessors
     - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
     - mptcp: pm: in-kernel: usable client side with C-flag
     - minixfs: Verify inode mode when loading from disk
     - pid: Add a judgment for ns null in pid_nr_ns
     - fs: Add 'initramfs_options' to set initramfs mount options
     - cramfs: Verify inode mode when loading from disk
     - writeback: Avoid softlockup when switching many inodes
     - writeback: Avoid excessively long inode switching times
     - xen/events: Update virq_to_irq on migration
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158
     - smb: client: Fix refcount leak for cifs_sb_tlink (CVE-2025-40103)
     - r8152: add error handling in rtl8152_driver_init
     - jbd2: ensure that all ongoing I/O complete before freeing blocks
     - ext4: wait for ongoing I/O to complete before freeing blocks
     - ext4: detect invalid INLINE_DATA + EXTENTS flag combination
     - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
       running
     - btrfs: do not assert we found block group item when creating free space
       tree (CVE-2025-40100)
     - cifs: parse_dfs_referrals: prevent oob on malformed input (CVE-2025-40099)
     - drm/amdgpu: use atomic functions with memory barriers for vm fault info
     - drm/amd: Check whether secure display TA loaded successfully
     - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value
     - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
     - usb: gadget: Store endpoint pointer in usb_request
     - usb: gadget: Introduce free_usb_request helper
     - usb: gadget: f_rndis: Refactor bind path to use __free() (CVE-2025-40095)
     - usb: gadget: f_ecm: Refactor bind path to use __free() (CVE-2025-40093)
     - usb: gadget: f_acm: Refactor bind path to use __free() (CVE-2025-40094)
     - usb: gadget: f_ncm: Refactor bind path to use __free() (CVE-2025-40092)
     - Documentation: Remove bogus claim about del_timer_sync()
     - [arm64,armhf] clocksource/drivers/arm_arch_timer: Do not use timer
       namespace for timer_shutdown() function
     - [arm64,armhf] clocksource/drivers/sp804: Do not use timer namespace for
       timer_shutdown() function
     - timers: Replace BUG_ON()s
     - Documentation: Replace del_timer/del_timer_sync()
     - timers: Silently ignore timers with a NULL function
     - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
     - timers: Add shutdown mechanism to the internal functions
     - timers: Provide timer_shutdown[_sync]()
     - timers: Update the documentation to reflect on the new timer_shutdown()
       API
     - Bluetooth: hci_qca: Fix the teardown problem for real
     - HID: multitouch: fix sticky fingers
     - dax: skip read lock assertion for read-only filesystems
     - [arm64] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
     - net: dlink: handle dma_map_single() failure properly
     - doc: fix seg6_flowlabel path
     - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
     - net/ip6_tunnel: Prevent perpetual tunnel growth
     - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface
       toggle
     - tcp: fix tcp_tso_should_defer() vs large RTT
     - tg3: prevent use of uninitialized remote_adv and local_adv variables
     - net: tls: wait for async completion on last message
     - tls: wait for async encrypt in case of error during latter iterations of
       sendmsg
     - tls: always set record_type in tls_process_cmsg
     - tls: wait for pending async decryptions if tls_strp_msg_hold fails
     - tls: don't rely on tx_work during send()
     - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
     - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
       lan78xx_reset
     - [x86] ASoC: nau8821: Cancel jdet_work before handling jack ejection
     - [x86] ASoC: nau8821: Generalize helper to clear IRQ status
     - [x86] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
     - drm/amd/powerplay: Fix CIK shutdown temperature
     - [arm64] drm/rockchip: vop2: use correct destination rectangle height check
     - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
     - sched/fair: Fix pelt lost idle time detection
     - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
     - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
       (CVE-2025-40085)
     - HID: hid-input: only ignore 0 battery events for digitizers
     - HID: multitouch: fix name of Stylus input devices
     - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
       (CVE-2025-40088)
     - PCI/sysfs: Ensure devices are powered for config reads (part 2)
     - exec: Fix incorrect type for ret
     - hfs: clear offset and space out of valid records in b-tree node
     - hfs: make proper initalization of struct hfs_find_data
     - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
     - hfs: validate record offset in hfsplus_bmap_alloc
     - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
     - dlm: check for defined force value in dlm_lockspace_release
     - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
     - hfsplus: return EIO when type of hidden directory mismatch in
       hfsplus_fill_super()
     - smb: server: let smb_direct_flush_send_list() invalidate a remote key
       first
     - net/mlx5e: Return 1 instead of 0 in invalid case in
       mlx5e_mpwrq_umr_entry_size()
     - rtnetlink: Allow deleting FDB entries in user namespace
     - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
     - [arm64] mm: avoid always making PTE dirty in pte_mkwrite()
     - sctp: avoid NULL dereference when chunk data buffer is missing
     - net: bonding: fix possible peer notify event loss or dup issue
     - Revert "cpuidle: menu: Avoid discarding useful information"
     - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
     - can: netlink: can_changelink(): allow disabling of automatic restart
     - [mips64el,mipsel] Malta: Fix keyboard resource preventing i8042 driver
       from registering
     - ocfs2: clear extent cache after moving/defragmenting extents
     - vsock: fix lock inversion in vsock_assign_transport()
     - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection
     - net: usb: rtl8150: Fix frame padding
     - io_uring: correct __must_hold annotation in io_install_fixed_file
     - USB: serial: option: add UNISOC UIS7720
     - USB: serial: option: add Quectel RG255C
     - USB: serial: option: add Telit FN920C04 ECM compositions
     - usb/core/quirks: Add Huawei ME906S to wakeup quirk
     - usb: raw-gadget: do not limit transfer length
     - xhci: dbc: enable back DbC in resume if it was enabled before suspend
     - [arm*] binder: remove "invalid inc weak" check
     - [x86] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106)
     - [x86] mei: me: add wildcat lake P DID
     - serial: 8250_dw: handle reset control deassert error
     - serial: 8250_exar: add support for Advantech 2 port card with Device ID
       0x0018
     - xfs: rename the old_crc variable in xlog_recover_process
     - xfs: fix log CRC mismatches between i386 and other architectures
     - PM: runtime: Add new devm functions
     - iio: imu: inv_icm42600: Simplify pm_runtime setup
     - iio: imu: inv_icm42600: use = { } instead of memset()
     - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended
     - padata: Reset next CPU when reorder sequence wraps around
     - fuse: allocate ff->release_args only if release is needed
     - fuse: fix livelock in synchronous file put from fuseblk workers
     - [arm64] mte: Do not flag the zero page as PG_mte_tagged
     - [arm64] PCI: j721e: Enable ACSPCIE Refclk if
       "ti,syscon-acspcie-proxy-ctrl" exists
     - [arm64] PCI: j721e: Fix programming sequence of "strap" settings
     - NFSD: Rework encoding and decoding of nfsd4_deviceid
     - NFSD: Minor cleanup in layoutcommit processing
     - NFSD: Fix last write offset handling in layoutcommit
     - vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)
     - NFSD: Define a proc_layoutcommit for the FlexFiles layout type
       (CVE-2025-40087)
     - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
     - drm/sched: Fix potential double free in
       drm_sched_job_add_resv_dependencies (CVE-2025-40096)
     - f2fs: add a f2fs_get_block_locked helper
     - f2fs: remove the create argument to f2fs_map_blocks
     - f2fs: factor a f2fs_map_blocks_cached helper
     - f2fs: fix wrong block mapping for multi-devices
     - PCI: Add PCI_VDEVICE_SUB helper macro
     - ixgbevf: Add support for Intel(R) E610 device
     - ixgbevf: fix getting link speed data for E610 devices
     - ixgbevf: fix mailbox API compatibility by negotiating supported features
       (CVE-2025-40104)
     - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
     - xfs: always warn about deprecated mount options
     - devcoredump: Fix circular locking dependency with devcd->mutex.
     - [x86] resctrl: Fix miscount of bandwidth event when reactivating
       previously unavailable RMID
     - ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
     - [s390x] cio: Update purge function to unregister the unused subchannels
     - [arm64] cputype: Add Neoverse-V3AE definitions
     - [arm64] errata: Apply workarounds for Neoverse-V3AE
     - ksmbd: transport_ipc: validate payload size before reading handle
       (CVE-2025-40084)
 .
   [ Ben Hutchings ]
   * d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in ..
   * d/salsa-ci.yml: Adjust filenames to allow source package name suffix
   * d/salsa-ci.yml: Fix cache configuration for build job
   * d/salsa-ci.yml: Move orig tarball generation to a separate job again
   * d/salsa-ci.yml: Restore lintian checking of source package
linux (6.1.153-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.149
     - io_uring: don't use int for ABI
     - ALSA: usb-audio: Validate UAC3 power domain descriptors, too
     - ALSA: usb-audio: Validate UAC3 cluster segment descriptors
     - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
     - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
     - smb3: fix for slab out of bounds on mount to ksmbd
     - smb: client: remove redundant lstrp update in negotiate protocol
     - gpio: virtio: Fix config space reading.
     - [amd64,arm64] net: phy: micrel: fix KSZ8081/KSZ8091 cable test
     - net: usb: asix_devices: add phy_mask for ax88772 mdio bus
     - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
     - NFSD: detect mismatch of file handle and delegation stateid in OPEN op
     - NFS: Fix the setting of capabilities when automounting a new filesystem
     - sunvdc: Balance device refcount in vdc_port_mpgroup_check
     - fs: Prevent file descriptor table allocations exceeding INT_MAX
     - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
     - Documentation: ACPI: Fix parent device references
     - ACPI: processor: perflib: Fix initial _PPC limit application
     - ACPI: processor: perflib: Move problematic pr->performance check
     - [amd64] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI
       shadow
     - [amd64] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
     - [amd64] KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
     - [amd64] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o
       VID
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL in common x86
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
     - [amd64] KVM: x86/pmu: Gate all "unimplemented MSR" prints on
       report_ignored_msrs
     - [amd64] KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
     - [amd64] KVM: VMX: Re-enter guest in fastpath for "spurious" preemption
       timer exits
     - [amd64] KVM: VMX: Handle forced exit due to preemption timer in fastpath
     - [amd64] KVM: x86: Move handling of is_guest_mode() into fastpath exit
       handlers
     - [amd64] KVM: VMX: Handle KVM-induced preemption timer exits in fastpath
       for L2
     - [amd64] KVM: x86: Fully defer to vendor code to decide how to force
       immediate exit
     - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
       bitmap
     - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
       flag
     - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
       supported
     - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper
     - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
     - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
       APIs
     - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running
       the guest
     - udp: also consider secpath when evaluating ipsec use for checksumming
     - netfilter: ctnetlink: fix refcount leak on table dump
     - hfs: fix slab-out-of-bounds in hfs_bnode_read()
     - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
     - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
     - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
     - [arm64] Handle KCOV __init vs inline mismatches
     - smb/server: avoid deadlock when linking with ReplaceIfExists
     - udf: Verify partition map count
     - drbd: add missing kref_get in handle_write_conflicts
     - hfs: fix not erasing deleted b-tree node issue
     - better lockdep annotations for simple_recursive_removal()
     - ata: libata-sata: Disallow changing LPM state if not supported
     - fs/ntfs3: Add sanity check for file name
     - fs/ntfs3: correctly create symlink for relative path
     - fix locking in efi_secret_unlink()
     - securityfs: don't pin dentries twice, once is enough...
     - usb: xhci: print xhci->xhc_state when queue_command failed
     - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
     - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
     - usb: xhci: Avoid showing warnings for dying controller
     - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
     - usb: xhci: Avoid showing errors during surprise removal
     - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
     - cpufreq: Exit governor when failed to start old governor
     - [armhf] rockchip: fix kernel hang during smp initialization
     - PM / devfreq: governor: Replace sscanf() with kstrtoul() in
       set_freq_store()
     - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
       successed
     - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
       required
     - tools/nolibc: define time_t in terms of __kernel_old_time_t
     - iio: adc: ad_sigma_delta: don't overallocate scan buffer
     - [armhf] tegra: Use I/O memcpy to write to IRAM
     - ACPI: PRM: Reduce unnecessary printing to avoid user confusion
     - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
     - thermal: sysfs: Return ENODATA instead of EAGAIN for reads
     - PM: sleep: console: Fix the black screen issue
     - ACPI: processor: fix acpi_object initialization
     - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
     - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
     - pps: clients: gpio: fix interrupt handling order in remove path
     - reset: brcmstb: Enable reset drivers for ARCH_BCM2835
     - mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
     - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
     - ALSA: hda: Handle the jack polling always via a work
     - ALSA: hda: Disable jack polling at shutdown
     - [amd64] x86/bugs: Avoid warning when overriding return thunk
     - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
     - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
     - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
     - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
     - usb: core: usb_submit_urb: downgrade type check
     - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
     - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline
       mismatches
     - platform/chrome: cros_ec_typec: Defer probe on missing EC parent
     - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
     - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
     - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
     - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
     - ASoC: codecs: rt5640: Retry DEVICE_ID verification
     - xen/netfront: Fix TX response spurious interrupts
     - net: usb: cdc-ncm: check for filtering capability
     - wifi: cfg80211: reject HTC bit for management frames
     - [s390x] time: Use monotonic clock in get_cycles()
     - be2net: Use correct byte order and format string for TCP seq and ack_seq
     - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
     - et131x: Add missing check after DMA map
     - net: ag71xx: Add missing check after DMA map
     - net/mlx5e: Properly access RCU protected qdisc_sleeping variable
     - [arm64] Mark kernel as tainted on SAE and SError panic
     - rcu: Protect ->defer_qs_iw_pending from data race
     - net: mctp: Prevent duplicate binds
     - wifi: cfg80211: Fix interface type validation
     - net: ipv4: fix incorrect MTU in broadcast routes
     - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
     - wifi: iwlwifi: mvm: fix scan request validation
     - [s390x] stp: Remove udelay from stp_sync_clock()
     - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
     - wifi: mac80211: don't complete management TX on SAE commit
     - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
       __ipv6_dev_mc_inc().
     - [arm64] drm/msm: use trylock for debugfs
     - wifi: rtw89: Fix rtw89_mac_power_switch() for USB
     - wifi: rtw89: Disable deep power saving for USB/SDIO
     - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit
     - [amd64] net: thunderbolt: Fix the parameter passing of
       tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
     - net: atlantic: add set_power to fw_ops for atl2 to fix wol
     - net: fec: allow disable coalescing
     - drm/amd/display: Separate set_gsl from set_gsl_source_select
     - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
     - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
     - drm/amd/display: Fix 'failed to blank crtc!'
     - wifi: mac80211: update radar_required in channel context after channel
       switch
     - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
     - [powerpc*] floppy: Add missing checks after DMA map
     - netmem: fix skb_frag_address_safe with unreadable skbs
     - wifi: iwlegacy: Check rate_idx range after addition
     - neighbour: add support for NUD_PERMANENT proxy entries
     - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
       manual
     - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
     - gve: Return error for unknown admin queue command
     - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
     - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
     - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325
     - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
     - ptp: Use ratelimite for freerun error message
     - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
     - ionic: clean dbpage in de-init
     - net: ncsi: Fix buffer overflow in fetching version id
     - drm/ttm: Should to return the evict error
     - uapi: in6: restore visibility of most IPv6 socket options
     - drm/ttm: Respect the shrinker core free target
     - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
     - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
     - vhost: fail early when __vhost_add_used() fails
     - drm/amd/display: Only finalize atomic_obj if it was initialized
     - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
       condition
     - cifs: Fix calling CIFSFindFirst() for root path without msearch
     - fbdev: fix potential buffer overflow in do_register_framebuffer()
     - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
     - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
     - fs/orangefs: use snprintf() instead of sprintf()
     - watchdog: dw_wdt: Fix default timeout
     - hwmon: (emc2305) Set initial PWM minimum value during probe based on
       thermal state
     - watchdog: iTCO_wdt: Report error if timeout configuration fails
     - scsi: bfa: Double-free fix
     - jfs: truncate good inode pages when hard link is 0
     - jfs: Regular file corruption check
     - jfs: upper bound check of tree index in dbAllocAG
     - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO
     - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
       control
     - leds: leds-lp50xx: Handle reg to get correct multi_index
     - [armhf] dmaengine: stm32-dma: configure next sg only if there are more
       than 2 sgs
     - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
     - RDMA/core: reduce stack using in nldev_stat_get_doit()
     - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
     - scsi: mpt3sas: Correctly handle ATA device errors
     - scsi: mpi3mr: Correctly handle ATA device errors
     - pinctrl: stm32: Manage irq affinity settings
     - media: tc358743: Check I2C succeeded during probe
     - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
     - media: tc358743: Increase FIFO trigger level to 374
     - media: usb: hdpvr: disable zero-length read messages
     - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
     - media: dvb-frontends: w7090p: fix null-ptr-deref in
       w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
     - media: uvcvideo: Fix bandwidth issue for Alcor camera
     - md: dm-zoned-target: Initialize return variable r to avoid uninitialized
       use
     - module: Prevent silent truncation of module name in delete_module(2)
     - i3c: add missing include to internal header
     - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
     - i3c: don't fail if GETHDRCAP is unsupported
     - i3c: master: Initialize ret in i3c_i2c_notifier_call()
     - dm-mpath: don't print the "loaded" message if registering fails
     - dm-table: fix checking for rq stackable devices
     - apparmor: use the condition in AA_BUG_FMT even with debug disabled
     - i2c: Force DLL0945 touchpad i2c freq to 100khz
     - vfio/type1: conditional rescheduling while pinning
     - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
     - scsi: target: core: Generate correct identifiers for PR OUT transport IDs
     - scsi: aacraid: Stop using PCI_IRQ_AFFINITY
     - vfio/mlx5: fix possible overflow in tracking max message size
     - ipmi: Use dev_warn_ratelimited() for incorrect message warnings
     - ipmi: Fix strcpy source and destination the same
     - net: phy: smsc: add proper reset flags for LAN8710A
     - block: avoid possible overflow for chunk_sectors check in
       blk_stack_limits()
     - pNFS: Fix stripe mapping in block/scsi layout
     - pNFS: Fix disk addr range check in block/scsi layout
     - pNFS: Handle RPC size limit for layoutcommits
     - pNFS: Fix uninited ptr deref in block/scsi layout
     - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
     - scsi: lpfc: Remove redundant assignment to avoid memory leak
     - ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
     - ASoC: soc-dai.h: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits
     - drm/amdgpu: fix incorrect vm flags to map bo
     - ext4: fix zombie groups in average fragment size lists
     - ext4: fix largest free orders lists corruption on mb_optimize_scan switch
     - usb: core: config: Prevent OOB read in SS endpoint companion parsing
     - misc: rtsx: usb: Ensure mmc child device is active when card is present
     - usb: typec: ucsi: Update power_supply on power role change
     - [amd64] comedi: fix race between polling and detaching
     - [amd64] thunderbolt: Fix copy+paste error in match_service_id()
     - cdc-acm: fix race between initial clearing halt and open
     - btrfs: zoned: use filesystem size not disk size for reclaim decision
     - btrfs: abort transaction during log replay if walk_log_tree() failed
     - btrfs: zoned: do not remove unwritten non-data block group
     - btrfs: fix log tree replay failure due to file with 0 links and extents
     - btrfs: do not allow relocation of partially dropped subvolumes
     - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
     - hv_netvsc: Fix panic during namespace deletion with VF
     - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
     - media: uvcvideo: Do not mark valid metadata as invalid
     - HID: magicmouse: avoid setting up battery timer when not needed
     - HID: apple: avoid setting up battery timer for devices without battery
     - serial: 8250: fix panic due to PSLVERR
     - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
     - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
     - usb: gadget: udc: renesas_usb3: fix device leak at unbind
     - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind
     - bus: mhi: host: Fix endianness of BHI vector table
     - bus: mhi: host: Detect events pointing to unexpected TREs
     - vt: keyboard: Don't process Unicode characters in K_OFF mode
     - vt: defkeymap: Map keycodes above 127 to K_HOLE
     - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
     - ksmbd: extend the connection limiting mechanism to support IPv6
     - ext4: check fast symlink for ea_inode correctly
     - ext4: fix fsmap end of range reporting with bigalloc
     - ext4: fix reserved gdt blocks handling in fsmap
     - ext4: use kmalloc_array() for array space allocation
     - ext4: fix hole length calculation overflow in non-extent inodes
     - scsi: mpi3mr: Fix race between config read submit and interrupt completion
     - ata: libata-scsi: Fix ata_to_sense_error() status handling
     - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host
       controllers
     - scsi: ufs: ufs-pci: Fix default runtime and system PM levels
     - iio: imu: bno055: fix OOB access of hw_xlate array
     - iio: adc: ad_sigma_delta: change to buffer predisable
     - wifi: brcmsmac: Remove const from tbl_ptr parameter in
       wlc_lcnphy_common_read_table()
     - wifi: ath11k: fix dest ring-buffer corruption
     - wifi: ath11k: fix source ring-buffer corruption
     - wifi: ath11k: fix dest ring-buffer corruption when ring is full
     - pwm: imx-tpm: Reset counter if CMOD is 0
     - pwm: mediatek: Handle hardware enable and clock enable separately
     - pwm: mediatek: Fix duty and period setting
     - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
     - mtd: spi-nor: Fix spi_nor_try_unlock_all()
     - PCI: endpoint: Fix configfs group list head handling
     - PCI: endpoint: Fix configfs group removal on driver teardown
     - vsock/virtio: Validate length in packet header before skb_put()
     - vhost/vsock: Avoid allocating arbitrarily-sized SKBs
     - jbd2: prevent softlockup in jbd2_log_do_checkpoint()
     - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state
     - media: gspca: Add bounds checking to firmware parser
     - [armhf] media: imx: fix a potential memory leak in
       imx_media_csc_scaler_device_init()
     - media: vivid: fix wrong pixel_array control size
     - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
     - media: usbtv: Lock resolution while streaming
     - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
     - media: ov2659: Fix memory leaks in ov2659_probe()
     - drm/amd: Restore cached power limit during resume
     - drm/amdgpu: Avoid extra evict-restore process.
     - drm/amdgpu: update mmhub 3.0.1 client id mappings
     - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
     - drm/amd/display: Don't overwrite dce60_clk_mgr
     - net, hsr: reject HSR frame if skb can't hold tag
     - ipv6: sr: Fix MAC comparison to be constant-time
     - ACPI: pfr_update: Fix the driver update version check
     - mptcp: drop skb if MPTCP skb extension allocation fails
     - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
     - f2fs: fix to do sanity check on ino and xnid (CVE-2025-38347)
     - iio: hid-sensor-prox: Restore lost scale assignments
     - iio: hid-sensor-prox: Fix incorrect OFFSET calculation
     - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event()
       (CVE-2025-38322)
     - [amd64] x86/mce/amd: Add default names for MCA banks and blocks
     - net: add netdev_lockdep_set_classes() to virtual drivers
     - btrfs: fix qgroup reservation leak on failure to allocate ordered extent
     - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
     - drm/sched: Remove optimization that causes hang when killing dependent
       jobs
     - net: enetc: fix device and OF node leak at probe
     - fscrypt: Don't use problematic non-inline crypto engines
     - block: reject invalid operation in submit_bio_noacct
     - block: Make REQ_OP_ZONE_FINISH a write operation
     - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
     - cifs: reset iface weights when we cannot find a candidate
     - usb: typec: fusb302: cache PD RX state
     - btrfs: qgroup: fix race between quota disable and quota rescan ioctl
     - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
     - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
     - btrfs: send: use fallocate for hole punching with send stream v2
     - net_sched: sch_ets: implement lockless ets_dump()
     - net/sched: ets: use old 'nbands' while purging unused classes
     - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
     - [armhf] usb: musb: omap2430: Convert to platform remove callback returning
       void
     - [armhf] usb: musb: omap2430: fix device leak at unbind
     - platform/chrome: cros_ec: Use per-device lockdep key
     - platform/chrome: cros_ec: remove unneeded label and if-condition
     - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
     - [arm64] usb: dwc3: imx8mp: fix device leak at unbind
     - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
     - btrfs: populate otime when logging an inode item
     - tls: separate no-async decryption request handling from async
       (CVE-2024-58240)
     - [amd64] crypto: qat - fix ring to service map for QAT GEN4
     - [arm64] cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1
       register
     - [amd64] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
       producer
     - mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
     - mptcp: plug races between subflow fail and subflow creation
       (CVE-2025-38552)
     - mptcp: reset fallback status gracefully at disconnect() time
     - mm: drop the assumption that VM_SHARED always implies writable
     - mm: update memfd seal write check to include F_SEAL_WRITE
     - mm: reinstate ability to map write-sealed memfd mappings read-only
     - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
     - kbuild: userprogs: use correct linker when mixing clang and GNU ld
     - [amd64] x86/reboot: Harden virtualization hooks for emergency reboot
     - [amd64] x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
     - [amd64] KVM: VMX: Flush shadow VMCS on emergency reboot
     - [arm64] KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME
       fix
     - memstick: Fix deadlock by moving removing flag earlier
     - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
     - squashfs: fix memory leak in squashfs_fill_super
     - mm/debug_vm_pgtable: clear page table entries at destroy_args()
     - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook
       830 G6
     - [s390x] sclp: Fix SCCB present check
     - drm/amd/display: Avoid a NULL pointer dereference
     - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
     - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
     - drm/amd/display: Find first CRTC and its line time in
       dce110_fill_display_configs
     - drm/amd/display: Fill display clock and vblank time in
       dce110_fill_display_configs
     - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
     - fs/buffer: fix use-after-free when call bh_read() helper
     - use uniform permission checks for all mount propagation changes
     - ftrace: Also allocate and copy hash for reading of filter files
     - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
     - iio: proximity: isl29501: fix buffered read on big-endian systems
     - most: core: Drop device reference after usage in get_channel()
     - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
     - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples
     - [amd64] comedi: pcl726: Prevent invalid irq number
     - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and
       do_insnlist_ioctl()
     - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
       test
     - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
     - usb: storage: realtek_cr: Use correct byte order for bcs->Residue
     - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
     - [arm64,armhf] usb: dwc3: Ignore late xferNotReady event to prevent halt
       timeout
     - [arm64,armhf] usb: dwc3: Remove WARN_ON for device endpoint command
       timeouts
     - [arm64] dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
     - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
     - ext4: preserve SB_I_VERSION on remount
     - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
     - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
     - [arm64] PCI: rockchip: Use standard PCIe definitions
     - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
     - [arm64] soc: qcom: mdt_loader: Enhance split binary detection
     - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header
     - f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
     - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677)
     - mptcp: disable add_addr retransmission when timeout is 0
     - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
     - mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
     - mmc: sdhci-pci-gli: Add a new function to simplify the code
     - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
     - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
     - drm/amd/display: Don't overclock DCE 6 by 15%
     - wifi: mac80211: avoid lockdep checking when removing deflink
     - wifi: mac80211: check basic rates validity in sta_link_apply_parameters
     - tls: fix handling of zero-length records on the rx_list
     - iio: imu: inv_icm42600: change invalid data error to -EBUSY
     - tracing: Remove unneeded goto out logic
     - tracing: Limit access to parser->buffer when trace_get_user failed
     - iio: light: as73211: Ensure buffer holes are zeroed
     - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
     - compiler: remove __ADDRESSABLE_ASM{_STR,}() again
     - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
     - cgroup/cpuset: Use static_branch_enable_cpuslocked() on
       cpusets_insane_config_key
     - iosys-map: Fix undefined behavior in iosys_map_clear()
     - RDMA/bnxt_re: Fix to initialize the PBL array
     - net: bridge: fix soft lockup in br_multicast_query_expired()
     - scsi: qla4xxx: Prevent a potential error pointer dereference
     - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline
       (CVE-2025-38676)
     - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
     - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug
     - ALSA: usb-audio: Fix size validation in convert_chmap_v3()
     - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
     - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
     - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
     - net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
     - ppp: fix race conditions in ppp_fill_forward_path
     - phy: mscc: Fix timestamping for vsc8584
     - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
     - gve: prevent ethtool ops after shutdown
     - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
     - igc: fix disabling L1.2 PCI-E link substate on I226 on init
     - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
     - net/sched: Remove unnecessary WARNING condition for empty child qdisc in
       htb_activate
     - bonding: update LACP activity flag after setting lacp_active
     - bonding: Add independent control state machine
     - bonding: send LACPDUs periodically in passive mode after receiving
       partner's LACPDU
     - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
     - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs
     - [s390x] hypfs: Enable limited access during lockdown
     - netfilter: nf_reject: don't leak dst refcount for loopback packets
     - alloc_fdtable(): change calling conventions.
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.150
     - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
     - scsi: core: sysfs: Correct sysfs attributes access rights
     - smb: client: fix race with concurrent opens in unlink(2)
     - smb: client: fix race with concurrent opens in rename(2)
     - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
     - nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests
     - NFS: Fix a race when updating an existing write
     - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
     - net: ipv4: fix regression in local-broadcast routes
     - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl
     - [powerpc*] kvm: Fix ifdef to remove build warning
     - HID: input: rename hidinput_set_battery_charge_status()
     - HID: input: report battery status changes immediately
     - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
     - Bluetooth: hci_event: Mark connection as closed during suspend disconnect
     - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
     - Bluetooth: hci_sync: fix set_local_name race condition
     - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
     - net: dlink: fix multicast stats being counted incorrectly
     - phy: mscc: Fix when PTP clock is register and unregister
     - net/mlx5: Reload auxiliary drivers on fw_activate
     - net/mlx5e: Update and set Xon/Xoff upon MTU set
     - net/mlx5e: Update and set Xon/Xoff upon port speed set
     - net/mlx5e: Set local Xoff after FW update
     - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
     - net: rose: split remove and free operations in rose_remove_neigh()
     - net: rose: convert 'use' field to refcount_t
     - net: rose: include node references in rose_neigh refcount
     - sctp: initialize more fields in sctp_v6_from_sk()
     - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
     - [x86] KVM: x86: use array_index_nospec with indices that come from guest
     - HID: asus: fix UAF via HID_CLAIMED_INPUT validation
     - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
     - HID: wacom: Add a new Art Pen 2
     - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
     - Revert "drm/amdgpu: fix incorrect vm flags to map bo"
     - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
     - fs/smb: Fix inconsistent refcnt update
     - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
     - smb3 client: fix return code mapping of remap_file_range
     - drm/nouveau/disp: Always accept linear modifier
     - net: rose: fix a typo in rose_clear_routes()
     - HID: mcp2221: Don't set bus speed on every transfer
     - HID: mcp2221: Handle reads greater than 60 bytes
     - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to
       LANE0_1_STATUS"
     - xfs: do not propagate ENODATA disk errors into xattr code
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.151
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage (CVE-2025-38502)
     - btrfs: fix race between logging inode and checking if it was logged before
     - btrfs: fix race between setting last_dir_index_offset and inode logging
     - btrfs: avoid load/store tearing races when checking if an inode was logged
     - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - Bluetooth: hci_sync: Avoid adding default advertising on startup
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - [arm64] tee: fix NULL pointer dereference in tee_shm_put
     - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - [x86] xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - [arm64] net: macb: Fix tx_ptr_lock locking
     - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
     - [arm64] net: thunder_bgx: add a missing of_node_put
     - [arm64] net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - net/smc: Remove validation of reserved bits in CLC Decline message
     - mctp: return -ENOPROTOOPT for unknown getsockopt options
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register fail
     - ppp: fix memory leak in pad_compress_skb
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - ocfs2: prevent release journal inode after journal shutdown
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - cifs: prevent NULL pointer dereference in UTF16 conversion
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/slub: avoid accessing metadata when pointer is invalid in object_err()
     - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - btrfs: adjust subpage bit start based on sectorsize (CVE-2025-37931)
     - iio: light: opt3001: fix deadlock due to concurrent flag access
       (CVE-2025-37968)
     - [x86] i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
     - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
     - vmxnet3: update MTU after device quiesce
     - [arm64,armhf] spi: tegra114: Remove unnecessary NULL-pointer checks
     - [arm64,armhf] spi: tegra114: Don't fail set_cs_timing when delays are zero
     - [x86] cpufreq: intel_pstate: Revise global turbo disable check
     - [x86] cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into
       caller
     - [x86] cpufreq: intel_pstate: Do not update global.turbo_disabled after
       initialization
     - [x86] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
     - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
     - fs: relax assertions on failure to encode file handles (CVE-2024-57924)
     - drm/amd/display: Check link_res->hpo_dp_link_enc before using it
       (CVE-2024-47704)
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
     - Revert "drm/amdgpu: Avoid extra evict-restore process."
     - pcmcia: omap: Add missing check for platform_get_resource
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - [arm64] drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - drm/amdgpu: Optimize RAS TA initialization and TA unload funcs
     - drm/amdgpu: remove the check of init status in psp_ras_initialize
     - drm/amd/amdgpu: Fix style problems in amdgpu_psp.c
     - drm/amdgpu: Skip TMR allocation if not required
     - drm/amd: Make flashing messages quieter
     - drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
     - drm/amd/amdgpu: Fix missing error return on kzalloc failure
     - mm, slub: refactor free debug processing
     - slub: Reflow ___slab_alloc()
     - mm: slub: avoid wake up kswapd in set_track_prepare
     - [arm64,armhf] spi: tegra114: Use value to check for invalid delays
     - [x86] cpufreq: intel_pstate: Rearrange show_no_turbo() and
       store_no_turbo()
     - [x86] cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
     - [x86] cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.152
     - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300):
       - Documentation/hw-vuln: Add VMSCAPE documentation
       - x86/vmscape: Enumerate VMSCAPE bug
       - x86/vmscape: Add conditional IBPB mitigation
       - x86/vmscape: Enable the mitigation
       - x86/bugs: Move cpu_bugs_smt_update() down
       - x86/vmscape: Warn when STIBP is disabled with SMT
       - x86/vmscape: Add old Intel CPUs to affected list
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.153
     - mm: introduce and use {pgd,p4d}_populate_kernel()
     - media: mediatek: vcodec: Fix a resource leak related to the scp device in
       FW initialization (CVE-2025-23160)
     - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
       (CVE-2025-23143)
     - tracing: Do not add length to print format in synthetic events
     - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
     - NFSv4: Don't clear capabilities that won't be reset
     - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
     - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
     - tracing: Fix tracing_marker may trigger page fault during preempt_disable
     - ftrace/samples: Fix function size computation
     - NFSv4/flexfiles: Fix layout merge mirror check.
     - tracing: Silence warning when chunk allocation fails in trace_pid_write
     - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
       psock->cork.
     - proc: fix type confusion in pde_set_flags()
     - [x86] KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation
       code
     - [x86] KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
     - [x86] KVM: SVM: Set synthesized TSA CPUID flags
     - Revert "SUNRPC: Don't allow waiting for exiting tasks"
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
     - ocfs2: fix recursive semaphore deadlock in fiemap call
     - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM
       wakeups
     - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
     - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite
     - fuse: check if copy_file_range() returns larger than requested size
     - fuse: prevent overflow in copy_file_range return value
     - libceph: fix invalid accesses to ceph_connection_v1_info
     - mm/damon/sysfs: fix use-after-free in state_show()
     - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
     - mm/damon/lru_sort: avoid divide-by-zero in
       damon_lru_sort_apply_parameters()
     - mm/khugepaged: convert hpage_collapse_scan_pmd() to use folios
     - mm/khugepaged: fix the address passed to notifier on testing young
     - kernfs: Fix UAF in polling when open file is released
     - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
       memory
     - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
     - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO
       runtime PM wakeups"
     - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
     - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
     - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
     - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
     - [arm64,armhf] net: fec: Fix possible NPD in
       fec_enet_phy_reset_after_clk_enable()
     - tunnels: reset the GSO metadata before reusing the skb
     - docs: networking: can: change bcm_msg_head frames member to support
       flexible array
     - igb: fix link test skipping when interface is admin down
     - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
     - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
       j1939_local_ecu_get() failed
     - can: j1939: j1939_local_ecu_get(): undo increment when
       j1939_local_ecu_get() fails
     - net: hsr: Disable promiscuous mode in offload mode
     - net: hsr: Add support for MC filtering at the slave device
     - net: hsr: Add VLAN CTAG filter support
     - hsr: use rtnl lock when iterating over ports
     - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
     - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs()
     - [armhf] dmaengine: ti: edma: Fix memory allocation size for
       queue_priority_map
     - hrtimer: Remove unused function
     - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
     - hrtimers: Unconditionally update target CPU base after offline timer
       migration
     - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
     - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for
       num-channels/ees
     - [arm64] phy: tegra: xusb: fix device and OF node leak at probe
     - [armhf] phy: ti-pipe3: fix device leak at unbind
     - drm/amdgpu: fix a memory leak in fence cleanup when unloading
     - [x86] drm/i915/power: fix size for for_each_set_bit() in abox iteration
     - [arm64] soc: qcom: mdt_loader: Fix error return values in
       mdt_header_valid()
     - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize
     - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
 .
   [ Ben Hutchings ]
   * Revert to using RSA for module signatures (Closes: #1114773)
   * d/b/gencontrol.py: Extend the effect of $DEBIAN_KERNEL_DISABLE_INSTALLER
 .
   [ Santiago Ruano Rincón ]
   * d/salsa-ci.yml: Merge the extract-source job into the build's job script
   * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution
     lintian tags.
   * d/salsa-ci.yml: Early move orig tarballs back where they can be cached

linux-signed-amd64 (6.1.159+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.159-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.159
     - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
     - perf: Have get_perf_callchain() return NULL if crosstask and user are set
     - [x86] bugs: Fix reporting of LFENCE retpoline
     - EDAC/mc_sysfs: Increase legacy channel support to 16
     - btrfs: zoned: refine extent allocator hint selection
     - btrfs: scrub: replace max_t()/min_t() with clamp() in
       scrub_throttle_dev_io()
     - btrfs: always drop log root tree reference in btrfs_replay_log()
     - btrfs: use smp_mb__after_atomic() when forcing COW in
       create_pending_snapshot()
     - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
     - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
     - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
     - xhci: dbc: Provide sysfs option to configure dbc descriptors
     - xhci: dbc: poll at different rate depending on data transfer activity
     - xhci: dbc: Allow users to modify DbC poll interval via sysfs
     - xhci: dbc: Improve performance by removing delay in transfer event
       polling.
     - xhci: dbc: Avoid event polling busyloop if pending rx transfers are
       inactive.
     - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
       event
     - NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
     - net: usb: asix_devices: Check return value of usbnet_get_endpoints
     - fbcon: Set fb_display[i]->mode to NULL when the mode is released
     - fbdev: atyfb: Check if pll_ops->init_pll failed
     - ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
       (CVE-2025-40211)
     - fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)*
     - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
       Mode (CVE-2025-40321)
     - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
     - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
     - mptcp: restore window probe
     - [x86] fpu: Ensure XFD state on signal delivery
     - wifi: ath10k: Fix memory leak on unsupported WMI command
     - [arm64] drm/msm/a6xx: Fix GMU firmware parser
     - ALSA: usb-audio: fix control pipe direction
     - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
     - scsi: ufs: core: Initialize value of an attribute returned by uic cmd
     - bpf: Do not audit capability check in do_jit()
     - [arm64] ASoC: fsl_sai: fix bit order for DSD format
     - libbpf: Fix powerpc's stack register definition in bpf_tracing.h
     - usbnet: Prevents free active kevent
     - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
       (CVE-2025-40318)
     - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
     - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
     - Bluetooth: ISO: Add support for periodic adv reports processing
     - Bluetooth: ISO: Fix another instance of dst_type handling
     - [arm64,armhf] drm/etnaviv: fix flush sequence logic
     - [arm64] net: hns3: return error code when function fails
     - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
     - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
     - block: make REQ_OP_ZONE_OPEN a write operation
     - regmap: slimbus: fix bus_context pointer in regmap init calls
       (CVE-2025-40317)
     - Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"
       (Closes: #1119232)
     - [s390x] pci: Restore IRQ unconditionally for the zPCI device
     - net: phy: dp83867: Disable EEE support as not implemented
     - mptcp: change 'first' as a parameter
     - mptcp: drop bogus optimization in __mptcp_check_push()
     - can: gs_usb: increase max interface to U8_MAX
     - cacheinfo: Return error code in init_of_cache_level()
     - cacheinfo: Check 'cache-unified' property to count cache leaves
     - ACPI: PPTT: Remove acpi_find_cache_levels()
     - ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info()
     - arch_topology: Build cacheinfo from primary CPU
     - cacheinfo: Initialize variables in fetch_cache_info()
     - cacheinfo: Fix LLC is not exported through sysfs
     - drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug
     - [arm64] tegra: Update cache properties
     - filemap: add a kiocb_invalidate_pages helper
     - filemap: add a kiocb_invalidate_post_direct_write helper
     - filemap: update ki_pos in generic_perform_write
     - fs: factor out a direct_write_fallback helper
     - direct_write_fallback(): on error revert the ->ki_pos update from buffered
       write
     - block: open code __generic_file_write_iter for blkdev writes
     - block: fix race between set_blocksize and read paths (CVE-2025-38073)
     - nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()
     - usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
       (CVE-2025-40315)
     - drm/sysfb: Do not dereference NULL pointer in plane reset
     - drm/sched: Fix race in drm_sched_entity_select_rq()
     - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump
     - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs
     - bpf: Don't use %pK through printk
     - pinctrl: single: fix bias pull up/down handling in pin_config_set
     - [arm64] mmc: host: renesas_sdhi: Fix the actual clock
     - memstick: Add timeout to prevent indefinite waiting
     - cpufreq/longhaul: handle NULL policy in longhaul_exit
     - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
     - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
     - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
     - hwmon: (sbtsi_temp) AMD CPU extended temperature range support
     - power: supply: sbs-charger: Support multiple devices
     - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
     - ACPICA: dispatcher: Use acpi_ds_clear_operands() in
       acpi_ds_call_control_method()
     - [arm64] tee: allow a driver to allocate a tee_device without a pool
     - nvmet-fc: avoid scheduling association deletion twice (CVE-2025-40343)
     - nvme-fc: use lock accessing port_state and rport state (CVE-2025-40342)
     - [arm64] video: backlight: lp855x_bl: Set correct EPROM start for LP8556
     - tools/cpupower: fix error return value in cpupower_write_sysfs()
     - cpuidle: Fail cpuidle device registration if there is one already
     - futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
     - bpf: Clear pfmemalloc flag when freeing all fragments
     - nvme: Use non zero KATO for persistent discovery connections
     - uprobe: Do not emulate/sstep original instruction when ip is changed
     - [x86] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
     - [x86] hwmon: (dell-smm) Add support for Dell OptiPlex 7040
     - [x86] tools/cpupower: Fix incorrect size in cpuidle_state_disable()
     - [x86] tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
     - [x86] tools/power x86_energy_perf_policy: Enhance HWP enable
     - [x86] tools/power x86_energy_perf_policy: Prefer driver HWP limits
     - [armhf] mfd: stmpe: Remove IRQ domain upon removal
     - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE
     - drm/amd/display: add more cyan skillfish devices
     - drm/amd/pm: Use cached metrics data on aldebaran
     - drm/amd/pm: Use cached metrics data on arcturus
     - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
     - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
     - PCI: Disable MSI on RDC PCI to PCIe bridges
     - drm/amdkfd: return -ENOTTY for unsupported IOCTLs
     - media: pci: ivtv: Don't create fake v4l2_fh
     - [x86] vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
     - net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
     - ice: Don't use %pK through printk or tracepoints
     - thunderbolt: Use is_pciehp instead of is_hotplug_bridge
     - [powerpc*] eeh: Use result of error_detected() in uevent
     - [s390x] pci: Use pci_uevent_ers() in PCI recovery
     - bridge: Redirect to backup port when port is administratively down
     - net: ipv6: fix field-spanning memcpy warning in AH output
     - media: imon: make send_packet() more robust
     - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
     - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
     - char: misc: Does not request module for miscdevice with dynamic minor
     - net: When removing nexthops, don't call synchronize_net if it is not
       necessary
     - net: Call trace_sock_exceed_buf_limit() for memcg failure with
       SK_MEM_RECV.
     - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
     - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
     - rds: Fix endianness annotation for RDS_MPATH_HASH
     - scsi: mpi3mr: Fix controller init failure on fault during queue creation
     - scsi: pm80xx: Fix race condition caused by static variables
     - extcon: adc-jack: Fix wakeup source leaks on device unbind
     - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
     - drm/amdkfd: fix vram allocation failure for a special case
     - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
     - media: fix uninitialized symbol warnings
     - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
     - scsi: pm8001: Use int instead of u32 to store error codes
     - ptp: Limit time setting of PTP clocks
     - dmaengine: sh: setup_xref error handling
     - dmaengine: mv_xor: match alloc_wc and free_wc
     - dmaengine: dw-edma: Set status for callback_result
     - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
     - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
     - drm/amdgpu: Allow kfd CRIU with no buffer objects
     - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
     - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
     - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls
       for decoders
     - ALSA: usb-audio: apply quirk for MOONDROP Quark2
     - net: call cond_resched() less often in __release_sock()
     - smsc911x: add second read of EEPROM mac when possible corruption seen
     - [amd64] iommu/amd: Skip enabling command/event buffers for kdump
     - drm/amd: add more cyan skillfish PCI ids
     - drm/amdgpu: don't enable SMU on cyan skillfish
     - drm/amdgpu: add support for cyan skillfish gpu_info
     - usb: gadget: f_hid: Fix zero length packet transfer
     - usb: cdns3: gadget: Use-after-free during failed initialization and exit
       of cdnsp gadget (CVE-2025-40314)
     - [arm64] drm/msm: make sure to not queue up recovery more than once
     - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
     - net: phy: marvell: Fix 88e1510 downshift counter errata
     - wifi: mac80211: Fix HE capabilities element check
     - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
       register 0
     - net: sh_eth: Disable WoL if system can not suspend
     - media: redrat3: use int type to store negative error codes
     - netfilter: nf_reject: don't reply to icmp error messages
     - [x86] kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
       PV_UNHALT
     - udp_tunnel: use netdev_warn() instead of netdev_WARN()
     - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
     - net/cls_cgroup: Fix task_get_classid() during qdisc run
     - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
     - ALSA: serial-generic: remove shared static buffer
     - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
     - drm/amd: Avoid evicting resources at S5
     - page_pool: always add GFP_NOWARN for ATOMIC allocations
     - ethernet: Extend device_get_mac_address() to use NVMEM
     - drm/amdgpu: reject gang submissions under SRIOV
     - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
       TGT_RESET
     - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
       lpfc_cleanup
     - scsi: lpfc: Define size of debugfs entry for xri rebalancing
     - allow finish_no_open(file, ERR_PTR(-E...))
     - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
     - [arm64,armhf] usb: xhci: plat: Facilitate using autosuspend for xhci plat
       devices
     - ipv6: np->rxpmtu race annotation
     - jfs: Verify inode mode when loading from disk (CVE-2025-40312)
     - jfs: fix uninitialized waitqueue in transaction manager
     - [amd64] iommu/vt-d: Replace snprintf with scnprintf in
       dmar_latency_snapshot()
     - wifi: ath10k: Fix connection after GTK rekeying
     - net: intel: fm10k: Fix parameter idx set but not used
     - r8169: set EEE speed down ratio to 1
     - [arm64] PCI: cadence: Check for the existence of cdns_pcie::ops before
       using it
     - vfio: return -ENOTTY for unsupported device feature
     - PCI/PM: Skip resuming to D0 if device is disconnected
     - NFSv4: handle ERR_GRACE on delegation recalls
     - NFSv4.1: fix mount hang after CREATE_SESSION failure
     - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
       dereferencing
     - net: bridge: Install FDB for bridge MAC on VLAN 0
     - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
     - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
     - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
     - ext4: increase IO priority of fastcommit
     - net/mlx5e: Don't query FEC statistics when FEC is disabled
     - net: macb: avoid dealing with endianness in macb_set_hwaddr()
     - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
     - Bluetooth: SCO: Fix UAF on sco_conn_free (CVE-2025-40309)
     - Bluetooth: bcsp: receive data only if registered (CVE-2025-40308)
     - ALSA: usb-audio: add mono main switch to Presonus S1824c
     - exfat: limit log print for IO error
     - 6pack: drop redundant locking and refcounting
     - page_pool: Clamp pool size to max 16K pages
     - orangefs: fix xattr related buffer overflow... (CVE-2025-40306)
     - ftrace: Fix softlockup in ftrace_module_enable
     - ksmbd: use sock_create_kern interface to create kernel socket
     - smb: client: transport: avoid reconnects triggered by pending task work
     - ACPICA: Update dsmethod.c to get rid of unused variable warning
     - RDMA/irdma: Fix SD index calculation
     - RDMA/irdma: Remove unused struct irdma_cq fields
     - RDMA/irdma: Set irdma_cq cq_num field during CQ create
     - [arm64] RDMA/hns: Fix the modification of max_send_sge
     - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around
     - btrfs: mark dirty extent range for out of bound prealloc extents
     - fs/hpfs: Fix error code for new_inode() failure in
       mkdir/create/mknod/symlink
     - [arm64] rtc: pcf2127: clear minute/second interrupt
     - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
     - NTB: epf: Allow arbitrary BAR mapping
     - 9p: fix /sys/fs/9p/caches overwriting itself
     - 9p: sysfs_init: don't hardcode error to ENOMEM
     - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
     - ACPI: property: Return present device nodes only on fwnode interface
     - tools bitmap: Add missing asm-generic/bitsperlong.h include
     - tools: lib: thermal: don't preserve owner in install
     - tools: lib: thermal: use pkg-config to locate libnl3
     - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
       (CVE-2025-40304)
     - kbuild: uapi: Strip comments before size type check
     - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
     - ceph: add checking of wait_for_completion_killable() return value
     - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
     - Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
       (Closes: #1120680)
     - Bluetooth: hci_event: validate skb length for unknown CC opcode
       (CVE-2025-40301)
     - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
       bcm63xx
     - net: vlan: sync VLAN features with lower device
     - [armhf] net: dsa: b53: fix resetting speed and pause on forced link
     - [armhf] net: dsa: b53: fix enabling ip multicast
     - [armhf] net: dsa: b53: stop reading ARL entries if search is done
     - sctp: Hold RCU read lock while iterating over address list
     - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
     - sctp: Hold sock lock while iterating over address list
     - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
     - bnxt_en: Fix a possible memory leak in bnxt_ptp_init
     - net/mlx5e: SHAMPO, Fix skb size check for 64K pages
     - net: bridge: fix use-after-free due to MST port state bypass
       (CVE-2025-40297)
     - net: bridge: fix MST static key usage
     - tracing: Fix memory leaks in create_field_var()
     - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
       (CVE-2025-40294)
     - rtc: rx8025: fix incorrect register reference
     - smb: client: validate change notify buffer before copy
     - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
     - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
     - PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM
     - extcon: adc-jack: Cleanup wakeup source only if it was enabled
     - drm/amdgpu: Fix function header names in amdgpu_connectors.c
     - [x86] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
     - [x86] drm/i915: Fix conversion between clock ticks and nanoseconds
     - smb: client: fix refcount leak in smb2_set_path_attr
     - drm/amd: Fix suspend failure with secure display TA
     - compiler_types: Move unused static inline functions warning to W=2
     - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
     - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
       (CVE-2025-40288)
     - NFS4: Fix state renewals missing after boot
     - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
     - NFS: check if suid/sgid was cleared after a write as needed
     - smb/server: fix possible memory leak in smb2_read() (CVE-2025-40286)
     - smb/server: fix possible refcount leak in smb2_sess_setup()
       (CVE-2025-40285)
     - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
     - wifi: ath11k: Add tx ack signal support for management packets
     - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
     - net: fec: correct rx_bytes statistic for the case SHIFT16 is set
     - Bluetooth: MGMT: cancel mesh send timer when hdev removed (CVE-2025-40284)
     - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
       (CVE-2025-40283)
     - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
       (CVE-2025-40282)
     - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
     - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
     - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
       (CVE-2025-40281)
     - net/smc: fix mismatch between CLC header and proposal
     - tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)).
     - net: mdio: fix resource leak in mdiobus_register_device()
     - wifi: mac80211: skip rate verification for not captured PSDUs
     - af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)).
     - net/sched: act_connmark: transition to percpu stats and rcu
     - net_sched: act_connmark: use RCU in tcf_connmark_dump()
     - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
       (CVE-2025-40279)
     - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
       (CVE-2025-40278)
     - net/mlx5e: Fix maxrate wraparound in threshold between units
     - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
     - net/mlx5: Expose shared buffer registers bits and structs
     - net/mlx5e: Add API to query/modify SBPR and SBCM registers
     - net/mlx5e: Update shared buffer along with device buffer changes
     - net/mlx5e: Consider internal buffers size in port buffer calculations
     - net/mlx5e: Remove mlx5e_dbg() and msglvl support
     - net/mlx5e: Fix potentially misleading debug message
     - net_sched: limit try_bulk_dequeue_skb() batches
     - hsr: Fix supervision frame sending on HSRv0
     - ACPI: CPPC: Check _CPC validity for only the online CPUs
     - ACPI: CPPC: Perform fast check switch only for online CPUs
     - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
     - Bluetooth: L2CAP: export l2cap_chan_hold for modules
     - acpi,srat: Fix incorrect device handle check for Generic Initiator
     - regulator: fixed: fix GPIO descriptor leak on register failure
     - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
       (CVE-2025-40277)
     - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
     - ALSA: usb-audio: Fix NULL pointer dereference in
       snd_usb_mixer_controls_badd (CVE-2025-40275)
     - bpf: Add bpf_prog_run_data_pointers()
     - softirq: Add trace points for tasklet entry/exit
     - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
     - espintcp: fix skb leaks (CVE-2025-38057)
     - lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
     - asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch
     - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
     - HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
     - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
     - ksmbd: close accepted socket when per-IP limit rejects connection
     - strparser: Fix signed/unsigned mismatch bug
     - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
     - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
     - wifi: mac80211: reject address change while connecting
     - fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
     - [arm64] mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
     - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
       (CVE-2025-40269)
     - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
     - spi: Try to get ACPI GPIO IRQ earlier
     - btrfs: do not update last_log_commit when logging inode due to a new name
     - virtio-net: fix received length check in big packets (CVE-2025-40292)
     - scsi: ufs: core: Add a quirk to suppress link_startup_again
     - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel
       ADL
     - iommufd: Don't overflow during division for dirty tracking
       (CVE-2025-40293)
     - [x86] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
     - net: netpoll: fix incorrect refcount handling causing incorrect cleanup
     - eventpoll: Replace rwlock with spinlock
     - mm, percpu: do not consider sleepable allocations atomic
     - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
     - asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv
       and loongarch"
     - net/mlx5: Fix memory leak in error flow of port set buffer
     - net/sched: act_connmark: handle errno on tcf_idr_check_alloc
     - net/mlx5e: Do not update SBCM when prio2buffer command is invalid
     - net/mlx5e: Preserve shared buffer capacity during headroom updates
     - timers: Fix NULL function pointer race in timer_shutdown_sync()
     - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
       (Closes: #1114557)
     - mtdchar: fix integer overflow in read/write ioctls
     - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
     - mptcp: Disallow MPTCP subflows from sockmap
     - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
     - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
     - Input: cros_ec_keyb - fix an invalid memory access (CVE-2025-40263)
     - Input: imx_sc_key - fix memory corruption on unload (CVE-2025-40262)
     - Input: pegasus-notetaker - fix potential out-of-bounds access
     - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
       (CVE-2025-40261)
     - scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
     - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
     - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
     - mptcp: fix ack generation for fallback msk
     - mptcp: fix premature close in case of fallback
     - mptcp: avoid unneeded subflow-level drops
     - mptcp: do not fallback when OoO is present
     - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple()
     - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
     - xfrm: Determine inner GSO type from packet inner protocol
     - [arm64,armhf] gpu: host1x: Select context device based on attached IOMMU
     - [arm64,armhf] drm/tegra: Add call to put_pid()
     - net: openvswitch: remove never-working support for setting nsh fields
       (CVE-2025-40254)
     - nvme-multipath: fix lockdep WARN due to partition scan work
     - [s390x] ctcm: Fix double-kfree (CVE-2025-40253)
     - [x86] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes
       to errnos
     - kernel.h: Move ARRAY_SIZE() to a separate header
     - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and
       qede_tpa_end()
     - vsock: Ignore signal/timeout on connect() if already established
     - bcma: don't register devices disabled in OF
     - cifs: fix typo in enable_gcm_256 module parameter
     - scsi: core: Fix a regression triggered by scsi_host_busy()
     - net: tls: Cancel RX async resync request on rcd_delta overflow
     - mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
     - mm/mm_init: fix hash table order logging in alloc_large_system_hash()
     - ALSA: usb-audio: fix uac2 clock source at terminal parser
     - tracing/tools: Fix incorrcet short option in usage text for --threads
     - uio_hv_generic: Set event for all channels on the device
       (Closes: #1120602)
     - mm/truncate: unmap large folio on split failure
     - maple_tree: fix tracepoint string pointers
     - mptcp: decouple mptcp fastclose from tcp close
     - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
     - mm/mempool: replace kmap_atomic() with kmap_local_page()
     - mm/mempool: fix poisoning order>0 pages with HIGHMEM
     - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
     - ata: libata-scsi: Fix system suspend for a security locked drive
     - HID: amd_sfh: Stop sensor before starting
     - [armhf] pmdomain: samsung: plug potential memleak during probe
     - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration
       failure
     - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove
     - filemap: cap PTE range to be created to allowed zero fill in
       folio_map_range()
     - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
     - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted
       URBs
     - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
       accessing header
     - Bluetooth: SMP: Fix not generating mackey and ltk when repairing
     - [x86] platform/x86: intel: punit_ipc: fix memory corruption
     - net: aquantia: Add missing descriptor cache invalidation on ATL2
     - net/mlx5e: Fix validation logic in rate limiting
     - net: sxgbe: fix potential NULL dereference in sxgbe_rx()
     - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
     - net: atlantic: fix fragment overflow handling in RX path
     - mailbox: Allow direct registration to a channel
     - [amd64,arm64] mailbox: pcc: Use mbox_bind_client
     - [amd64,arm64] mailbox: pcc: Add support for platform notification handling
     - [amd64,arm64] mailbox: pcc: Support shared interrupt for multiple
       subspaces
     - ACPI: PCC: Add PCC shared memory region command and status bitfields
     - [amd64,arm64] mailbox: pcc: Check before sending MCTP PCC response ACK
     - [amd64,arm64] mailbox: pcc: Refactor error handling in irq handler into
       separate function
     - [amd64,arm64] mailbox: pcc: don't zero error register
     - [x86] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
     - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
     - iio:common:ssp_sensors: Fix an error handling path ssp_probe()
     - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411)
     - iio: accel: fix ADXL355 startup race condition
     - iio: adc: ad7280a: fix ad7280_store_balance_timer()
     - [mips*] mm: Prevent a TLB shutdown on initial uniquification
     - [mips*] mm: kmalloc tlb_vpn array to avoid stack overflow
     - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
     - atm/fore200e: Fix possible data race in fore200e_open()
     - can: sja1000: fix max irq loop handling
     - [armhf] can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
     - dm-verity: fix unreliable memory allocation
     - [arm64,armhf] drivers/usb/dwc3: fix PCI parent check
     - smb: client: fix memory leak in cifs_construct_tcon()
     - [x86] thunderbolt: Add support for Intel Wildcat Lake
     - firmware: stratix10-svc: fix bug in saving controller data
     - [arm64,armhf] serial: amba-pl011: prefer dma_mapping_error() over explicit
       address checking
     - usb: cdns3: Fix double resource release in cdns3_pci_probe
     - usb: gadget: f_eem: Fix memory leak in eem_unwrap
     - usb: storage: Fix memory leak in USB bulk transport
     - USB: storage: Remove subclass and protocol overrides from Novatek quirk
     - usb: storage: sddr55: Reject out-of-bound new_pba
     - usb: uas: fix urb unmapping issue when the uas device is remove during
       ongoing data transfer
     - [arm64,armhf] usb: dwc3: Fix race condition between concurrent
       dwc3_remove_requests() call paths
     - USB: serial: ftdi_sio: add support for u-blox EVK-M101
     - USB: serial: option: add support for Rolling RW101R-GL
     - drm/amd/display: Check NULL before accessing
     - libceph: fix potential use-after-free in have_mon_and_osd_map()
     - libceph: prevent potential out-of-bounds writes in
       handle_auth_session_key()
     - libceph: replace BUG_ON with bounds check for map->max_osd
     - nfsd: Replace clamp_t in nfsd4_get_drc_mem()
     - net: macb: fix unregister_netdev call order in macb_remove()
       (CVE-2025-39805)
     - mptcp: fix duplicate reset on fastclose
     - mptcp: Fix proto fallback detection with BPF
     - staging: rtl8712: Remove driver using deprecated API wext
     - ksmbd: fix use-after-free in session logoff (CVE-2025-37899)
     - usb: typec: ucsi: psy: Set max current to zero when disconnected
     - usb: udc: Add trace event for usb_gadget_set_state
     - usb: gadget: udc: fix use-after-free in usb_gadget_state_work
     - scsi: pm80xx: Set phy->enable_completion only when we
     - [arm64] i2c: xgene-slimpro: Migrate to use generic PCC shmem related
       macros
     - HID: core: Harden s32ton() against conversion to 0 bits
 .
   [ Ben Hutchings ]
   * tools/hv: Make the sample hv_get_dhcp_info script more useful
   * hyperv-daemons: Install the sample network info scripts (Closes: #919350)
linux-signed-amd64 (6.1.158+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.158-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.154
     - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
       supported
     - wifi: mac80211: increase scan_ies_len for S1G
     - wifi: mac80211: fix incorrect type for ret
     - cgroup: split cgroup_destroy_wq into 3 workqueues
     - btrfs: fix invalid extref key setup when replaying dentry
     - qed: Don't collect too many protection override GRC elements
     - mptcp: set remote_deny_join_id0 on SYN recv
     - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
     - i40e: remove redundant memory barrier when cleaning Tx descs
     - bonding: don't set oif to bond dev when getting NS target destination
     - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
     - tls: make sure to abort the stream if headers are bogus
     - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
     - net: liquidio: fix overflow in octeon_init_instr_queue()
     - cnic: Fix use-after-free bugs in cnic_delete_task
     - ksmbd: smbdirect: validate data_offset and data_length field of
       smb_direct_data_transfer
     - ksmbd: smbdirect: verify remaining_data_length respects
       max_fragmented_recv_size
     - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
     - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
     - power: supply: bq27xxx: restrict no-battery detection to bq27000
     - [x86] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
     - btrfs: tree-checker: fix the incorrect inode ref size check
     - mmc: mvsdio: Fix dma_unmap_sg() nents value
     - [x86] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is
       active
     - rds: ib: Increment i_fastreg_wrs before bailing out
     - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
     - io_uring: backport io_should_terminate_tw()
     - io_uring: include dying ring in task_work "should cancel" state
     - [x86] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
       message
     - [arm64] drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
     - crypto: af_alg: Indent the loop in af_alg_sendmsg()
     - crypto: af_alg - Set merge to zero early in af_alg_sendmsg
     - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
     - mptcp: pm: nl: announce deny-join-id0 flag
     - phy: Use device_get_match_data()
     - [armhf] phy: ti: omap-usb2: fix device leak at unbind
     - xhci: dbc: decouple endpoint allocation from initialization
     - xhci: dbc: Fix full DbC transfer ring after several reconnects
     - mptcp: propagate shutdown to subflows when possible
     - net: rfkill: gpio: add DT support
     - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
     - crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES
     - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.155
     - ALSA: usb-audio: Fix block comments in mixer_quirks
     - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
     - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
     - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
     - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
     - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
     - ALSA: usb-audio: Convert comma to semicolon
     - ALSA: usb-audio: Fix build with CONFIG_INPUT=n
     - usb: core: Add 0x prefix to quirks debug output
     - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
     - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
     - ALSA: usb-audio: Add mute TLV for playback volumes on more devices
     - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
     - mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
     - mm: add folio_expected_ref_count() for reference count calculation
     - mm/gup: check ref_count instead of lru before migration
     - mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
     - mm: folio_may_be_lru_cached() unless folio_test_large()
     - cpufreq: Initialize cpufreq-based invariance before subsys
     - smb: server: don't use delayed_work for post_recv_credits_work
     - bpf: Reject bpf_timer for PREEMPT_RT
     - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
     - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer
       overflow
     - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
     - can: peak_usb: fix shift-out-of-bounds issue
     - Bluetooth: hci_sync: Fix hci_resume_advertising_sync
     - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
     - bnxt_en: correct offset handling for IPv6 destination address
     - nexthop: Forbid FDB status change while nexthop is in a group
     - [x86] drm/gma500: Fix null dereference in hdmi teardown
     - futex: Prevent use-after-free during requeue-PI
     - i40e: fix idx validation in i40e_validate_queue_map
     - i40e: fix input validation logic for action_meta
     - i40e: add max boundary check for VF filters
     - i40e: add mask to apply valid bits for itr_idx
     - i40e: improve VF MAC filters accounting
     - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
     - tracing: dynevent: Add a missing lockdown check on dynevent
     - afs: Fix potential null pointer dereference in afs_put_server
     - mm/hugetlb: fix folio is still mapped when deleted
     - fbcon: fix integer overflow in fbcon_do_set_font
     - fbcon: Fix OOB access in font allocation
     - [s390x] cpum_cf: Fix uninitialized warning after backport of ce971233242b
     - mm: migrate_device: use more folio in migrate_device_finalize()
     - mm/migrate_device: don't add folio to be freed to LRU in
       migrate_device_finalize() (CVE-2025-21861)
     - minmax: add in_range() macro
     - minmax: Introduce {min,max}_array()
     - minmax: deduplicate __unconst_integer_typeof()
     - minmax: fix indentation of __cmp_once() and __clamp_once()
     - minmax: avoid overly complicated constant expressions in VM code
     - drm/ast: Use msleep instead of mdelay for edid read
     - i40e: fix validation of VF state in get resources
     - i40e: fix idx validation in config queues msg
     - i40e: increase max descriptors for XL710
     - i40e: add validation for ring_len param
     - minmax: make generic MIN() and MAX() macros available everywhere
     - minmax: add a few more MIN_T/MAX_T users
     - minmax: simplify and clarify min_t()/max_t() implementation
     - [x86] drm/i915/backlight: Return immediately when scale() finds invalid
       parameters
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.156
     - crypto: sha256 - fix crash at kexec
     - scsi: target: target_core_configfs: Add length check to avoid buffer
       overflow (CVE-2025-39998)
     - media: b2c2: Fix use-after-free causing by irq_check_work in
       flexcop_pci_remove (CVE-2025-39996)
     - media: rc: fix races with imon_disconnect() (CVE-2025-39993)
     - [arm64] KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
     - media: tunner: xc5000: Refactor firmware load
     - media: tuner: xc5000: Fix use-after-free in xc5000_release
       (CVE-2025-39994)
     - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
       probe (CVE-2025-39995)
     - minmax: don't use max() in situations that want a C constant expression
     - minmax: simplify min()/max()/clamp() implementation
     - minmax: improve macro expansion and type checking
     - minmax: fix up min3() and max3() too
     - minmax.h: add whitespace around operators and after commas
     - minmax.h: update some comments
     - minmax.h: reduce the #define expansion of min(), max() and clamp()
     - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
     - minmax.h: move all the clamp() definitions after the min/max() ones
     - minmax.h: simplify the variants of clamp()
     - minmax.h: remove some #defines that are only expanded once
     - USB: serial: option: add SIMCom 8230C compositions
     - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
     - dm-integrity: limit MAX_TAG_SIZE to 255
     - perf subcmd: avoid crash in exclude_cmds when excludes is empty
     - [x86] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
     - btrfs: ref-verify: handle damaged extent root tree
     - can: hi311x: fix null pointer dereference when resuming from sleep before
       interface was enabled
     - hid: fix I2C read buffer overflow in raw_event() for mcp2221
     - driver core/PM: Set power.no_callbacks along with power.no_pm
     - crypto: rng - Ensure set_ent is always present
     - net/9p: fix double req put in p9_fd_cancelled
     - filelock: add FL_RECLAIM to show_fl_flags() macro
     - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
     - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast
     - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF()
     - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
     - smb: server: fix IRD/ORD negotiation with the client
     - [x86] vdso: Fix output operand size of RDPID
     - regmap: Remove superfluous check for !config in __regmap_init()
     - bpf: Remove migrate_disable in kprobe_multi_link_prog_run
     - libbpf: Fix reuse of DEVMAP
     - ACPI: processor: idle: Fix memory leak when register cpuidle device failed
     - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
     - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux
     - blk-mq: check kobject state_in_sysfs before deleting in
       blk_mq_unregister_hctx
     - block: use int to store blk_stack_limits() return value
     - PM: sleep: core: Clear power.must_resume in noirq suspend error path
     - [arm64] power: supply: cw2015: Fix a alignment coding style issue
     - [arm64] pinctrl: renesas: Use int type to store negative error codes
     - null_blk: Fix the description of the cache_size module argument
     - nbd: restrict sockets to TCP and UDP
     - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation
     - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
     - i3c: master: svc: Use manual response for IBI events
     - i3c: master: svc: Recycle unused IBI slot
     - bpf: Explicitly check accesses to bpf_sock_addr
     - smp: Fix up and expand the smp_call_function_many() kerneldoc
     - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host
       headers
     - i2c: designware: Add disabling clocks when probe fails
     - bpf: Enforce expected_attach_type for tailcall compatibility
     - drm/radeon/r600_cs: clean up of dead code in r600_cs
     - drm/amd/display: Remove redundant semicolons
     - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
     - scsi: myrs: Fix dma_alloc_coherent() error check
     - ALSA: lx_core: use int type to store negative error codes
     - media: st-delta: avoid excessive stack usage
     - drm/amdgpu: Power up UVD 3 for FW validation (v2)
     - drm/amd/pm: Disable ULV even if unsupported (v3)
     - drm/amd/pm: Fix si_upload_smc_data (v3)
     - drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
     - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
     - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
     - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
     - wifi: mwifiex: send world regulatory domain to driver
     - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys
       allocation
     - tcp: fix __tcp_close() to only send RST when required
     - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
     - [armhf] usb: phy: twl6030: Fix incorrect type for ret
     - usb: gadget: configfs: Correctly set use_os_string at bind
     - misc: genwqe: Fix incorrect cmd field being reported in error
     - pps: fix warning in pps_register_cdev when register device fail
     - [x86] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
     - [arm64] drm/msm/dpu: fix incorrect type for ret
     - iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
     - netfilter: ipset: Remove unused htable_bits in macro ahash_region
     - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
       watchdog
     - drivers/base/node: handle error properly in register_one_node()
     - RDMA/cm: Rate limit destroy CM ID timeout error message
     - wifi: mt76: fix potential memory leak in mt76_wmac_probe()
     - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
     - scsi: qla2xxx: edif: Fix incorrect sign of error code
     - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
     - f2fs: fix zero-sized extent for precache extents
     - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems
       Running"
     - RDMA/core: Resolve MAC of next-hop device without ARP support
     - IB/sa: Fix sa_local_svc_timeout_ms read race
     - Documentation: trace: historgram-design: Separate sched_waking histogram
       section heading and the following diagram
     - wifi: ath10k: avoid unnecessary wait for service ready message
     - wifi: mac80211: fix Rx packet handling when pubsta information is not
       available
     - wifi: rtw89: avoid circular locking dependency in ser_state_run()
     - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR
     - [arm64] coresight: trbe: Return NULL pointer for allocation failures
     - NFSv4.1: fix backchannel max_resp_sz verification check
     - ipvs: Defer ip_vs_ftp unregister during netns cleanup
     - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
     - usb: vhci-hcd: Prevent suspending virtually attached devices
     - RDMA/siw: Always report immediate post SQ errors
     - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
     - Bluetooth: MGMT: Fix not exposing debug UUID on
       MGMT_OP_READ_EXP_FEATURES_INFO
     - Bluetooth: ISO: Fix possible UAF on iso_conn_free
     - Bluetooth: ISO: don't leak skb in ISO_CONT RX
     - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
     - ocfs2: fix double free in user_cluster_connect()
     - drivers/base/node: fix double free in register_one_node()
     - nfp: fix RSS hash key size when RSS is not supported
     - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
       configurable
     - net: dlink: handle copy_thresh allocation failure
     - net/mlx5: Stop polling for command response if interface goes down
     - net/mlx5: pagealloc: Fix reclaim race during command interface teardown
     - net/mlx5: fw reset, add reset timeout work
     - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
     - Squashfs: fix uninit-value in squashfs_get_parent
     - uio_hv_generic: Let userspace take care of interrupt mask
     - fs: udf: fix OOB read in lengthAllocDescs handling
     - net: nfc: nci: Add parameter validation for packet data
     - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of
       devm_gpiochip_add_data()
     - dm: fix queue start/stop imbalance under suspend/load/resume races
     - dm: fix NULL pointer dereference in __dm_suspend()
     - ksmbd: fix error code overwriting in smb2_get_info_filesystem()
     - ext4: fix checks for orphan inodes
     - mm: hugetlb: avoid soft lockup when mprotect to large memory area
     - Input: atmel_mxt_ts - allow reset GPIO to sleep
     - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
     - pinctrl: check the return value of pinmux_ops::get_function_name()
     - [arm64] bus: fsl-mc: Check return value of platform_get_resource()
     - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
     - [x86] usb: typec: tipd: Clear interrupts first
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.157
     - fs: always return zero on success from replace_fd()
     - fscontext: do not consume log entries when returning -EMSGSIZE
     - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
     - media: v4l2-subdev: Fix alloc failure check in
       v4l2_subdev_call_state_try()
     - perf evsel: Avoid container_of on a NULL leader
     - libperf event: Ensure tracing data is multiple of 8 sized
     - perf util: Fix compression checks returning -1 as bool
     - [mips*] rtc: x1205: Fix Xicor X1205 vendor prefix
         - perf session: Fix handling when buffer exceeds 2 GiB
     - scsi: libsas: Add sas_task_find_rq()
     - scsi: mvsas: Delete mvs_tag_init()
     - scsi: mvsas: Use sas_task_find_rq() for tagging
     - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001)
     - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
     - drm/vmwgfx: Fix Use-after-free in validation
     - drm/vmwgfx: Fix copy-paste typo in validation
     - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
     - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
     - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister()
       call
     - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in
       zynqmp_ipi_free_mboxes
     - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
     - drm/amdgpu: Add additional DCE6 SCL registers
     - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
     - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
     - drm/amd/display: Properly disable scaling on DCE6
     - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
     - crypto: essiv - Check ssize for decryption and in-place encryption
     - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
     - bpf: Avoid RCU context warning when unpinning htab with internal structs
     - ACPI: property: Fix buffer properties extraction for subnodes
     - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
     - ACPI: debug: fix signedness issues in read/write helpers
     - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in
       amx3_idle_init
     - cpuidle: governors: menu: Avoid using invalid recent intervals data
     - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required
     - xen/events: Cleanup find_virq() return codes
     - xen/manage: Fix suspend error path
     - [arm64] firmware: meson_sm: fix device leak at probe
     - drm/nouveau: fix bad ret code in nouveau_bo_move_prep
     - blk-crypto: fix missing blktrace bio split events
     - btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
     - bus: mhi: host: Do not use uninitialized 'dev' pointer in
       mhi_init_irq_setup()
     - copy_sighand: Handle architectures where sizeof(unsigned long) <
       sizeof(u64)
     - [x86] cpufreq: intel_pstate: Fix object lifecycle issue in
       update_qos_request()
     - init: handle bootloader identifier in kernel parameters
     - [x86] iommu/vt-d: PRS isn't usable if PDS isn't supported
     - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in
       sys_prlimit64() paths
     - KEYS: trusted_tpm1: Compare HMAC values in constant time
     - lib/genalloc: fix device leak in of_gen_pool_get()
     - openat2: don't trigger automounts with RESOLVE_NO_XDEV
     - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
     - [powerpc*] powernv/pci: Fix underflow and leak issue
     - [powerpc*] pseries/msi: Fix potential underflow and leak issue
     - pwm: berlin: Fix wrong register in suspend/resume
     - sched/deadline: Fix race in push_dl_task()
     - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
     - sctp: Fix MAC comparison to be constant-time
     - mmc: core: SPI mode remove cmd7
     - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in
       exynos_srom_probe
     - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw
       spinlock
     - PCI/sysfs: Ensure devices are powered for config reads
     - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
     - PCI/ERR: Fix uevent on failure to recover
     - PCI/AER: Fix missing uevent on recovery when a reset is requested
     - PCI/AER: Support errors introduced by PCIe r6.0
     - spi: cadence-quadspi: Flush posted register writes before INDAC access
     - spi: cadence-quadspi: Flush posted register writes before DAC access
     - [x86] umip: Check that the instruction opcode is at least two bytes
     - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
       aliases)
     - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
     - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
     - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when
       max_huge_pages=0
     - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
     - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
     - ext4: verify orphan file size is not too big
     - ext4: increase i_disksize to offset + len in
       ext4_update_disksize_before_punch()
     - ext4: correctly handle queries for metadata mappings
     - ext4: guard against EA inode refcount underflow in xattr update
     - ACPICA: Allow to skip Global Lock initialization
     - ext4: free orphan info with kvfree
     - [x86] KVM: x86: Don't (re)check L1 intercepts when completing userspace
       I/O
     - Squashfs: add additional inode sanity checking
     - Squashfs: reject negative file sizes in squashfs_read_inode()
     - tracing: Fix race condition in kprobe initialization causing NULL pointer
       dereference
     - ksmbd: add max ip connections parameter
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
       value
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
       cache_type
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
     - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
     - rseq: Protect event mask against membarrier IPI
     - ipmi: Rework user message limit handling
     - ipmi: Fix handling of messages with provided receive message pointer
     - ACPI: property: Disregard references in data-only subnode lists
     - ACPI: property: Add code comments explaining what is going on
     - ACPI: property: Do not pass NULL handles to acpi_attach_data()
     - asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info
     - asm-generic/io.h: suppress endianness warnings for relaxed accessors
     - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
     - mptcp: pm: in-kernel: usable client side with C-flag
     - minixfs: Verify inode mode when loading from disk
     - pid: Add a judgment for ns null in pid_nr_ns
     - fs: Add 'initramfs_options' to set initramfs mount options
     - cramfs: Verify inode mode when loading from disk
     - writeback: Avoid softlockup when switching many inodes
     - writeback: Avoid excessively long inode switching times
     - xen/events: Update virq_to_irq on migration
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158
     - smb: client: Fix refcount leak for cifs_sb_tlink (CVE-2025-40103)
     - r8152: add error handling in rtl8152_driver_init
     - jbd2: ensure that all ongoing I/O complete before freeing blocks
     - ext4: wait for ongoing I/O to complete before freeing blocks
     - ext4: detect invalid INLINE_DATA + EXTENTS flag combination
     - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
       running
     - btrfs: do not assert we found block group item when creating free space
       tree (CVE-2025-40100)
     - cifs: parse_dfs_referrals: prevent oob on malformed input (CVE-2025-40099)
     - drm/amdgpu: use atomic functions with memory barriers for vm fault info
     - drm/amd: Check whether secure display TA loaded successfully
     - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value
     - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
     - usb: gadget: Store endpoint pointer in usb_request
     - usb: gadget: Introduce free_usb_request helper
     - usb: gadget: f_rndis: Refactor bind path to use __free() (CVE-2025-40095)
     - usb: gadget: f_ecm: Refactor bind path to use __free() (CVE-2025-40093)
     - usb: gadget: f_acm: Refactor bind path to use __free() (CVE-2025-40094)
     - usb: gadget: f_ncm: Refactor bind path to use __free() (CVE-2025-40092)
     - Documentation: Remove bogus claim about del_timer_sync()
     - [arm64,armhf] clocksource/drivers/arm_arch_timer: Do not use timer
       namespace for timer_shutdown() function
     - [arm64,armhf] clocksource/drivers/sp804: Do not use timer namespace for
       timer_shutdown() function
     - timers: Replace BUG_ON()s
     - Documentation: Replace del_timer/del_timer_sync()
     - timers: Silently ignore timers with a NULL function
     - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
     - timers: Add shutdown mechanism to the internal functions
     - timers: Provide timer_shutdown[_sync]()
     - timers: Update the documentation to reflect on the new timer_shutdown()
       API
     - Bluetooth: hci_qca: Fix the teardown problem for real
     - HID: multitouch: fix sticky fingers
     - dax: skip read lock assertion for read-only filesystems
     - [arm64] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
     - net: dlink: handle dma_map_single() failure properly
     - doc: fix seg6_flowlabel path
     - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
     - net/ip6_tunnel: Prevent perpetual tunnel growth
     - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface
       toggle
     - tcp: fix tcp_tso_should_defer() vs large RTT
     - tg3: prevent use of uninitialized remote_adv and local_adv variables
     - net: tls: wait for async completion on last message
     - tls: wait for async encrypt in case of error during latter iterations of
       sendmsg
     - tls: always set record_type in tls_process_cmsg
     - tls: wait for pending async decryptions if tls_strp_msg_hold fails
     - tls: don't rely on tx_work during send()
     - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
     - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
       lan78xx_reset
     - [x86] ASoC: nau8821: Cancel jdet_work before handling jack ejection
     - [x86] ASoC: nau8821: Generalize helper to clear IRQ status
     - [x86] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
     - drm/amd/powerplay: Fix CIK shutdown temperature
     - [arm64] drm/rockchip: vop2: use correct destination rectangle height check
     - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
     - sched/fair: Fix pelt lost idle time detection
     - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
     - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
       (CVE-2025-40085)
     - HID: hid-input: only ignore 0 battery events for digitizers
     - HID: multitouch: fix name of Stylus input devices
     - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
       (CVE-2025-40088)
     - PCI/sysfs: Ensure devices are powered for config reads (part 2)
     - exec: Fix incorrect type for ret
     - hfs: clear offset and space out of valid records in b-tree node
     - hfs: make proper initalization of struct hfs_find_data
     - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
     - hfs: validate record offset in hfsplus_bmap_alloc
     - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
     - dlm: check for defined force value in dlm_lockspace_release
     - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
     - hfsplus: return EIO when type of hidden directory mismatch in
       hfsplus_fill_super()
     - smb: server: let smb_direct_flush_send_list() invalidate a remote key
       first
     - net/mlx5e: Return 1 instead of 0 in invalid case in
       mlx5e_mpwrq_umr_entry_size()
     - rtnetlink: Allow deleting FDB entries in user namespace
     - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
     - [arm64] mm: avoid always making PTE dirty in pte_mkwrite()
     - sctp: avoid NULL dereference when chunk data buffer is missing
     - net: bonding: fix possible peer notify event loss or dup issue
     - Revert "cpuidle: menu: Avoid discarding useful information"
     - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
     - can: netlink: can_changelink(): allow disabling of automatic restart
     - [mips64el,mipsel] Malta: Fix keyboard resource preventing i8042 driver
       from registering
     - ocfs2: clear extent cache after moving/defragmenting extents
     - vsock: fix lock inversion in vsock_assign_transport()
     - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection
     - net: usb: rtl8150: Fix frame padding
     - io_uring: correct __must_hold annotation in io_install_fixed_file
     - USB: serial: option: add UNISOC UIS7720
     - USB: serial: option: add Quectel RG255C
     - USB: serial: option: add Telit FN920C04 ECM compositions
     - usb/core/quirks: Add Huawei ME906S to wakeup quirk
     - usb: raw-gadget: do not limit transfer length
     - xhci: dbc: enable back DbC in resume if it was enabled before suspend
     - [arm*] binder: remove "invalid inc weak" check
     - [x86] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106)
     - [x86] mei: me: add wildcat lake P DID
     - serial: 8250_dw: handle reset control deassert error
     - serial: 8250_exar: add support for Advantech 2 port card with Device ID
       0x0018
     - xfs: rename the old_crc variable in xlog_recover_process
     - xfs: fix log CRC mismatches between i386 and other architectures
     - PM: runtime: Add new devm functions
     - iio: imu: inv_icm42600: Simplify pm_runtime setup
     - iio: imu: inv_icm42600: use = { } instead of memset()
     - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended
     - padata: Reset next CPU when reorder sequence wraps around
     - fuse: allocate ff->release_args only if release is needed
     - fuse: fix livelock in synchronous file put from fuseblk workers
     - [arm64] mte: Do not flag the zero page as PG_mte_tagged
     - [arm64] PCI: j721e: Enable ACSPCIE Refclk if
       "ti,syscon-acspcie-proxy-ctrl" exists
     - [arm64] PCI: j721e: Fix programming sequence of "strap" settings
     - NFSD: Rework encoding and decoding of nfsd4_deviceid
     - NFSD: Minor cleanup in layoutcommit processing
     - NFSD: Fix last write offset handling in layoutcommit
     - vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)
     - NFSD: Define a proc_layoutcommit for the FlexFiles layout type
       (CVE-2025-40087)
     - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
     - drm/sched: Fix potential double free in
       drm_sched_job_add_resv_dependencies (CVE-2025-40096)
     - f2fs: add a f2fs_get_block_locked helper
     - f2fs: remove the create argument to f2fs_map_blocks
     - f2fs: factor a f2fs_map_blocks_cached helper
     - f2fs: fix wrong block mapping for multi-devices
     - PCI: Add PCI_VDEVICE_SUB helper macro
     - ixgbevf: Add support for Intel(R) E610 device
     - ixgbevf: fix getting link speed data for E610 devices
     - ixgbevf: fix mailbox API compatibility by negotiating supported features
       (CVE-2025-40104)
     - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
     - xfs: always warn about deprecated mount options
     - devcoredump: Fix circular locking dependency with devcd->mutex.
     - [x86] resctrl: Fix miscount of bandwidth event when reactivating
       previously unavailable RMID
     - ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
     - [s390x] cio: Update purge function to unregister the unused subchannels
     - [arm64] cputype: Add Neoverse-V3AE definitions
     - [arm64] errata: Apply workarounds for Neoverse-V3AE
     - ksmbd: transport_ipc: validate payload size before reading handle
       (CVE-2025-40084)
 .
   [ Ben Hutchings ]
   * d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in ..
   * d/salsa-ci.yml: Adjust filenames to allow source package name suffix
   * d/salsa-ci.yml: Fix cache configuration for build job
   * d/salsa-ci.yml: Move orig tarball generation to a separate job again
   * d/salsa-ci.yml: Restore lintian checking of source package
linux-signed-amd64 (6.1.153+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.153-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.149
     - io_uring: don't use int for ABI
     - ALSA: usb-audio: Validate UAC3 power domain descriptors, too
     - ALSA: usb-audio: Validate UAC3 cluster segment descriptors
     - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
     - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
     - smb3: fix for slab out of bounds on mount to ksmbd
     - smb: client: remove redundant lstrp update in negotiate protocol
     - gpio: virtio: Fix config space reading.
     - [amd64,arm64] net: phy: micrel: fix KSZ8081/KSZ8091 cable test
     - net: usb: asix_devices: add phy_mask for ax88772 mdio bus
     - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
     - NFSD: detect mismatch of file handle and delegation stateid in OPEN op
     - NFS: Fix the setting of capabilities when automounting a new filesystem
     - sunvdc: Balance device refcount in vdc_port_mpgroup_check
     - fs: Prevent file descriptor table allocations exceeding INT_MAX
     - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
     - Documentation: ACPI: Fix parent device references
     - ACPI: processor: perflib: Fix initial _PPC limit application
     - ACPI: processor: perflib: Move problematic pr->performance check
     - [amd64] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI
       shadow
     - [amd64] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
     - [amd64] KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
     - [amd64] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o
       VID
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL in common x86
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
     - [amd64] KVM: x86/pmu: Gate all "unimplemented MSR" prints on
       report_ignored_msrs
     - [amd64] KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
     - [amd64] KVM: VMX: Re-enter guest in fastpath for "spurious" preemption
       timer exits
     - [amd64] KVM: VMX: Handle forced exit due to preemption timer in fastpath
     - [amd64] KVM: x86: Move handling of is_guest_mode() into fastpath exit
       handlers
     - [amd64] KVM: VMX: Handle KVM-induced preemption timer exits in fastpath
       for L2
     - [amd64] KVM: x86: Fully defer to vendor code to decide how to force
       immediate exit
     - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
       bitmap
     - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
       flag
     - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
       supported
     - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper
     - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
     - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
       APIs
     - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running
       the guest
     - udp: also consider secpath when evaluating ipsec use for checksumming
     - netfilter: ctnetlink: fix refcount leak on table dump
     - hfs: fix slab-out-of-bounds in hfs_bnode_read()
     - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
     - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
     - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
     - [arm64] Handle KCOV __init vs inline mismatches
     - smb/server: avoid deadlock when linking with ReplaceIfExists
     - udf: Verify partition map count
     - drbd: add missing kref_get in handle_write_conflicts
     - hfs: fix not erasing deleted b-tree node issue
     - better lockdep annotations for simple_recursive_removal()
     - ata: libata-sata: Disallow changing LPM state if not supported
     - fs/ntfs3: Add sanity check for file name
     - fs/ntfs3: correctly create symlink for relative path
     - fix locking in efi_secret_unlink()
     - securityfs: don't pin dentries twice, once is enough...
     - usb: xhci: print xhci->xhc_state when queue_command failed
     - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
     - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
     - usb: xhci: Avoid showing warnings for dying controller
     - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
     - usb: xhci: Avoid showing errors during surprise removal
     - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
     - cpufreq: Exit governor when failed to start old governor
     - [armhf] rockchip: fix kernel hang during smp initialization
     - PM / devfreq: governor: Replace sscanf() with kstrtoul() in
       set_freq_store()
     - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
       successed
     - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
       required
     - tools/nolibc: define time_t in terms of __kernel_old_time_t
     - iio: adc: ad_sigma_delta: don't overallocate scan buffer
     - [armhf] tegra: Use I/O memcpy to write to IRAM
     - ACPI: PRM: Reduce unnecessary printing to avoid user confusion
     - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
     - thermal: sysfs: Return ENODATA instead of EAGAIN for reads
     - PM: sleep: console: Fix the black screen issue
     - ACPI: processor: fix acpi_object initialization
     - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
     - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
     - pps: clients: gpio: fix interrupt handling order in remove path
     - reset: brcmstb: Enable reset drivers for ARCH_BCM2835
     - mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
     - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
     - ALSA: hda: Handle the jack polling always via a work
     - ALSA: hda: Disable jack polling at shutdown
     - [amd64] x86/bugs: Avoid warning when overriding return thunk
     - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
     - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
     - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
     - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
     - usb: core: usb_submit_urb: downgrade type check
     - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
     - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline
       mismatches
     - platform/chrome: cros_ec_typec: Defer probe on missing EC parent
     - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
     - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
     - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
     - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
     - ASoC: codecs: rt5640: Retry DEVICE_ID verification
     - xen/netfront: Fix TX response spurious interrupts
     - net: usb: cdc-ncm: check for filtering capability
     - wifi: cfg80211: reject HTC bit for management frames
     - [s390x] time: Use monotonic clock in get_cycles()
     - be2net: Use correct byte order and format string for TCP seq and ack_seq
     - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
     - et131x: Add missing check after DMA map
     - net: ag71xx: Add missing check after DMA map
     - net/mlx5e: Properly access RCU protected qdisc_sleeping variable
     - [arm64] Mark kernel as tainted on SAE and SError panic
     - rcu: Protect ->defer_qs_iw_pending from data race
     - net: mctp: Prevent duplicate binds
     - wifi: cfg80211: Fix interface type validation
     - net: ipv4: fix incorrect MTU in broadcast routes
     - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
     - wifi: iwlwifi: mvm: fix scan request validation
     - [s390x] stp: Remove udelay from stp_sync_clock()
     - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
     - wifi: mac80211: don't complete management TX on SAE commit
     - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
       __ipv6_dev_mc_inc().
     - [arm64] drm/msm: use trylock for debugfs
     - wifi: rtw89: Fix rtw89_mac_power_switch() for USB
     - wifi: rtw89: Disable deep power saving for USB/SDIO
     - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit
     - [amd64] net: thunderbolt: Fix the parameter passing of
       tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
     - net: atlantic: add set_power to fw_ops for atl2 to fix wol
     - net: fec: allow disable coalescing
     - drm/amd/display: Separate set_gsl from set_gsl_source_select
     - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
     - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
     - drm/amd/display: Fix 'failed to blank crtc!'
     - wifi: mac80211: update radar_required in channel context after channel
       switch
     - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
     - [powerpc*] floppy: Add missing checks after DMA map
     - netmem: fix skb_frag_address_safe with unreadable skbs
     - wifi: iwlegacy: Check rate_idx range after addition
     - neighbour: add support for NUD_PERMANENT proxy entries
     - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
       manual
     - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
     - gve: Return error for unknown admin queue command
     - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
     - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
     - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325
     - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
     - ptp: Use ratelimite for freerun error message
     - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
     - ionic: clean dbpage in de-init
     - net: ncsi: Fix buffer overflow in fetching version id
     - drm/ttm: Should to return the evict error
     - uapi: in6: restore visibility of most IPv6 socket options
     - drm/ttm: Respect the shrinker core free target
     - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
     - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
     - vhost: fail early when __vhost_add_used() fails
     - drm/amd/display: Only finalize atomic_obj if it was initialized
     - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
       condition
     - cifs: Fix calling CIFSFindFirst() for root path without msearch
     - fbdev: fix potential buffer overflow in do_register_framebuffer()
     - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
     - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
     - fs/orangefs: use snprintf() instead of sprintf()
     - watchdog: dw_wdt: Fix default timeout
     - hwmon: (emc2305) Set initial PWM minimum value during probe based on
       thermal state
     - watchdog: iTCO_wdt: Report error if timeout configuration fails
     - scsi: bfa: Double-free fix
     - jfs: truncate good inode pages when hard link is 0
     - jfs: Regular file corruption check
     - jfs: upper bound check of tree index in dbAllocAG
     - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO
     - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
       control
     - leds: leds-lp50xx: Handle reg to get correct multi_index
     - [armhf] dmaengine: stm32-dma: configure next sg only if there are more
       than 2 sgs
     - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
     - RDMA/core: reduce stack using in nldev_stat_get_doit()
     - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
     - scsi: mpt3sas: Correctly handle ATA device errors
     - scsi: mpi3mr: Correctly handle ATA device errors
     - pinctrl: stm32: Manage irq affinity settings
     - media: tc358743: Check I2C succeeded during probe
     - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
     - media: tc358743: Increase FIFO trigger level to 374
     - media: usb: hdpvr: disable zero-length read messages
     - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
     - media: dvb-frontends: w7090p: fix null-ptr-deref in
       w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
     - media: uvcvideo: Fix bandwidth issue for Alcor camera
     - md: dm-zoned-target: Initialize return variable r to avoid uninitialized
       use
     - module: Prevent silent truncation of module name in delete_module(2)
     - i3c: add missing include to internal header
     - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
     - i3c: don't fail if GETHDRCAP is unsupported
     - i3c: master: Initialize ret in i3c_i2c_notifier_call()
     - dm-mpath: don't print the "loaded" message if registering fails
     - dm-table: fix checking for rq stackable devices
     - apparmor: use the condition in AA_BUG_FMT even with debug disabled
     - i2c: Force DLL0945 touchpad i2c freq to 100khz
     - vfio/type1: conditional rescheduling while pinning
     - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
     - scsi: target: core: Generate correct identifiers for PR OUT transport IDs
     - scsi: aacraid: Stop using PCI_IRQ_AFFINITY
     - vfio/mlx5: fix possible overflow in tracking max message size
     - ipmi: Use dev_warn_ratelimited() for incorrect message warnings
     - ipmi: Fix strcpy source and destination the same
     - net: phy: smsc: add proper reset flags for LAN8710A
     - block: avoid possible overflow for chunk_sectors check in
       blk_stack_limits()
     - pNFS: Fix stripe mapping in block/scsi layout
     - pNFS: Fix disk addr range check in block/scsi layout
     - pNFS: Handle RPC size limit for layoutcommits
     - pNFS: Fix uninited ptr deref in block/scsi layout
     - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
     - scsi: lpfc: Remove redundant assignment to avoid memory leak
     - ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
     - ASoC: soc-dai.h: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits
     - drm/amdgpu: fix incorrect vm flags to map bo
     - ext4: fix zombie groups in average fragment size lists
     - ext4: fix largest free orders lists corruption on mb_optimize_scan switch
     - usb: core: config: Prevent OOB read in SS endpoint companion parsing
     - misc: rtsx: usb: Ensure mmc child device is active when card is present
     - usb: typec: ucsi: Update power_supply on power role change
     - [amd64] comedi: fix race between polling and detaching
     - [amd64] thunderbolt: Fix copy+paste error in match_service_id()
     - cdc-acm: fix race between initial clearing halt and open
     - btrfs: zoned: use filesystem size not disk size for reclaim decision
     - btrfs: abort transaction during log replay if walk_log_tree() failed
     - btrfs: zoned: do not remove unwritten non-data block group
     - btrfs: fix log tree replay failure due to file with 0 links and extents
     - btrfs: do not allow relocation of partially dropped subvolumes
     - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
     - hv_netvsc: Fix panic during namespace deletion with VF
     - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
     - media: uvcvideo: Do not mark valid metadata as invalid
     - HID: magicmouse: avoid setting up battery timer when not needed
     - HID: apple: avoid setting up battery timer for devices without battery
     - serial: 8250: fix panic due to PSLVERR
     - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
     - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
     - usb: gadget: udc: renesas_usb3: fix device leak at unbind
     - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind
     - bus: mhi: host: Fix endianness of BHI vector table
     - bus: mhi: host: Detect events pointing to unexpected TREs
     - vt: keyboard: Don't process Unicode characters in K_OFF mode
     - vt: defkeymap: Map keycodes above 127 to K_HOLE
     - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
     - ksmbd: extend the connection limiting mechanism to support IPv6
     - ext4: check fast symlink for ea_inode correctly
     - ext4: fix fsmap end of range reporting with bigalloc
     - ext4: fix reserved gdt blocks handling in fsmap
     - ext4: use kmalloc_array() for array space allocation
     - ext4: fix hole length calculation overflow in non-extent inodes
     - scsi: mpi3mr: Fix race between config read submit and interrupt completion
     - ata: libata-scsi: Fix ata_to_sense_error() status handling
     - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host
       controllers
     - scsi: ufs: ufs-pci: Fix default runtime and system PM levels
     - iio: imu: bno055: fix OOB access of hw_xlate array
     - iio: adc: ad_sigma_delta: change to buffer predisable
     - wifi: brcmsmac: Remove const from tbl_ptr parameter in
       wlc_lcnphy_common_read_table()
     - wifi: ath11k: fix dest ring-buffer corruption
     - wifi: ath11k: fix source ring-buffer corruption
     - wifi: ath11k: fix dest ring-buffer corruption when ring is full
     - pwm: imx-tpm: Reset counter if CMOD is 0
     - pwm: mediatek: Handle hardware enable and clock enable separately
     - pwm: mediatek: Fix duty and period setting
     - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
     - mtd: spi-nor: Fix spi_nor_try_unlock_all()
     - PCI: endpoint: Fix configfs group list head handling
     - PCI: endpoint: Fix configfs group removal on driver teardown
     - vsock/virtio: Validate length in packet header before skb_put()
     - vhost/vsock: Avoid allocating arbitrarily-sized SKBs
     - jbd2: prevent softlockup in jbd2_log_do_checkpoint()
     - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state
     - media: gspca: Add bounds checking to firmware parser
     - [armhf] media: imx: fix a potential memory leak in
       imx_media_csc_scaler_device_init()
     - media: vivid: fix wrong pixel_array control size
     - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
     - media: usbtv: Lock resolution while streaming
     - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
     - media: ov2659: Fix memory leaks in ov2659_probe()
     - drm/amd: Restore cached power limit during resume
     - drm/amdgpu: Avoid extra evict-restore process.
     - drm/amdgpu: update mmhub 3.0.1 client id mappings
     - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
     - drm/amd/display: Don't overwrite dce60_clk_mgr
     - net, hsr: reject HSR frame if skb can't hold tag
     - ipv6: sr: Fix MAC comparison to be constant-time
     - ACPI: pfr_update: Fix the driver update version check
     - mptcp: drop skb if MPTCP skb extension allocation fails
     - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
     - f2fs: fix to do sanity check on ino and xnid (CVE-2025-38347)
     - iio: hid-sensor-prox: Restore lost scale assignments
     - iio: hid-sensor-prox: Fix incorrect OFFSET calculation
     - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event()
       (CVE-2025-38322)
     - [amd64] x86/mce/amd: Add default names for MCA banks and blocks
     - net: add netdev_lockdep_set_classes() to virtual drivers
     - btrfs: fix qgroup reservation leak on failure to allocate ordered extent
     - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
     - drm/sched: Remove optimization that causes hang when killing dependent
       jobs
     - net: enetc: fix device and OF node leak at probe
     - fscrypt: Don't use problematic non-inline crypto engines
     - block: reject invalid operation in submit_bio_noacct
     - block: Make REQ_OP_ZONE_FINISH a write operation
     - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
     - cifs: reset iface weights when we cannot find a candidate
     - usb: typec: fusb302: cache PD RX state
     - btrfs: qgroup: fix race between quota disable and quota rescan ioctl
     - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
     - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
     - btrfs: send: use fallocate for hole punching with send stream v2
     - net_sched: sch_ets: implement lockless ets_dump()
     - net/sched: ets: use old 'nbands' while purging unused classes
     - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
     - [armhf] usb: musb: omap2430: Convert to platform remove callback returning
       void
     - [armhf] usb: musb: omap2430: fix device leak at unbind
     - platform/chrome: cros_ec: Use per-device lockdep key
     - platform/chrome: cros_ec: remove unneeded label and if-condition
     - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
     - [arm64] usb: dwc3: imx8mp: fix device leak at unbind
     - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
     - btrfs: populate otime when logging an inode item
     - tls: separate no-async decryption request handling from async
       (CVE-2024-58240)
     - [amd64] crypto: qat - fix ring to service map for QAT GEN4
     - [arm64] cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1
       register
     - [amd64] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
       producer
     - mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
     - mptcp: plug races between subflow fail and subflow creation
       (CVE-2025-38552)
     - mptcp: reset fallback status gracefully at disconnect() time
     - mm: drop the assumption that VM_SHARED always implies writable
     - mm: update memfd seal write check to include F_SEAL_WRITE
     - mm: reinstate ability to map write-sealed memfd mappings read-only
     - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
     - kbuild: userprogs: use correct linker when mixing clang and GNU ld
     - [amd64] x86/reboot: Harden virtualization hooks for emergency reboot
     - [amd64] x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
     - [amd64] KVM: VMX: Flush shadow VMCS on emergency reboot
     - [arm64] KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME
       fix
     - memstick: Fix deadlock by moving removing flag earlier
     - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
     - squashfs: fix memory leak in squashfs_fill_super
     - mm/debug_vm_pgtable: clear page table entries at destroy_args()
     - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook
       830 G6
     - [s390x] sclp: Fix SCCB present check
     - drm/amd/display: Avoid a NULL pointer dereference
     - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
     - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
     - drm/amd/display: Find first CRTC and its line time in
       dce110_fill_display_configs
     - drm/amd/display: Fill display clock and vblank time in
       dce110_fill_display_configs
     - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
     - fs/buffer: fix use-after-free when call bh_read() helper
     - use uniform permission checks for all mount propagation changes
     - ftrace: Also allocate and copy hash for reading of filter files
     - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
     - iio: proximity: isl29501: fix buffered read on big-endian systems
     - most: core: Drop device reference after usage in get_channel()
     - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
     - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples
     - [amd64] comedi: pcl726: Prevent invalid irq number
     - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and
       do_insnlist_ioctl()
     - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
       test
     - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
     - usb: storage: realtek_cr: Use correct byte order for bcs->Residue
     - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
     - [arm64,armhf] usb: dwc3: Ignore late xferNotReady event to prevent halt
       timeout
     - [arm64,armhf] usb: dwc3: Remove WARN_ON for device endpoint command
       timeouts
     - [arm64] dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
     - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
     - ext4: preserve SB_I_VERSION on remount
     - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
     - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
     - [arm64] PCI: rockchip: Use standard PCIe definitions
     - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
     - [arm64] soc: qcom: mdt_loader: Enhance split binary detection
     - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header
     - f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
     - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677)
     - mptcp: disable add_addr retransmission when timeout is 0
     - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
     - mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
     - mmc: sdhci-pci-gli: Add a new function to simplify the code
     - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
     - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
     - drm/amd/display: Don't overclock DCE 6 by 15%
     - wifi: mac80211: avoid lockdep checking when removing deflink
     - wifi: mac80211: check basic rates validity in sta_link_apply_parameters
     - tls: fix handling of zero-length records on the rx_list
     - iio: imu: inv_icm42600: change invalid data error to -EBUSY
     - tracing: Remove unneeded goto out logic
     - tracing: Limit access to parser->buffer when trace_get_user failed
     - iio: light: as73211: Ensure buffer holes are zeroed
     - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
     - compiler: remove __ADDRESSABLE_ASM{_STR,}() again
     - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
     - cgroup/cpuset: Use static_branch_enable_cpuslocked() on
       cpusets_insane_config_key
     - iosys-map: Fix undefined behavior in iosys_map_clear()
     - RDMA/bnxt_re: Fix to initialize the PBL array
     - net: bridge: fix soft lockup in br_multicast_query_expired()
     - scsi: qla4xxx: Prevent a potential error pointer dereference
     - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline
       (CVE-2025-38676)
     - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
     - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug
     - ALSA: usb-audio: Fix size validation in convert_chmap_v3()
     - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
     - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
     - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
     - net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
     - ppp: fix race conditions in ppp_fill_forward_path
     - phy: mscc: Fix timestamping for vsc8584
     - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
     - gve: prevent ethtool ops after shutdown
     - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
     - igc: fix disabling L1.2 PCI-E link substate on I226 on init
     - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
     - net/sched: Remove unnecessary WARNING condition for empty child qdisc in
       htb_activate
     - bonding: update LACP activity flag after setting lacp_active
     - bonding: Add independent control state machine
     - bonding: send LACPDUs periodically in passive mode after receiving
       partner's LACPDU
     - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
     - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs
     - [s390x] hypfs: Enable limited access during lockdown
     - netfilter: nf_reject: don't leak dst refcount for loopback packets
     - alloc_fdtable(): change calling conventions.
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.150
     - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
     - scsi: core: sysfs: Correct sysfs attributes access rights
     - smb: client: fix race with concurrent opens in unlink(2)
     - smb: client: fix race with concurrent opens in rename(2)
     - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
     - nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests
     - NFS: Fix a race when updating an existing write
     - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
     - net: ipv4: fix regression in local-broadcast routes
     - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl
     - [powerpc*] kvm: Fix ifdef to remove build warning
     - HID: input: rename hidinput_set_battery_charge_status()
     - HID: input: report battery status changes immediately
     - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
     - Bluetooth: hci_event: Mark connection as closed during suspend disconnect
     - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
     - Bluetooth: hci_sync: fix set_local_name race condition
     - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
     - net: dlink: fix multicast stats being counted incorrectly
     - phy: mscc: Fix when PTP clock is register and unregister
     - net/mlx5: Reload auxiliary drivers on fw_activate
     - net/mlx5e: Update and set Xon/Xoff upon MTU set
     - net/mlx5e: Update and set Xon/Xoff upon port speed set
     - net/mlx5e: Set local Xoff after FW update
     - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
     - net: rose: split remove and free operations in rose_remove_neigh()
     - net: rose: convert 'use' field to refcount_t
     - net: rose: include node references in rose_neigh refcount
     - sctp: initialize more fields in sctp_v6_from_sk()
     - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
     - [x86] KVM: x86: use array_index_nospec with indices that come from guest
     - HID: asus: fix UAF via HID_CLAIMED_INPUT validation
     - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
     - HID: wacom: Add a new Art Pen 2
     - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
     - Revert "drm/amdgpu: fix incorrect vm flags to map bo"
     - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
     - fs/smb: Fix inconsistent refcnt update
     - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
     - smb3 client: fix return code mapping of remap_file_range
     - drm/nouveau/disp: Always accept linear modifier
     - net: rose: fix a typo in rose_clear_routes()
     - HID: mcp2221: Don't set bus speed on every transfer
     - HID: mcp2221: Handle reads greater than 60 bytes
     - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to
       LANE0_1_STATUS"
     - xfs: do not propagate ENODATA disk errors into xattr code
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.151
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage (CVE-2025-38502)
     - btrfs: fix race between logging inode and checking if it was logged before
     - btrfs: fix race between setting last_dir_index_offset and inode logging
     - btrfs: avoid load/store tearing races when checking if an inode was logged
     - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - Bluetooth: hci_sync: Avoid adding default advertising on startup
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - [arm64] tee: fix NULL pointer dereference in tee_shm_put
     - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - [x86] xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - [arm64] net: macb: Fix tx_ptr_lock locking
     - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
     - [arm64] net: thunder_bgx: add a missing of_node_put
     - [arm64] net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - net/smc: Remove validation of reserved bits in CLC Decline message
     - mctp: return -ENOPROTOOPT for unknown getsockopt options
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register fail
     - ppp: fix memory leak in pad_compress_skb
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - ocfs2: prevent release journal inode after journal shutdown
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - cifs: prevent NULL pointer dereference in UTF16 conversion
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/slub: avoid accessing metadata when pointer is invalid in object_err()
     - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - btrfs: adjust subpage bit start based on sectorsize (CVE-2025-37931)
     - iio: light: opt3001: fix deadlock due to concurrent flag access
       (CVE-2025-37968)
     - [x86] i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
     - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
     - vmxnet3: update MTU after device quiesce
     - [arm64,armhf] spi: tegra114: Remove unnecessary NULL-pointer checks
     - [arm64,armhf] spi: tegra114: Don't fail set_cs_timing when delays are zero
     - [x86] cpufreq: intel_pstate: Revise global turbo disable check
     - [x86] cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into
       caller
     - [x86] cpufreq: intel_pstate: Do not update global.turbo_disabled after
       initialization
     - [x86] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
     - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
     - fs: relax assertions on failure to encode file handles (CVE-2024-57924)
     - drm/amd/display: Check link_res->hpo_dp_link_enc before using it
       (CVE-2024-47704)
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
     - Revert "drm/amdgpu: Avoid extra evict-restore process."
     - pcmcia: omap: Add missing check for platform_get_resource
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - [arm64] drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - drm/amdgpu: Optimize RAS TA initialization and TA unload funcs
     - drm/amdgpu: remove the check of init status in psp_ras_initialize
     - drm/amd/amdgpu: Fix style problems in amdgpu_psp.c
     - drm/amdgpu: Skip TMR allocation if not required
     - drm/amd: Make flashing messages quieter
     - drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
     - drm/amd/amdgpu: Fix missing error return on kzalloc failure
     - mm, slub: refactor free debug processing
     - slub: Reflow ___slab_alloc()
     - mm: slub: avoid wake up kswapd in set_track_prepare
     - [arm64,armhf] spi: tegra114: Use value to check for invalid delays
     - [x86] cpufreq: intel_pstate: Rearrange show_no_turbo() and
       store_no_turbo()
     - [x86] cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
     - [x86] cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.152
     - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300):
       - Documentation/hw-vuln: Add VMSCAPE documentation
       - x86/vmscape: Enumerate VMSCAPE bug
       - x86/vmscape: Add conditional IBPB mitigation
       - x86/vmscape: Enable the mitigation
       - x86/bugs: Move cpu_bugs_smt_update() down
       - x86/vmscape: Warn when STIBP is disabled with SMT
       - x86/vmscape: Add old Intel CPUs to affected list
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.153
     - mm: introduce and use {pgd,p4d}_populate_kernel()
     - media: mediatek: vcodec: Fix a resource leak related to the scp device in
       FW initialization (CVE-2025-23160)
     - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
       (CVE-2025-23143)
     - tracing: Do not add length to print format in synthetic events
     - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
     - NFSv4: Don't clear capabilities that won't be reset
     - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
     - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
     - tracing: Fix tracing_marker may trigger page fault during preempt_disable
     - ftrace/samples: Fix function size computation
     - NFSv4/flexfiles: Fix layout merge mirror check.
     - tracing: Silence warning when chunk allocation fails in trace_pid_write
     - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
       psock->cork.
     - proc: fix type confusion in pde_set_flags()
     - [x86] KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation
       code
     - [x86] KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
     - [x86] KVM: SVM: Set synthesized TSA CPUID flags
     - Revert "SUNRPC: Don't allow waiting for exiting tasks"
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
     - ocfs2: fix recursive semaphore deadlock in fiemap call
     - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM
       wakeups
     - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
     - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite
     - fuse: check if copy_file_range() returns larger than requested size
     - fuse: prevent overflow in copy_file_range return value
     - libceph: fix invalid accesses to ceph_connection_v1_info
     - mm/damon/sysfs: fix use-after-free in state_show()
     - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
     - mm/damon/lru_sort: avoid divide-by-zero in
       damon_lru_sort_apply_parameters()
     - mm/khugepaged: convert hpage_collapse_scan_pmd() to use folios
     - mm/khugepaged: fix the address passed to notifier on testing young
     - kernfs: Fix UAF in polling when open file is released
     - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
       memory
     - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
     - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO
       runtime PM wakeups"
     - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
     - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
     - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
     - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
     - [arm64,armhf] net: fec: Fix possible NPD in
       fec_enet_phy_reset_after_clk_enable()
     - tunnels: reset the GSO metadata before reusing the skb
     - docs: networking: can: change bcm_msg_head frames member to support
       flexible array
     - igb: fix link test skipping when interface is admin down
     - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
     - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
       j1939_local_ecu_get() failed
     - can: j1939: j1939_local_ecu_get(): undo increment when
       j1939_local_ecu_get() fails
     - net: hsr: Disable promiscuous mode in offload mode
     - net: hsr: Add support for MC filtering at the slave device
     - net: hsr: Add VLAN CTAG filter support
     - hsr: use rtnl lock when iterating over ports
     - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
     - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs()
     - [armhf] dmaengine: ti: edma: Fix memory allocation size for
       queue_priority_map
     - hrtimer: Remove unused function
     - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
     - hrtimers: Unconditionally update target CPU base after offline timer
       migration
     - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
     - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for
       num-channels/ees
     - [arm64] phy: tegra: xusb: fix device and OF node leak at probe
     - [armhf] phy: ti-pipe3: fix device leak at unbind
     - drm/amdgpu: fix a memory leak in fence cleanup when unloading
     - [x86] drm/i915/power: fix size for for_each_set_bit() in abox iteration
     - [arm64] soc: qcom: mdt_loader: Fix error return values in
       mdt_header_valid()
     - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize
     - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
 .
   [ Ben Hutchings ]
   * Revert to using RSA for module signatures (Closes: #1114773)
   * d/b/gencontrol.py: Extend the effect of $DEBIAN_KERNEL_DISABLE_INSTALLER
 .
   [ Santiago Ruano Rincón ]
   * d/salsa-ci.yml: Merge the extract-source job into the build's job script
   * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution
     lintian tags.
   * d/salsa-ci.yml: Early move orig tarballs back where they can be cached

linux-signed-arm64 (6.1.159+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.159-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.159
     - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
     - perf: Have get_perf_callchain() return NULL if crosstask and user are set
     - [x86] bugs: Fix reporting of LFENCE retpoline
     - EDAC/mc_sysfs: Increase legacy channel support to 16
     - btrfs: zoned: refine extent allocator hint selection
     - btrfs: scrub: replace max_t()/min_t() with clamp() in
       scrub_throttle_dev_io()
     - btrfs: always drop log root tree reference in btrfs_replay_log()
     - btrfs: use smp_mb__after_atomic() when forcing COW in
       create_pending_snapshot()
     - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
     - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
     - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
     - xhci: dbc: Provide sysfs option to configure dbc descriptors
     - xhci: dbc: poll at different rate depending on data transfer activity
     - xhci: dbc: Allow users to modify DbC poll interval via sysfs
     - xhci: dbc: Improve performance by removing delay in transfer event
       polling.
     - xhci: dbc: Avoid event polling busyloop if pending rx transfers are
       inactive.
     - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
       event
     - NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
     - net: usb: asix_devices: Check return value of usbnet_get_endpoints
     - fbcon: Set fb_display[i]->mode to NULL when the mode is released
     - fbdev: atyfb: Check if pll_ops->init_pll failed
     - ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
       (CVE-2025-40211)
     - fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)*
     - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
       Mode (CVE-2025-40321)
     - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
     - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
     - mptcp: restore window probe
     - [x86] fpu: Ensure XFD state on signal delivery
     - wifi: ath10k: Fix memory leak on unsupported WMI command
     - [arm64] drm/msm/a6xx: Fix GMU firmware parser
     - ALSA: usb-audio: fix control pipe direction
     - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
     - scsi: ufs: core: Initialize value of an attribute returned by uic cmd
     - bpf: Do not audit capability check in do_jit()
     - [arm64] ASoC: fsl_sai: fix bit order for DSD format
     - libbpf: Fix powerpc's stack register definition in bpf_tracing.h
     - usbnet: Prevents free active kevent
     - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
       (CVE-2025-40318)
     - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
     - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
     - Bluetooth: ISO: Add support for periodic adv reports processing
     - Bluetooth: ISO: Fix another instance of dst_type handling
     - [arm64,armhf] drm/etnaviv: fix flush sequence logic
     - [arm64] net: hns3: return error code when function fails
     - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
     - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
     - block: make REQ_OP_ZONE_OPEN a write operation
     - regmap: slimbus: fix bus_context pointer in regmap init calls
       (CVE-2025-40317)
     - Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"
       (Closes: #1119232)
     - [s390x] pci: Restore IRQ unconditionally for the zPCI device
     - net: phy: dp83867: Disable EEE support as not implemented
     - mptcp: change 'first' as a parameter
     - mptcp: drop bogus optimization in __mptcp_check_push()
     - can: gs_usb: increase max interface to U8_MAX
     - cacheinfo: Return error code in init_of_cache_level()
     - cacheinfo: Check 'cache-unified' property to count cache leaves
     - ACPI: PPTT: Remove acpi_find_cache_levels()
     - ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info()
     - arch_topology: Build cacheinfo from primary CPU
     - cacheinfo: Initialize variables in fetch_cache_info()
     - cacheinfo: Fix LLC is not exported through sysfs
     - drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug
     - [arm64] tegra: Update cache properties
     - filemap: add a kiocb_invalidate_pages helper
     - filemap: add a kiocb_invalidate_post_direct_write helper
     - filemap: update ki_pos in generic_perform_write
     - fs: factor out a direct_write_fallback helper
     - direct_write_fallback(): on error revert the ->ki_pos update from buffered
       write
     - block: open code __generic_file_write_iter for blkdev writes
     - block: fix race between set_blocksize and read paths (CVE-2025-38073)
     - nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()
     - usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
       (CVE-2025-40315)
     - drm/sysfb: Do not dereference NULL pointer in plane reset
     - drm/sched: Fix race in drm_sched_entity_select_rq()
     - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump
     - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs
     - bpf: Don't use %pK through printk
     - pinctrl: single: fix bias pull up/down handling in pin_config_set
     - [arm64] mmc: host: renesas_sdhi: Fix the actual clock
     - memstick: Add timeout to prevent indefinite waiting
     - cpufreq/longhaul: handle NULL policy in longhaul_exit
     - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
     - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
     - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
     - hwmon: (sbtsi_temp) AMD CPU extended temperature range support
     - power: supply: sbs-charger: Support multiple devices
     - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
     - ACPICA: dispatcher: Use acpi_ds_clear_operands() in
       acpi_ds_call_control_method()
     - [arm64] tee: allow a driver to allocate a tee_device without a pool
     - nvmet-fc: avoid scheduling association deletion twice (CVE-2025-40343)
     - nvme-fc: use lock accessing port_state and rport state (CVE-2025-40342)
     - [arm64] video: backlight: lp855x_bl: Set correct EPROM start for LP8556
     - tools/cpupower: fix error return value in cpupower_write_sysfs()
     - cpuidle: Fail cpuidle device registration if there is one already
     - futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
     - bpf: Clear pfmemalloc flag when freeing all fragments
     - nvme: Use non zero KATO for persistent discovery connections
     - uprobe: Do not emulate/sstep original instruction when ip is changed
     - [x86] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
     - [x86] hwmon: (dell-smm) Add support for Dell OptiPlex 7040
     - [x86] tools/cpupower: Fix incorrect size in cpuidle_state_disable()
     - [x86] tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
     - [x86] tools/power x86_energy_perf_policy: Enhance HWP enable
     - [x86] tools/power x86_energy_perf_policy: Prefer driver HWP limits
     - [armhf] mfd: stmpe: Remove IRQ domain upon removal
     - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE
     - drm/amd/display: add more cyan skillfish devices
     - drm/amd/pm: Use cached metrics data on aldebaran
     - drm/amd/pm: Use cached metrics data on arcturus
     - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
     - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
     - PCI: Disable MSI on RDC PCI to PCIe bridges
     - drm/amdkfd: return -ENOTTY for unsupported IOCTLs
     - media: pci: ivtv: Don't create fake v4l2_fh
     - [x86] vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
     - net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
     - ice: Don't use %pK through printk or tracepoints
     - thunderbolt: Use is_pciehp instead of is_hotplug_bridge
     - [powerpc*] eeh: Use result of error_detected() in uevent
     - [s390x] pci: Use pci_uevent_ers() in PCI recovery
     - bridge: Redirect to backup port when port is administratively down
     - net: ipv6: fix field-spanning memcpy warning in AH output
     - media: imon: make send_packet() more robust
     - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
     - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
     - char: misc: Does not request module for miscdevice with dynamic minor
     - net: When removing nexthops, don't call synchronize_net if it is not
       necessary
     - net: Call trace_sock_exceed_buf_limit() for memcg failure with
       SK_MEM_RECV.
     - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
     - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
     - rds: Fix endianness annotation for RDS_MPATH_HASH
     - scsi: mpi3mr: Fix controller init failure on fault during queue creation
     - scsi: pm80xx: Fix race condition caused by static variables
     - extcon: adc-jack: Fix wakeup source leaks on device unbind
     - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
     - drm/amdkfd: fix vram allocation failure for a special case
     - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
     - media: fix uninitialized symbol warnings
     - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
     - scsi: pm8001: Use int instead of u32 to store error codes
     - ptp: Limit time setting of PTP clocks
     - dmaengine: sh: setup_xref error handling
     - dmaengine: mv_xor: match alloc_wc and free_wc
     - dmaengine: dw-edma: Set status for callback_result
     - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
     - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
     - drm/amdgpu: Allow kfd CRIU with no buffer objects
     - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
     - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
     - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls
       for decoders
     - ALSA: usb-audio: apply quirk for MOONDROP Quark2
     - net: call cond_resched() less often in __release_sock()
     - smsc911x: add second read of EEPROM mac when possible corruption seen
     - [amd64] iommu/amd: Skip enabling command/event buffers for kdump
     - drm/amd: add more cyan skillfish PCI ids
     - drm/amdgpu: don't enable SMU on cyan skillfish
     - drm/amdgpu: add support for cyan skillfish gpu_info
     - usb: gadget: f_hid: Fix zero length packet transfer
     - usb: cdns3: gadget: Use-after-free during failed initialization and exit
       of cdnsp gadget (CVE-2025-40314)
     - [arm64] drm/msm: make sure to not queue up recovery more than once
     - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
     - net: phy: marvell: Fix 88e1510 downshift counter errata
     - wifi: mac80211: Fix HE capabilities element check
     - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
       register 0
     - net: sh_eth: Disable WoL if system can not suspend
     - media: redrat3: use int type to store negative error codes
     - netfilter: nf_reject: don't reply to icmp error messages
     - [x86] kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
       PV_UNHALT
     - udp_tunnel: use netdev_warn() instead of netdev_WARN()
     - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
     - net/cls_cgroup: Fix task_get_classid() during qdisc run
     - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
     - ALSA: serial-generic: remove shared static buffer
     - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
     - drm/amd: Avoid evicting resources at S5
     - page_pool: always add GFP_NOWARN for ATOMIC allocations
     - ethernet: Extend device_get_mac_address() to use NVMEM
     - drm/amdgpu: reject gang submissions under SRIOV
     - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
       TGT_RESET
     - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
       lpfc_cleanup
     - scsi: lpfc: Define size of debugfs entry for xri rebalancing
     - allow finish_no_open(file, ERR_PTR(-E...))
     - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
     - [arm64,armhf] usb: xhci: plat: Facilitate using autosuspend for xhci plat
       devices
     - ipv6: np->rxpmtu race annotation
     - jfs: Verify inode mode when loading from disk (CVE-2025-40312)
     - jfs: fix uninitialized waitqueue in transaction manager
     - [amd64] iommu/vt-d: Replace snprintf with scnprintf in
       dmar_latency_snapshot()
     - wifi: ath10k: Fix connection after GTK rekeying
     - net: intel: fm10k: Fix parameter idx set but not used
     - r8169: set EEE speed down ratio to 1
     - [arm64] PCI: cadence: Check for the existence of cdns_pcie::ops before
       using it
     - vfio: return -ENOTTY for unsupported device feature
     - PCI/PM: Skip resuming to D0 if device is disconnected
     - NFSv4: handle ERR_GRACE on delegation recalls
     - NFSv4.1: fix mount hang after CREATE_SESSION failure
     - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
       dereferencing
     - net: bridge: Install FDB for bridge MAC on VLAN 0
     - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
     - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
     - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
     - ext4: increase IO priority of fastcommit
     - net/mlx5e: Don't query FEC statistics when FEC is disabled
     - net: macb: avoid dealing with endianness in macb_set_hwaddr()
     - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
     - Bluetooth: SCO: Fix UAF on sco_conn_free (CVE-2025-40309)
     - Bluetooth: bcsp: receive data only if registered (CVE-2025-40308)
     - ALSA: usb-audio: add mono main switch to Presonus S1824c
     - exfat: limit log print for IO error
     - 6pack: drop redundant locking and refcounting
     - page_pool: Clamp pool size to max 16K pages
     - orangefs: fix xattr related buffer overflow... (CVE-2025-40306)
     - ftrace: Fix softlockup in ftrace_module_enable
     - ksmbd: use sock_create_kern interface to create kernel socket
     - smb: client: transport: avoid reconnects triggered by pending task work
     - ACPICA: Update dsmethod.c to get rid of unused variable warning
     - RDMA/irdma: Fix SD index calculation
     - RDMA/irdma: Remove unused struct irdma_cq fields
     - RDMA/irdma: Set irdma_cq cq_num field during CQ create
     - [arm64] RDMA/hns: Fix the modification of max_send_sge
     - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around
     - btrfs: mark dirty extent range for out of bound prealloc extents
     - fs/hpfs: Fix error code for new_inode() failure in
       mkdir/create/mknod/symlink
     - [arm64] rtc: pcf2127: clear minute/second interrupt
     - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
     - NTB: epf: Allow arbitrary BAR mapping
     - 9p: fix /sys/fs/9p/caches overwriting itself
     - 9p: sysfs_init: don't hardcode error to ENOMEM
     - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
     - ACPI: property: Return present device nodes only on fwnode interface
     - tools bitmap: Add missing asm-generic/bitsperlong.h include
     - tools: lib: thermal: don't preserve owner in install
     - tools: lib: thermal: use pkg-config to locate libnl3
     - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
       (CVE-2025-40304)
     - kbuild: uapi: Strip comments before size type check
     - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
     - ceph: add checking of wait_for_completion_killable() return value
     - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
     - Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
       (Closes: #1120680)
     - Bluetooth: hci_event: validate skb length for unknown CC opcode
       (CVE-2025-40301)
     - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
       bcm63xx
     - net: vlan: sync VLAN features with lower device
     - [armhf] net: dsa: b53: fix resetting speed and pause on forced link
     - [armhf] net: dsa: b53: fix enabling ip multicast
     - [armhf] net: dsa: b53: stop reading ARL entries if search is done
     - sctp: Hold RCU read lock while iterating over address list
     - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
     - sctp: Hold sock lock while iterating over address list
     - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
     - bnxt_en: Fix a possible memory leak in bnxt_ptp_init
     - net/mlx5e: SHAMPO, Fix skb size check for 64K pages
     - net: bridge: fix use-after-free due to MST port state bypass
       (CVE-2025-40297)
     - net: bridge: fix MST static key usage
     - tracing: Fix memory leaks in create_field_var()
     - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
       (CVE-2025-40294)
     - rtc: rx8025: fix incorrect register reference
     - smb: client: validate change notify buffer before copy
     - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
     - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
     - PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM
     - extcon: adc-jack: Cleanup wakeup source only if it was enabled
     - drm/amdgpu: Fix function header names in amdgpu_connectors.c
     - [x86] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
     - [x86] drm/i915: Fix conversion between clock ticks and nanoseconds
     - smb: client: fix refcount leak in smb2_set_path_attr
     - drm/amd: Fix suspend failure with secure display TA
     - compiler_types: Move unused static inline functions warning to W=2
     - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
     - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
       (CVE-2025-40288)
     - NFS4: Fix state renewals missing after boot
     - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
     - NFS: check if suid/sgid was cleared after a write as needed
     - smb/server: fix possible memory leak in smb2_read() (CVE-2025-40286)
     - smb/server: fix possible refcount leak in smb2_sess_setup()
       (CVE-2025-40285)
     - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
     - wifi: ath11k: Add tx ack signal support for management packets
     - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
     - net: fec: correct rx_bytes statistic for the case SHIFT16 is set
     - Bluetooth: MGMT: cancel mesh send timer when hdev removed (CVE-2025-40284)
     - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
       (CVE-2025-40283)
     - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
       (CVE-2025-40282)
     - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
     - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
     - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
       (CVE-2025-40281)
     - net/smc: fix mismatch between CLC header and proposal
     - tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)).
     - net: mdio: fix resource leak in mdiobus_register_device()
     - wifi: mac80211: skip rate verification for not captured PSDUs
     - af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)).
     - net/sched: act_connmark: transition to percpu stats and rcu
     - net_sched: act_connmark: use RCU in tcf_connmark_dump()
     - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
       (CVE-2025-40279)
     - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
       (CVE-2025-40278)
     - net/mlx5e: Fix maxrate wraparound in threshold between units
     - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
     - net/mlx5: Expose shared buffer registers bits and structs
     - net/mlx5e: Add API to query/modify SBPR and SBCM registers
     - net/mlx5e: Update shared buffer along with device buffer changes
     - net/mlx5e: Consider internal buffers size in port buffer calculations
     - net/mlx5e: Remove mlx5e_dbg() and msglvl support
     - net/mlx5e: Fix potentially misleading debug message
     - net_sched: limit try_bulk_dequeue_skb() batches
     - hsr: Fix supervision frame sending on HSRv0
     - ACPI: CPPC: Check _CPC validity for only the online CPUs
     - ACPI: CPPC: Perform fast check switch only for online CPUs
     - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
     - Bluetooth: L2CAP: export l2cap_chan_hold for modules
     - acpi,srat: Fix incorrect device handle check for Generic Initiator
     - regulator: fixed: fix GPIO descriptor leak on register failure
     - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
       (CVE-2025-40277)
     - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
     - ALSA: usb-audio: Fix NULL pointer dereference in
       snd_usb_mixer_controls_badd (CVE-2025-40275)
     - bpf: Add bpf_prog_run_data_pointers()
     - softirq: Add trace points for tasklet entry/exit
     - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
     - espintcp: fix skb leaks (CVE-2025-38057)
     - lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
     - asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch
     - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
     - HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
     - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
     - ksmbd: close accepted socket when per-IP limit rejects connection
     - strparser: Fix signed/unsigned mismatch bug
     - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
     - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
     - wifi: mac80211: reject address change while connecting
     - fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
     - [arm64] mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
     - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
       (CVE-2025-40269)
     - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
     - spi: Try to get ACPI GPIO IRQ earlier
     - btrfs: do not update last_log_commit when logging inode due to a new name
     - virtio-net: fix received length check in big packets (CVE-2025-40292)
     - scsi: ufs: core: Add a quirk to suppress link_startup_again
     - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel
       ADL
     - iommufd: Don't overflow during division for dirty tracking
       (CVE-2025-40293)
     - [x86] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
     - net: netpoll: fix incorrect refcount handling causing incorrect cleanup
     - eventpoll: Replace rwlock with spinlock
     - mm, percpu: do not consider sleepable allocations atomic
     - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
     - asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv
       and loongarch"
     - net/mlx5: Fix memory leak in error flow of port set buffer
     - net/sched: act_connmark: handle errno on tcf_idr_check_alloc
     - net/mlx5e: Do not update SBCM when prio2buffer command is invalid
     - net/mlx5e: Preserve shared buffer capacity during headroom updates
     - timers: Fix NULL function pointer race in timer_shutdown_sync()
     - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
       (Closes: #1114557)
     - mtdchar: fix integer overflow in read/write ioctls
     - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
     - mptcp: Disallow MPTCP subflows from sockmap
     - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
     - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
     - Input: cros_ec_keyb - fix an invalid memory access (CVE-2025-40263)
     - Input: imx_sc_key - fix memory corruption on unload (CVE-2025-40262)
     - Input: pegasus-notetaker - fix potential out-of-bounds access
     - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
       (CVE-2025-40261)
     - scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
     - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
     - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
     - mptcp: fix ack generation for fallback msk
     - mptcp: fix premature close in case of fallback
     - mptcp: avoid unneeded subflow-level drops
     - mptcp: do not fallback when OoO is present
     - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple()
     - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
     - xfrm: Determine inner GSO type from packet inner protocol
     - [arm64,armhf] gpu: host1x: Select context device based on attached IOMMU
     - [arm64,armhf] drm/tegra: Add call to put_pid()
     - net: openvswitch: remove never-working support for setting nsh fields
       (CVE-2025-40254)
     - nvme-multipath: fix lockdep WARN due to partition scan work
     - [s390x] ctcm: Fix double-kfree (CVE-2025-40253)
     - [x86] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes
       to errnos
     - kernel.h: Move ARRAY_SIZE() to a separate header
     - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and
       qede_tpa_end()
     - vsock: Ignore signal/timeout on connect() if already established
     - bcma: don't register devices disabled in OF
     - cifs: fix typo in enable_gcm_256 module parameter
     - scsi: core: Fix a regression triggered by scsi_host_busy()
     - net: tls: Cancel RX async resync request on rcd_delta overflow
     - mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
     - mm/mm_init: fix hash table order logging in alloc_large_system_hash()
     - ALSA: usb-audio: fix uac2 clock source at terminal parser
     - tracing/tools: Fix incorrcet short option in usage text for --threads
     - uio_hv_generic: Set event for all channels on the device
       (Closes: #1120602)
     - mm/truncate: unmap large folio on split failure
     - maple_tree: fix tracepoint string pointers
     - mptcp: decouple mptcp fastclose from tcp close
     - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
     - mm/mempool: replace kmap_atomic() with kmap_local_page()
     - mm/mempool: fix poisoning order>0 pages with HIGHMEM
     - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
     - ata: libata-scsi: Fix system suspend for a security locked drive
     - HID: amd_sfh: Stop sensor before starting
     - [armhf] pmdomain: samsung: plug potential memleak during probe
     - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration
       failure
     - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove
     - filemap: cap PTE range to be created to allowed zero fill in
       folio_map_range()
     - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
     - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted
       URBs
     - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
       accessing header
     - Bluetooth: SMP: Fix not generating mackey and ltk when repairing
     - [x86] platform/x86: intel: punit_ipc: fix memory corruption
     - net: aquantia: Add missing descriptor cache invalidation on ATL2
     - net/mlx5e: Fix validation logic in rate limiting
     - net: sxgbe: fix potential NULL dereference in sxgbe_rx()
     - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
     - net: atlantic: fix fragment overflow handling in RX path
     - mailbox: Allow direct registration to a channel
     - [amd64,arm64] mailbox: pcc: Use mbox_bind_client
     - [amd64,arm64] mailbox: pcc: Add support for platform notification handling
     - [amd64,arm64] mailbox: pcc: Support shared interrupt for multiple
       subspaces
     - ACPI: PCC: Add PCC shared memory region command and status bitfields
     - [amd64,arm64] mailbox: pcc: Check before sending MCTP PCC response ACK
     - [amd64,arm64] mailbox: pcc: Refactor error handling in irq handler into
       separate function
     - [amd64,arm64] mailbox: pcc: don't zero error register
     - [x86] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
     - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
     - iio:common:ssp_sensors: Fix an error handling path ssp_probe()
     - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411)
     - iio: accel: fix ADXL355 startup race condition
     - iio: adc: ad7280a: fix ad7280_store_balance_timer()
     - [mips*] mm: Prevent a TLB shutdown on initial uniquification
     - [mips*] mm: kmalloc tlb_vpn array to avoid stack overflow
     - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
     - atm/fore200e: Fix possible data race in fore200e_open()
     - can: sja1000: fix max irq loop handling
     - [armhf] can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
     - dm-verity: fix unreliable memory allocation
     - [arm64,armhf] drivers/usb/dwc3: fix PCI parent check
     - smb: client: fix memory leak in cifs_construct_tcon()
     - [x86] thunderbolt: Add support for Intel Wildcat Lake
     - firmware: stratix10-svc: fix bug in saving controller data
     - [arm64,armhf] serial: amba-pl011: prefer dma_mapping_error() over explicit
       address checking
     - usb: cdns3: Fix double resource release in cdns3_pci_probe
     - usb: gadget: f_eem: Fix memory leak in eem_unwrap
     - usb: storage: Fix memory leak in USB bulk transport
     - USB: storage: Remove subclass and protocol overrides from Novatek quirk
     - usb: storage: sddr55: Reject out-of-bound new_pba
     - usb: uas: fix urb unmapping issue when the uas device is remove during
       ongoing data transfer
     - [arm64,armhf] usb: dwc3: Fix race condition between concurrent
       dwc3_remove_requests() call paths
     - USB: serial: ftdi_sio: add support for u-blox EVK-M101
     - USB: serial: option: add support for Rolling RW101R-GL
     - drm/amd/display: Check NULL before accessing
     - libceph: fix potential use-after-free in have_mon_and_osd_map()
     - libceph: prevent potential out-of-bounds writes in
       handle_auth_session_key()
     - libceph: replace BUG_ON with bounds check for map->max_osd
     - nfsd: Replace clamp_t in nfsd4_get_drc_mem()
     - net: macb: fix unregister_netdev call order in macb_remove()
       (CVE-2025-39805)
     - mptcp: fix duplicate reset on fastclose
     - mptcp: Fix proto fallback detection with BPF
     - staging: rtl8712: Remove driver using deprecated API wext
     - ksmbd: fix use-after-free in session logoff (CVE-2025-37899)
     - usb: typec: ucsi: psy: Set max current to zero when disconnected
     - usb: udc: Add trace event for usb_gadget_set_state
     - usb: gadget: udc: fix use-after-free in usb_gadget_state_work
     - scsi: pm80xx: Set phy->enable_completion only when we
     - [arm64] i2c: xgene-slimpro: Migrate to use generic PCC shmem related
       macros
     - HID: core: Harden s32ton() against conversion to 0 bits
 .
   [ Ben Hutchings ]
   * tools/hv: Make the sample hv_get_dhcp_info script more useful
   * hyperv-daemons: Install the sample network info scripts (Closes: #919350)
linux-signed-arm64 (6.1.158+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.158-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.154
     - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
       supported
     - wifi: mac80211: increase scan_ies_len for S1G
     - wifi: mac80211: fix incorrect type for ret
     - cgroup: split cgroup_destroy_wq into 3 workqueues
     - btrfs: fix invalid extref key setup when replaying dentry
     - qed: Don't collect too many protection override GRC elements
     - mptcp: set remote_deny_join_id0 on SYN recv
     - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
     - i40e: remove redundant memory barrier when cleaning Tx descs
     - bonding: don't set oif to bond dev when getting NS target destination
     - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
     - tls: make sure to abort the stream if headers are bogus
     - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
     - net: liquidio: fix overflow in octeon_init_instr_queue()
     - cnic: Fix use-after-free bugs in cnic_delete_task
     - ksmbd: smbdirect: validate data_offset and data_length field of
       smb_direct_data_transfer
     - ksmbd: smbdirect: verify remaining_data_length respects
       max_fragmented_recv_size
     - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
     - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
     - power: supply: bq27xxx: restrict no-battery detection to bq27000
     - [x86] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
     - btrfs: tree-checker: fix the incorrect inode ref size check
     - mmc: mvsdio: Fix dma_unmap_sg() nents value
     - [x86] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is
       active
     - rds: ib: Increment i_fastreg_wrs before bailing out
     - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
     - io_uring: backport io_should_terminate_tw()
     - io_uring: include dying ring in task_work "should cancel" state
     - [x86] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
       message
     - [arm64] drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
     - crypto: af_alg: Indent the loop in af_alg_sendmsg()
     - crypto: af_alg - Set merge to zero early in af_alg_sendmsg
     - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
     - mptcp: pm: nl: announce deny-join-id0 flag
     - phy: Use device_get_match_data()
     - [armhf] phy: ti: omap-usb2: fix device leak at unbind
     - xhci: dbc: decouple endpoint allocation from initialization
     - xhci: dbc: Fix full DbC transfer ring after several reconnects
     - mptcp: propagate shutdown to subflows when possible
     - net: rfkill: gpio: add DT support
     - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
     - crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES
     - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.155
     - ALSA: usb-audio: Fix block comments in mixer_quirks
     - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
     - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
     - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
     - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
     - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
     - ALSA: usb-audio: Convert comma to semicolon
     - ALSA: usb-audio: Fix build with CONFIG_INPUT=n
     - usb: core: Add 0x prefix to quirks debug output
     - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
     - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
     - ALSA: usb-audio: Add mute TLV for playback volumes on more devices
     - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
     - mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
     - mm: add folio_expected_ref_count() for reference count calculation
     - mm/gup: check ref_count instead of lru before migration
     - mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
     - mm: folio_may_be_lru_cached() unless folio_test_large()
     - cpufreq: Initialize cpufreq-based invariance before subsys
     - smb: server: don't use delayed_work for post_recv_credits_work
     - bpf: Reject bpf_timer for PREEMPT_RT
     - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
     - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer
       overflow
     - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
     - can: peak_usb: fix shift-out-of-bounds issue
     - Bluetooth: hci_sync: Fix hci_resume_advertising_sync
     - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
     - bnxt_en: correct offset handling for IPv6 destination address
     - nexthop: Forbid FDB status change while nexthop is in a group
     - [x86] drm/gma500: Fix null dereference in hdmi teardown
     - futex: Prevent use-after-free during requeue-PI
     - i40e: fix idx validation in i40e_validate_queue_map
     - i40e: fix input validation logic for action_meta
     - i40e: add max boundary check for VF filters
     - i40e: add mask to apply valid bits for itr_idx
     - i40e: improve VF MAC filters accounting
     - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
     - tracing: dynevent: Add a missing lockdown check on dynevent
     - afs: Fix potential null pointer dereference in afs_put_server
     - mm/hugetlb: fix folio is still mapped when deleted
     - fbcon: fix integer overflow in fbcon_do_set_font
     - fbcon: Fix OOB access in font allocation
     - [s390x] cpum_cf: Fix uninitialized warning after backport of ce971233242b
     - mm: migrate_device: use more folio in migrate_device_finalize()
     - mm/migrate_device: don't add folio to be freed to LRU in
       migrate_device_finalize() (CVE-2025-21861)
     - minmax: add in_range() macro
     - minmax: Introduce {min,max}_array()
     - minmax: deduplicate __unconst_integer_typeof()
     - minmax: fix indentation of __cmp_once() and __clamp_once()
     - minmax: avoid overly complicated constant expressions in VM code
     - drm/ast: Use msleep instead of mdelay for edid read
     - i40e: fix validation of VF state in get resources
     - i40e: fix idx validation in config queues msg
     - i40e: increase max descriptors for XL710
     - i40e: add validation for ring_len param
     - minmax: make generic MIN() and MAX() macros available everywhere
     - minmax: add a few more MIN_T/MAX_T users
     - minmax: simplify and clarify min_t()/max_t() implementation
     - [x86] drm/i915/backlight: Return immediately when scale() finds invalid
       parameters
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.156
     - crypto: sha256 - fix crash at kexec
     - scsi: target: target_core_configfs: Add length check to avoid buffer
       overflow (CVE-2025-39998)
     - media: b2c2: Fix use-after-free causing by irq_check_work in
       flexcop_pci_remove (CVE-2025-39996)
     - media: rc: fix races with imon_disconnect() (CVE-2025-39993)
     - [arm64] KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
     - media: tunner: xc5000: Refactor firmware load
     - media: tuner: xc5000: Fix use-after-free in xc5000_release
       (CVE-2025-39994)
     - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
       probe (CVE-2025-39995)
     - minmax: don't use max() in situations that want a C constant expression
     - minmax: simplify min()/max()/clamp() implementation
     - minmax: improve macro expansion and type checking
     - minmax: fix up min3() and max3() too
     - minmax.h: add whitespace around operators and after commas
     - minmax.h: update some comments
     - minmax.h: reduce the #define expansion of min(), max() and clamp()
     - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
     - minmax.h: move all the clamp() definitions after the min/max() ones
     - minmax.h: simplify the variants of clamp()
     - minmax.h: remove some #defines that are only expanded once
     - USB: serial: option: add SIMCom 8230C compositions
     - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
     - dm-integrity: limit MAX_TAG_SIZE to 255
     - perf subcmd: avoid crash in exclude_cmds when excludes is empty
     - [x86] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
     - btrfs: ref-verify: handle damaged extent root tree
     - can: hi311x: fix null pointer dereference when resuming from sleep before
       interface was enabled
     - hid: fix I2C read buffer overflow in raw_event() for mcp2221
     - driver core/PM: Set power.no_callbacks along with power.no_pm
     - crypto: rng - Ensure set_ent is always present
     - net/9p: fix double req put in p9_fd_cancelled
     - filelock: add FL_RECLAIM to show_fl_flags() macro
     - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
     - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast
     - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF()
     - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
     - smb: server: fix IRD/ORD negotiation with the client
     - [x86] vdso: Fix output operand size of RDPID
     - regmap: Remove superfluous check for !config in __regmap_init()
     - bpf: Remove migrate_disable in kprobe_multi_link_prog_run
     - libbpf: Fix reuse of DEVMAP
     - ACPI: processor: idle: Fix memory leak when register cpuidle device failed
     - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
     - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux
     - blk-mq: check kobject state_in_sysfs before deleting in
       blk_mq_unregister_hctx
     - block: use int to store blk_stack_limits() return value
     - PM: sleep: core: Clear power.must_resume in noirq suspend error path
     - [arm64] power: supply: cw2015: Fix a alignment coding style issue
     - [arm64] pinctrl: renesas: Use int type to store negative error codes
     - null_blk: Fix the description of the cache_size module argument
     - nbd: restrict sockets to TCP and UDP
     - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation
     - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
     - i3c: master: svc: Use manual response for IBI events
     - i3c: master: svc: Recycle unused IBI slot
     - bpf: Explicitly check accesses to bpf_sock_addr
     - smp: Fix up and expand the smp_call_function_many() kerneldoc
     - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host
       headers
     - i2c: designware: Add disabling clocks when probe fails
     - bpf: Enforce expected_attach_type for tailcall compatibility
     - drm/radeon/r600_cs: clean up of dead code in r600_cs
     - drm/amd/display: Remove redundant semicolons
     - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
     - scsi: myrs: Fix dma_alloc_coherent() error check
     - ALSA: lx_core: use int type to store negative error codes
     - media: st-delta: avoid excessive stack usage
     - drm/amdgpu: Power up UVD 3 for FW validation (v2)
     - drm/amd/pm: Disable ULV even if unsupported (v3)
     - drm/amd/pm: Fix si_upload_smc_data (v3)
     - drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
     - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
     - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
     - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
     - wifi: mwifiex: send world regulatory domain to driver
     - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys
       allocation
     - tcp: fix __tcp_close() to only send RST when required
     - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
     - [armhf] usb: phy: twl6030: Fix incorrect type for ret
     - usb: gadget: configfs: Correctly set use_os_string at bind
     - misc: genwqe: Fix incorrect cmd field being reported in error
     - pps: fix warning in pps_register_cdev when register device fail
     - [x86] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
     - [arm64] drm/msm/dpu: fix incorrect type for ret
     - iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
     - netfilter: ipset: Remove unused htable_bits in macro ahash_region
     - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
       watchdog
     - drivers/base/node: handle error properly in register_one_node()
     - RDMA/cm: Rate limit destroy CM ID timeout error message
     - wifi: mt76: fix potential memory leak in mt76_wmac_probe()
     - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
     - scsi: qla2xxx: edif: Fix incorrect sign of error code
     - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
     - f2fs: fix zero-sized extent for precache extents
     - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems
       Running"
     - RDMA/core: Resolve MAC of next-hop device without ARP support
     - IB/sa: Fix sa_local_svc_timeout_ms read race
     - Documentation: trace: historgram-design: Separate sched_waking histogram
       section heading and the following diagram
     - wifi: ath10k: avoid unnecessary wait for service ready message
     - wifi: mac80211: fix Rx packet handling when pubsta information is not
       available
     - wifi: rtw89: avoid circular locking dependency in ser_state_run()
     - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR
     - [arm64] coresight: trbe: Return NULL pointer for allocation failures
     - NFSv4.1: fix backchannel max_resp_sz verification check
     - ipvs: Defer ip_vs_ftp unregister during netns cleanup
     - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
     - usb: vhci-hcd: Prevent suspending virtually attached devices
     - RDMA/siw: Always report immediate post SQ errors
     - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
     - Bluetooth: MGMT: Fix not exposing debug UUID on
       MGMT_OP_READ_EXP_FEATURES_INFO
     - Bluetooth: ISO: Fix possible UAF on iso_conn_free
     - Bluetooth: ISO: don't leak skb in ISO_CONT RX
     - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
     - ocfs2: fix double free in user_cluster_connect()
     - drivers/base/node: fix double free in register_one_node()
     - nfp: fix RSS hash key size when RSS is not supported
     - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
       configurable
     - net: dlink: handle copy_thresh allocation failure
     - net/mlx5: Stop polling for command response if interface goes down
     - net/mlx5: pagealloc: Fix reclaim race during command interface teardown
     - net/mlx5: fw reset, add reset timeout work
     - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
     - Squashfs: fix uninit-value in squashfs_get_parent
     - uio_hv_generic: Let userspace take care of interrupt mask
     - fs: udf: fix OOB read in lengthAllocDescs handling
     - net: nfc: nci: Add parameter validation for packet data
     - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of
       devm_gpiochip_add_data()
     - dm: fix queue start/stop imbalance under suspend/load/resume races
     - dm: fix NULL pointer dereference in __dm_suspend()
     - ksmbd: fix error code overwriting in smb2_get_info_filesystem()
     - ext4: fix checks for orphan inodes
     - mm: hugetlb: avoid soft lockup when mprotect to large memory area
     - Input: atmel_mxt_ts - allow reset GPIO to sleep
     - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
     - pinctrl: check the return value of pinmux_ops::get_function_name()
     - [arm64] bus: fsl-mc: Check return value of platform_get_resource()
     - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
     - [x86] usb: typec: tipd: Clear interrupts first
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.157
     - fs: always return zero on success from replace_fd()
     - fscontext: do not consume log entries when returning -EMSGSIZE
     - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
     - media: v4l2-subdev: Fix alloc failure check in
       v4l2_subdev_call_state_try()
     - perf evsel: Avoid container_of on a NULL leader
     - libperf event: Ensure tracing data is multiple of 8 sized
     - perf util: Fix compression checks returning -1 as bool
     - [mips*] rtc: x1205: Fix Xicor X1205 vendor prefix
         - perf session: Fix handling when buffer exceeds 2 GiB
     - scsi: libsas: Add sas_task_find_rq()
     - scsi: mvsas: Delete mvs_tag_init()
     - scsi: mvsas: Use sas_task_find_rq() for tagging
     - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001)
     - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
     - drm/vmwgfx: Fix Use-after-free in validation
     - drm/vmwgfx: Fix copy-paste typo in validation
     - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
     - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
     - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister()
       call
     - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in
       zynqmp_ipi_free_mboxes
     - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
     - drm/amdgpu: Add additional DCE6 SCL registers
     - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
     - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
     - drm/amd/display: Properly disable scaling on DCE6
     - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
     - crypto: essiv - Check ssize for decryption and in-place encryption
     - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
     - bpf: Avoid RCU context warning when unpinning htab with internal structs
     - ACPI: property: Fix buffer properties extraction for subnodes
     - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
     - ACPI: debug: fix signedness issues in read/write helpers
     - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in
       amx3_idle_init
     - cpuidle: governors: menu: Avoid using invalid recent intervals data
     - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required
     - xen/events: Cleanup find_virq() return codes
     - xen/manage: Fix suspend error path
     - [arm64] firmware: meson_sm: fix device leak at probe
     - drm/nouveau: fix bad ret code in nouveau_bo_move_prep
     - blk-crypto: fix missing blktrace bio split events
     - btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
     - bus: mhi: host: Do not use uninitialized 'dev' pointer in
       mhi_init_irq_setup()
     - copy_sighand: Handle architectures where sizeof(unsigned long) <
       sizeof(u64)
     - [x86] cpufreq: intel_pstate: Fix object lifecycle issue in
       update_qos_request()
     - init: handle bootloader identifier in kernel parameters
     - [x86] iommu/vt-d: PRS isn't usable if PDS isn't supported
     - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in
       sys_prlimit64() paths
     - KEYS: trusted_tpm1: Compare HMAC values in constant time
     - lib/genalloc: fix device leak in of_gen_pool_get()
     - openat2: don't trigger automounts with RESOLVE_NO_XDEV
     - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
     - [powerpc*] powernv/pci: Fix underflow and leak issue
     - [powerpc*] pseries/msi: Fix potential underflow and leak issue
     - pwm: berlin: Fix wrong register in suspend/resume
     - sched/deadline: Fix race in push_dl_task()
     - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
     - sctp: Fix MAC comparison to be constant-time
     - mmc: core: SPI mode remove cmd7
     - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in
       exynos_srom_probe
     - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw
       spinlock
     - PCI/sysfs: Ensure devices are powered for config reads
     - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
     - PCI/ERR: Fix uevent on failure to recover
     - PCI/AER: Fix missing uevent on recovery when a reset is requested
     - PCI/AER: Support errors introduced by PCIe r6.0
     - spi: cadence-quadspi: Flush posted register writes before INDAC access
     - spi: cadence-quadspi: Flush posted register writes before DAC access
     - [x86] umip: Check that the instruction opcode is at least two bytes
     - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
       aliases)
     - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
     - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
     - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when
       max_huge_pages=0
     - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
     - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
     - ext4: verify orphan file size is not too big
     - ext4: increase i_disksize to offset + len in
       ext4_update_disksize_before_punch()
     - ext4: correctly handle queries for metadata mappings
     - ext4: guard against EA inode refcount underflow in xattr update
     - ACPICA: Allow to skip Global Lock initialization
     - ext4: free orphan info with kvfree
     - [x86] KVM: x86: Don't (re)check L1 intercepts when completing userspace
       I/O
     - Squashfs: add additional inode sanity checking
     - Squashfs: reject negative file sizes in squashfs_read_inode()
     - tracing: Fix race condition in kprobe initialization causing NULL pointer
       dereference
     - ksmbd: add max ip connections parameter
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
       value
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
       cache_type
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
     - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
     - rseq: Protect event mask against membarrier IPI
     - ipmi: Rework user message limit handling
     - ipmi: Fix handling of messages with provided receive message pointer
     - ACPI: property: Disregard references in data-only subnode lists
     - ACPI: property: Add code comments explaining what is going on
     - ACPI: property: Do not pass NULL handles to acpi_attach_data()
     - asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info
     - asm-generic/io.h: suppress endianness warnings for relaxed accessors
     - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
     - mptcp: pm: in-kernel: usable client side with C-flag
     - minixfs: Verify inode mode when loading from disk
     - pid: Add a judgment for ns null in pid_nr_ns
     - fs: Add 'initramfs_options' to set initramfs mount options
     - cramfs: Verify inode mode when loading from disk
     - writeback: Avoid softlockup when switching many inodes
     - writeback: Avoid excessively long inode switching times
     - xen/events: Update virq_to_irq on migration
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158
     - smb: client: Fix refcount leak for cifs_sb_tlink (CVE-2025-40103)
     - r8152: add error handling in rtl8152_driver_init
     - jbd2: ensure that all ongoing I/O complete before freeing blocks
     - ext4: wait for ongoing I/O to complete before freeing blocks
     - ext4: detect invalid INLINE_DATA + EXTENTS flag combination
     - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
       running
     - btrfs: do not assert we found block group item when creating free space
       tree (CVE-2025-40100)
     - cifs: parse_dfs_referrals: prevent oob on malformed input (CVE-2025-40099)
     - drm/amdgpu: use atomic functions with memory barriers for vm fault info
     - drm/amd: Check whether secure display TA loaded successfully
     - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value
     - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
     - usb: gadget: Store endpoint pointer in usb_request
     - usb: gadget: Introduce free_usb_request helper
     - usb: gadget: f_rndis: Refactor bind path to use __free() (CVE-2025-40095)
     - usb: gadget: f_ecm: Refactor bind path to use __free() (CVE-2025-40093)
     - usb: gadget: f_acm: Refactor bind path to use __free() (CVE-2025-40094)
     - usb: gadget: f_ncm: Refactor bind path to use __free() (CVE-2025-40092)
     - Documentation: Remove bogus claim about del_timer_sync()
     - [arm64,armhf] clocksource/drivers/arm_arch_timer: Do not use timer
       namespace for timer_shutdown() function
     - [arm64,armhf] clocksource/drivers/sp804: Do not use timer namespace for
       timer_shutdown() function
     - timers: Replace BUG_ON()s
     - Documentation: Replace del_timer/del_timer_sync()
     - timers: Silently ignore timers with a NULL function
     - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
     - timers: Add shutdown mechanism to the internal functions
     - timers: Provide timer_shutdown[_sync]()
     - timers: Update the documentation to reflect on the new timer_shutdown()
       API
     - Bluetooth: hci_qca: Fix the teardown problem for real
     - HID: multitouch: fix sticky fingers
     - dax: skip read lock assertion for read-only filesystems
     - [arm64] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
     - net: dlink: handle dma_map_single() failure properly
     - doc: fix seg6_flowlabel path
     - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
     - net/ip6_tunnel: Prevent perpetual tunnel growth
     - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface
       toggle
     - tcp: fix tcp_tso_should_defer() vs large RTT
     - tg3: prevent use of uninitialized remote_adv and local_adv variables
     - net: tls: wait for async completion on last message
     - tls: wait for async encrypt in case of error during latter iterations of
       sendmsg
     - tls: always set record_type in tls_process_cmsg
     - tls: wait for pending async decryptions if tls_strp_msg_hold fails
     - tls: don't rely on tx_work during send()
     - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
     - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
       lan78xx_reset
     - [x86] ASoC: nau8821: Cancel jdet_work before handling jack ejection
     - [x86] ASoC: nau8821: Generalize helper to clear IRQ status
     - [x86] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
     - drm/amd/powerplay: Fix CIK shutdown temperature
     - [arm64] drm/rockchip: vop2: use correct destination rectangle height check
     - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
     - sched/fair: Fix pelt lost idle time detection
     - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
     - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
       (CVE-2025-40085)
     - HID: hid-input: only ignore 0 battery events for digitizers
     - HID: multitouch: fix name of Stylus input devices
     - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
       (CVE-2025-40088)
     - PCI/sysfs: Ensure devices are powered for config reads (part 2)
     - exec: Fix incorrect type for ret
     - hfs: clear offset and space out of valid records in b-tree node
     - hfs: make proper initalization of struct hfs_find_data
     - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
     - hfs: validate record offset in hfsplus_bmap_alloc
     - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
     - dlm: check for defined force value in dlm_lockspace_release
     - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
     - hfsplus: return EIO when type of hidden directory mismatch in
       hfsplus_fill_super()
     - smb: server: let smb_direct_flush_send_list() invalidate a remote key
       first
     - net/mlx5e: Return 1 instead of 0 in invalid case in
       mlx5e_mpwrq_umr_entry_size()
     - rtnetlink: Allow deleting FDB entries in user namespace
     - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
     - [arm64] mm: avoid always making PTE dirty in pte_mkwrite()
     - sctp: avoid NULL dereference when chunk data buffer is missing
     - net: bonding: fix possible peer notify event loss or dup issue
     - Revert "cpuidle: menu: Avoid discarding useful information"
     - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
     - can: netlink: can_changelink(): allow disabling of automatic restart
     - [mips64el,mipsel] Malta: Fix keyboard resource preventing i8042 driver
       from registering
     - ocfs2: clear extent cache after moving/defragmenting extents
     - vsock: fix lock inversion in vsock_assign_transport()
     - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection
     - net: usb: rtl8150: Fix frame padding
     - io_uring: correct __must_hold annotation in io_install_fixed_file
     - USB: serial: option: add UNISOC UIS7720
     - USB: serial: option: add Quectel RG255C
     - USB: serial: option: add Telit FN920C04 ECM compositions
     - usb/core/quirks: Add Huawei ME906S to wakeup quirk
     - usb: raw-gadget: do not limit transfer length
     - xhci: dbc: enable back DbC in resume if it was enabled before suspend
     - [arm*] binder: remove "invalid inc weak" check
     - [x86] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106)
     - [x86] mei: me: add wildcat lake P DID
     - serial: 8250_dw: handle reset control deassert error
     - serial: 8250_exar: add support for Advantech 2 port card with Device ID
       0x0018
     - xfs: rename the old_crc variable in xlog_recover_process
     - xfs: fix log CRC mismatches between i386 and other architectures
     - PM: runtime: Add new devm functions
     - iio: imu: inv_icm42600: Simplify pm_runtime setup
     - iio: imu: inv_icm42600: use = { } instead of memset()
     - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended
     - padata: Reset next CPU when reorder sequence wraps around
     - fuse: allocate ff->release_args only if release is needed
     - fuse: fix livelock in synchronous file put from fuseblk workers
     - [arm64] mte: Do not flag the zero page as PG_mte_tagged
     - [arm64] PCI: j721e: Enable ACSPCIE Refclk if
       "ti,syscon-acspcie-proxy-ctrl" exists
     - [arm64] PCI: j721e: Fix programming sequence of "strap" settings
     - NFSD: Rework encoding and decoding of nfsd4_deviceid
     - NFSD: Minor cleanup in layoutcommit processing
     - NFSD: Fix last write offset handling in layoutcommit
     - vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)
     - NFSD: Define a proc_layoutcommit for the FlexFiles layout type
       (CVE-2025-40087)
     - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
     - drm/sched: Fix potential double free in
       drm_sched_job_add_resv_dependencies (CVE-2025-40096)
     - f2fs: add a f2fs_get_block_locked helper
     - f2fs: remove the create argument to f2fs_map_blocks
     - f2fs: factor a f2fs_map_blocks_cached helper
     - f2fs: fix wrong block mapping for multi-devices
     - PCI: Add PCI_VDEVICE_SUB helper macro
     - ixgbevf: Add support for Intel(R) E610 device
     - ixgbevf: fix getting link speed data for E610 devices
     - ixgbevf: fix mailbox API compatibility by negotiating supported features
       (CVE-2025-40104)
     - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
     - xfs: always warn about deprecated mount options
     - devcoredump: Fix circular locking dependency with devcd->mutex.
     - [x86] resctrl: Fix miscount of bandwidth event when reactivating
       previously unavailable RMID
     - ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
     - [s390x] cio: Update purge function to unregister the unused subchannels
     - [arm64] cputype: Add Neoverse-V3AE definitions
     - [arm64] errata: Apply workarounds for Neoverse-V3AE
     - ksmbd: transport_ipc: validate payload size before reading handle
       (CVE-2025-40084)
 .
   [ Ben Hutchings ]
   * d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in ..
   * d/salsa-ci.yml: Adjust filenames to allow source package name suffix
   * d/salsa-ci.yml: Fix cache configuration for build job
   * d/salsa-ci.yml: Move orig tarball generation to a separate job again
   * d/salsa-ci.yml: Restore lintian checking of source package
linux-signed-arm64 (6.1.153+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.153-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.149
     - io_uring: don't use int for ABI
     - ALSA: usb-audio: Validate UAC3 power domain descriptors, too
     - ALSA: usb-audio: Validate UAC3 cluster segment descriptors
     - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
     - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
     - smb3: fix for slab out of bounds on mount to ksmbd
     - smb: client: remove redundant lstrp update in negotiate protocol
     - gpio: virtio: Fix config space reading.
     - [amd64,arm64] net: phy: micrel: fix KSZ8081/KSZ8091 cable test
     - net: usb: asix_devices: add phy_mask for ax88772 mdio bus
     - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
     - NFSD: detect mismatch of file handle and delegation stateid in OPEN op
     - NFS: Fix the setting of capabilities when automounting a new filesystem
     - sunvdc: Balance device refcount in vdc_port_mpgroup_check
     - fs: Prevent file descriptor table allocations exceeding INT_MAX
     - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
     - Documentation: ACPI: Fix parent device references
     - ACPI: processor: perflib: Fix initial _PPC limit application
     - ACPI: processor: perflib: Move problematic pr->performance check
     - [amd64] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI
       shadow
     - [amd64] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
     - [amd64] KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
     - [amd64] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o
       VID
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL in common x86
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
     - [amd64] KVM: x86/pmu: Gate all "unimplemented MSR" prints on
       report_ignored_msrs
     - [amd64] KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
     - [amd64] KVM: VMX: Re-enter guest in fastpath for "spurious" preemption
       timer exits
     - [amd64] KVM: VMX: Handle forced exit due to preemption timer in fastpath
     - [amd64] KVM: x86: Move handling of is_guest_mode() into fastpath exit
       handlers
     - [amd64] KVM: VMX: Handle KVM-induced preemption timer exits in fastpath
       for L2
     - [amd64] KVM: x86: Fully defer to vendor code to decide how to force
       immediate exit
     - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
       bitmap
     - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
       flag
     - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
       supported
     - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper
     - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
     - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
       APIs
     - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running
       the guest
     - udp: also consider secpath when evaluating ipsec use for checksumming
     - netfilter: ctnetlink: fix refcount leak on table dump
     - hfs: fix slab-out-of-bounds in hfs_bnode_read()
     - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
     - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
     - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
     - [arm64] Handle KCOV __init vs inline mismatches
     - smb/server: avoid deadlock when linking with ReplaceIfExists
     - udf: Verify partition map count
     - drbd: add missing kref_get in handle_write_conflicts
     - hfs: fix not erasing deleted b-tree node issue
     - better lockdep annotations for simple_recursive_removal()
     - ata: libata-sata: Disallow changing LPM state if not supported
     - fs/ntfs3: Add sanity check for file name
     - fs/ntfs3: correctly create symlink for relative path
     - fix locking in efi_secret_unlink()
     - securityfs: don't pin dentries twice, once is enough...
     - usb: xhci: print xhci->xhc_state when queue_command failed
     - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
     - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
     - usb: xhci: Avoid showing warnings for dying controller
     - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
     - usb: xhci: Avoid showing errors during surprise removal
     - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
     - cpufreq: Exit governor when failed to start old governor
     - [armhf] rockchip: fix kernel hang during smp initialization
     - PM / devfreq: governor: Replace sscanf() with kstrtoul() in
       set_freq_store()
     - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
       successed
     - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
       required
     - tools/nolibc: define time_t in terms of __kernel_old_time_t
     - iio: adc: ad_sigma_delta: don't overallocate scan buffer
     - [armhf] tegra: Use I/O memcpy to write to IRAM
     - ACPI: PRM: Reduce unnecessary printing to avoid user confusion
     - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
     - thermal: sysfs: Return ENODATA instead of EAGAIN for reads
     - PM: sleep: console: Fix the black screen issue
     - ACPI: processor: fix acpi_object initialization
     - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
     - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
     - pps: clients: gpio: fix interrupt handling order in remove path
     - reset: brcmstb: Enable reset drivers for ARCH_BCM2835
     - mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
     - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
     - ALSA: hda: Handle the jack polling always via a work
     - ALSA: hda: Disable jack polling at shutdown
     - [amd64] x86/bugs: Avoid warning when overriding return thunk
     - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
     - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
     - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
     - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
     - usb: core: usb_submit_urb: downgrade type check
     - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
     - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline
       mismatches
     - platform/chrome: cros_ec_typec: Defer probe on missing EC parent
     - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
     - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
     - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
     - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
     - ASoC: codecs: rt5640: Retry DEVICE_ID verification
     - xen/netfront: Fix TX response spurious interrupts
     - net: usb: cdc-ncm: check for filtering capability
     - wifi: cfg80211: reject HTC bit for management frames
     - [s390x] time: Use monotonic clock in get_cycles()
     - be2net: Use correct byte order and format string for TCP seq and ack_seq
     - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
     - et131x: Add missing check after DMA map
     - net: ag71xx: Add missing check after DMA map
     - net/mlx5e: Properly access RCU protected qdisc_sleeping variable
     - [arm64] Mark kernel as tainted on SAE and SError panic
     - rcu: Protect ->defer_qs_iw_pending from data race
     - net: mctp: Prevent duplicate binds
     - wifi: cfg80211: Fix interface type validation
     - net: ipv4: fix incorrect MTU in broadcast routes
     - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
     - wifi: iwlwifi: mvm: fix scan request validation
     - [s390x] stp: Remove udelay from stp_sync_clock()
     - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
     - wifi: mac80211: don't complete management TX on SAE commit
     - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
       __ipv6_dev_mc_inc().
     - [arm64] drm/msm: use trylock for debugfs
     - wifi: rtw89: Fix rtw89_mac_power_switch() for USB
     - wifi: rtw89: Disable deep power saving for USB/SDIO
     - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit
     - [amd64] net: thunderbolt: Fix the parameter passing of
       tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
     - net: atlantic: add set_power to fw_ops for atl2 to fix wol
     - net: fec: allow disable coalescing
     - drm/amd/display: Separate set_gsl from set_gsl_source_select
     - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
     - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
     - drm/amd/display: Fix 'failed to blank crtc!'
     - wifi: mac80211: update radar_required in channel context after channel
       switch
     - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
     - [powerpc*] floppy: Add missing checks after DMA map
     - netmem: fix skb_frag_address_safe with unreadable skbs
     - wifi: iwlegacy: Check rate_idx range after addition
     - neighbour: add support for NUD_PERMANENT proxy entries
     - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
       manual
     - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
     - gve: Return error for unknown admin queue command
     - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
     - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
     - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325
     - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
     - ptp: Use ratelimite for freerun error message
     - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
     - ionic: clean dbpage in de-init
     - net: ncsi: Fix buffer overflow in fetching version id
     - drm/ttm: Should to return the evict error
     - uapi: in6: restore visibility of most IPv6 socket options
     - drm/ttm: Respect the shrinker core free target
     - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
     - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
     - vhost: fail early when __vhost_add_used() fails
     - drm/amd/display: Only finalize atomic_obj if it was initialized
     - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
       condition
     - cifs: Fix calling CIFSFindFirst() for root path without msearch
     - fbdev: fix potential buffer overflow in do_register_framebuffer()
     - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
     - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
     - fs/orangefs: use snprintf() instead of sprintf()
     - watchdog: dw_wdt: Fix default timeout
     - hwmon: (emc2305) Set initial PWM minimum value during probe based on
       thermal state
     - watchdog: iTCO_wdt: Report error if timeout configuration fails
     - scsi: bfa: Double-free fix
     - jfs: truncate good inode pages when hard link is 0
     - jfs: Regular file corruption check
     - jfs: upper bound check of tree index in dbAllocAG
     - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO
     - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
       control
     - leds: leds-lp50xx: Handle reg to get correct multi_index
     - [armhf] dmaengine: stm32-dma: configure next sg only if there are more
       than 2 sgs
     - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
     - RDMA/core: reduce stack using in nldev_stat_get_doit()
     - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
     - scsi: mpt3sas: Correctly handle ATA device errors
     - scsi: mpi3mr: Correctly handle ATA device errors
     - pinctrl: stm32: Manage irq affinity settings
     - media: tc358743: Check I2C succeeded during probe
     - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
     - media: tc358743: Increase FIFO trigger level to 374
     - media: usb: hdpvr: disable zero-length read messages
     - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
     - media: dvb-frontends: w7090p: fix null-ptr-deref in
       w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
     - media: uvcvideo: Fix bandwidth issue for Alcor camera
     - md: dm-zoned-target: Initialize return variable r to avoid uninitialized
       use
     - module: Prevent silent truncation of module name in delete_module(2)
     - i3c: add missing include to internal header
     - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
     - i3c: don't fail if GETHDRCAP is unsupported
     - i3c: master: Initialize ret in i3c_i2c_notifier_call()
     - dm-mpath: don't print the "loaded" message if registering fails
     - dm-table: fix checking for rq stackable devices
     - apparmor: use the condition in AA_BUG_FMT even with debug disabled
     - i2c: Force DLL0945 touchpad i2c freq to 100khz
     - vfio/type1: conditional rescheduling while pinning
     - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
     - scsi: target: core: Generate correct identifiers for PR OUT transport IDs
     - scsi: aacraid: Stop using PCI_IRQ_AFFINITY
     - vfio/mlx5: fix possible overflow in tracking max message size
     - ipmi: Use dev_warn_ratelimited() for incorrect message warnings
     - ipmi: Fix strcpy source and destination the same
     - net: phy: smsc: add proper reset flags for LAN8710A
     - block: avoid possible overflow for chunk_sectors check in
       blk_stack_limits()
     - pNFS: Fix stripe mapping in block/scsi layout
     - pNFS: Fix disk addr range check in block/scsi layout
     - pNFS: Handle RPC size limit for layoutcommits
     - pNFS: Fix uninited ptr deref in block/scsi layout
     - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
     - scsi: lpfc: Remove redundant assignment to avoid memory leak
     - ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
     - ASoC: soc-dai.h: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits
     - drm/amdgpu: fix incorrect vm flags to map bo
     - ext4: fix zombie groups in average fragment size lists
     - ext4: fix largest free orders lists corruption on mb_optimize_scan switch
     - usb: core: config: Prevent OOB read in SS endpoint companion parsing
     - misc: rtsx: usb: Ensure mmc child device is active when card is present
     - usb: typec: ucsi: Update power_supply on power role change
     - [amd64] comedi: fix race between polling and detaching
     - [amd64] thunderbolt: Fix copy+paste error in match_service_id()
     - cdc-acm: fix race between initial clearing halt and open
     - btrfs: zoned: use filesystem size not disk size for reclaim decision
     - btrfs: abort transaction during log replay if walk_log_tree() failed
     - btrfs: zoned: do not remove unwritten non-data block group
     - btrfs: fix log tree replay failure due to file with 0 links and extents
     - btrfs: do not allow relocation of partially dropped subvolumes
     - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
     - hv_netvsc: Fix panic during namespace deletion with VF
     - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
     - media: uvcvideo: Do not mark valid metadata as invalid
     - HID: magicmouse: avoid setting up battery timer when not needed
     - HID: apple: avoid setting up battery timer for devices without battery
     - serial: 8250: fix panic due to PSLVERR
     - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
     - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
     - usb: gadget: udc: renesas_usb3: fix device leak at unbind
     - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind
     - bus: mhi: host: Fix endianness of BHI vector table
     - bus: mhi: host: Detect events pointing to unexpected TREs
     - vt: keyboard: Don't process Unicode characters in K_OFF mode
     - vt: defkeymap: Map keycodes above 127 to K_HOLE
     - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
     - ksmbd: extend the connection limiting mechanism to support IPv6
     - ext4: check fast symlink for ea_inode correctly
     - ext4: fix fsmap end of range reporting with bigalloc
     - ext4: fix reserved gdt blocks handling in fsmap
     - ext4: use kmalloc_array() for array space allocation
     - ext4: fix hole length calculation overflow in non-extent inodes
     - scsi: mpi3mr: Fix race between config read submit and interrupt completion
     - ata: libata-scsi: Fix ata_to_sense_error() status handling
     - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host
       controllers
     - scsi: ufs: ufs-pci: Fix default runtime and system PM levels
     - iio: imu: bno055: fix OOB access of hw_xlate array
     - iio: adc: ad_sigma_delta: change to buffer predisable
     - wifi: brcmsmac: Remove const from tbl_ptr parameter in
       wlc_lcnphy_common_read_table()
     - wifi: ath11k: fix dest ring-buffer corruption
     - wifi: ath11k: fix source ring-buffer corruption
     - wifi: ath11k: fix dest ring-buffer corruption when ring is full
     - pwm: imx-tpm: Reset counter if CMOD is 0
     - pwm: mediatek: Handle hardware enable and clock enable separately
     - pwm: mediatek: Fix duty and period setting
     - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
     - mtd: spi-nor: Fix spi_nor_try_unlock_all()
     - PCI: endpoint: Fix configfs group list head handling
     - PCI: endpoint: Fix configfs group removal on driver teardown
     - vsock/virtio: Validate length in packet header before skb_put()
     - vhost/vsock: Avoid allocating arbitrarily-sized SKBs
     - jbd2: prevent softlockup in jbd2_log_do_checkpoint()
     - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state
     - media: gspca: Add bounds checking to firmware parser
     - [armhf] media: imx: fix a potential memory leak in
       imx_media_csc_scaler_device_init()
     - media: vivid: fix wrong pixel_array control size
     - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
     - media: usbtv: Lock resolution while streaming
     - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
     - media: ov2659: Fix memory leaks in ov2659_probe()
     - drm/amd: Restore cached power limit during resume
     - drm/amdgpu: Avoid extra evict-restore process.
     - drm/amdgpu: update mmhub 3.0.1 client id mappings
     - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
     - drm/amd/display: Don't overwrite dce60_clk_mgr
     - net, hsr: reject HSR frame if skb can't hold tag
     - ipv6: sr: Fix MAC comparison to be constant-time
     - ACPI: pfr_update: Fix the driver update version check
     - mptcp: drop skb if MPTCP skb extension allocation fails
     - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
     - f2fs: fix to do sanity check on ino and xnid (CVE-2025-38347)
     - iio: hid-sensor-prox: Restore lost scale assignments
     - iio: hid-sensor-prox: Fix incorrect OFFSET calculation
     - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event()
       (CVE-2025-38322)
     - [amd64] x86/mce/amd: Add default names for MCA banks and blocks
     - net: add netdev_lockdep_set_classes() to virtual drivers
     - btrfs: fix qgroup reservation leak on failure to allocate ordered extent
     - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
     - drm/sched: Remove optimization that causes hang when killing dependent
       jobs
     - net: enetc: fix device and OF node leak at probe
     - fscrypt: Don't use problematic non-inline crypto engines
     - block: reject invalid operation in submit_bio_noacct
     - block: Make REQ_OP_ZONE_FINISH a write operation
     - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
     - cifs: reset iface weights when we cannot find a candidate
     - usb: typec: fusb302: cache PD RX state
     - btrfs: qgroup: fix race between quota disable and quota rescan ioctl
     - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
     - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
     - btrfs: send: use fallocate for hole punching with send stream v2
     - net_sched: sch_ets: implement lockless ets_dump()
     - net/sched: ets: use old 'nbands' while purging unused classes
     - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
     - [armhf] usb: musb: omap2430: Convert to platform remove callback returning
       void
     - [armhf] usb: musb: omap2430: fix device leak at unbind
     - platform/chrome: cros_ec: Use per-device lockdep key
     - platform/chrome: cros_ec: remove unneeded label and if-condition
     - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
     - [arm64] usb: dwc3: imx8mp: fix device leak at unbind
     - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
     - btrfs: populate otime when logging an inode item
     - tls: separate no-async decryption request handling from async
       (CVE-2024-58240)
     - [amd64] crypto: qat - fix ring to service map for QAT GEN4
     - [arm64] cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1
       register
     - [amd64] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
       producer
     - mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
     - mptcp: plug races between subflow fail and subflow creation
       (CVE-2025-38552)
     - mptcp: reset fallback status gracefully at disconnect() time
     - mm: drop the assumption that VM_SHARED always implies writable
     - mm: update memfd seal write check to include F_SEAL_WRITE
     - mm: reinstate ability to map write-sealed memfd mappings read-only
     - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
     - kbuild: userprogs: use correct linker when mixing clang and GNU ld
     - [amd64] x86/reboot: Harden virtualization hooks for emergency reboot
     - [amd64] x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
     - [amd64] KVM: VMX: Flush shadow VMCS on emergency reboot
     - [arm64] KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME
       fix
     - memstick: Fix deadlock by moving removing flag earlier
     - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
     - squashfs: fix memory leak in squashfs_fill_super
     - mm/debug_vm_pgtable: clear page table entries at destroy_args()
     - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook
       830 G6
     - [s390x] sclp: Fix SCCB present check
     - drm/amd/display: Avoid a NULL pointer dereference
     - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
     - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
     - drm/amd/display: Find first CRTC and its line time in
       dce110_fill_display_configs
     - drm/amd/display: Fill display clock and vblank time in
       dce110_fill_display_configs
     - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
     - fs/buffer: fix use-after-free when call bh_read() helper
     - use uniform permission checks for all mount propagation changes
     - ftrace: Also allocate and copy hash for reading of filter files
     - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
     - iio: proximity: isl29501: fix buffered read on big-endian systems
     - most: core: Drop device reference after usage in get_channel()
     - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
     - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples
     - [amd64] comedi: pcl726: Prevent invalid irq number
     - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and
       do_insnlist_ioctl()
     - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
       test
     - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
     - usb: storage: realtek_cr: Use correct byte order for bcs->Residue
     - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
     - [arm64,armhf] usb: dwc3: Ignore late xferNotReady event to prevent halt
       timeout
     - [arm64,armhf] usb: dwc3: Remove WARN_ON for device endpoint command
       timeouts
     - [arm64] dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
     - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
     - ext4: preserve SB_I_VERSION on remount
     - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
     - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
     - [arm64] PCI: rockchip: Use standard PCIe definitions
     - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
     - [arm64] soc: qcom: mdt_loader: Enhance split binary detection
     - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header
     - f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
     - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677)
     - mptcp: disable add_addr retransmission when timeout is 0
     - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
     - mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
     - mmc: sdhci-pci-gli: Add a new function to simplify the code
     - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
     - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
     - drm/amd/display: Don't overclock DCE 6 by 15%
     - wifi: mac80211: avoid lockdep checking when removing deflink
     - wifi: mac80211: check basic rates validity in sta_link_apply_parameters
     - tls: fix handling of zero-length records on the rx_list
     - iio: imu: inv_icm42600: change invalid data error to -EBUSY
     - tracing: Remove unneeded goto out logic
     - tracing: Limit access to parser->buffer when trace_get_user failed
     - iio: light: as73211: Ensure buffer holes are zeroed
     - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
     - compiler: remove __ADDRESSABLE_ASM{_STR,}() again
     - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
     - cgroup/cpuset: Use static_branch_enable_cpuslocked() on
       cpusets_insane_config_key
     - iosys-map: Fix undefined behavior in iosys_map_clear()
     - RDMA/bnxt_re: Fix to initialize the PBL array
     - net: bridge: fix soft lockup in br_multicast_query_expired()
     - scsi: qla4xxx: Prevent a potential error pointer dereference
     - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline
       (CVE-2025-38676)
     - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
     - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug
     - ALSA: usb-audio: Fix size validation in convert_chmap_v3()
     - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
     - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
     - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
     - net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
     - ppp: fix race conditions in ppp_fill_forward_path
     - phy: mscc: Fix timestamping for vsc8584
     - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
     - gve: prevent ethtool ops after shutdown
     - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
     - igc: fix disabling L1.2 PCI-E link substate on I226 on init
     - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
     - net/sched: Remove unnecessary WARNING condition for empty child qdisc in
       htb_activate
     - bonding: update LACP activity flag after setting lacp_active
     - bonding: Add independent control state machine
     - bonding: send LACPDUs periodically in passive mode after receiving
       partner's LACPDU
     - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
     - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs
     - [s390x] hypfs: Enable limited access during lockdown
     - netfilter: nf_reject: don't leak dst refcount for loopback packets
     - alloc_fdtable(): change calling conventions.
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.150
     - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
     - scsi: core: sysfs: Correct sysfs attributes access rights
     - smb: client: fix race with concurrent opens in unlink(2)
     - smb: client: fix race with concurrent opens in rename(2)
     - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
     - nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests
     - NFS: Fix a race when updating an existing write
     - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
     - net: ipv4: fix regression in local-broadcast routes
     - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl
     - [powerpc*] kvm: Fix ifdef to remove build warning
     - HID: input: rename hidinput_set_battery_charge_status()
     - HID: input: report battery status changes immediately
     - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
     - Bluetooth: hci_event: Mark connection as closed during suspend disconnect
     - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
     - Bluetooth: hci_sync: fix set_local_name race condition
     - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
     - net: dlink: fix multicast stats being counted incorrectly
     - phy: mscc: Fix when PTP clock is register and unregister
     - net/mlx5: Reload auxiliary drivers on fw_activate
     - net/mlx5e: Update and set Xon/Xoff upon MTU set
     - net/mlx5e: Update and set Xon/Xoff upon port speed set
     - net/mlx5e: Set local Xoff after FW update
     - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
     - net: rose: split remove and free operations in rose_remove_neigh()
     - net: rose: convert 'use' field to refcount_t
     - net: rose: include node references in rose_neigh refcount
     - sctp: initialize more fields in sctp_v6_from_sk()
     - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
     - [x86] KVM: x86: use array_index_nospec with indices that come from guest
     - HID: asus: fix UAF via HID_CLAIMED_INPUT validation
     - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
     - HID: wacom: Add a new Art Pen 2
     - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
     - Revert "drm/amdgpu: fix incorrect vm flags to map bo"
     - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
     - fs/smb: Fix inconsistent refcnt update
     - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
     - smb3 client: fix return code mapping of remap_file_range
     - drm/nouveau/disp: Always accept linear modifier
     - net: rose: fix a typo in rose_clear_routes()
     - HID: mcp2221: Don't set bus speed on every transfer
     - HID: mcp2221: Handle reads greater than 60 bytes
     - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to
       LANE0_1_STATUS"
     - xfs: do not propagate ENODATA disk errors into xattr code
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.151
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage (CVE-2025-38502)
     - btrfs: fix race between logging inode and checking if it was logged before
     - btrfs: fix race between setting last_dir_index_offset and inode logging
     - btrfs: avoid load/store tearing races when checking if an inode was logged
     - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - Bluetooth: hci_sync: Avoid adding default advertising on startup
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - [arm64] tee: fix NULL pointer dereference in tee_shm_put
     - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - [x86] xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - [arm64] net: macb: Fix tx_ptr_lock locking
     - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
     - [arm64] net: thunder_bgx: add a missing of_node_put
     - [arm64] net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - net/smc: Remove validation of reserved bits in CLC Decline message
     - mctp: return -ENOPROTOOPT for unknown getsockopt options
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register fail
     - ppp: fix memory leak in pad_compress_skb
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - ocfs2: prevent release journal inode after journal shutdown
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - cifs: prevent NULL pointer dereference in UTF16 conversion
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/slub: avoid accessing metadata when pointer is invalid in object_err()
     - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - btrfs: adjust subpage bit start based on sectorsize (CVE-2025-37931)
     - iio: light: opt3001: fix deadlock due to concurrent flag access
       (CVE-2025-37968)
     - [x86] i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
     - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
     - vmxnet3: update MTU after device quiesce
     - [arm64,armhf] spi: tegra114: Remove unnecessary NULL-pointer checks
     - [arm64,armhf] spi: tegra114: Don't fail set_cs_timing when delays are zero
     - [x86] cpufreq: intel_pstate: Revise global turbo disable check
     - [x86] cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into
       caller
     - [x86] cpufreq: intel_pstate: Do not update global.turbo_disabled after
       initialization
     - [x86] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
     - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
     - fs: relax assertions on failure to encode file handles (CVE-2024-57924)
     - drm/amd/display: Check link_res->hpo_dp_link_enc before using it
       (CVE-2024-47704)
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
     - Revert "drm/amdgpu: Avoid extra evict-restore process."
     - pcmcia: omap: Add missing check for platform_get_resource
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - [arm64] drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - drm/amdgpu: Optimize RAS TA initialization and TA unload funcs
     - drm/amdgpu: remove the check of init status in psp_ras_initialize
     - drm/amd/amdgpu: Fix style problems in amdgpu_psp.c
     - drm/amdgpu: Skip TMR allocation if not required
     - drm/amd: Make flashing messages quieter
     - drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
     - drm/amd/amdgpu: Fix missing error return on kzalloc failure
     - mm, slub: refactor free debug processing
     - slub: Reflow ___slab_alloc()
     - mm: slub: avoid wake up kswapd in set_track_prepare
     - [arm64,armhf] spi: tegra114: Use value to check for invalid delays
     - [x86] cpufreq: intel_pstate: Rearrange show_no_turbo() and
       store_no_turbo()
     - [x86] cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
     - [x86] cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.152
     - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300):
       - Documentation/hw-vuln: Add VMSCAPE documentation
       - x86/vmscape: Enumerate VMSCAPE bug
       - x86/vmscape: Add conditional IBPB mitigation
       - x86/vmscape: Enable the mitigation
       - x86/bugs: Move cpu_bugs_smt_update() down
       - x86/vmscape: Warn when STIBP is disabled with SMT
       - x86/vmscape: Add old Intel CPUs to affected list
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.153
     - mm: introduce and use {pgd,p4d}_populate_kernel()
     - media: mediatek: vcodec: Fix a resource leak related to the scp device in
       FW initialization (CVE-2025-23160)
     - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
       (CVE-2025-23143)
     - tracing: Do not add length to print format in synthetic events
     - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
     - NFSv4: Don't clear capabilities that won't be reset
     - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
     - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
     - tracing: Fix tracing_marker may trigger page fault during preempt_disable
     - ftrace/samples: Fix function size computation
     - NFSv4/flexfiles: Fix layout merge mirror check.
     - tracing: Silence warning when chunk allocation fails in trace_pid_write
     - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
       psock->cork.
     - proc: fix type confusion in pde_set_flags()
     - [x86] KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation
       code
     - [x86] KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
     - [x86] KVM: SVM: Set synthesized TSA CPUID flags
     - Revert "SUNRPC: Don't allow waiting for exiting tasks"
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
     - ocfs2: fix recursive semaphore deadlock in fiemap call
     - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM
       wakeups
     - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
     - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite
     - fuse: check if copy_file_range() returns larger than requested size
     - fuse: prevent overflow in copy_file_range return value
     - libceph: fix invalid accesses to ceph_connection_v1_info
     - mm/damon/sysfs: fix use-after-free in state_show()
     - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
     - mm/damon/lru_sort: avoid divide-by-zero in
       damon_lru_sort_apply_parameters()
     - mm/khugepaged: convert hpage_collapse_scan_pmd() to use folios
     - mm/khugepaged: fix the address passed to notifier on testing young
     - kernfs: Fix UAF in polling when open file is released
     - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
       memory
     - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
     - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO
       runtime PM wakeups"
     - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
     - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
     - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
     - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
     - [arm64,armhf] net: fec: Fix possible NPD in
       fec_enet_phy_reset_after_clk_enable()
     - tunnels: reset the GSO metadata before reusing the skb
     - docs: networking: can: change bcm_msg_head frames member to support
       flexible array
     - igb: fix link test skipping when interface is admin down
     - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
     - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
       j1939_local_ecu_get() failed
     - can: j1939: j1939_local_ecu_get(): undo increment when
       j1939_local_ecu_get() fails
     - net: hsr: Disable promiscuous mode in offload mode
     - net: hsr: Add support for MC filtering at the slave device
     - net: hsr: Add VLAN CTAG filter support
     - hsr: use rtnl lock when iterating over ports
     - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
     - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs()
     - [armhf] dmaengine: ti: edma: Fix memory allocation size for
       queue_priority_map
     - hrtimer: Remove unused function
     - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
     - hrtimers: Unconditionally update target CPU base after offline timer
       migration
     - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
     - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for
       num-channels/ees
     - [arm64] phy: tegra: xusb: fix device and OF node leak at probe
     - [armhf] phy: ti-pipe3: fix device leak at unbind
     - drm/amdgpu: fix a memory leak in fence cleanup when unloading
     - [x86] drm/i915/power: fix size for for_each_set_bit() in abox iteration
     - [arm64] soc: qcom: mdt_loader: Fix error return values in
       mdt_header_valid()
     - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize
     - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
 .
   [ Ben Hutchings ]
   * Revert to using RSA for module signatures (Closes: #1114773)
   * d/b/gencontrol.py: Extend the effect of $DEBIAN_KERNEL_DISABLE_INSTALLER
 .
   [ Santiago Ruano Rincón ]
   * d/salsa-ci.yml: Merge the extract-source job into the build's job script
   * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution
     lintian tags.
   * d/salsa-ci.yml: Early move orig tarballs back where they can be cached

linux-signed-i386 (6.1.159+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.159-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.159
     - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
     - perf: Have get_perf_callchain() return NULL if crosstask and user are set
     - [x86] bugs: Fix reporting of LFENCE retpoline
     - EDAC/mc_sysfs: Increase legacy channel support to 16
     - btrfs: zoned: refine extent allocator hint selection
     - btrfs: scrub: replace max_t()/min_t() with clamp() in
       scrub_throttle_dev_io()
     - btrfs: always drop log root tree reference in btrfs_replay_log()
     - btrfs: use smp_mb__after_atomic() when forcing COW in
       create_pending_snapshot()
     - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
     - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
     - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
     - xhci: dbc: Provide sysfs option to configure dbc descriptors
     - xhci: dbc: poll at different rate depending on data transfer activity
     - xhci: dbc: Allow users to modify DbC poll interval via sysfs
     - xhci: dbc: Improve performance by removing delay in transfer event
       polling.
     - xhci: dbc: Avoid event polling busyloop if pending rx transfers are
       inactive.
     - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
       event
     - NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
     - net: usb: asix_devices: Check return value of usbnet_get_endpoints
     - fbcon: Set fb_display[i]->mode to NULL when the mode is released
     - fbdev: atyfb: Check if pll_ops->init_pll failed
     - ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
       (CVE-2025-40211)
     - fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)*
     - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
       Mode (CVE-2025-40321)
     - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
     - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
     - mptcp: restore window probe
     - [x86] fpu: Ensure XFD state on signal delivery
     - wifi: ath10k: Fix memory leak on unsupported WMI command
     - [arm64] drm/msm/a6xx: Fix GMU firmware parser
     - ALSA: usb-audio: fix control pipe direction
     - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
     - scsi: ufs: core: Initialize value of an attribute returned by uic cmd
     - bpf: Do not audit capability check in do_jit()
     - [arm64] ASoC: fsl_sai: fix bit order for DSD format
     - libbpf: Fix powerpc's stack register definition in bpf_tracing.h
     - usbnet: Prevents free active kevent
     - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
       (CVE-2025-40318)
     - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
     - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
     - Bluetooth: ISO: Add support for periodic adv reports processing
     - Bluetooth: ISO: Fix another instance of dst_type handling
     - [arm64,armhf] drm/etnaviv: fix flush sequence logic
     - [arm64] net: hns3: return error code when function fails
     - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
     - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
     - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
     - block: make REQ_OP_ZONE_OPEN a write operation
     - regmap: slimbus: fix bus_context pointer in regmap init calls
       (CVE-2025-40317)
     - Reapply "Revert drm/amd/display: Enable Freesync Video Mode by default"
       (Closes: #1119232)
     - [s390x] pci: Restore IRQ unconditionally for the zPCI device
     - net: phy: dp83867: Disable EEE support as not implemented
     - mptcp: change 'first' as a parameter
     - mptcp: drop bogus optimization in __mptcp_check_push()
     - can: gs_usb: increase max interface to U8_MAX
     - cacheinfo: Return error code in init_of_cache_level()
     - cacheinfo: Check 'cache-unified' property to count cache leaves
     - ACPI: PPTT: Remove acpi_find_cache_levels()
     - ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info()
     - arch_topology: Build cacheinfo from primary CPU
     - cacheinfo: Initialize variables in fetch_cache_info()
     - cacheinfo: Fix LLC is not exported through sysfs
     - drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug
     - [arm64] tegra: Update cache properties
     - filemap: add a kiocb_invalidate_pages helper
     - filemap: add a kiocb_invalidate_post_direct_write helper
     - filemap: update ki_pos in generic_perform_write
     - fs: factor out a direct_write_fallback helper
     - direct_write_fallback(): on error revert the ->ki_pos update from buffered
       write
     - block: open code __generic_file_write_iter for blkdev writes
     - block: fix race between set_blocksize and read paths (CVE-2025-38073)
     - nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()
     - usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
       (CVE-2025-40315)
     - drm/sysfb: Do not dereference NULL pointer in plane reset
     - drm/sched: Fix race in drm_sched_entity_select_rq()
     - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump
     - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs
     - bpf: Don't use %pK through printk
     - pinctrl: single: fix bias pull up/down handling in pin_config_set
     - [arm64] mmc: host: renesas_sdhi: Fix the actual clock
     - memstick: Add timeout to prevent indefinite waiting
     - cpufreq/longhaul: handle NULL policy in longhaul_exit
     - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
     - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
     - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
     - hwmon: (sbtsi_temp) AMD CPU extended temperature range support
     - power: supply: sbs-charger: Support multiple devices
     - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
     - ACPICA: dispatcher: Use acpi_ds_clear_operands() in
       acpi_ds_call_control_method()
     - [arm64] tee: allow a driver to allocate a tee_device without a pool
     - nvmet-fc: avoid scheduling association deletion twice (CVE-2025-40343)
     - nvme-fc: use lock accessing port_state and rport state (CVE-2025-40342)
     - [arm64] video: backlight: lp855x_bl: Set correct EPROM start for LP8556
     - tools/cpupower: fix error return value in cpupower_write_sysfs()
     - cpuidle: Fail cpuidle device registration if there is one already
     - futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
     - bpf: Clear pfmemalloc flag when freeing all fragments
     - nvme: Use non zero KATO for persistent discovery connections
     - uprobe: Do not emulate/sstep original instruction when ip is changed
     - [x86] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
     - [x86] hwmon: (dell-smm) Add support for Dell OptiPlex 7040
     - [x86] tools/cpupower: Fix incorrect size in cpuidle_state_disable()
     - [x86] tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
     - [x86] tools/power x86_energy_perf_policy: Enhance HWP enable
     - [x86] tools/power x86_energy_perf_policy: Prefer driver HWP limits
     - [armhf] mfd: stmpe: Remove IRQ domain upon removal
     - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE
     - drm/amd/display: add more cyan skillfish devices
     - drm/amd/pm: Use cached metrics data on aldebaran
     - drm/amd/pm: Use cached metrics data on arcturus
     - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
     - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
     - PCI: Disable MSI on RDC PCI to PCIe bridges
     - drm/amdkfd: return -ENOTTY for unsupported IOCTLs
     - media: pci: ivtv: Don't create fake v4l2_fh
     - [x86] vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
     - net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
     - ice: Don't use %pK through printk or tracepoints
     - thunderbolt: Use is_pciehp instead of is_hotplug_bridge
     - [powerpc*] eeh: Use result of error_detected() in uevent
     - [s390x] pci: Use pci_uevent_ers() in PCI recovery
     - bridge: Redirect to backup port when port is administratively down
     - net: ipv6: fix field-spanning memcpy warning in AH output
     - media: imon: make send_packet() more robust
     - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
     - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
     - char: misc: Does not request module for miscdevice with dynamic minor
     - net: When removing nexthops, don't call synchronize_net if it is not
       necessary
     - net: Call trace_sock_exceed_buf_limit() for memcg failure with
       SK_MEM_RECV.
     - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
     - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
     - rds: Fix endianness annotation for RDS_MPATH_HASH
     - scsi: mpi3mr: Fix controller init failure on fault during queue creation
     - scsi: pm80xx: Fix race condition caused by static variables
     - extcon: adc-jack: Fix wakeup source leaks on device unbind
     - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
     - drm/amdkfd: fix vram allocation failure for a special case
     - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
     - media: fix uninitialized symbol warnings
     - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
     - scsi: pm8001: Use int instead of u32 to store error codes
     - ptp: Limit time setting of PTP clocks
     - dmaengine: sh: setup_xref error handling
     - dmaengine: mv_xor: match alloc_wc and free_wc
     - dmaengine: dw-edma: Set status for callback_result
     - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
     - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
     - drm/amdgpu: Allow kfd CRIU with no buffer objects
     - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
     - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
     - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls
       for decoders
     - ALSA: usb-audio: apply quirk for MOONDROP Quark2
     - net: call cond_resched() less often in __release_sock()
     - smsc911x: add second read of EEPROM mac when possible corruption seen
     - [amd64] iommu/amd: Skip enabling command/event buffers for kdump
     - drm/amd: add more cyan skillfish PCI ids
     - drm/amdgpu: don't enable SMU on cyan skillfish
     - drm/amdgpu: add support for cyan skillfish gpu_info
     - usb: gadget: f_hid: Fix zero length packet transfer
     - usb: cdns3: gadget: Use-after-free during failed initialization and exit
       of cdnsp gadget (CVE-2025-40314)
     - [arm64] drm/msm: make sure to not queue up recovery more than once
     - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
     - net: phy: marvell: Fix 88e1510 downshift counter errata
     - wifi: mac80211: Fix HE capabilities element check
     - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
       register 0
     - net: sh_eth: Disable WoL if system can not suspend
     - media: redrat3: use int type to store negative error codes
     - netfilter: nf_reject: don't reply to icmp error messages
     - [x86] kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
       PV_UNHALT
     - udp_tunnel: use netdev_warn() instead of netdev_WARN()
     - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
     - net/cls_cgroup: Fix task_get_classid() during qdisc run
     - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
     - ALSA: serial-generic: remove shared static buffer
     - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
     - drm/amd: Avoid evicting resources at S5
     - page_pool: always add GFP_NOWARN for ATOMIC allocations
     - ethernet: Extend device_get_mac_address() to use NVMEM
     - drm/amdgpu: reject gang submissions under SRIOV
     - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
       TGT_RESET
     - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
       lpfc_cleanup
     - scsi: lpfc: Define size of debugfs entry for xri rebalancing
     - allow finish_no_open(file, ERR_PTR(-E...))
     - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
     - [arm64,armhf] usb: xhci: plat: Facilitate using autosuspend for xhci plat
       devices
     - ipv6: np->rxpmtu race annotation
     - jfs: Verify inode mode when loading from disk (CVE-2025-40312)
     - jfs: fix uninitialized waitqueue in transaction manager
     - [amd64] iommu/vt-d: Replace snprintf with scnprintf in
       dmar_latency_snapshot()
     - wifi: ath10k: Fix connection after GTK rekeying
     - net: intel: fm10k: Fix parameter idx set but not used
     - r8169: set EEE speed down ratio to 1
     - [arm64] PCI: cadence: Check for the existence of cdns_pcie::ops before
       using it
     - vfio: return -ENOTTY for unsupported device feature
     - PCI/PM: Skip resuming to D0 if device is disconnected
     - NFSv4: handle ERR_GRACE on delegation recalls
     - NFSv4.1: fix mount hang after CREATE_SESSION failure
     - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
       dereferencing
     - net: bridge: Install FDB for bridge MAC on VLAN 0
     - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
     - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
     - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
     - ext4: increase IO priority of fastcommit
     - net/mlx5e: Don't query FEC statistics when FEC is disabled
     - net: macb: avoid dealing with endianness in macb_set_hwaddr()
     - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
     - Bluetooth: SCO: Fix UAF on sco_conn_free (CVE-2025-40309)
     - Bluetooth: bcsp: receive data only if registered (CVE-2025-40308)
     - ALSA: usb-audio: add mono main switch to Presonus S1824c
     - exfat: limit log print for IO error
     - 6pack: drop redundant locking and refcounting
     - page_pool: Clamp pool size to max 16K pages
     - orangefs: fix xattr related buffer overflow... (CVE-2025-40306)
     - ftrace: Fix softlockup in ftrace_module_enable
     - ksmbd: use sock_create_kern interface to create kernel socket
     - smb: client: transport: avoid reconnects triggered by pending task work
     - ACPICA: Update dsmethod.c to get rid of unused variable warning
     - RDMA/irdma: Fix SD index calculation
     - RDMA/irdma: Remove unused struct irdma_cq fields
     - RDMA/irdma: Set irdma_cq cq_num field during CQ create
     - [arm64] RDMA/hns: Fix the modification of max_send_sge
     - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around
     - btrfs: mark dirty extent range for out of bound prealloc extents
     - fs/hpfs: Fix error code for new_inode() failure in
       mkdir/create/mknod/symlink
     - [arm64] rtc: pcf2127: clear minute/second interrupt
     - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
     - NTB: epf: Allow arbitrary BAR mapping
     - 9p: fix /sys/fs/9p/caches overwriting itself
     - 9p: sysfs_init: don't hardcode error to ENOMEM
     - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
     - ACPI: property: Return present device nodes only on fwnode interface
     - tools bitmap: Add missing asm-generic/bitsperlong.h include
     - tools: lib: thermal: don't preserve owner in install
     - tools: lib: thermal: use pkg-config to locate libnl3
     - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
       (CVE-2025-40304)
     - kbuild: uapi: Strip comments before size type check
     - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
     - ceph: add checking of wait_for_completion_killable() return value
     - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
     - Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
       (Closes: #1120680)
     - Bluetooth: hci_event: validate skb length for unknown CC opcode
       (CVE-2025-40301)
     - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
       bcm63xx
     - net: vlan: sync VLAN features with lower device
     - [armhf] net: dsa: b53: fix resetting speed and pause on forced link
     - [armhf] net: dsa: b53: fix enabling ip multicast
     - [armhf] net: dsa: b53: stop reading ARL entries if search is done
     - sctp: Hold RCU read lock while iterating over address list
     - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
     - sctp: Hold sock lock while iterating over address list
     - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
     - bnxt_en: Fix a possible memory leak in bnxt_ptp_init
     - net/mlx5e: SHAMPO, Fix skb size check for 64K pages
     - net: bridge: fix use-after-free due to MST port state bypass
       (CVE-2025-40297)
     - net: bridge: fix MST static key usage
     - tracing: Fix memory leaks in create_field_var()
     - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
       (CVE-2025-40294)
     - rtc: rx8025: fix incorrect register reference
     - smb: client: validate change notify buffer before copy
     - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
     - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
     - PM: suspend: Fix pm_suspend_target_state handling for !CONFIG_PM
     - extcon: adc-jack: Cleanup wakeup source only if it was enabled
     - drm/amdgpu: Fix function header names in amdgpu_connectors.c
     - [x86] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
     - [x86] drm/i915: Fix conversion between clock ticks and nanoseconds
     - smb: client: fix refcount leak in smb2_set_path_attr
     - drm/amd: Fix suspend failure with secure display TA
     - compiler_types: Move unused static inline functions warning to W=2
     - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
     - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
       (CVE-2025-40288)
     - NFS4: Fix state renewals missing after boot
     - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
     - NFS: check if suid/sgid was cleared after a write as needed
     - smb/server: fix possible memory leak in smb2_read() (CVE-2025-40286)
     - smb/server: fix possible refcount leak in smb2_sess_setup()
       (CVE-2025-40285)
     - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
     - wifi: ath11k: Add tx ack signal support for management packets
     - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
     - net: fec: correct rx_bytes statistic for the case SHIFT16 is set
     - Bluetooth: MGMT: cancel mesh send timer when hdev removed (CVE-2025-40284)
     - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
       (CVE-2025-40283)
     - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
       (CVE-2025-40282)
     - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
     - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
     - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
       (CVE-2025-40281)
     - net/smc: fix mismatch between CLC header and proposal
     - tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)).
     - net: mdio: fix resource leak in mdiobus_register_device()
     - wifi: mac80211: skip rate verification for not captured PSDUs
     - af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)).
     - net/sched: act_connmark: transition to percpu stats and rcu
     - net_sched: act_connmark: use RCU in tcf_connmark_dump()
     - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
       (CVE-2025-40279)
     - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
       (CVE-2025-40278)
     - net/mlx5e: Fix maxrate wraparound in threshold between units
     - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
     - net/mlx5: Expose shared buffer registers bits and structs
     - net/mlx5e: Add API to query/modify SBPR and SBCM registers
     - net/mlx5e: Update shared buffer along with device buffer changes
     - net/mlx5e: Consider internal buffers size in port buffer calculations
     - net/mlx5e: Remove mlx5e_dbg() and msglvl support
     - net/mlx5e: Fix potentially misleading debug message
     - net_sched: limit try_bulk_dequeue_skb() batches
     - hsr: Fix supervision frame sending on HSRv0
     - ACPI: CPPC: Check _CPC validity for only the online CPUs
     - ACPI: CPPC: Perform fast check switch only for online CPUs
     - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
     - Bluetooth: L2CAP: export l2cap_chan_hold for modules
     - acpi,srat: Fix incorrect device handle check for Generic Initiator
     - regulator: fixed: fix GPIO descriptor leak on register failure
     - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
       (CVE-2025-40277)
     - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
     - ALSA: usb-audio: Fix NULL pointer dereference in
       snd_usb_mixer_controls_badd (CVE-2025-40275)
     - bpf: Add bpf_prog_run_data_pointers()
     - softirq: Add trace points for tasklet entry/exit
     - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
     - espintcp: fix skb leaks (CVE-2025-38057)
     - lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
     - asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch
     - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
     - HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
     - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
     - ksmbd: close accepted socket when per-IP limit rejects connection
     - strparser: Fix signed/unsigned mismatch bug
     - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
     - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
     - wifi: mac80211: reject address change while connecting
     - fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
     - [arm64] mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
     - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
       (CVE-2025-40269)
     - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
     - spi: Try to get ACPI GPIO IRQ earlier
     - btrfs: do not update last_log_commit when logging inode due to a new name
     - virtio-net: fix received length check in big packets (CVE-2025-40292)
     - scsi: ufs: core: Add a quirk to suppress link_startup_again
     - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel
       ADL
     - iommufd: Don't overflow during division for dirty tracking
       (CVE-2025-40293)
     - [x86] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
     - net: netpoll: fix incorrect refcount handling causing incorrect cleanup
     - eventpoll: Replace rwlock with spinlock
     - mm, percpu: do not consider sleepable allocations atomic
     - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
     - asm-generic: partially revert "Unify uapi bitsperlong.h for arm64, riscv
       and loongarch"
     - net/mlx5: Fix memory leak in error flow of port set buffer
     - net/sched: act_connmark: handle errno on tcf_idr_check_alloc
     - net/mlx5e: Do not update SBCM when prio2buffer command is invalid
     - net/mlx5e: Preserve shared buffer capacity during headroom updates
     - timers: Fix NULL function pointer race in timer_shutdown_sync()
     - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
       (Closes: #1114557)
     - mtdchar: fix integer overflow in read/write ioctls
     - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
     - mptcp: Disallow MPTCP subflows from sockmap
     - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
     - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
     - Input: cros_ec_keyb - fix an invalid memory access (CVE-2025-40263)
     - Input: imx_sc_key - fix memory corruption on unload (CVE-2025-40262)
     - Input: pegasus-notetaker - fix potential out-of-bounds access
     - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
       (CVE-2025-40261)
     - scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
     - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
     - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
     - mptcp: fix ack generation for fallback msk
     - mptcp: fix premature close in case of fallback
     - mptcp: avoid unneeded subflow-level drops
     - mptcp: do not fallback when OoO is present
     - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple()
     - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
     - xfrm: Determine inner GSO type from packet inner protocol
     - [arm64,armhf] gpu: host1x: Select context device based on attached IOMMU
     - [arm64,armhf] drm/tegra: Add call to put_pid()
     - net: openvswitch: remove never-working support for setting nsh fields
       (CVE-2025-40254)
     - nvme-multipath: fix lockdep WARN due to partition scan work
     - [s390x] ctcm: Fix double-kfree (CVE-2025-40253)
     - [x86] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes
       to errnos
     - kernel.h: Move ARRAY_SIZE() to a separate header
     - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and
       qede_tpa_end()
     - vsock: Ignore signal/timeout on connect() if already established
     - bcma: don't register devices disabled in OF
     - cifs: fix typo in enable_gcm_256 module parameter
     - scsi: core: Fix a regression triggered by scsi_host_busy()
     - net: tls: Cancel RX async resync request on rcd_delta overflow
     - mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
     - mm/mm_init: fix hash table order logging in alloc_large_system_hash()
     - ALSA: usb-audio: fix uac2 clock source at terminal parser
     - tracing/tools: Fix incorrcet short option in usage text for --threads
     - uio_hv_generic: Set event for all channels on the device
       (Closes: #1120602)
     - mm/truncate: unmap large folio on split failure
     - maple_tree: fix tracepoint string pointers
     - mptcp: decouple mptcp fastclose from tcp close
     - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
     - mm/mempool: replace kmap_atomic() with kmap_local_page()
     - mm/mempool: fix poisoning order>0 pages with HIGHMEM
     - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
     - ata: libata-scsi: Fix system suspend for a security locked drive
     - HID: amd_sfh: Stop sensor before starting
     - [armhf] pmdomain: samsung: plug potential memleak during probe
     - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration
       failure
     - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove
     - filemap: cap PTE range to be created to allowed zero fill in
       folio_map_range()
     - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
     - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted
       URBs
     - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
       accessing header
     - Bluetooth: SMP: Fix not generating mackey and ltk when repairing
     - [x86] platform/x86: intel: punit_ipc: fix memory corruption
     - net: aquantia: Add missing descriptor cache invalidation on ATL2
     - net/mlx5e: Fix validation logic in rate limiting
     - net: sxgbe: fix potential NULL dereference in sxgbe_rx()
     - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
     - net: atlantic: fix fragment overflow handling in RX path
     - mailbox: Allow direct registration to a channel
     - [amd64,arm64] mailbox: pcc: Use mbox_bind_client
     - [amd64,arm64] mailbox: pcc: Add support for platform notification handling
     - [amd64,arm64] mailbox: pcc: Support shared interrupt for multiple
       subspaces
     - ACPI: PCC: Add PCC shared memory region command and status bitfields
     - [amd64,arm64] mailbox: pcc: Check before sending MCTP PCC response ACK
     - [amd64,arm64] mailbox: pcc: Refactor error handling in irq handler into
       separate function
     - [amd64,arm64] mailbox: pcc: don't zero error register
     - [x86] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
     - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
     - iio:common:ssp_sensors: Fix an error handling path ssp_probe()
     - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411)
     - iio: accel: fix ADXL355 startup race condition
     - iio: adc: ad7280a: fix ad7280_store_balance_timer()
     - [mips*] mm: Prevent a TLB shutdown on initial uniquification
     - [mips*] mm: kmalloc tlb_vpn array to avoid stack overflow
     - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
     - atm/fore200e: Fix possible data race in fore200e_open()
     - can: sja1000: fix max irq loop handling
     - [armhf] can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
     - dm-verity: fix unreliable memory allocation
     - [arm64,armhf] drivers/usb/dwc3: fix PCI parent check
     - smb: client: fix memory leak in cifs_construct_tcon()
     - [x86] thunderbolt: Add support for Intel Wildcat Lake
     - firmware: stratix10-svc: fix bug in saving controller data
     - [arm64,armhf] serial: amba-pl011: prefer dma_mapping_error() over explicit
       address checking
     - usb: cdns3: Fix double resource release in cdns3_pci_probe
     - usb: gadget: f_eem: Fix memory leak in eem_unwrap
     - usb: storage: Fix memory leak in USB bulk transport
     - USB: storage: Remove subclass and protocol overrides from Novatek quirk
     - usb: storage: sddr55: Reject out-of-bound new_pba
     - usb: uas: fix urb unmapping issue when the uas device is remove during
       ongoing data transfer
     - [arm64,armhf] usb: dwc3: Fix race condition between concurrent
       dwc3_remove_requests() call paths
     - USB: serial: ftdi_sio: add support for u-blox EVK-M101
     - USB: serial: option: add support for Rolling RW101R-GL
     - drm/amd/display: Check NULL before accessing
     - libceph: fix potential use-after-free in have_mon_and_osd_map()
     - libceph: prevent potential out-of-bounds writes in
       handle_auth_session_key()
     - libceph: replace BUG_ON with bounds check for map->max_osd
     - nfsd: Replace clamp_t in nfsd4_get_drc_mem()
     - net: macb: fix unregister_netdev call order in macb_remove()
       (CVE-2025-39805)
     - mptcp: fix duplicate reset on fastclose
     - mptcp: Fix proto fallback detection with BPF
     - staging: rtl8712: Remove driver using deprecated API wext
     - ksmbd: fix use-after-free in session logoff (CVE-2025-37899)
     - usb: typec: ucsi: psy: Set max current to zero when disconnected
     - usb: udc: Add trace event for usb_gadget_set_state
     - usb: gadget: udc: fix use-after-free in usb_gadget_state_work
     - scsi: pm80xx: Set phy->enable_completion only when we
     - [arm64] i2c: xgene-slimpro: Migrate to use generic PCC shmem related
       macros
     - HID: core: Harden s32ton() against conversion to 0 bits
 .
   [ Ben Hutchings ]
   * tools/hv: Make the sample hv_get_dhcp_info script more useful
   * hyperv-daemons: Install the sample network info scripts (Closes: #919350)
linux-signed-i386 (6.1.158+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.158-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.154
     - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
       supported
     - wifi: mac80211: increase scan_ies_len for S1G
     - wifi: mac80211: fix incorrect type for ret
     - cgroup: split cgroup_destroy_wq into 3 workqueues
     - btrfs: fix invalid extref key setup when replaying dentry
     - qed: Don't collect too many protection override GRC elements
     - mptcp: set remote_deny_join_id0 on SYN recv
     - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
     - i40e: remove redundant memory barrier when cleaning Tx descs
     - bonding: don't set oif to bond dev when getting NS target destination
     - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
     - tls: make sure to abort the stream if headers are bogus
     - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
     - net: liquidio: fix overflow in octeon_init_instr_queue()
     - cnic: Fix use-after-free bugs in cnic_delete_task
     - ksmbd: smbdirect: validate data_offset and data_length field of
       smb_direct_data_transfer
     - ksmbd: smbdirect: verify remaining_data_length respects
       max_fragmented_recv_size
     - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
     - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
     - power: supply: bq27xxx: restrict no-battery detection to bq27000
     - [x86] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
     - btrfs: tree-checker: fix the incorrect inode ref size check
     - mmc: mvsdio: Fix dma_unmap_sg() nents value
     - [x86] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is
       active
     - rds: ib: Increment i_fastreg_wrs before bailing out
     - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
     - io_uring: backport io_should_terminate_tw()
     - io_uring: include dying ring in task_work "should cancel" state
     - [x86] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
       message
     - [arm64] drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
     - crypto: af_alg: Indent the loop in af_alg_sendmsg()
     - crypto: af_alg - Set merge to zero early in af_alg_sendmsg
     - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
     - mptcp: pm: nl: announce deny-join-id0 flag
     - phy: Use device_get_match_data()
     - [armhf] phy: ti: omap-usb2: fix device leak at unbind
     - xhci: dbc: decouple endpoint allocation from initialization
     - xhci: dbc: Fix full DbC transfer ring after several reconnects
     - mptcp: propagate shutdown to subflows when possible
     - net: rfkill: gpio: add DT support
     - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
     - crypto: af_alg: Convert af_alg_sendpage() to use MSG_SPLICE_PAGES
     - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.155
     - ALSA: usb-audio: Fix block comments in mixer_quirks
     - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
     - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
     - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
     - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
     - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
     - ALSA: usb-audio: Convert comma to semicolon
     - ALSA: usb-audio: Fix build with CONFIG_INPUT=n
     - usb: core: Add 0x prefix to quirks debug output
     - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
     - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
     - ALSA: usb-audio: Add mute TLV for playback volumes on more devices
     - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
     - mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
     - mm: add folio_expected_ref_count() for reference count calculation
     - mm/gup: check ref_count instead of lru before migration
     - mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
     - mm: folio_may_be_lru_cached() unless folio_test_large()
     - cpufreq: Initialize cpufreq-based invariance before subsys
     - smb: server: don't use delayed_work for post_recv_credits_work
     - bpf: Reject bpf_timer for PREEMPT_RT
     - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
     - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer
       overflow
     - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
     - can: peak_usb: fix shift-out-of-bounds issue
     - Bluetooth: hci_sync: Fix hci_resume_advertising_sync
     - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
     - bnxt_en: correct offset handling for IPv6 destination address
     - nexthop: Forbid FDB status change while nexthop is in a group
     - [x86] drm/gma500: Fix null dereference in hdmi teardown
     - futex: Prevent use-after-free during requeue-PI
     - i40e: fix idx validation in i40e_validate_queue_map
     - i40e: fix input validation logic for action_meta
     - i40e: add max boundary check for VF filters
     - i40e: add mask to apply valid bits for itr_idx
     - i40e: improve VF MAC filters accounting
     - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
     - tracing: dynevent: Add a missing lockdown check on dynevent
     - afs: Fix potential null pointer dereference in afs_put_server
     - mm/hugetlb: fix folio is still mapped when deleted
     - fbcon: fix integer overflow in fbcon_do_set_font
     - fbcon: Fix OOB access in font allocation
     - [s390x] cpum_cf: Fix uninitialized warning after backport of ce971233242b
     - mm: migrate_device: use more folio in migrate_device_finalize()
     - mm/migrate_device: don't add folio to be freed to LRU in
       migrate_device_finalize() (CVE-2025-21861)
     - minmax: add in_range() macro
     - minmax: Introduce {min,max}_array()
     - minmax: deduplicate __unconst_integer_typeof()
     - minmax: fix indentation of __cmp_once() and __clamp_once()
     - minmax: avoid overly complicated constant expressions in VM code
     - drm/ast: Use msleep instead of mdelay for edid read
     - i40e: fix validation of VF state in get resources
     - i40e: fix idx validation in config queues msg
     - i40e: increase max descriptors for XL710
     - i40e: add validation for ring_len param
     - minmax: make generic MIN() and MAX() macros available everywhere
     - minmax: add a few more MIN_T/MAX_T users
     - minmax: simplify and clarify min_t()/max_t() implementation
     - [x86] drm/i915/backlight: Return immediately when scale() finds invalid
       parameters
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.156
     - crypto: sha256 - fix crash at kexec
     - scsi: target: target_core_configfs: Add length check to avoid buffer
       overflow (CVE-2025-39998)
     - media: b2c2: Fix use-after-free causing by irq_check_work in
       flexcop_pci_remove (CVE-2025-39996)
     - media: rc: fix races with imon_disconnect() (CVE-2025-39993)
     - [arm64] KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
     - media: tunner: xc5000: Refactor firmware load
     - media: tuner: xc5000: Fix use-after-free in xc5000_release
       (CVE-2025-39994)
     - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
       probe (CVE-2025-39995)
     - minmax: don't use max() in situations that want a C constant expression
     - minmax: simplify min()/max()/clamp() implementation
     - minmax: improve macro expansion and type checking
     - minmax: fix up min3() and max3() too
     - minmax.h: add whitespace around operators and after commas
     - minmax.h: update some comments
     - minmax.h: reduce the #define expansion of min(), max() and clamp()
     - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
     - minmax.h: move all the clamp() definitions after the min/max() ones
     - minmax.h: simplify the variants of clamp()
     - minmax.h: remove some #defines that are only expanded once
     - USB: serial: option: add SIMCom 8230C compositions
     - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
     - dm-integrity: limit MAX_TAG_SIZE to 255
     - perf subcmd: avoid crash in exclude_cmds when excludes is empty
     - [x86] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
     - btrfs: ref-verify: handle damaged extent root tree
     - can: hi311x: fix null pointer dereference when resuming from sleep before
       interface was enabled
     - hid: fix I2C read buffer overflow in raw_event() for mcp2221
     - driver core/PM: Set power.no_callbacks along with power.no_pm
     - crypto: rng - Ensure set_ent is always present
     - net/9p: fix double req put in p9_fd_cancelled
     - filelock: add FL_RECLAIM to show_fl_flags() macro
     - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
     - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast
     - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF()
     - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
     - smb: server: fix IRD/ORD negotiation with the client
     - [x86] vdso: Fix output operand size of RDPID
     - regmap: Remove superfluous check for !config in __regmap_init()
     - bpf: Remove migrate_disable in kprobe_multi_link_prog_run
     - libbpf: Fix reuse of DEVMAP
     - ACPI: processor: idle: Fix memory leak when register cpuidle device failed
     - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
     - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux
     - blk-mq: check kobject state_in_sysfs before deleting in
       blk_mq_unregister_hctx
     - block: use int to store blk_stack_limits() return value
     - PM: sleep: core: Clear power.must_resume in noirq suspend error path
     - [arm64] power: supply: cw2015: Fix a alignment coding style issue
     - [arm64] pinctrl: renesas: Use int type to store negative error codes
     - null_blk: Fix the description of the cache_size module argument
     - nbd: restrict sockets to TCP and UDP
     - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation
     - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
     - i3c: master: svc: Use manual response for IBI events
     - i3c: master: svc: Recycle unused IBI slot
     - bpf: Explicitly check accesses to bpf_sock_addr
     - smp: Fix up and expand the smp_call_function_many() kerneldoc
     - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host
       headers
     - i2c: designware: Add disabling clocks when probe fails
     - bpf: Enforce expected_attach_type for tailcall compatibility
     - drm/radeon/r600_cs: clean up of dead code in r600_cs
     - drm/amd/display: Remove redundant semicolons
     - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
     - scsi: myrs: Fix dma_alloc_coherent() error check
     - ALSA: lx_core: use int type to store negative error codes
     - media: st-delta: avoid excessive stack usage
     - drm/amdgpu: Power up UVD 3 for FW validation (v2)
     - drm/amd/pm: Disable ULV even if unsupported (v3)
     - drm/amd/pm: Fix si_upload_smc_data (v3)
     - drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
     - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
     - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
     - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
     - wifi: mwifiex: send world regulatory domain to driver
     - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys
       allocation
     - tcp: fix __tcp_close() to only send RST when required
     - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
     - [armhf] usb: phy: twl6030: Fix incorrect type for ret
     - usb: gadget: configfs: Correctly set use_os_string at bind
     - misc: genwqe: Fix incorrect cmd field being reported in error
     - pps: fix warning in pps_register_cdev when register device fail
     - [x86] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
     - [x86] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
     - [arm64] drm/msm/dpu: fix incorrect type for ret
     - iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
     - netfilter: ipset: Remove unused htable_bits in macro ahash_region
     - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
       watchdog
     - drivers/base/node: handle error properly in register_one_node()
     - RDMA/cm: Rate limit destroy CM ID timeout error message
     - wifi: mt76: fix potential memory leak in mt76_wmac_probe()
     - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
     - scsi: qla2xxx: edif: Fix incorrect sign of error code
     - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
     - f2fs: fix zero-sized extent for precache extents
     - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems
       Running"
     - RDMA/core: Resolve MAC of next-hop device without ARP support
     - IB/sa: Fix sa_local_svc_timeout_ms read race
     - Documentation: trace: historgram-design: Separate sched_waking histogram
       section heading and the following diagram
     - wifi: ath10k: avoid unnecessary wait for service ready message
     - wifi: mac80211: fix Rx packet handling when pubsta information is not
       available
     - wifi: rtw89: avoid circular locking dependency in ser_state_run()
     - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR
     - [arm64] coresight: trbe: Return NULL pointer for allocation failures
     - NFSv4.1: fix backchannel max_resp_sz verification check
     - ipvs: Defer ip_vs_ftp unregister during netns cleanup
     - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
     - usb: vhci-hcd: Prevent suspending virtually attached devices
     - RDMA/siw: Always report immediate post SQ errors
     - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
     - Bluetooth: MGMT: Fix not exposing debug UUID on
       MGMT_OP_READ_EXP_FEATURES_INFO
     - Bluetooth: ISO: Fix possible UAF on iso_conn_free
     - Bluetooth: ISO: don't leak skb in ISO_CONT RX
     - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
     - ocfs2: fix double free in user_cluster_connect()
     - drivers/base/node: fix double free in register_one_node()
     - nfp: fix RSS hash key size when RSS is not supported
     - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
       configurable
     - net: dlink: handle copy_thresh allocation failure
     - net/mlx5: Stop polling for command response if interface goes down
     - net/mlx5: pagealloc: Fix reclaim race during command interface teardown
     - net/mlx5: fw reset, add reset timeout work
     - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
     - Squashfs: fix uninit-value in squashfs_get_parent
     - uio_hv_generic: Let userspace take care of interrupt mask
     - fs: udf: fix OOB read in lengthAllocDescs handling
     - net: nfc: nci: Add parameter validation for packet data
     - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of
       devm_gpiochip_add_data()
     - dm: fix queue start/stop imbalance under suspend/load/resume races
     - dm: fix NULL pointer dereference in __dm_suspend()
     - ksmbd: fix error code overwriting in smb2_get_info_filesystem()
     - ext4: fix checks for orphan inodes
     - mm: hugetlb: avoid soft lockup when mprotect to large memory area
     - Input: atmel_mxt_ts - allow reset GPIO to sleep
     - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
     - pinctrl: check the return value of pinmux_ops::get_function_name()
     - [arm64] bus: fsl-mc: Check return value of platform_get_resource()
     - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
     - [x86] usb: typec: tipd: Clear interrupts first
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.157
     - fs: always return zero on success from replace_fd()
     - fscontext: do not consume log entries when returning -EMSGSIZE
     - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
     - media: v4l2-subdev: Fix alloc failure check in
       v4l2_subdev_call_state_try()
     - perf evsel: Avoid container_of on a NULL leader
     - libperf event: Ensure tracing data is multiple of 8 sized
     - perf util: Fix compression checks returning -1 as bool
     - [mips*] rtc: x1205: Fix Xicor X1205 vendor prefix
         - perf session: Fix handling when buffer exceeds 2 GiB
     - scsi: libsas: Add sas_task_find_rq()
     - scsi: mvsas: Delete mvs_tag_init()
     - scsi: mvsas: Use sas_task_find_rq() for tagging
     - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001)
     - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
     - drm/vmwgfx: Fix Use-after-free in validation
     - drm/vmwgfx: Fix copy-paste typo in validation
     - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
     - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
     - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister()
       call
     - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in
       zynqmp_ipi_free_mboxes
     - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
     - drm/amdgpu: Add additional DCE6 SCL registers
     - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
     - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
     - drm/amd/display: Properly disable scaling on DCE6
     - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
     - crypto: essiv - Check ssize for decryption and in-place encryption
     - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
     - bpf: Avoid RCU context warning when unpinning htab with internal structs
     - ACPI: property: Fix buffer properties extraction for subnodes
     - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
     - ACPI: debug: fix signedness issues in read/write helpers
     - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in
       amx3_idle_init
     - cpuidle: governors: menu: Avoid using invalid recent intervals data
     - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required
     - xen/events: Cleanup find_virq() return codes
     - xen/manage: Fix suspend error path
     - [arm64] firmware: meson_sm: fix device leak at probe
     - drm/nouveau: fix bad ret code in nouveau_bo_move_prep
     - blk-crypto: fix missing blktrace bio split events
     - btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
     - bus: mhi: host: Do not use uninitialized 'dev' pointer in
       mhi_init_irq_setup()
     - copy_sighand: Handle architectures where sizeof(unsigned long) <
       sizeof(u64)
     - [x86] cpufreq: intel_pstate: Fix object lifecycle issue in
       update_qos_request()
     - init: handle bootloader identifier in kernel parameters
     - [x86] iommu/vt-d: PRS isn't usable if PDS isn't supported
     - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in
       sys_prlimit64() paths
     - KEYS: trusted_tpm1: Compare HMAC values in constant time
     - lib/genalloc: fix device leak in of_gen_pool_get()
     - openat2: don't trigger automounts with RESOLVE_NO_XDEV
     - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
     - [powerpc*] powernv/pci: Fix underflow and leak issue
     - [powerpc*] pseries/msi: Fix potential underflow and leak issue
     - pwm: berlin: Fix wrong register in suspend/resume
     - sched/deadline: Fix race in push_dl_task()
     - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
     - sctp: Fix MAC comparison to be constant-time
     - mmc: core: SPI mode remove cmd7
     - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in
       exynos_srom_probe
     - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw
       spinlock
     - PCI/sysfs: Ensure devices are powered for config reads
     - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
     - PCI/ERR: Fix uevent on failure to recover
     - PCI/AER: Fix missing uevent on recovery when a reset is requested
     - PCI/AER: Support errors introduced by PCIe r6.0
     - spi: cadence-quadspi: Flush posted register writes before INDAC access
     - spi: cadence-quadspi: Flush posted register writes before DAC access
     - [x86] umip: Check that the instruction opcode is at least two bytes
     - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
       aliases)
     - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
     - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
     - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when
       max_huge_pages=0
     - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
     - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
     - ext4: verify orphan file size is not too big
     - ext4: increase i_disksize to offset + len in
       ext4_update_disksize_before_punch()
     - ext4: correctly handle queries for metadata mappings
     - ext4: guard against EA inode refcount underflow in xattr update
     - ACPICA: Allow to skip Global Lock initialization
     - ext4: free orphan info with kvfree
     - [x86] KVM: x86: Don't (re)check L1 intercepts when completing userspace
       I/O
     - Squashfs: add additional inode sanity checking
     - Squashfs: reject negative file sizes in squashfs_read_inode()
     - tracing: Fix race condition in kprobe initialization causing NULL pointer
       dereference
     - ksmbd: add max ip connections parameter
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
       value
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
       cache_type
     - [x86] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
     - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
     - rseq: Protect event mask against membarrier IPI
     - ipmi: Rework user message limit handling
     - ipmi: Fix handling of messages with provided receive message pointer
     - ACPI: property: Disregard references in data-only subnode lists
     - ACPI: property: Add code comments explaining what is going on
     - ACPI: property: Do not pass NULL handles to acpi_attach_data()
     - asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info
     - asm-generic/io.h: suppress endianness warnings for relaxed accessors
     - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
     - mptcp: pm: in-kernel: usable client side with C-flag
     - minixfs: Verify inode mode when loading from disk
     - pid: Add a judgment for ns null in pid_nr_ns
     - fs: Add 'initramfs_options' to set initramfs mount options
     - cramfs: Verify inode mode when loading from disk
     - writeback: Avoid softlockup when switching many inodes
     - writeback: Avoid excessively long inode switching times
     - xen/events: Update virq_to_irq on migration
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.158
     - smb: client: Fix refcount leak for cifs_sb_tlink (CVE-2025-40103)
     - r8152: add error handling in rtl8152_driver_init
     - jbd2: ensure that all ongoing I/O complete before freeing blocks
     - ext4: wait for ongoing I/O to complete before freeing blocks
     - ext4: detect invalid INLINE_DATA + EXTENTS flag combination
     - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
       running
     - btrfs: do not assert we found block group item when creating free space
       tree (CVE-2025-40100)
     - cifs: parse_dfs_referrals: prevent oob on malformed input (CVE-2025-40099)
     - drm/amdgpu: use atomic functions with memory barriers for vm fault info
     - drm/amd: Check whether secure display TA loaded successfully
     - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value
     - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
     - usb: gadget: Store endpoint pointer in usb_request
     - usb: gadget: Introduce free_usb_request helper
     - usb: gadget: f_rndis: Refactor bind path to use __free() (CVE-2025-40095)
     - usb: gadget: f_ecm: Refactor bind path to use __free() (CVE-2025-40093)
     - usb: gadget: f_acm: Refactor bind path to use __free() (CVE-2025-40094)
     - usb: gadget: f_ncm: Refactor bind path to use __free() (CVE-2025-40092)
     - Documentation: Remove bogus claim about del_timer_sync()
     - [arm64,armhf] clocksource/drivers/arm_arch_timer: Do not use timer
       namespace for timer_shutdown() function
     - [arm64,armhf] clocksource/drivers/sp804: Do not use timer namespace for
       timer_shutdown() function
     - timers: Replace BUG_ON()s
     - Documentation: Replace del_timer/del_timer_sync()
     - timers: Silently ignore timers with a NULL function
     - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
     - timers: Add shutdown mechanism to the internal functions
     - timers: Provide timer_shutdown[_sync]()
     - timers: Update the documentation to reflect on the new timer_shutdown()
       API
     - Bluetooth: hci_qca: Fix the teardown problem for real
     - HID: multitouch: fix sticky fingers
     - dax: skip read lock assertion for read-only filesystems
     - [arm64] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
     - net: dlink: handle dma_map_single() failure properly
     - doc: fix seg6_flowlabel path
     - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
     - net/ip6_tunnel: Prevent perpetual tunnel growth
     - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface
       toggle
     - tcp: fix tcp_tso_should_defer() vs large RTT
     - tg3: prevent use of uninitialized remote_adv and local_adv variables
     - net: tls: wait for async completion on last message
     - tls: wait for async encrypt in case of error during latter iterations of
       sendmsg
     - tls: always set record_type in tls_process_cmsg
     - tls: wait for pending async decryptions if tls_strp_msg_hold fails
     - tls: don't rely on tx_work during send()
     - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
     - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
       lan78xx_reset
     - [x86] ASoC: nau8821: Cancel jdet_work before handling jack ejection
     - [x86] ASoC: nau8821: Generalize helper to clear IRQ status
     - [x86] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
     - drm/amd/powerplay: Fix CIK shutdown temperature
     - [arm64] drm/rockchip: vop2: use correct destination rectangle height check
     - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
     - sched/fair: Fix pelt lost idle time detection
     - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
     - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
       (CVE-2025-40085)
     - HID: hid-input: only ignore 0 battery events for digitizers
     - HID: multitouch: fix name of Stylus input devices
     - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
       (CVE-2025-40088)
     - PCI/sysfs: Ensure devices are powered for config reads (part 2)
     - exec: Fix incorrect type for ret
     - hfs: clear offset and space out of valid records in b-tree node
     - hfs: make proper initalization of struct hfs_find_data
     - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
     - hfs: validate record offset in hfsplus_bmap_alloc
     - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
     - dlm: check for defined force value in dlm_lockspace_release
     - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
     - hfsplus: return EIO when type of hidden directory mismatch in
       hfsplus_fill_super()
     - smb: server: let smb_direct_flush_send_list() invalidate a remote key
       first
     - net/mlx5e: Return 1 instead of 0 in invalid case in
       mlx5e_mpwrq_umr_entry_size()
     - rtnetlink: Allow deleting FDB entries in user namespace
     - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
     - [arm64] mm: avoid always making PTE dirty in pte_mkwrite()
     - sctp: avoid NULL dereference when chunk data buffer is missing
     - net: bonding: fix possible peer notify event loss or dup issue
     - Revert "cpuidle: menu: Avoid discarding useful information"
     - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
     - can: netlink: can_changelink(): allow disabling of automatic restart
     - [mips64el,mipsel] Malta: Fix keyboard resource preventing i8042 driver
       from registering
     - ocfs2: clear extent cache after moving/defragmenting extents
     - vsock: fix lock inversion in vsock_assign_transport()
     - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection
     - net: usb: rtl8150: Fix frame padding
     - io_uring: correct __must_hold annotation in io_install_fixed_file
     - USB: serial: option: add UNISOC UIS7720
     - USB: serial: option: add Quectel RG255C
     - USB: serial: option: add Telit FN920C04 ECM compositions
     - usb/core/quirks: Add Huawei ME906S to wakeup quirk
     - usb: raw-gadget: do not limit transfer length
     - xhci: dbc: enable back DbC in resume if it was enabled before suspend
     - [arm*] binder: remove "invalid inc weak" check
     - [x86] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106)
     - [x86] mei: me: add wildcat lake P DID
     - serial: 8250_dw: handle reset control deassert error
     - serial: 8250_exar: add support for Advantech 2 port card with Device ID
       0x0018
     - xfs: rename the old_crc variable in xlog_recover_process
     - xfs: fix log CRC mismatches between i386 and other architectures
     - PM: runtime: Add new devm functions
     - iio: imu: inv_icm42600: Simplify pm_runtime setup
     - iio: imu: inv_icm42600: use = { } instead of memset()
     - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended
     - padata: Reset next CPU when reorder sequence wraps around
     - fuse: allocate ff->release_args only if release is needed
     - fuse: fix livelock in synchronous file put from fuseblk workers
     - [arm64] mte: Do not flag the zero page as PG_mte_tagged
     - [arm64] PCI: j721e: Enable ACSPCIE Refclk if
       "ti,syscon-acspcie-proxy-ctrl" exists
     - [arm64] PCI: j721e: Fix programming sequence of "strap" settings
     - NFSD: Rework encoding and decoding of nfsd4_deviceid
     - NFSD: Minor cleanup in layoutcommit processing
     - NFSD: Fix last write offset handling in layoutcommit
     - vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)
     - NFSD: Define a proc_layoutcommit for the FlexFiles layout type
       (CVE-2025-40087)
     - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
     - drm/sched: Fix potential double free in
       drm_sched_job_add_resv_dependencies (CVE-2025-40096)
     - f2fs: add a f2fs_get_block_locked helper
     - f2fs: remove the create argument to f2fs_map_blocks
     - f2fs: factor a f2fs_map_blocks_cached helper
     - f2fs: fix wrong block mapping for multi-devices
     - PCI: Add PCI_VDEVICE_SUB helper macro
     - ixgbevf: Add support for Intel(R) E610 device
     - ixgbevf: fix getting link speed data for E610 devices
     - ixgbevf: fix mailbox API compatibility by negotiating supported features
       (CVE-2025-40104)
     - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
     - xfs: always warn about deprecated mount options
     - devcoredump: Fix circular locking dependency with devcd->mutex.
     - [x86] resctrl: Fix miscount of bandwidth event when reactivating
       previously unavailable RMID
     - ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
     - [s390x] cio: Update purge function to unregister the unused subchannels
     - [arm64] cputype: Add Neoverse-V3AE definitions
     - [arm64] errata: Apply workarounds for Neoverse-V3AE
     - ksmbd: transport_ipc: validate payload size before reading handle
       (CVE-2025-40084)
 .
   [ Ben Hutchings ]
   * d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in ..
   * d/salsa-ci.yml: Adjust filenames to allow source package name suffix
   * d/salsa-ci.yml: Fix cache configuration for build job
   * d/salsa-ci.yml: Move orig tarball generation to a separate job again
   * d/salsa-ci.yml: Restore lintian checking of source package
linux-signed-i386 (6.1.153+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.153-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.149
     - io_uring: don't use int for ABI
     - ALSA: usb-audio: Validate UAC3 power domain descriptors, too
     - ALSA: usb-audio: Validate UAC3 cluster segment descriptors
     - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
     - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
     - smb3: fix for slab out of bounds on mount to ksmbd
     - smb: client: remove redundant lstrp update in negotiate protocol
     - gpio: virtio: Fix config space reading.
     - [amd64,arm64] net: phy: micrel: fix KSZ8081/KSZ8091 cable test
     - net: usb: asix_devices: add phy_mask for ax88772 mdio bus
     - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
     - NFSD: detect mismatch of file handle and delegation stateid in OPEN op
     - NFS: Fix the setting of capabilities when automounting a new filesystem
     - sunvdc: Balance device refcount in vdc_port_mpgroup_check
     - fs: Prevent file descriptor table allocations exceeding INT_MAX
     - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
     - Documentation: ACPI: Fix parent device references
     - ACPI: processor: perflib: Fix initial _PPC limit application
     - ACPI: processor: perflib: Move problematic pr->performance check
     - [amd64] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI
       shadow
     - [amd64] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
     - [amd64] KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
     - [amd64] KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o
       VID
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL in common x86
     - [amd64] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
     - [amd64] KVM: x86/pmu: Gate all "unimplemented MSR" prints on
       report_ignored_msrs
     - [amd64] KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
     - [amd64] KVM: VMX: Re-enter guest in fastpath for "spurious" preemption
       timer exits
     - [amd64] KVM: VMX: Handle forced exit due to preemption timer in fastpath
     - [amd64] KVM: x86: Move handling of is_guest_mode() into fastpath exit
       handlers
     - [amd64] KVM: VMX: Handle KVM-induced preemption timer exits in fastpath
       for L2
     - [amd64] KVM: x86: Fully defer to vendor code to decide how to force
       immediate exit
     - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
       bitmap
     - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
       flag
     - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
       supported
     - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper
     - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
     - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
       APIs
     - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running
       the guest
     - udp: also consider secpath when evaluating ipsec use for checksumming
     - netfilter: ctnetlink: fix refcount leak on table dump
     - hfs: fix slab-out-of-bounds in hfs_bnode_read()
     - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
     - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
     - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
     - [arm64] Handle KCOV __init vs inline mismatches
     - smb/server: avoid deadlock when linking with ReplaceIfExists
     - udf: Verify partition map count
     - drbd: add missing kref_get in handle_write_conflicts
     - hfs: fix not erasing deleted b-tree node issue
     - better lockdep annotations for simple_recursive_removal()
     - ata: libata-sata: Disallow changing LPM state if not supported
     - fs/ntfs3: Add sanity check for file name
     - fs/ntfs3: correctly create symlink for relative path
     - fix locking in efi_secret_unlink()
     - securityfs: don't pin dentries twice, once is enough...
     - usb: xhci: print xhci->xhc_state when queue_command failed
     - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
     - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
     - usb: xhci: Avoid showing warnings for dying controller
     - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
     - usb: xhci: Avoid showing errors during surprise removal
     - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
     - cpufreq: Exit governor when failed to start old governor
     - [armhf] rockchip: fix kernel hang during smp initialization
     - PM / devfreq: governor: Replace sscanf() with kstrtoul() in
       set_freq_store()
     - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
       successed
     - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
       required
     - tools/nolibc: define time_t in terms of __kernel_old_time_t
     - iio: adc: ad_sigma_delta: don't overallocate scan buffer
     - [armhf] tegra: Use I/O memcpy to write to IRAM
     - ACPI: PRM: Reduce unnecessary printing to avoid user confusion
     - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
     - thermal: sysfs: Return ENODATA instead of EAGAIN for reads
     - PM: sleep: console: Fix the black screen issue
     - ACPI: processor: fix acpi_object initialization
     - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
     - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
     - pps: clients: gpio: fix interrupt handling order in remove path
     - reset: brcmstb: Enable reset drivers for ARCH_BCM2835
     - mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
     - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
     - ALSA: hda: Handle the jack polling always via a work
     - ALSA: hda: Disable jack polling at shutdown
     - [amd64] x86/bugs: Avoid warning when overriding return thunk
     - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
     - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
     - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
     - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
     - usb: core: usb_submit_urb: downgrade type check
     - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
     - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline
       mismatches
     - platform/chrome: cros_ec_typec: Defer probe on missing EC parent
     - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
     - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
     - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
     - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
     - ASoC: codecs: rt5640: Retry DEVICE_ID verification
     - xen/netfront: Fix TX response spurious interrupts
     - net: usb: cdc-ncm: check for filtering capability
     - wifi: cfg80211: reject HTC bit for management frames
     - [s390x] time: Use monotonic clock in get_cycles()
     - be2net: Use correct byte order and format string for TCP seq and ack_seq
     - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
     - et131x: Add missing check after DMA map
     - net: ag71xx: Add missing check after DMA map
     - net/mlx5e: Properly access RCU protected qdisc_sleeping variable
     - [arm64] Mark kernel as tainted on SAE and SError panic
     - rcu: Protect ->defer_qs_iw_pending from data race
     - net: mctp: Prevent duplicate binds
     - wifi: cfg80211: Fix interface type validation
     - net: ipv4: fix incorrect MTU in broadcast routes
     - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
     - wifi: iwlwifi: mvm: fix scan request validation
     - [s390x] stp: Remove udelay from stp_sync_clock()
     - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
     - wifi: mac80211: don't complete management TX on SAE commit
     - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
       __ipv6_dev_mc_inc().
     - [arm64] drm/msm: use trylock for debugfs
     - wifi: rtw89: Fix rtw89_mac_power_switch() for USB
     - wifi: rtw89: Disable deep power saving for USB/SDIO
     - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit
     - [amd64] net: thunderbolt: Fix the parameter passing of
       tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
     - net: atlantic: add set_power to fw_ops for atl2 to fix wol
     - net: fec: allow disable coalescing
     - drm/amd/display: Separate set_gsl from set_gsl_source_select
     - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
     - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
     - drm/amd/display: Fix 'failed to blank crtc!'
     - wifi: mac80211: update radar_required in channel context after channel
       switch
     - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
     - [powerpc*] floppy: Add missing checks after DMA map
     - netmem: fix skb_frag_address_safe with unreadable skbs
     - wifi: iwlegacy: Check rate_idx range after addition
     - neighbour: add support for NUD_PERMANENT proxy entries
     - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
       manual
     - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
     - gve: Return error for unknown admin queue command
     - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
     - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
     - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325
     - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
     - ptp: Use ratelimite for freerun error message
     - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
     - ionic: clean dbpage in de-init
     - net: ncsi: Fix buffer overflow in fetching version id
     - drm/ttm: Should to return the evict error
     - uapi: in6: restore visibility of most IPv6 socket options
     - drm/ttm: Respect the shrinker core free target
     - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
     - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
     - vhost: fail early when __vhost_add_used() fails
     - drm/amd/display: Only finalize atomic_obj if it was initialized
     - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
       condition
     - cifs: Fix calling CIFSFindFirst() for root path without msearch
     - fbdev: fix potential buffer overflow in do_register_framebuffer()
     - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
     - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
     - fs/orangefs: use snprintf() instead of sprintf()
     - watchdog: dw_wdt: Fix default timeout
     - hwmon: (emc2305) Set initial PWM minimum value during probe based on
       thermal state
     - watchdog: iTCO_wdt: Report error if timeout configuration fails
     - scsi: bfa: Double-free fix
     - jfs: truncate good inode pages when hard link is 0
     - jfs: Regular file corruption check
     - jfs: upper bound check of tree index in dbAllocAG
     - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO
     - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
       control
     - leds: leds-lp50xx: Handle reg to get correct multi_index
     - [armhf] dmaengine: stm32-dma: configure next sg only if there are more
       than 2 sgs
     - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
     - RDMA/core: reduce stack using in nldev_stat_get_doit()
     - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
     - scsi: mpt3sas: Correctly handle ATA device errors
     - scsi: mpi3mr: Correctly handle ATA device errors
     - pinctrl: stm32: Manage irq affinity settings
     - media: tc358743: Check I2C succeeded during probe
     - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
     - media: tc358743: Increase FIFO trigger level to 374
     - media: usb: hdpvr: disable zero-length read messages
     - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
     - media: dvb-frontends: w7090p: fix null-ptr-deref in
       w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
     - media: uvcvideo: Fix bandwidth issue for Alcor camera
     - md: dm-zoned-target: Initialize return variable r to avoid uninitialized
       use
     - module: Prevent silent truncation of module name in delete_module(2)
     - i3c: add missing include to internal header
     - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
     - i3c: don't fail if GETHDRCAP is unsupported
     - i3c: master: Initialize ret in i3c_i2c_notifier_call()
     - dm-mpath: don't print the "loaded" message if registering fails
     - dm-table: fix checking for rq stackable devices
     - apparmor: use the condition in AA_BUG_FMT even with debug disabled
     - i2c: Force DLL0945 touchpad i2c freq to 100khz
     - vfio/type1: conditional rescheduling while pinning
     - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
     - scsi: target: core: Generate correct identifiers for PR OUT transport IDs
     - scsi: aacraid: Stop using PCI_IRQ_AFFINITY
     - vfio/mlx5: fix possible overflow in tracking max message size
     - ipmi: Use dev_warn_ratelimited() for incorrect message warnings
     - ipmi: Fix strcpy source and destination the same
     - net: phy: smsc: add proper reset flags for LAN8710A
     - block: avoid possible overflow for chunk_sectors check in
       blk_stack_limits()
     - pNFS: Fix stripe mapping in block/scsi layout
     - pNFS: Fix disk addr range check in block/scsi layout
     - pNFS: Handle RPC size limit for layoutcommits
     - pNFS: Fix uninited ptr deref in block/scsi layout
     - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
     - scsi: lpfc: Remove redundant assignment to avoid memory leak
     - ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
     - ASoC: soc-dai.h: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl: merge DAI call back functions into ops
     - [arm64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits
     - drm/amdgpu: fix incorrect vm flags to map bo
     - ext4: fix zombie groups in average fragment size lists
     - ext4: fix largest free orders lists corruption on mb_optimize_scan switch
     - usb: core: config: Prevent OOB read in SS endpoint companion parsing
     - misc: rtsx: usb: Ensure mmc child device is active when card is present
     - usb: typec: ucsi: Update power_supply on power role change
     - [amd64] comedi: fix race between polling and detaching
     - [amd64] thunderbolt: Fix copy+paste error in match_service_id()
     - cdc-acm: fix race between initial clearing halt and open
     - btrfs: zoned: use filesystem size not disk size for reclaim decision
     - btrfs: abort transaction during log replay if walk_log_tree() failed
     - btrfs: zoned: do not remove unwritten non-data block group
     - btrfs: fix log tree replay failure due to file with 0 links and extents
     - btrfs: do not allow relocation of partially dropped subvolumes
     - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
     - hv_netvsc: Fix panic during namespace deletion with VF
     - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
     - media: uvcvideo: Do not mark valid metadata as invalid
     - HID: magicmouse: avoid setting up battery timer when not needed
     - HID: apple: avoid setting up battery timer for devices without battery
     - serial: 8250: fix panic due to PSLVERR
     - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
     - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
     - usb: gadget: udc: renesas_usb3: fix device leak at unbind
     - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind
     - bus: mhi: host: Fix endianness of BHI vector table
     - bus: mhi: host: Detect events pointing to unexpected TREs
     - vt: keyboard: Don't process Unicode characters in K_OFF mode
     - vt: defkeymap: Map keycodes above 127 to K_HOLE
     - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
     - ksmbd: extend the connection limiting mechanism to support IPv6
     - ext4: check fast symlink for ea_inode correctly
     - ext4: fix fsmap end of range reporting with bigalloc
     - ext4: fix reserved gdt blocks handling in fsmap
     - ext4: use kmalloc_array() for array space allocation
     - ext4: fix hole length calculation overflow in non-extent inodes
     - scsi: mpi3mr: Fix race between config read submit and interrupt completion
     - ata: libata-scsi: Fix ata_to_sense_error() status handling
     - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host
       controllers
     - scsi: ufs: ufs-pci: Fix default runtime and system PM levels
     - iio: imu: bno055: fix OOB access of hw_xlate array
     - iio: adc: ad_sigma_delta: change to buffer predisable
     - wifi: brcmsmac: Remove const from tbl_ptr parameter in
       wlc_lcnphy_common_read_table()
     - wifi: ath11k: fix dest ring-buffer corruption
     - wifi: ath11k: fix source ring-buffer corruption
     - wifi: ath11k: fix dest ring-buffer corruption when ring is full
     - pwm: imx-tpm: Reset counter if CMOD is 0
     - pwm: mediatek: Handle hardware enable and clock enable separately
     - pwm: mediatek: Fix duty and period setting
     - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
     - mtd: spi-nor: Fix spi_nor_try_unlock_all()
     - PCI: endpoint: Fix configfs group list head handling
     - PCI: endpoint: Fix configfs group removal on driver teardown
     - vsock/virtio: Validate length in packet header before skb_put()
     - vhost/vsock: Avoid allocating arbitrarily-sized SKBs
     - jbd2: prevent softlockup in jbd2_log_do_checkpoint()
     - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state
     - media: gspca: Add bounds checking to firmware parser
     - [armhf] media: imx: fix a potential memory leak in
       imx_media_csc_scaler_device_init()
     - media: vivid: fix wrong pixel_array control size
     - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
     - media: usbtv: Lock resolution while streaming
     - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
     - media: ov2659: Fix memory leaks in ov2659_probe()
     - drm/amd: Restore cached power limit during resume
     - drm/amdgpu: Avoid extra evict-restore process.
     - drm/amdgpu: update mmhub 3.0.1 client id mappings
     - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
     - drm/amd/display: Don't overwrite dce60_clk_mgr
     - net, hsr: reject HSR frame if skb can't hold tag
     - ipv6: sr: Fix MAC comparison to be constant-time
     - ACPI: pfr_update: Fix the driver update version check
     - mptcp: drop skb if MPTCP skb extension allocation fails
     - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
     - f2fs: fix to do sanity check on ino and xnid (CVE-2025-38347)
     - iio: hid-sensor-prox: Restore lost scale assignments
     - iio: hid-sensor-prox: Fix incorrect OFFSET calculation
     - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event()
       (CVE-2025-38322)
     - [amd64] x86/mce/amd: Add default names for MCA banks and blocks
     - net: add netdev_lockdep_set_classes() to virtual drivers
     - btrfs: fix qgroup reservation leak on failure to allocate ordered extent
     - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
     - drm/sched: Remove optimization that causes hang when killing dependent
       jobs
     - net: enetc: fix device and OF node leak at probe
     - fscrypt: Don't use problematic non-inline crypto engines
     - block: reject invalid operation in submit_bio_noacct
     - block: Make REQ_OP_ZONE_FINISH a write operation
     - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
     - cifs: reset iface weights when we cannot find a candidate
     - usb: typec: fusb302: cache PD RX state
     - btrfs: qgroup: fix race between quota disable and quota rescan ioctl
     - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
     - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
     - btrfs: send: use fallocate for hole punching with send stream v2
     - net_sched: sch_ets: implement lockless ets_dump()
     - net/sched: ets: use old 'nbands' while purging unused classes
     - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
     - [armhf] usb: musb: omap2430: Convert to platform remove callback returning
       void
     - [armhf] usb: musb: omap2430: fix device leak at unbind
     - platform/chrome: cros_ec: Use per-device lockdep key
     - platform/chrome: cros_ec: remove unneeded label and if-condition
     - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
     - [arm64] usb: dwc3: imx8mp: fix device leak at unbind
     - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
     - btrfs: populate otime when logging an inode item
     - tls: separate no-async decryption request handling from async
       (CVE-2024-58240)
     - [amd64] crypto: qat - fix ring to service map for QAT GEN4
     - [arm64] cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1
       register
     - [amd64] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
       producer
     - mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
     - mptcp: plug races between subflow fail and subflow creation
       (CVE-2025-38552)
     - mptcp: reset fallback status gracefully at disconnect() time
     - mm: drop the assumption that VM_SHARED always implies writable
     - mm: update memfd seal write check to include F_SEAL_WRITE
     - mm: reinstate ability to map write-sealed memfd mappings read-only
     - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
     - kbuild: userprogs: use correct linker when mixing clang and GNU ld
     - [amd64] x86/reboot: Harden virtualization hooks for emergency reboot
     - [amd64] x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
     - [amd64] KVM: VMX: Flush shadow VMCS on emergency reboot
     - [arm64] KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME
       fix
     - memstick: Fix deadlock by moving removing flag earlier
     - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
     - squashfs: fix memory leak in squashfs_fill_super
     - mm/debug_vm_pgtable: clear page table entries at destroy_args()
     - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook
       830 G6
     - [s390x] sclp: Fix SCCB present check
     - drm/amd/display: Avoid a NULL pointer dereference
     - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
     - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
     - drm/amd/display: Find first CRTC and its line time in
       dce110_fill_display_configs
     - drm/amd/display: Fill display clock and vblank time in
       dce110_fill_display_configs
     - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
     - fs/buffer: fix use-after-free when call bh_read() helper
     - use uniform permission checks for all mount propagation changes
     - ftrace: Also allocate and copy hash for reading of filter files
     - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
     - iio: proximity: isl29501: fix buffered read on big-endian systems
     - most: core: Drop device reference after usage in get_channel()
     - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
     - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples
     - [amd64] comedi: pcl726: Prevent invalid irq number
     - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and
       do_insnlist_ioctl()
     - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
       test
     - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
     - usb: storage: realtek_cr: Use correct byte order for bcs->Residue
     - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
     - [arm64,armhf] usb: dwc3: Ignore late xferNotReady event to prevent halt
       timeout
     - [arm64,armhf] usb: dwc3: Remove WARN_ON for device endpoint command
       timeouts
     - [arm64] dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
     - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
     - ext4: preserve SB_I_VERSION on remount
     - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
     - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
     - [arm64] PCI: rockchip: Use standard PCIe definitions
     - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
     - [arm64] soc: qcom: mdt_loader: Enhance split binary detection
     - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header
     - f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
     - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677)
     - mptcp: disable add_addr retransmission when timeout is 0
     - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
     - mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
     - mmc: sdhci-pci-gli: Add a new function to simplify the code
     - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
     - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
     - drm/amd/display: Don't overclock DCE 6 by 15%
     - wifi: mac80211: avoid lockdep checking when removing deflink
     - wifi: mac80211: check basic rates validity in sta_link_apply_parameters
     - tls: fix handling of zero-length records on the rx_list
     - iio: imu: inv_icm42600: change invalid data error to -EBUSY
     - tracing: Remove unneeded goto out logic
     - tracing: Limit access to parser->buffer when trace_get_user failed
     - iio: light: as73211: Ensure buffer holes are zeroed
     - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
     - compiler: remove __ADDRESSABLE_ASM{_STR,}() again
     - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
     - cgroup/cpuset: Use static_branch_enable_cpuslocked() on
       cpusets_insane_config_key
     - iosys-map: Fix undefined behavior in iosys_map_clear()
     - RDMA/bnxt_re: Fix to initialize the PBL array
     - net: bridge: fix soft lockup in br_multicast_query_expired()
     - scsi: qla4xxx: Prevent a potential error pointer dereference
     - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline
       (CVE-2025-38676)
     - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
     - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug
     - ALSA: usb-audio: Fix size validation in convert_chmap_v3()
     - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
     - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
     - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
     - net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
     - ppp: fix race conditions in ppp_fill_forward_path
     - phy: mscc: Fix timestamping for vsc8584
     - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
     - gve: prevent ethtool ops after shutdown
     - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
     - igc: fix disabling L1.2 PCI-E link substate on I226 on init
     - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
     - net/sched: Remove unnecessary WARNING condition for empty child qdisc in
       htb_activate
     - bonding: update LACP activity flag after setting lacp_active
     - bonding: Add independent control state machine
     - bonding: send LACPDUs periodically in passive mode after receiving
       partner's LACPDU
     - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
     - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs
     - [s390x] hypfs: Enable limited access during lockdown
     - netfilter: nf_reject: don't leak dst refcount for loopback packets
     - alloc_fdtable(): change calling conventions.
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.150
     - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
     - scsi: core: sysfs: Correct sysfs attributes access rights
     - smb: client: fix race with concurrent opens in unlink(2)
     - smb: client: fix race with concurrent opens in rename(2)
     - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
     - nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests
     - NFS: Fix a race when updating an existing write
     - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
     - net: ipv4: fix regression in local-broadcast routes
     - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl
     - [powerpc*] kvm: Fix ifdef to remove build warning
     - HID: input: rename hidinput_set_battery_charge_status()
     - HID: input: report battery status changes immediately
     - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
     - Bluetooth: hci_event: Mark connection as closed during suspend disconnect
     - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
     - Bluetooth: hci_sync: fix set_local_name race condition
     - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
     - net: dlink: fix multicast stats being counted incorrectly
     - phy: mscc: Fix when PTP clock is register and unregister
     - net/mlx5: Reload auxiliary drivers on fw_activate
     - net/mlx5e: Update and set Xon/Xoff upon MTU set
     - net/mlx5e: Update and set Xon/Xoff upon port speed set
     - net/mlx5e: Set local Xoff after FW update
     - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
     - net: rose: split remove and free operations in rose_remove_neigh()
     - net: rose: convert 'use' field to refcount_t
     - net: rose: include node references in rose_neigh refcount
     - sctp: initialize more fields in sctp_v6_from_sk()
     - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
     - [x86] KVM: x86: use array_index_nospec with indices that come from guest
     - HID: asus: fix UAF via HID_CLAIMED_INPUT validation
     - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
     - HID: wacom: Add a new Art Pen 2
     - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()
     - Revert "drm/amdgpu: fix incorrect vm flags to map bo"
     - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
     - fs/smb: Fix inconsistent refcnt update
     - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
     - smb3 client: fix return code mapping of remap_file_range
     - drm/nouveau/disp: Always accept linear modifier
     - net: rose: fix a typo in rose_clear_routes()
     - HID: mcp2221: Don't set bus speed on every transfer
     - HID: mcp2221: Handle reads greater than 60 bytes
     - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to
       LANE0_1_STATUS"
     - xfs: do not propagate ENODATA disk errors into xattr code
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.151
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage (CVE-2025-38502)
     - btrfs: fix race between logging inode and checking if it was logged before
     - btrfs: fix race between setting last_dir_index_offset and inode logging
     - btrfs: avoid load/store tearing races when checking if an inode was logged
     - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - Bluetooth: hci_sync: Avoid adding default advertising on startup
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - [arm64] tee: fix NULL pointer dereference in tee_shm_put
     - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - [x86] xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - [arm64] net: macb: Fix tx_ptr_lock locking
     - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
     - [arm64] net: thunder_bgx: add a missing of_node_put
     - [arm64] net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - net/smc: Remove validation of reserved bits in CLC Decline message
     - mctp: return -ENOPROTOOPT for unknown getsockopt options
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register fail
     - ppp: fix memory leak in pad_compress_skb
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - ocfs2: prevent release journal inode after journal shutdown
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - cifs: prevent NULL pointer dereference in UTF16 conversion
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/slub: avoid accessing metadata when pointer is invalid in object_err()
     - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - btrfs: adjust subpage bit start based on sectorsize (CVE-2025-37931)
     - iio: light: opt3001: fix deadlock due to concurrent flag access
       (CVE-2025-37968)
     - [x86] i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
     - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
     - vmxnet3: update MTU after device quiesce
     - [arm64,armhf] spi: tegra114: Remove unnecessary NULL-pointer checks
     - [arm64,armhf] spi: tegra114: Don't fail set_cs_timing when delays are zero
     - [x86] cpufreq: intel_pstate: Revise global turbo disable check
     - [x86] cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into
       caller
     - [x86] cpufreq: intel_pstate: Do not update global.turbo_disabled after
       initialization
     - [x86] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
     - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
     - fs: relax assertions on failure to encode file handles (CVE-2024-57924)
     - drm/amd/display: Check link_res->hpo_dp_link_enc before using it
       (CVE-2024-47704)
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
     - Revert "drm/amdgpu: Avoid extra evict-restore process."
     - pcmcia: omap: Add missing check for platform_get_resource
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - [arm64] drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - drm/amdgpu: Optimize RAS TA initialization and TA unload funcs
     - drm/amdgpu: remove the check of init status in psp_ras_initialize
     - drm/amd/amdgpu: Fix style problems in amdgpu_psp.c
     - drm/amdgpu: Skip TMR allocation if not required
     - drm/amd: Make flashing messages quieter
     - drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
     - drm/amd/amdgpu: Fix missing error return on kzalloc failure
     - mm, slub: refactor free debug processing
     - slub: Reflow ___slab_alloc()
     - mm: slub: avoid wake up kswapd in set_track_prepare
     - [arm64,armhf] spi: tegra114: Use value to check for invalid delays
     - [x86] cpufreq: intel_pstate: Rearrange show_no_turbo() and
       store_no_turbo()
     - [x86] cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
     - [x86] cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.152
     - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300):
       - Documentation/hw-vuln: Add VMSCAPE documentation
       - x86/vmscape: Enumerate VMSCAPE bug
       - x86/vmscape: Add conditional IBPB mitigation
       - x86/vmscape: Enable the mitigation
       - x86/bugs: Move cpu_bugs_smt_update() down
       - x86/vmscape: Warn when STIBP is disabled with SMT
       - x86/vmscape: Add old Intel CPUs to affected list
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.153
     - mm: introduce and use {pgd,p4d}_populate_kernel()
     - media: mediatek: vcodec: Fix a resource leak related to the scp device in
       FW initialization (CVE-2025-23160)
     - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
       (CVE-2025-23143)
     - tracing: Do not add length to print format in synthetic events
     - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
     - NFSv4: Don't clear capabilities that won't be reset
     - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
     - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
     - tracing: Fix tracing_marker may trigger page fault during preempt_disable
     - ftrace/samples: Fix function size computation
     - NFSv4/flexfiles: Fix layout merge mirror check.
     - tracing: Silence warning when chunk allocation fails in trace_pid_write
     - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
       psock->cork.
     - proc: fix type confusion in pde_set_flags()
     - [x86] KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation
       code
     - [x86] KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
     - [x86] KVM: SVM: Set synthesized TSA CPUID flags
     - Revert "SUNRPC: Don't allow waiting for exiting tasks"
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
     - ocfs2: fix recursive semaphore deadlock in fiemap call
     - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM
       wakeups
     - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
     - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite
     - fuse: check if copy_file_range() returns larger than requested size
     - fuse: prevent overflow in copy_file_range return value
     - libceph: fix invalid accesses to ceph_connection_v1_info
     - mm/damon/sysfs: fix use-after-free in state_show()
     - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
     - mm/damon/lru_sort: avoid divide-by-zero in
       damon_lru_sort_apply_parameters()
     - mm/khugepaged: convert hpage_collapse_scan_pmd() to use folios
     - mm/khugepaged: fix the address passed to notifier on testing young
     - kernfs: Fix UAF in polling when open file is released
     - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
       memory
     - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
     - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO
       runtime PM wakeups"
     - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
     - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
     - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
     - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
     - [arm64,armhf] net: fec: Fix possible NPD in
       fec_enet_phy_reset_after_clk_enable()
     - tunnels: reset the GSO metadata before reusing the skb
     - docs: networking: can: change bcm_msg_head frames member to support
       flexible array
     - igb: fix link test skipping when interface is admin down
     - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
     - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
       j1939_local_ecu_get() failed
     - can: j1939: j1939_local_ecu_get(): undo increment when
       j1939_local_ecu_get() fails
     - net: hsr: Disable promiscuous mode in offload mode
     - net: hsr: Add support for MC filtering at the slave device
     - net: hsr: Add VLAN CTAG filter support
     - hsr: use rtnl lock when iterating over ports
     - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
     - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs()
     - [armhf] dmaengine: ti: edma: Fix memory allocation size for
       queue_priority_map
     - hrtimer: Remove unused function
     - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
     - hrtimers: Unconditionally update target CPU base after offline timer
       migration
     - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
     - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for
       num-channels/ees
     - [arm64] phy: tegra: xusb: fix device and OF node leak at probe
     - [armhf] phy: ti-pipe3: fix device leak at unbind
     - drm/amdgpu: fix a memory leak in fence cleanup when unloading
     - [x86] drm/i915/power: fix size for for_each_set_bit() in abox iteration
     - [arm64] soc: qcom: mdt_loader: Fix error return values in
       mdt_header_valid()
     - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize
     - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
 .
   [ Ben Hutchings ]
   * Revert to using RSA for module signatures (Closes: #1114773)
   * d/b/gencontrol.py: Extend the effect of $DEBIAN_KERNEL_DISABLE_INSTALLER
 .
   [ Santiago Ruano Rincón ]
   * d/salsa-ci.yml: Merge the extract-source job into the build's job script
   * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution
     lintian tags.
   * d/salsa-ci.yml: Early move orig tarballs back where they can be cached

log4cxx (1.0.0-1+deb12u1) bookworm; urgency=medium
 .
   [ Lukas Märdian and Tobias Frost ]
   * Backport fixes for:
     - CVE-2025-54812: Improper HTML escaping in HTMLLayout (Closes: #1111879)
     - CVE-2025-54813: Improper escaping with JSONLayout (Closes: #1111881)

luksmeta (9-4+deb12u1) bookworm; urgency=high
 .
   * Cherry-pick "Fix handling of large metadata". Closes: #111828
     [CVE-2025-11568]

lxd (5.0.2-5+deb12u2) bookworm-security; urgency=high
 .
   * Cherry-pick upstream fix for CVE-2025-64507 / GHSA-56mx-8g9f-5crf
lxd (5.0.2-5+deb12u1) bookworm-security; urgency=high
 .
   * Backport fixes for the following security issues that are unfixed by
     Canonical in the stable-5.0 branch:
     - CVE-2025-54293 / GHSA-472f-vmf2-pr3h
     - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6
     - CVE-2025-54288 / GHSA-7232-97c6-j525
   * Backport fixes for the following security issues fixed by Canonical:
     - CVE-2025-54286 / GHSA-p8hw-rfjg-689h
   * Backport patch to skip a couple of flaky tests (Closes: #1114940)

mediawiki (1:1.39.17-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 1.39.17, fixing CVE-2025-67475, CVE-2025-67477,
     CVE-2025-67478, CVE-2025-67479, CVE-2025-67480, CVE-2025-67481,
     CVE-2025-67482, CVE-2025-67484. This version is not affected by
     CVE-2025-67476, CVE-2025-67477, or CVE-2025-67483.

modsecurity-apache (2.9.7-1+deb12u2) bookworm; urgency=medium
 .
   * Fix CVE-2025-54571: Added d/patches/cve-2025-54571.patch
     (Closes: #1110480)

mongo-c-driver (1.23.1-1+deb12u2) bookworm; urgency=medium
 .
   * Fix CVE-2025-12119: mongoc_bulk_operation_t may read invalid memory if
     large options are passed.

mydumper (0.10.1-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * Fix CVE-2025-30224:
     - The MySQL C client library (libmysqlclient) allows authenticated remote
       actors to read arbitrary files from client systems via a crafted server
       response to LOAD LOCAL INFILE query, leading to sensitive information
       disclosure when clients connect to untrusted MySQL servers without
       explicitly disabling the local infile capability. Mydumper had the local
       infile option enabled by default and does not have an option to disable
       it. This can lead to an unexpected arbitrary file read if the Mydumper
       tool connects to an untrusted server.
   * Add autopkgtest integration tests
   * Add debian/gbp.conf
mydumper (0.10.1-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * Fix CVE-2025-30224:
     - The MySQL C client library (libmysqlclient) allows authenticated remote
       actors to read arbitrary files from client systems via a crafted server
       response to LOAD LOCAL INFILE query, leading to sensitive information
       disclosure when clients connect to untrusted MySQL servers without
       explicitly disabling the local infile capability. Mydumper had the local
       infile option enabled by default and does not have an option to disable
       it. This can lead to an unexpected arbitrary file read if the Mydumper
       tool connects to an untrusted server.
   * Add autopkgtest integration tests
   * Add debian/gbp.conf

nncp (8.8.2-3+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Prevent path traversal during freq/file (CVE-2025-60020)
     (Closes: #1115848)

node-sha.js (2.4.11+~2.4.0-2+deb12u1) bookworm-security; urgency=medium
 .
   * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288)
   * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array

node-tar-fs (2.1.3-0+deb12u2) bookworm-security; urgency=medium
 .
   * Apply fix for CVE-2025-59343 (Closes: #1116338)

nvidia-graphics-drivers (535.261.03-1) bookworm; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.261.03 (2025-07-17).
     * Fixed CVE-2025-23279, CVE-2025-23286.  (Closes: #1109907)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5670
     - Fixed a bug that could cause 32-bit x86 applications running on
       recent builds of glibc to crash on dlopen().
     - Fixed an issue that could cause render-offloaded applications using
       KDE Frameworks 6 to crash.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (535.247.01-2) UNRELEASED; urgency=medium
 .
   [ Andreas Beckmann ]
   * Backport drm_connector_helper_funcs_mode_valid_has_const_mode_arg changes
     from 550.163.01 and ccflags-y, nv_timer_delete_sync, __iowrite64_lo_hi,
     page_pgmap and make_device_exclusive changes from 570.153.02 and
     nv_vma_start_write changes from 570.169 to fix kernel module build for
     Linux 6.15.
 .
   [ Luca Boccassi ]
   * Remove myself from Uploaders.
nvidia-graphics-drivers (535.247.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.247.01 (2025-04-17).
     * Fixed CVE-2025-23244.  (Closes: #1104068)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5630
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.

nvidia-open-gpu-kernel-modules (535.261.03-1) bookworm; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.261.03 (2025-07-17).
     * Fixed CVE-2025-23279, CVE-2025-23286.  (Closes: #1109915)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5670
   * Sync with src:nvidia-graphics-drivers.
   * Upload to bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.247.01-2) UNRELEASED; urgency=medium
 .
   * Backport page_pgmap and hmm_make_device_exclusive_range changes from
     570.153.02 to fix open kernel module build for Linux 6.15.
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (535.247.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.247.01 (2025-04-17).
     * Fixed CVE-2025-23244.  (Closes: #1104076)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5630
   * Sync with src:nvidia-graphics-drivers.

onetbb (2021.8.0-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Skip some tests when the machine has a single CPU. Closes: #1108053.
   * Skip test_mutex, it fails in Salsa CI. Closes: #1094260.

open-vm-tools (2:12.2.0-1+deb12u4) bookworm; urgency=high
 .
   * [e4ad4b0] Run debdiff in CI
   * [039e4a0] Disable (default) the execution of the SDMP get-versions.sh script
     (CVE-2025-41244)
     Thanks to Salvatore Bonaccorso

openjdk-17 (17.0.17+10-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm
openjdk-17 (17.0.17~8ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.17 early access, build 8.
 .
   [ Vladimir Petko ]
   * d/t/problems.csv: Synchronize problem list.
openjdk-17 (17.0.17~5ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.17 early access, build 5.
 .
   [ Matthias Klose ]
   * Build using GCC 15 on development releases.
 .
   [ Vladimir Petko ]
   * d/rules: Disable jtreg test for riscv on focal.
openjdk-17 (17.0.16+8-1) unstable; urgency=high
 .
   * OpenJDK 17.0.16 release, build 8.
     - Addresses CVE-2025-5010, CVE-2025-50059, CVE-2025-30754, CVE-2025-30749.
       See https://openjdk.org/groups/vulnerability/advisories/2025-07-15.
     - Release notes:
       https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-July/045614.html
 .
   [ Vladimir Petko ]
   * d/p/jdk-8359735-proposed.patch: Fix process tests failing in Ubuntu 25.10.
   * d/copyright-generator/copyright-gen.py: Bump copyright year.
   * d/copyright: Regenerate.

openrefine (3.6.2-2+deb12u3) bookworm; urgency=medium
 .
   * Fix CVE-2024-23833, CVE-2024-47878, CVE-2024-47880, CVE-2024-47881,
     CVE-2024-47882 and CVE-2024-49760.
     OpenRefine is a free, open source tool for data processing. Users could be
     tricked into opening malicious websites which then enabled attackers to run
     arbitrary code on the server due to improper escaping or code restrictions.

openssl (3.0.18-1~deb12u1) bookworm; urgency=medium
 .
   * Import 3.0.18
openssl (3.0.17-1~deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap)
   * CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling)

openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.

pam (1.5.2-6+deb12u2) bookworm; urgency=medium
 .
   * Fix CVE-2025-6020: local privilege escalation in pam_namespace, Closes: #1107919
   * Check for explicit_bzero and memset_explicit so pam_namespace can
     use them

pdfminer (20221105+dfsg-1.1~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Rebuild for bookworm-security

pgbouncer (1.18.0-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-2291: expired password can be used.
     Password can be used past expiry in PgBouncer due to auth_query not
     taking into account Postgres its VALID UNTIL value, which allows an
     attacker to log in with an already expired password (Closes: #1103394)
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.

postgresql-15 (15.15-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.15.
 .
     + Check for CREATE privileges on the schema in CREATE STATISTICS
       (Jelte Fennema-Nio)
 .
       This omission allowed table owners to create statistics in any schema,
       potentially leading to unexpected naming conflicts.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2025-12817)
 .
     + Avoid integer overflow in allocation-size calculations within libpq
       (Jacob Champion)
 .
       Several places in libpq were not sufficiently careful about computing
       the required size of a memory allocation.  Sufficiently large inputs
       could cause integer overflow, resulting in an undersized buffer, which
       would then lead to writing past the end of the buffer.
 .
       The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies
       for reporting this problem. (CVE-2025-12818)

python-internetarchive (3.3.0-2~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * backport fix for directory transversal issue (Closes: #1114635,
     CVE-2025-58438)

qemu (1:7.2+dfsg-7+deb12u18) bookworm; urgency=medium
 .
   * v7.2.22:
    - Update version for 7.2.22 release
    - hw/misc/npcm_clk: Don't divide by zero when calculating frequency
    - hw/display/xlnx_dp: Don't abort for unsupported graphics formats
    - hw/display/xlnx_dp.c: Don't abort on AUX FIFO overrun/underrun
    - net: pad packets to minimum length in qemu_receive_packet()
    - hw/net/e1000e_core: Adjust
      e1000e_write_payload_frag_to_rx_buffers() assert
    - hw/net/e1000e_core: Correct rx oversize packet checks
    - hw/net/e1000e_core: Don't advance desc_offset
      for NULL buffer RX descriptors
    - qio: Protect NetListener callback with mutex
    - qio: Remember context of qio_net_listener_set_client_func_full
    - qio: Unwatch before notify in QIONetListener
    - qio: Add trace points to net_listener
    - block/curl.c: Fix CURLOPT_VERBOSE parameter type
    - block/curl.c: Use explicit long constants in curl_easy_setopt calls
    - crypto: stop requiring "key encipherment" usage in x509 certs
    - io: fix use after free in websocket handshake code
      Closes: #1117153, CVE-2025-11234 (UAF in websocket handshake code)
    - io: move websock resource release to close method
    - io: release active GSource in TLS channel finalizer
    - io: add trace event when cancelling TLS handshake
    - linux-user: permit sendto() with NULL buf and 0 len
    - linux-user: Use correct type for FIBMAP and FIGETBSZ emulation
    - target/i386: user: do not set up a valid LDT on reset
    - async: access bottom half flags with qatomic_read
    - i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
    - i386/cpu: Prevent delivering SIPI during SMM in TCG mode
    - target/i386: Fix CR2 handling for non-canonical addresses
   * v7.2.21:
    - Update version for 7.2.21 release
    - ui/icons/qemu.svg: Add metadata information (author, license) to the logo
    - hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint
    - tests/tcg/multiarch: Add tb-link test
    - accel/tcg: Properly unlink a TB linked to itself
    - multiboot: Fix the split lock
    - python/qemu/machine: use socketpair() for QMP by default
    - python/qmp/legacy: make QEMUMonitorProtocol accept a socket
    - python/qmp/protocol: add open_with_socket()
    - python/machine: Fix AF_UNIX path too long on macOS
    - use fedora:37 for python container instead of :latest
    - hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response
    - tests: Ensure TAP version is printed before other messages
    - tests/qtest: Do not run lsi53c895a test if device is not present
    - Revert "tests/qtest: use qos_printf instead of g_test_message"
    - vhost-user-test: no set non-blocking for cal fd less than 0.
    - tests: vhost-user-test: release mutex on protocol violation
    - .gitmodules: move u-boot mirrors to qemu-project-mirrors
    - hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT
qemu (1:7.2+dfsg-7+deb12u17) bookworm; urgency=medium
 .
   * v7.2.20:
    - Update version for 7.2.20 release
    - block/curl: fix curl internal handles handling
      (Closes: #1111809 for 7.2.x)
    - target/mips: fix TLB huge page check to use 64-bit shift
    - linux-user/mips: Select M14Kc CPU to run microMIPS binaries
    - linux-user/mips: Select 74Kf CPU to run MIPS16e binaries
    - elf: Add EF_MIPS_ARCH_ASE definitions
    - linux-user/mips: Do not try to use removed R5900 CPU
    - linux-user/mips: Use P5600 as default CPU to run NaN2008 ELF binaries
    - e1000e: Prevent crash from legacy interrupt firing after MSI-X enable
    - qga: Fix truncated output handling in guest-exec status reporting
    - qga: Fix memory leak when output stream is unused
    - hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
    - scripts/kernel-doc: Avoid new Perl precedence warning
    - virtio-net: Add queues for RSS during migration
    - virtio-net: Add queues before loading them
    - virtio-net: Add only one queue pair when realizing
      (the 3 virtio-net changes above Closes: #1112044 in 7.2.x)
    - i386/tcg/svm: fix incorrect canonicalization
    - hw/sd/ssi-sd: Return noise (dummy byte) when no card connected
    - qemu-iotests: Ignore indentation in Killed messages
    - hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030
    - target/arm: Fix handling of setting SVE registers from gdb
    - target/arm: Fix big-endian handling of NEON gdb remote debugging
    - hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active
    - hw/net/cadence_gem: fix register mask initialization
    - target/mips: Only update MVPControl.EVP bit if executed by master VPE
    - linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
    - target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
    - target/arm/sme: Rebuild hflags in aarch64_set_svcr()
    - target/arm/sme: Reset ZA state in aarch64_set_svcr()
    - target/arm/sme: Reset SVE state in aarch64_set_svcr()
    - target/arm/sme: Introduce aarch64_set_svcr()
    - target/arm/sme: Rebuild hflags in set_pstate() helpers
    - target/arm/sme: Reorg SME access handling in handle_msr_i()
    - target/i386: fix width of third operand of VINSERTx128
    - hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation

qpwgraph (0.3.9-1+deb12u1) bookworm-proposed-updates; urgency=medium
 .
   * d/control: Add libqt6svg6 to depends (Closes: #1091998)

r-cran-gh (1.4.0-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-54956.patch: Add patch to fix CVE-2025-54956.
     - The HTTP response is delivered in a data structure that
       includes the Authorization header from the corresponding HTTP
       request (closes: #1110481).

rails (2:6.1.7.10+dfsg-1~deb12u2) bookworm-security; urgency=medium
 .
   * Team upload
   * Add SalsaCI
   * Fix CVE-2025-24293 (Closes: #1111106)
     Active Record connects classes to relational database tables.
     The ID passed to find or similar methods may be logged without
     escaping. If this is directly to the terminal it may include
     unescaped ANSI sequences.
   * Fix CVE-2025-55193.
     Active Storage attempts to prevent the use of potentially unsafe image
     transformation methods and parameters by default.
     The default allowed list contains three methods allowing
     for the circumvention of the safe defaults which enables potential
     command injection vulnerabilities in cases where arbitrary
     user supplied input is accepted as valid transformation methods
     or parameters.

rear (2.7+dfsg-1+deb12u1) bookworm; urgency=high
 .
   * Fix CVE-2024-23301:
     - Prevent created initrd from being world-readable when GRUB_RESCUE=y.

redis (5:7.0.15-1~deb12u6) bookworm-security; urgency=medium
 .
   * CVE-2025-46817 / CVE-2025-46818 / CVE-2025-49844 / CVE-2025-46819

request-tracker4 (4.4.6+dfsg-1.1+deb12u3) bookworm-security; urgency=medium
 .
   * Apply upstream patch which fixes a security vulnerability.
     - [CVE-2025-61873] Fix CSV injection via ticket values with special
       characters that are exported to a TSV from search results.

request-tracker5 (5.0.3+dfsg-3~deb12u4) bookworm-security; urgency=medium
 .
   * Apply upstream patch which fixes a security vulnerability.
     - [CVE-2025-61873] Fix CSV injection via ticket values with special
       characters that are exported to a TSV from search results.

rescue (1.93+deb12u1) bookworm; urgency=medium
 .
   [ Pascal Hambourg and Nicholas D Steeves ]
   * Add preliminary support for rescuing Debian installed to a btrfs
     subvolume (Closes: #1018894, #1103476).  Supported rescue cases are:
     1. The default installation to @rootfs (bullseye and later)
     2. The default installation to subvolid=5 (buster or earlier).
        "subvolid=5" was chosen over "subvol=/" for maximum disambiguation.
 .
   [ Pascal Hambourg ]
   * Add support for rescuing btrfs systems installed via the Calamares
     installer found on Debian Live images: it uses subvol=@ (instead of
     subvol=@rootfs as seen with debian-installer).
 .
   [ Cyril Brulebois ]
   * Cherry-pick the first part from the 1.100 and 1.102 uploads.
   * Cherry-pick the second part from the 1.103 upload.

rlottie (0.1+dfsg-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2025-0634 (Closes: #1109341)
     CVE-2025-53074
     CVE-2025-53075
     Most patches to fix these issues are already part of:
       Fix-crash-on-invalid-data.patch
     The remaining boundary check is left in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch
     For the sake of completeness, the whole upstream patch
     for these CVEs is added in:
       CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org

roundcube (1.6.5+dfsg-1+deb12u6) bookworm-security; urgency=high
 .
   * Cherry pick upstream security fixes from v1.6.12 (closes: #1122899):
     + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate
       tag.
     + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML
       style sanitizer.

rsync (3.2.7-1+deb12u4) bookworm; urgency=medium
 .
   * Team upload.
   * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158
 .
     A malicious client acting as the receiver of an rsync file transfer
     can trigger an out of bounds read of a heap based buffer,
     via a negative array index.
rsync (3.2.7-1+deb12u3) bookworm; urgency=medium
 .
   * Team upload.
   * d/control: Add B-D acl and attr, used for tests-only, no impact to
     resulting binaries
   * d/tests: New tests:
     - rsync-help: Superficial test for "-h"
     - local-tests: End-to-end tests with local transfers
     - remote-tests: End-to-end tests through ssh
     - upstream-tests-as-root: Upstream unit tests, run as root

ruby-rack (2.2.20-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 2.2.20.
     - CVE-2025-32441: Rack session can be restored after deletion.
     - CVE-2025-46727: Unbounded parameter parsing in Rack::QueryParser
       can lead to memory exhaustion.
     - CVE-2025-59830: Unbounded parameter parsing in Rack::QueryParser
       can lead to memory exhaustion via semicolon-separated parameters.
     - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS
       (memory exhaustion).
     - CVE-2025-61771: Multipart parser buffers large non‑file fields
       entirely in memory, enabling DoS (memory exhaustion).
     - CVE-2025-61772: Multipart parser buffers unbounded per-part headers,
       enabling DoS (memory exhaustion).
     - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead
       to memory exhaustion.
     - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may
       allow proxy bypass.
     - Closes: #1104927, #1116431, #1117855, #1117856, #1117627, #1117628

ruby-sinatra (3.0.5-3+deb12u1) bookworm; urgency=medium
 .
   * Prevent Regexp DoS in ETag generation [CVE-2025-61921] (Closes: #1118290)
   * debian/gbp.conf: point debian branch to debian/bookworm

rust-cbindgen-web (0.27.0-1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport to bookworm as rust-cbindgen-web. Since we're vendoring
     the dependencies, we can't easily ship a librust-cbindgen-dev package
     as it's dependencies won't be available, and there are build-rdeps
     for that binary now so we can't just disable it.
   * Vendor dependencies, they are not available in bookworm.
   * Only build the cbindgen binary. Since we're vendoring the dependencies,
     we can't easily ship a librust-cbindgen-web-dev package as its
     dependencies won't be available.
   * Build with rustc-web.

samba (2:4.17.12+dfsg-0+deb12u3) bookworm; urgency=medium
 .
   * CVE-2018-14628: Unprivileged read of deleted object tombstones
     in AD LDAP server.  Closes: #1034803
   * CVE-2025-10230: Command injection via WINS server hook script
   * CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr

shadow (1:4.13+dfsg1-1+deb12u2) bookworm; urgency=medium
 .
   * Apply upstream patch to fix groupmod -U "" segfault (Closes: #1122913)

shibboleth-sp (3.4.1+dfsg-2+deb12u1) bookworm-security; urgency=high
 .
   * [80ae771] New patch: SSPCPP-1014 - Extend escaping in strings.
     Fix SQL injection vulnerability in Service Provider ODBC plugin:
     specially crafted inputs can exfiltrate information stored in the
     database used by the SP.  The vulnerability is moderate to high
     severity for anyone using the ODBC plugin, and of no impact for others.
     Thanks to Scott Cantor (Closes: #1114506)

sogo (5.8.0-2+deb12u2) bookworm; urgency=medium
 .
   * Fixing wrong CVE number for CVE-2023-48104.
sogo (5.8.0-2+deb12u1) bookworm; urgency=high
 .
   [ Tobias Frost ]
   * Non-maintainer upload.
   * Cherry-pick patch from salsa repo to fix below mentioned
     WSTG-INPV-02 issue. (The patch was present in the git repo,
     but the never released as part of a package)
   * CVE-2024-48104 - HTML Injection (Closes: #1060925)
   * CVE-2024-24510 - CSS Injection
   * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163)
   * CVE-2025-63498 - Cross Site Scripting (XSS)
   * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
 .
   [ Jordi Mallach ]
   * Add upstream fix for a WSTG-INPV-02 security issue, crash on
     invalid mailIdentities.

squid (5.7-2+deb12u5) bookworm; urgency=medium
 .
   * Non maintainer upload by LTS team
   * Fix CVE-2023-46728:
     Due to a NULL pointer dereference bug Squid is vulnerable
     to a Denial of Service attack against Squid's Gopher gateway.
   * Fix CVE-2025-59362 (Closes: #1117048)
     Squid mishandles ASN.1 encoding of long SNMP OIDs.
   * Remove Gopher support
   * Fix CVE-2024-45802: Disable ESI feature support.
     Due to Input Validation, Premature Release of Resource During Expected
     Lifetime, and Missing Release of Resource after Effective Lifetime bugs,
     Squid is vulnerable to Denial of Service attacks by a trusted server
     against all clients using the proxy. This problem is fixed by changing
     the build configuration to specify the --disable-esi option.
squid (5.7-2+deb12u4) bookworm-security; urgency=medium
 .
   * CVE-2025-62168 (Closes: #1118341)

strongswan (5.9.8-5+deb12u2) bookworm-security; urgency=medium
 .
   * d/patches: add fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291)

sudo (1.9.13p3-1+deb12u3) bookworm; urgency=medium
 .
   * Apply a patch fro Marcos Del Sol Vives to Enable Intel CET on amd64 only.
     This has been discussed with the TC in #1113774. After following their
     advice to apply the patch, I verified that this change produces an
     identical deb on amd64 (Closes: #1124339)

swift (2.30.1-0+deb12u1) bookworm-security; urgency=medium
 .
   [ Thomas Goirand ]
   * New upstream release.
   * Removed CVE-2022-47950-stable-zed.patch applied upstream.
   * Add swift-recon-only-query-object-servers-once.patch.
   * Add drive-full-checker.patch.
   * Blacklist tests:
     - test_get_conns_hostname6
     - test_get_conns_v6
     - test_get_conns_v6_default
   * Add kms_keymaster-allow-specifying-barbican_endpoint.patch.
   * kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By
     sending those endpoints a valid AWS Signature (e.g., from a presigned S3
     URL), an unauthenticated attacker may obtain Keystone authorization
     (ec2tokens can yield a fully scoped token; s3tokens can reveal scope
     accepted by some services), resulting in unauthorized access and privilege
     escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable
     by unauthenticated clients (e.g., exposed on a public API) are affected.
     Add bug-2119646-swift.patch, which offers swift side compatibility with the
     keystone fix.
   * Blacklist non-deterministic tests:
     - test_delete_partition_ssync_with_cleanup_failure
     - test_cleanup_ondisk_files_commit_window
 .
   [ Philippe SÉRAPHIN ]
   * Add Change_getting_major_minor_of_blkdev.patch.

symfony (5.4.23+dfsg-1+deb12u5) bookworm; urgency=medium
 .
   * Backport security fix from Symfony 5.4.50
     - [HttpFoundation] Fix parsing pathinfo with no leading slash
       [CVE-2025-64500]
   * [Finder] Drop data from testsuite

syslog-ng (3.38.1-5+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Add fix for CVE-2024-47619: `tls_wildcard_match()` matches on certificates
     such as `foo.*.bar` although that is not allowed. It is also possible to
     pass partial wildcards such as `foo.a*c.bar` which glib matches but should
     be avoided / invalidated. This issue could have an impact on TLS
     connections, such as in man-in-the-middle situations.

thunderbird (1:140.6.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:140.5.0esr-1) unstable; urgency=medium
 .
   [ Paul Gevers ]
   * [e457726] tests: help.sh is really a very superficial test, so let's mark
     it as such (Closes: #1120427)
 .
   [ Christoph Goehre ]
   * [4908c1a] New upstream version 140.5.0esr
     Fixed CVE issues in upstream version 140.5 (MFSA 2025-91):
     CVE-2025-13012: Race condition in the Graphics component
     CVE-2025-13016: Incorrect boundary conditions in the JavaScript:
                     WebAssembly component
     CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications
                     component
     CVE-2025-13018: Mitigation bypass in the DOM: Security component
     CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component
     CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component
     CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component
     CVE-2025-13014: Use-after-free in the Audio/Video component
     CVE-2025-13015: Spoofing issue in Thunderbird
thunderbird (1:140.5.0esr-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security
thunderbird (1:140.5.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:140.4.0esr-1) unstable; urgency=medium
 .
   * [d34f599] New upstream version 140.4.0esr
     Fixed CVE issues in upstream version 140.4 (MFSA 2025-85):
     CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
     CVE-2025-11709: Out of bounds read/write in a privileged process triggered
                     by WebGL textures
     CVE-2025-11710: Cross-process information leaked due to malicious IPC
                     messages
     CVE-2025-11711: Some non-writable Object properties could be modified
     CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on
                     web resources without a content-type
     CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”
                     command
     CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox
                     ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and
                     Thunderbird 144
     CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
                     ESR 140.4, Firefox 144 and Thunderbird 144
thunderbird (1:140.4.0esr-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security
thunderbird (1:140.4.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:140.3.1esr-1) unstable; urgency=medium
 .
   * [f86a89f] New upstream version 140.3.1esr
   * [87cb9f6] d/control: Update packages need to have a Breaks
     Updating the packages in the Breaks field as like very often with a new
     ESR version some AddOns need to be bumped too. Removing old non existing
     or not relevant packages from the field. Adding these new packages:
     webext-allow-html-temp (<= 10.0.8-1~)
     webext-dav4tbsync (<= 4.8-2~)
     webext-eas4tbsync (<= 4.17-1~)
     webext-mailmindr (<= 1.7.1-2~)
     webext-quicktext (<= 6.4.6-1~)
     webext-tbsync (<= 4.16-1~)
     webext-xnotepp (<= 4.5.81-1~)
     (Closes: #1116976)
thunderbird (1:140.3.0esr-1) unstable; urgency=medium
 .
   [ Carsten Schoenert ]
   * [de64a72] d/watch: Mangle 'esr' suffix from version
   * [85543ab] New upstream version 140.3.0esr
     Fixed CVE issues in upstream version 140.3 (MFSA 2025-78):
     CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics:
                     Canvas2D component
     CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer
                     in the Graphics: Canvas2D component
     CVE-2025-10529: Same-origin policy bypass in the Layout component
     CVE-2025-10532: Incorrect boundary conditions in the JavaScript:
                     GC component
     CVE-2025-10533: Integer overflow in the SVG component
     CVE-2025-10536: Information disclosure in the Networking: Cache component
     CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3,
                     Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
     (Closes: #1115605)
   * [635002d] Rebuild patch queue from patch-queue branch
   * [6d2f42d] d/control: Remove Rules-Requires-Root
 .
   [ Carles Pina i Estany ]
   * [634cd34] d/control: Drop Recommends on thunderbird-l10n-fi
     (Closes: #1115457)
 .
   [ Dandan Zhang ]
   * [00691f6] d/control: Adding loong64 architecture
     (Closes: #1059966)
thunderbird (1:140.2.0esr-1) experimental; urgency=medium
 .
   [ Christoph Goehre ]
   * [3449bf5] d/rules: export CC and CXX definitions on ppc64
     This is a follow-up fix for [cb1ed45].
 .
   [ Carsten Schoenert ]
   * [2e811f6] d/watch: Migrate to version 5
   * [ddad9bc] New upstream version 140.2.0esr
thunderbird (1:140.1.1esr-1) experimental; urgency=medium
 .
   * [e6e4d2d] d/source.filter: Update content to filter out
   * [4b7d308] New upstream version 140.1.1esr
   * [472919e] d/rules: Add target for NSS and NSPR versions
   * [3e7b6b0] d/control: Bump B-D for libnss3-dev
thunderbird (1:140.1.0esr-1) experimental; urgency=medium
 .
   [ Christoph Goehre ]
   * [7ac28d3] d/rules: export 'Clto=thin' on i386 to stay in the memory budged
     Added patch:
     debian-hacks/Allow-to-override-rust-LTO-flag.patch
 .
   [ Carsten Schoenert ]
   * [2ed0df2] d/create-upstream-tarballs.py: Use the real CDN URL
   * [82f0f9e] New upstream version 140.1.0esr
   * [fb16995] Rebuild patch queue from patch-queue branch
     Added patch:
     porting-ppc64el/skia-Adjust-detection-of-ppc64-architecture.patch
   * [ad0c4b4] d/control: Increase Standards-Version to 4.7.2
     No further changes needed.
   * [dc57502] d/copyright: Update content due upstream changes
   * [3e8fe05] d/s/lintian-overrides: Update data due upstream changes
   * [4378ab3] d/t-lintian-overrides: Update due build changes
 .
   [ John Paul Adrian Glaubitz ]
   * [cb1ed45] d/rules: Use gcc and g++ on ppc64
     (Closes: #1109861)
thunderbird (1:140.0.1esr-1) experimental; urgency=medium
 .
   [ Christoph Goehre ]
   * [259f52c] New upstream version 140.0.1esr (Closes: #1109451)
   * [a5a86f3] rebuild patch queue from patch-queue branch
     obsolete patches (fixed upstream):
     debian-hacks/Downgrade-cbindgen-requirement.patch
   * [fe04434] d/rules, d/thunderbird.install: ignore additional binary
     crashhelper for now
 .
   [ Alessandro Astone ]
   * [f5a46a4] Update rule to drop dependency on gtk2 with the new t64 package
     name
thunderbird (1:138.0-1) experimental; urgency=medium
 .
   * [870fc65] New upstream version 138.0
   * [cc0885e] rebuild patch queue from patch-queue branch
     added patches:
     debian-hacks/Downgrade-cbindgen-requirement.patch
   * [f7487ae] d/control: bump cbindgen build dependency
   * [61f6d95] d/thunderbird.install: install interesting_serverknobs.json file
thunderbird (1:137.0-1) experimental; urgency=medium
 .
   * [148e2f7] New upstream version 137.0
thunderbird (1:136.0-1) experimental; urgency=medium
 .
   * [3f06ac7] New upstream version 136.0
thunderbird (1:135.0-1) experimental; urgency=medium
 .
   * [bdcaf66] Revert "d/rules: Move/rename third party Python modul temporarly"
     (Closes: #1093362)
   * [e33e9d8] New upstream version 135.0
   * [e68ae48] rebuild patch queue from patch-queue branch
     modified patches:
     porting-mips64el/skia-Disable-musttail-on-mips64.patch
     porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch
     thunderbird-l10n/sl-change-Edit-Uredi-to-CTRL-E.patch
     obsolete patches (fixed upstream):
     porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch
thunderbird (1:132.0~b6-1) experimental; urgency=medium
 .
   * [282778e] d/changelog: Correct small typo
   * [b5b363b] New upstream version 132.0~b6
   * [7e23518] d/control: Bump various B-D versions, drop non needed
   * [f979f8f] d/thunderbird.postinst: Correct misspelled THUNDERBIRD_LIBDIR
     (Closes: #1082842)
thunderbird (1:130.0~b3-1) experimental; urgency=medium
 .
   * [041e622] d/control: Fix short description for thunderbird-l10n-lv
     (Closes: #1079029)
   * [820aec2] New upstream version 130.0~b3
   * [628eb92] d/control: Readd dependencies on librnp{0,-dev}
   * [8e6b0e8] d/rules: Move/rename third party Python modul temporarly
   * [ee4c48d] d/source.filter: Exclude some JS files from exclusion
thunderbird (1:129.0~b6-1) experimental; urgency=medium
 .
   [ Carsten Schoenert ]
   * [5ee74f4] d/watch: Now watch out for 'esr' suffixed versions
   * [8e4b85a] d/thunderbird.desktop: Update data with upstream data
     (Closes: #1042912, #1051261)
   * [a0e3d2e] New upstream version 129.0~b6
   * [0b12902] d/control: Drop B-D on libdbus-glib-1-dev
     (Closes: #955955)
   * [cf730a8] d/create-upstream-tarballs.py: Ignore version 129.0
   * [0528b45] d/s/lintian-overrides: Update some overrides
 .
   [ Michael Weghorn ]
   * [e4d3be0] Use app ID that matches the desktop file name
     (Closes: #1022037)
thunderbird (1:128.14.0esr-1) unstable; urgency=medium
 .
   * [4f3d4b8] New upstream version 128.14.0esr
     Fixed CVE issues in upstream version 128.14 (MFSA 2025-71):
     CVE-2025-9179: Sandbox escape due to invalid pointer in the
                    Audio/Video: GMP component
     CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D
                    component
     CVE-2025-9181: Uninitialized memory in the JavaScript Engine component
     CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
                    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
                    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
thunderbird (1:128.14.0esr-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security

tiff (4.5.0-6+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2025-9900

tryton-sao (6.0.28+ds1-2+deb12u2) bookworm-security; urgency=high
 .
   * Add 02_escape_completion_content.patch
     Patch for security issue:
     https://foss.heptapod.net/tryton/tryton/-/issues/14363
     Stored XSS Vulnerability Found in Party Field Leading to Arbitrary
     JavaScript Execution
     S.a. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121233
tryton-sao (6.0.28+ds1-2+deb12u1) bookworm-security; urgency=high
 .
   * Add 01_xss_vulnerability_attachments_preview.patch.
     Patch for security issue:
     https://bugs.tryton.org/14290
     https://discuss.tryton.org/t/security-release-for-issue-14290/8895
     The HTML element used to display the document is based on the mimetype.
     And by default a sandboxed iframe is used to isolate the unsafe content from
     the parent context.

tryton-server (6.0.29-2+deb12u4) bookworm-security; urgency=high
 .
   * Add 06_traceback_in_RPC.patch,
     07_enforce_access_check_html_editor.patch,
     08_enforce_access_check_export_data.patch
 .
     Fixes for security issues:
 .
      Enforce access check in HTML editor route
      https://bugs.debian.org/1121241 (s.a. #1121241)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14364
 .
      Include the traceback only in RPC responses in development mode
      https://bugs.debian.org/1121242 (s.a. #1121242)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14354
 .
      Enforce access check in export_data
      https://bugs.debian.org/1121243 (s.a. #1121243)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14366

u-boot (2023.01+dfsg-2+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2024-57254.patch: Add patch to fix CVE-2024-57254.
     - Fix an integer overflow in sqfs_inode_size (closes: 1098254).
   * d/patches/CVE-2024-57255.patch: Add patch to fix CVE-2024-57255.
     - Fix an integer overflow in sqfs_resolve_symlink (closes: #1098254).
   * d/patches/CVE-2024-57256.patch: Add patch to fix CVE-2024-57256.
     - Fix an integer overflow in ext4fs_read_symlink (closes: #1098254).
   * d/patches/CVE-2024-57257.patch: Add patch to fix CVE-2024-57257.
     - Fix a stack consumption issue in sqfs_size possible with deep symlink
       nesting (closes: #1098254).
   * d/patches/CVE-2024-57258-1.patch, d/patches/CVE-2024-57258-2.patch,
     d/patches/CVE-2024-57258-3.patch: Add patches to fx CVE-2024-57258.
     - Fix multiple integer overflows (closes: #1098254).
   * d/patches/CVE-2024-57259.patch: Add patch to fix CVE-2024-57259.
     - Fix an off-by-one error resulting in a heap memory corruption in
       sqfs_search_dir (closes: #1098254).

ublock-origin (1.67.0+dfsg-1~deb12u1) bookworm; urgency=medium
 .
   * Backport version 1.67.0 to bookworm to improve user experience and
     add new filter capabilities. (Closes: #1059545)
   * Fix CVE-2025-4215: Regular Expression Denial of Service (ReDoS)
     (Closes: #1104635)
ublock-origin (1.62.0+dfsg-2) unstable; urgency=medium
 .
   * Fix CVE-2025-4215:
     A remote attacker could abuse an inefficient regular expression in
     ublock-origin's filters to cause a denial-of-service and freeze a web
     browser. (Closes: #1104635)
ublock-origin (1.62.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.62.0+dfsg.
ublock-origin (1.60.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.60.0+dfsg. (Closes: #1078943)
ublock-origin (1.57.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.57.0+dfsg.
ublock-origin (1.55.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.55.0+dfsg.
ublock-origin (1.54.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.54.0+dfsg.
ublock-origin (1.53.3rc0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.53.3rc0+dfsg. (Closes: #1055315)
ublock-origin (1.52.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.52.0+dfsg. (Closes: #1052658)
ublock-origin (1.51.0+dfsg-2) unstable; urgency=medium
 .
   * Replace js-beautify and csstree Javascript libraries with system libraries.
     Document the licenses of js-beautify, csstree and hsluv in debian/copyright.
     Add the missing source file of hsluv.js to debian/missing-sources.
     Thanks to Bastien Roucariès for the report. (Closes: #1042757)
ublock-origin (1.51.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 1.51.0+dfsg. (Closes: #1039061)
   * Build the minified asset filters from source. Build-depend on nodejs.
   * d/control: Remove obsolete Breaks and Replaces.

unbound (1.17.1-2+deb12u4) bookworm; urgency=medium
 .
   * CVE-2024-33655.patch: remove unrelated change
     testdata/fwd_udptmout.tdir/fwd_udptmout.conf is not modified
     by the upstream commit in question (c3206f4568f6)
   * fix-823-Response-change-to-NODATA-for-some-ANY-queries.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/823
   * fix-not-following-cleared-RD-flags-amplification.patch
     fix potential amplification DDoS attacks
   * replace combined CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
     with 2 separate upstream commits, add patch descriptions, and add
     missing changes for testdata files:
      o CVE-2023-50387-DNSSEC-verification-complexity.patch
      o CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch
   * 3 changes to fix CVE-2025-11411 (possible domain hijacking attack):
      o 1-iterator-iter_scrub.c-pass-module_env-parameter-to-s.patch
        (a change from "Add harden-unknown-additional option" upstream patch)
      o 2-possible-domain-hijacking-attack.patch
      o 3-additional-fix-for-possible-domain-hijacking.patch
     (Closes: #1121446)
   * fix-595-unbound-anchor-cannot-deal-with-full-disk.patch
     Fixes: https://github.com/NLnetLabs/unbound/issues/595
     (Closes: #1100870)
   * d/gbp.conf: set default branch to debian/bookworm

vlc (3.0.22-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 3.0.22
   * debian/: Re-enable VAAPI support (Closes: #1021601, #1013898)
vlc (3.0.22~rc2-1) unstable; urgency=medium
 .
   [ John Paul Adrian Glaubitz ]
   * Fix FTBFS on powerpc (Closes: #1115385)
 .
   [ Sebastian Ramacher ]
   * New upstream version 3.0.22~rc2
     - Fix installation of Assamese translation (Closes: #1085961)
vlc (3.0.22~rc1-1) unstable; urgency=medium
 .
   * New upstream version 3.0.22~rc1
   * debian/control:
     - Fix version constraints on suggested plugins
     - Drop alternative libmodplug-dev BD
     - Remove dpkg-dev dependency satisfied in stable
   * debian/:
     - Remove zsh completion to make the package reproducible
     - Switch to lua 5.4 (Closes: #1099742)
       Check the NEWS entry of vlc-plugin-base on potential issues.
     - Update lintian overrides for new format
   * debian/watch: Migrate to version 5
   * debian/rules:
     - debhelper now skips override_dh_auto_test if nocheck is specified
     - Remove handling of libtar as it got dropped upstream
   * debian/patches: Remove upstream patches included in 3.0.22~rc1
   * debian/copyright:
     - Remove old FSF address
     - Update copyright years
vlc (3.0.21-11) unstable; urgency=medium
 .
   * debian/rules: Disable postproc plugin since libpostproc is removed from
     ffmpeg 8.0
   * debian/control:
     - Bump Standards-Version
     - Remove unused BD on libvcdinfo-dev
vlc (3.0.21-10) unstable; urgency=medium
 .
   * debian/: Disable plugins that are no longer supported upstream
     - a52
     - dca
     - libmpeg2
vlc (3.0.21-9) unstable; urgency=medium
 .
   * Revert "Bump to lua5.4"
     The vlc script ecosystem expects certain versions of lua and lua5.4 is not
     one of them.
vlc (3.0.21-8) unstable; urgency=medium
 .
   * Team upload
   * Bump to lua5.4
vlc (3.0.21-7) unstable; urgency=medium
 .
   * debian/patches: Fix build with x265 4.1
vlc (3.0.21-6) unstable; urgency=medium
 .
   * debian/patches: Update to 3.0.21-1-385-g7b58309ae7
     * Ignore win32 and compat changes
     * Replace taglib 2.x patches with upstream changes
   * debian/: Re-enable VAAPI support (Closes: #1021601, #1013898)
vlc (3.0.21-5) unstable; urgency=medium
 .
   * Fix changelog of 3.0.21-3
   * debian/patches: Split patches into upstream and Arch patch
vlc (3.0.21-4) unstable; urgency=medium
 .
   * Team upload.
   * Upload to unstable.
   * debian/patches/0014-Taglib-1.x-and-2.x-compat-fix.patch:
     Update patch to fix FTBFS on ARM architectures.
   * debian/control: Update build-dependency package name:
     + libtag1-dev => libtag-dev.
vlc (3.0.21-4~exp1) experimental; urgency=medium
 .
   * Team upload.
   * Force rebuild with taglib 2.x.
vlc (3.0.21-3) unstable; urgency=medium
 .
   * Team upload.
   * debian/patches/0014-Taglib-1.x-and-2.x-compat-fix.patch:
     Add patch to fix compatibility with both Taglib 1.x and 2.x.
vlc (3.0.21-2) unstable; urgency=medium
 .
   * debian/patches: Apply WIP patches for ffmpeg 7.0 support (Closes:
     #1072456)
vlc (3.0.21-1) unstable; urgency=medium
 .
   * New upstream version 3.0.21
   * debian/patches: Refresh patches
   * debian/control: Replace obsolete packages with their new versions

vtk9 (9.1.0+really9.1.0+dfsg2-5+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   [ Markus Blatt ]
   * Cherry-pick patch from upstream to fix issue with newer expat and
     appended data. (Closes: 1114938)

webkit2gtk (2.50.4-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
     - Re-enable libmanette in i386.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
   * debian/patches/fix-minibrowser.patch:
     - Fix the MiniBrowser with clang-16.
webkit2gtk (2.50.3-1) unstable; urgency=medium
 .
   [ Alberto Garcia ]
   * New upstream release.
   * Use the default gcc (gcc-15) again in mips64el now that #1116217 has
     been fixed.
   * Drop fix-crash.patch and fix-link-error.patch.
 .
   [ Jeremy Bicha ]
   * debian/control.in:
     - Stop suggesting devhelp, it's going to be removed from Debian.
webkit2gtk (2.50.3-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security.
   * Re-enable libmanette in i386.
   * Enable the transitional packages.
   * Don't override the clang compiler on armhf since trixie already uses
     clang-19 by default.
webkit2gtk (2.50.3-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
     - Re-enable libmanette in i386.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
   * debian/patches/fix-minibrowser.patch:
     - Fix the MiniBrowser with clang-16.
webkit2gtk (2.50.2-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/patches/fix-link-error.patch:
     - Cherry pick build fix for 2.50.2.
   * debian/patches/fix-crash.patch:
     - Cherry pick crash fix.
   * As of 2.50.0, WebKitGTK no longer depends on GstTranscoder (WebKit bug
     #295985).
     - debian/control.in: Remove build dependency on
       libgstreamer-plugins-bad1.0-dev.
     - debian/rules: Don't use -DUSE_GSTREAMER_TRANSCODER=OFF in Ubuntu.
   * debian/control.in:
     - Drop build dependency on libgirepository1.0-dev (Closes: #1118932).
     - Remove Rules-Requires-Root: no, as this is the default value since
       dpkg 1.22.13 (fixes redundant-rules-requires-root-no-field).
   * Use clang-19 on armhf since the build fails with versions 20 and 21
     (WebKit bug #290167).
webkit2gtk (2.50.2-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security.
   * Re-enable libmanette in i386.
   * Enable the transitional packages.
   * Don't override the gcc compiler on mips64el since trixie already uses
     gcc-14 by default.
   * Don't override the clang compiler on armhf since trixie already uses
     clang-19 by default.
webkit2gtk (2.50.2-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
     - Re-enable libmanette in i386.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
   * Don't override the gcc compiler on mips64el since bookworm uses gcc 12
     and not gcc 15 (#1116217).
   * debian/patches/fix-minibrowser.patch:
     - Fix the MiniBrowser with clang-16.
webkit2gtk (2.50.1-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/control.in:
     - Enable the bubblewrap sandbox in loong64.
     - Remove Gustavo from the list of uploaders, he hasn't been active
       in over a decade. Obrigado, amigo!
   * debian/rules:
     - Enable Skia in loong64, it builds fine with GCC 15.2.0 (but not with
       clang 19: "neon.h: error: _Float16 is not supported on this target")
     - Stop using -DDEBUG_FISSION=OFF, this is already disabled by
       default if developer mode is not enabled (WebKit bug #252679).
     - Use DEB_HOST_ARCH_BITS instead of DEB_BUILD_ARCH_BITS to detect if
       we're making a 32-bit build. This won't make a difference in
       practice but it's the correct way to do it.
   * Drop fix-ftbfs-i386.patch and fix-ftbfs-s390x.patch.
webkit2gtk (2.50.1-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security.
   * Re-enable libmanette in i386.
   * Enable the transitional packages.
   * Don't override the gcc compiler on mips64el since trixie already uses
     gcc-14 by default.
webkit2gtk (2.50.1-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
     - Re-enable libmanette in i386.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
   * Don't override the gcc compiler on mips64el since bookworm uses gcc 12
     and not gcc 15 (#1116217).
   * debian/patches/fix-minibrowser.patch:
     - Fix the MiniBrowser with clang-16.
webkit2gtk (2.50.0-2) unstable; urgency=medium
 .
   * debian/patches/fix-ftbfs-i386.patch:
     - Update patch to also fix the armhf build.
   * Force gcc-14 in mips64el because gcc 15 fails with an internal
     compiler error (#1116217) and clang is not an option ("failed to
     perform tail call elimination").
   * debian/rules:
     - Remove unused variable EXTRA_BUILD_ARGUMENTS.
   * debian/patches/disable-nvidia-dmabuf.patch:
     - Bring back this patch, now adapted to WebKitGTK 2.50.0.
webkit2gtk (2.50.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bring all changes from the 2.49 (experimental) branch.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/gbp.conf:
     - Update upstream branch name.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * Refresh all patches.
     - Drop disable-nvidia-dmabuf.patch for now, it needs changes.
   * debian/patches/fix-ftbfs-s390x.patch:
     - Fix FTBFS in s390x (WebKit bug #298308).
   * debian/patches/fix-ftbfs-i386.patch:
     - Fix FTBFS in i386 (WebKit bug #299018).
   * Stop building the transitional packages for forky.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
webkit2gtk (2.49.90-1) experimental; urgency=medium
 .
   * New upstream development release.
   * debian/watch, debian/gbp.conf:
     - Branch for 2.49.x in experimental.
   * Refresh all patches.
     - Drop fix-ftbfs-armv7.patch.
     - Drop disable-nvidia-dmabuf.patch for now, it needs changes.
   * Stop building the transitional packages for forky.
   * debian/copyright:
     - Update copyright information of all files.
   * Stop supporting non-SSE2 i386 CPUs since trixie now requires SSE2
     support.
     - Drop dont-detect-sse2.patch.
     - Enable the JIT again and disable CLoop.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
webkit2gtk (2.48.6-1) unstable; urgency=medium
 .
   [ Alberto Garcia ]
   * New upstream release.
   * Drop fix-ftbfs-armv7.patch.
   * Stop supporting non-SSE2 i386 CPUs since SSE2 is required starting
     from trixie.
     - Drop dont-detect-sse2.patch.
     - Enable the JIT again and disable CLoop.
   * Use clang in i386. This is now possible since we require SSE2.
 .
   [ Jeremy Bicha ]
   * Disable gamepad feature on Ubuntu since libmanette is in universe
     there.
   * Don't require libmanette on i386.
webkit2gtk (2.48.5-1) unstable; urgency=high
 .
   * New upstream release.
   * The WebKitGTK security advisory WSA-2025-0005 lists the following
     security fixes in the latest versions of WebKitGTK:
     - CVE-2025-24189 (fixed in 2.48.0).
     - CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212,
       CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240,
       CVE-2025-43265, CVE-2025-6558 (fixed in 2.48.5).
   * debian/upstream/signing-key.asc:
     - Update Adrian Perez's PGP key.
   * debian/patches/fix-ftbfs-armv7.patch:
     - Fix arm build.
webkit2gtk (2.48.5-1~deb13u1) trixie-security; urgency=medium
 .
   * Rebuild for trixie-security.

wordpress (6.1.9+dfsg1-0+deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream version 6.1.9+dfsg1.
     (Fixes: CVE-2025-58674, CVE-2025-58246)
     (Closes: #1117047)
   * New upstream version 6.1.8+dfsg1.
     (Fixes: CVE-2024-6307, CVE-2024-31111)
     (Closes: #1074486)

xen (4.17.5+72-g01140da4e8-1) bookworm-security; urgency=medium
 .
   Significant changes:
   * Update to new upstream version 4.17.5+72-g01140da4e8, which also contains
     security fixes for the following issues:
     (Closes: #1105193) (Closes: #1120075)
     - deadlock potential with VT-d and legacy PCI device pass-through
       XSA-467 CVE-2025-1713
     - x86: Indirect Target Selection
       XSA-469 CVE-2024-28956
     - x86: Incorrect stubs exception handling for flags recovery
       XSA-470 CVE-2025-27465
     - x86: Transitive Scheduler Attacks
       XSA-471 CVE-2024-36350 CVE-2024-36357
     - Multiple vulnerabilities in the Viridian interface
       XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143
     - Arm issues with page refcounting
       XSA-473 CVE-2025-58144 CVE-2025-58145
     - x86: Incorrect input sanitisation in Viridian hypercalls
       XSA-475 CVE-2025-58147 CVE-2025-58148
     - Incorrect removal of permissions on PCI device unplug
       XSA-476 CVE-2025-58149
   * Note that the following XSA are not listed, because...
      - XSA-468 applies to Windows PV drivers
      - XSA-474 applies to XAPI which is not included in Debian
 .
   Packaging minor fixes and improvements:
   * debian/salsa-ci.yml: adjust for new salsa-ci pipeline
 .
   Additional changes for 4.17 that were not backported upstream:
   * Cherry-pick dd05d265b8 ("x86/intel: Fix PERF_GLOBAL fixup when
     virtualised") to fix a boot loop when using Xen under nested
     virtualization (Closes: #1105222)
 .
 xen (4.17.5+23-ga4e5191dc0-1+deb12u1) bookworm; urgency=medium
 .
   * Ignore lintian error not relevant for bookworm in salsa-ci.
   * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
     uncompressing the kernel) to allow direct kernel boot with kernels >=
     6.12 (Closes: #1092495).

xorg-server (2:21.1.7-3+deb12u11) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * present: Fix use-after-free in present_create_notifies() (CVE-2025-62229)
   * xkb: Make the RT_XKBCLIENT resource private (CVE-2025-62230)
   * xkb: Free the XKB resource when freeing XkbInterest (CVE-2025-62230)
   * xkb: Prevent overflow in XkbSetCompatMap() (CVE-2025-62231)
======================================
Sat, 06 Sep 2025 - Debian 12.12 released
======================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:12:54 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:

      guix | 1.4.0-3+deb12u2 | source, amd64, arm64, armhf, i386, ppc64el
Closed bugs: 1112246

------------------- Reason -------------------
RoM; unsupportable; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:24:05 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

btrfs-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
btrfs-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
btrfs-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
btrfs-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
cdrom-core-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
cdrom-core-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
cdrom-core-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
cdrom-core-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
crc-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
crc-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
crc-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
crc-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
crypto-dm-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
crypto-dm-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
crypto-dm-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
crypto-dm-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
crypto-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
crypto-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
crypto-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
crypto-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
dasd-extra-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
dasd-extra-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
dasd-extra-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
dasd-extra-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
dasd-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
dasd-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
dasd-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
dasd-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
ext4-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
ext4-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
ext4-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
ext4-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
f2fs-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
f2fs-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
f2fs-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
f2fs-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
fat-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
fat-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
fat-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
fat-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
fuse-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
fuse-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
fuse-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
fuse-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
isofs-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
isofs-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
isofs-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
isofs-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
kernel-image-6.1.0-32-s390x-di |  6.1.129-1 | s390x
kernel-image-6.1.0-36-s390x-di |  6.1.139-1 | s390x
kernel-image-6.1.0-37-s390x-di |  6.1.140-1 | s390x
kernel-image-6.1.0-38-s390x-di |  6.1.147-1 | s390x
linux-headers-6.1.0-32-s390x |  6.1.129-1 | s390x
linux-headers-6.1.0-36-s390x |  6.1.139-1 | s390x
linux-headers-6.1.0-37-s390x |  6.1.140-1 | s390x
linux-headers-6.1.0-38-s390x |  6.1.147-1 | s390x
linux-image-6.1.0-32-s390x |  6.1.129-1 | s390x
linux-image-6.1.0-32-s390x-dbg |  6.1.129-1 | s390x
linux-image-6.1.0-36-s390x |  6.1.139-1 | s390x
linux-image-6.1.0-36-s390x-dbg |  6.1.139-1 | s390x
linux-image-6.1.0-37-s390x |  6.1.140-1 | s390x
linux-image-6.1.0-37-s390x-dbg |  6.1.140-1 | s390x
linux-image-6.1.0-38-s390x |  6.1.147-1 | s390x
linux-image-6.1.0-38-s390x-dbg |  6.1.147-1 | s390x
loop-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
loop-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
loop-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
loop-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
md-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
md-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
md-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
md-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
mtd-core-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
mtd-core-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
mtd-core-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
mtd-core-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
multipath-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
multipath-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
multipath-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
multipath-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
nbd-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
nbd-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
nbd-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
nbd-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
nic-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
nic-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
nic-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
nic-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
scsi-core-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
scsi-core-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
scsi-core-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
scsi-core-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
scsi-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
scsi-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
scsi-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
scsi-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
udf-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
udf-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
udf-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
udf-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x
xfs-modules-6.1.0-32-s390x-di |  6.1.129-1 | s390x
xfs-modules-6.1.0-36-s390x-di |  6.1.139-1 | s390x
xfs-modules-6.1.0-37-s390x-di |  6.1.140-1 | s390x
xfs-modules-6.1.0-38-s390x-di |  6.1.147-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:24:31 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

affs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
affs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
affs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
affs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
affs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
affs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
affs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
affs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
ata-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
ata-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
ata-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
ata-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
ata-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
ata-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
ata-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
ata-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
btrfs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
btrfs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
btrfs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
btrfs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
btrfs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
btrfs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
btrfs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
btrfs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
cdrom-core-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
cdrom-core-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
cdrom-core-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
cdrom-core-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
cdrom-core-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
cdrom-core-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
cdrom-core-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
cdrom-core-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
crc-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
crc-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
crc-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
crc-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
crc-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
crc-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
crc-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
crc-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
crypto-dm-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
crypto-dm-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
crypto-dm-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
crypto-dm-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
crypto-dm-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
crypto-dm-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
crypto-dm-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
crypto-dm-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
crypto-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
crypto-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
crypto-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
crypto-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
crypto-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
crypto-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
crypto-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
crypto-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
event-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
event-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
event-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
event-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
event-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
event-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
event-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
event-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
ext4-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
ext4-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
ext4-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
ext4-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
ext4-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
ext4-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
ext4-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
ext4-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
f2fs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
f2fs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
f2fs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
f2fs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
f2fs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
f2fs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
f2fs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
f2fs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
fat-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
fat-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
fat-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
fat-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
fat-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
fat-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
fat-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
fat-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
fb-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
fb-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
fb-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
fb-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
fb-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
fb-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
fb-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
fb-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
firewire-core-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
firewire-core-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
firewire-core-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
firewire-core-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
firewire-core-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
firewire-core-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
firewire-core-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
firewire-core-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
fuse-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
fuse-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
fuse-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
fuse-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
fuse-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
fuse-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
fuse-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
fuse-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
input-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
input-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
input-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
input-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
input-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
input-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
input-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
input-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
isofs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
isofs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
isofs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
isofs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
isofs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
isofs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
isofs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
isofs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
jfs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
jfs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
jfs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
jfs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
jfs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
jfs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
jfs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
jfs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
kernel-image-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
kernel-image-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
kernel-image-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
kernel-image-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
kernel-image-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
kernel-image-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
kernel-image-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
kernel-image-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
linux-headers-6.1.0-32-5kc-malta |  6.1.129-1 | mips64el
linux-headers-6.1.0-32-mips64r2el |  6.1.129-1 | mips64el
linux-headers-6.1.0-36-5kc-malta |  6.1.139-1 | mips64el
linux-headers-6.1.0-36-mips64r2el |  6.1.139-1 | mips64el
linux-headers-6.1.0-37-5kc-malta |  6.1.140-1 | mips64el
linux-headers-6.1.0-37-mips64r2el |  6.1.140-1 | mips64el
linux-headers-6.1.0-38-5kc-malta |  6.1.147-1 | mips64el
linux-headers-6.1.0-38-mips64r2el |  6.1.147-1 | mips64el
linux-image-6.1.0-32-5kc-malta |  6.1.129-1 | mips64el
linux-image-6.1.0-32-5kc-malta-dbg |  6.1.129-1 | mips64el
linux-image-6.1.0-32-mips64r2el |  6.1.129-1 | mips64el
linux-image-6.1.0-32-mips64r2el-dbg |  6.1.129-1 | mips64el
linux-image-6.1.0-36-5kc-malta |  6.1.139-1 | mips64el
linux-image-6.1.0-36-5kc-malta-dbg |  6.1.139-1 | mips64el
linux-image-6.1.0-36-mips64r2el |  6.1.139-1 | mips64el
linux-image-6.1.0-36-mips64r2el-dbg |  6.1.139-1 | mips64el
linux-image-6.1.0-37-5kc-malta |  6.1.140-1 | mips64el
linux-image-6.1.0-37-5kc-malta-dbg |  6.1.140-1 | mips64el
linux-image-6.1.0-37-mips64r2el |  6.1.140-1 | mips64el
linux-image-6.1.0-37-mips64r2el-dbg |  6.1.140-1 | mips64el
linux-image-6.1.0-38-5kc-malta |  6.1.147-1 | mips64el
linux-image-6.1.0-38-5kc-malta-dbg |  6.1.147-1 | mips64el
linux-image-6.1.0-38-mips64r2el |  6.1.147-1 | mips64el
linux-image-6.1.0-38-mips64r2el-dbg |  6.1.147-1 | mips64el
loop-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
loop-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
loop-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
loop-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
loop-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
loop-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
loop-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
loop-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
md-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
md-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
md-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
md-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
md-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
md-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
md-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
md-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
minix-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
minix-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
minix-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
minix-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
minix-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
minix-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
minix-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
minix-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
mmc-core-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
mmc-core-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
mmc-core-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
mmc-core-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
mmc-core-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
mmc-core-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
mmc-core-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
mmc-core-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
mmc-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
mmc-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
mmc-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
mmc-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
mmc-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
mmc-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
mmc-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
mmc-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
mouse-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
mouse-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
mouse-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
mouse-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
mouse-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
mouse-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
mouse-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
mouse-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
multipath-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
multipath-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
multipath-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
multipath-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
multipath-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
multipath-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
multipath-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
multipath-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nbd-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nbd-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nbd-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nbd-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nbd-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nbd-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nbd-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nbd-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nfs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nfs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nfs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nfs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nfs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nfs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nfs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nfs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nic-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nic-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nic-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nic-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nic-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nic-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nic-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nic-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nic-shared-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nic-shared-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nic-shared-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nic-shared-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nic-shared-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nic-shared-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nic-shared-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nic-shared-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nic-usb-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nic-usb-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nic-usb-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nic-usb-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nic-usb-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nic-usb-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nic-usb-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nic-usb-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
nic-wireless-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
nic-wireless-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
nic-wireless-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
nic-wireless-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
nic-wireless-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
nic-wireless-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
nic-wireless-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
nic-wireless-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
pata-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
pata-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
pata-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
pata-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
pata-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
pata-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
pata-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
pata-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
ppp-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
ppp-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
ppp-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
ppp-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
ppp-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
ppp-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
ppp-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
ppp-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
sata-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
sata-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
sata-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
sata-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
sata-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
sata-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
sata-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
sata-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
scsi-core-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
scsi-core-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
scsi-core-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
scsi-core-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
scsi-core-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
scsi-core-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
scsi-core-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
scsi-core-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
scsi-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
scsi-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
scsi-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
scsi-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
scsi-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
scsi-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
scsi-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
scsi-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
scsi-nic-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
scsi-nic-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
scsi-nic-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
scsi-nic-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
scsi-nic-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
scsi-nic-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
scsi-nic-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
scsi-nic-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
sound-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
sound-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
sound-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
sound-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
sound-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
sound-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
sound-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
sound-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
speakup-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
speakup-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
speakup-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
speakup-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
speakup-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
speakup-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
speakup-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
speakup-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
squashfs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
squashfs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
squashfs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
squashfs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
squashfs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
squashfs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
squashfs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
squashfs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
udf-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
udf-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
udf-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
udf-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
udf-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
udf-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
udf-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
udf-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
usb-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
usb-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
usb-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
usb-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
usb-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
usb-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
usb-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
usb-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
usb-serial-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
usb-serial-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
usb-serial-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
usb-serial-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
usb-serial-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
usb-serial-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
usb-serial-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
usb-serial-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
usb-storage-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
usb-storage-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
usb-storage-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
usb-storage-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
usb-storage-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
usb-storage-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
usb-storage-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
usb-storage-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el
xfs-modules-6.1.0-32-5kc-malta-di |  6.1.129-1 | mips64el
xfs-modules-6.1.0-32-mips64r2el-di |  6.1.129-1 | mips64el
xfs-modules-6.1.0-36-5kc-malta-di |  6.1.139-1 | mips64el
xfs-modules-6.1.0-36-mips64r2el-di |  6.1.139-1 | mips64el
xfs-modules-6.1.0-37-5kc-malta-di |  6.1.140-1 | mips64el
xfs-modules-6.1.0-37-mips64r2el-di |  6.1.140-1 | mips64el
xfs-modules-6.1.0-38-5kc-malta-di |  6.1.147-1 | mips64el
xfs-modules-6.1.0-38-mips64r2el-di |  6.1.147-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:24:55 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

affs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
affs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
affs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
affs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
affs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
affs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
affs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
affs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
ata-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
ata-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
ata-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
ata-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
ata-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
ata-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
ata-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
ata-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
btrfs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
btrfs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
btrfs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
btrfs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
btrfs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
btrfs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
btrfs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
btrfs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
crc-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
crc-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
crc-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
crc-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
crc-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
crc-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
crc-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
crc-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
crypto-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
crypto-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
crypto-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
crypto-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
crypto-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
crypto-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
crypto-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
crypto-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
event-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
event-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
event-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
event-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
event-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
event-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
event-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
event-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
ext4-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
ext4-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
ext4-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
ext4-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
ext4-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
ext4-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
ext4-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
ext4-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
f2fs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
f2fs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
f2fs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
f2fs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
f2fs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
f2fs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
f2fs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
f2fs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
fat-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
fat-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
fat-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
fat-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
fat-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
fat-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
fat-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
fat-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
fb-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
fb-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
fb-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
fb-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
fb-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
fb-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
fb-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
fb-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
firewire-core-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
firewire-core-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
firewire-core-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
firewire-core-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
firewire-core-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
firewire-core-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
firewire-core-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
firewire-core-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
fuse-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
fuse-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
fuse-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
fuse-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
fuse-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
fuse-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
fuse-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
fuse-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
input-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
input-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
input-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
input-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
input-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
input-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
input-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
input-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
isofs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
isofs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
isofs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
isofs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
isofs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
isofs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
isofs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
isofs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
jfs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
jfs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
jfs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
jfs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
jfs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
jfs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
jfs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
jfs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
kernel-image-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
kernel-image-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
kernel-image-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
kernel-image-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
kernel-image-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
kernel-image-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
kernel-image-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
kernel-image-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
linux-headers-6.1.0-32-loongson-3 |  6.1.129-1 | mips64el, mipsel
linux-headers-6.1.0-32-octeon |  6.1.129-1 | mips64el, mipsel
linux-headers-6.1.0-36-loongson-3 |  6.1.139-1 | mips64el, mipsel
linux-headers-6.1.0-36-octeon |  6.1.139-1 | mips64el, mipsel
linux-headers-6.1.0-37-loongson-3 |  6.1.140-1 | mips64el, mipsel
linux-headers-6.1.0-37-octeon |  6.1.140-1 | mips64el, mipsel
linux-headers-6.1.0-38-loongson-3 |  6.1.147-1 | mips64el, mipsel
linux-headers-6.1.0-38-octeon |  6.1.147-1 | mips64el, mipsel
linux-image-6.1.0-32-loongson-3 |  6.1.129-1 | mips64el, mipsel
linux-image-6.1.0-32-loongson-3-dbg |  6.1.129-1 | mips64el, mipsel
linux-image-6.1.0-32-octeon |  6.1.129-1 | mips64el, mipsel
linux-image-6.1.0-32-octeon-dbg |  6.1.129-1 | mips64el, mipsel
linux-image-6.1.0-36-loongson-3 |  6.1.139-1 | mips64el, mipsel
linux-image-6.1.0-36-loongson-3-dbg |  6.1.139-1 | mips64el, mipsel
linux-image-6.1.0-36-octeon |  6.1.139-1 | mips64el, mipsel
linux-image-6.1.0-36-octeon-dbg |  6.1.139-1 | mips64el, mipsel
linux-image-6.1.0-37-loongson-3 |  6.1.140-1 | mips64el, mipsel
linux-image-6.1.0-37-loongson-3-dbg |  6.1.140-1 | mips64el, mipsel
linux-image-6.1.0-37-octeon |  6.1.140-1 | mips64el, mipsel
linux-image-6.1.0-37-octeon-dbg |  6.1.140-1 | mips64el, mipsel
linux-image-6.1.0-38-loongson-3 |  6.1.147-1 | mips64el, mipsel
linux-image-6.1.0-38-loongson-3-dbg |  6.1.147-1 | mips64el, mipsel
linux-image-6.1.0-38-octeon |  6.1.147-1 | mips64el, mipsel
linux-image-6.1.0-38-octeon-dbg |  6.1.147-1 | mips64el, mipsel
loop-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
loop-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
loop-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
loop-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
loop-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
loop-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
loop-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
loop-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
md-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
md-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
md-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
md-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
md-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
md-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
md-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
md-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
minix-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
minix-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
minix-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
minix-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
minix-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
minix-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
minix-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
minix-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
mmc-core-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
mmc-core-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
mmc-core-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
mmc-core-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
mmc-core-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
mmc-core-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
mmc-core-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
mmc-core-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
mmc-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
mmc-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
mmc-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
mmc-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
mmc-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
mmc-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
mmc-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
mmc-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
mouse-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
mouse-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
mouse-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
mouse-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
mouse-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
mouse-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
mouse-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
mouse-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
multipath-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
multipath-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
multipath-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
multipath-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
multipath-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
multipath-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
multipath-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
multipath-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nbd-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nbd-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nbd-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nbd-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nbd-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nbd-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nbd-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nbd-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nfs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nfs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nfs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nfs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nfs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nfs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nfs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nfs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nic-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nic-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nic-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nic-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nic-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nic-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nic-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nic-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nic-shared-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nic-shared-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nic-shared-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nic-shared-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nic-shared-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nic-shared-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nic-shared-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nic-shared-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nic-usb-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nic-usb-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nic-usb-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nic-usb-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nic-usb-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nic-usb-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nic-usb-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nic-usb-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
pata-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
pata-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
pata-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
pata-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
pata-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
pata-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
pata-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
pata-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
ppp-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
ppp-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
ppp-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
ppp-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
ppp-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
ppp-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
ppp-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
ppp-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
sata-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
sata-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
sata-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
sata-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
sata-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
sata-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
sata-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
sata-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
scsi-core-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
scsi-core-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
scsi-core-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
scsi-core-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
scsi-core-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
scsi-core-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
scsi-core-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
scsi-core-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
scsi-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
scsi-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
scsi-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
scsi-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
scsi-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
scsi-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
scsi-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
scsi-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
sound-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
sound-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
sound-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
sound-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
sound-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
sound-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
sound-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
sound-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
speakup-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
speakup-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
speakup-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
speakup-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
speakup-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
speakup-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
speakup-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
speakup-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
squashfs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
squashfs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
squashfs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
squashfs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
squashfs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
squashfs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
squashfs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
squashfs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
udf-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
udf-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
udf-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
udf-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
udf-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
udf-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
udf-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
udf-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
usb-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
usb-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
usb-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
usb-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
usb-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
usb-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
usb-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
usb-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
usb-serial-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
usb-serial-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
usb-serial-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
usb-serial-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
usb-serial-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
usb-serial-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
usb-serial-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
usb-serial-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
usb-storage-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
usb-storage-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
usb-storage-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
usb-storage-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
usb-storage-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
usb-storage-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
usb-storage-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
usb-storage-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel
xfs-modules-6.1.0-32-loongson-3-di |  6.1.129-1 | mips64el, mipsel
xfs-modules-6.1.0-32-octeon-di |  6.1.129-1 | mips64el, mipsel
xfs-modules-6.1.0-36-loongson-3-di |  6.1.139-1 | mips64el, mipsel
xfs-modules-6.1.0-36-octeon-di |  6.1.139-1 | mips64el, mipsel
xfs-modules-6.1.0-37-loongson-3-di |  6.1.140-1 | mips64el, mipsel
xfs-modules-6.1.0-37-octeon-di |  6.1.140-1 | mips64el, mipsel
xfs-modules-6.1.0-38-loongson-3-di |  6.1.147-1 | mips64el, mipsel
xfs-modules-6.1.0-38-octeon-di |  6.1.147-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:25:13 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

affs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
affs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
affs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
affs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
affs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
affs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
affs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
affs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
ata-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
ata-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
ata-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
ata-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
ata-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
ata-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
ata-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
ata-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
btrfs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
btrfs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
btrfs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
btrfs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
btrfs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
btrfs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
btrfs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
btrfs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
cdrom-core-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
cdrom-core-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
cdrom-core-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
cdrom-core-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
cdrom-core-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
cdrom-core-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
cdrom-core-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
cdrom-core-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
crc-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
crc-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
crc-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
crc-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
crc-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
crc-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
crc-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
crc-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
crypto-dm-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
crypto-dm-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
crypto-dm-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
crypto-dm-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
crypto-dm-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
crypto-dm-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
crypto-dm-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
crypto-dm-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
crypto-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
crypto-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
crypto-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
crypto-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
crypto-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
crypto-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
crypto-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
crypto-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
event-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
event-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
event-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
event-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
event-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
event-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
event-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
event-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
ext4-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
ext4-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
ext4-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
ext4-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
ext4-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
ext4-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
ext4-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
ext4-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
f2fs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
f2fs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
f2fs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
f2fs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
f2fs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
f2fs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
f2fs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
f2fs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
fat-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
fat-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
fat-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
fat-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
fat-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
fat-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
fat-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
fat-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
fb-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
fb-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
fb-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
fb-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
fb-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
fb-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
fb-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
fb-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
firewire-core-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
firewire-core-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
firewire-core-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
firewire-core-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
firewire-core-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
firewire-core-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
firewire-core-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
firewire-core-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
fuse-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
fuse-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
fuse-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
fuse-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
fuse-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
fuse-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
fuse-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
fuse-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
input-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
input-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
input-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
input-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
input-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
input-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
input-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
input-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
isofs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
isofs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
isofs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
isofs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
isofs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
isofs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
isofs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
isofs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
jfs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
jfs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
jfs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
jfs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
jfs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
jfs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
jfs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
jfs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
kernel-image-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
kernel-image-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
kernel-image-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
kernel-image-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
kernel-image-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
kernel-image-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
kernel-image-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
kernel-image-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
linux-headers-6.1.0-32-4kc-malta |  6.1.129-1 | mipsel
linux-headers-6.1.0-32-mips32r2el |  6.1.129-1 | mipsel
linux-headers-6.1.0-36-4kc-malta |  6.1.139-1 | mipsel
linux-headers-6.1.0-36-mips32r2el |  6.1.139-1 | mipsel
linux-headers-6.1.0-37-4kc-malta |  6.1.140-1 | mipsel
linux-headers-6.1.0-37-mips32r2el |  6.1.140-1 | mipsel
linux-headers-6.1.0-38-4kc-malta |  6.1.147-1 | mipsel
linux-headers-6.1.0-38-mips32r2el |  6.1.147-1 | mipsel
linux-image-6.1.0-32-4kc-malta |  6.1.129-1 | mipsel
linux-image-6.1.0-32-4kc-malta-dbg |  6.1.129-1 | mipsel
linux-image-6.1.0-32-mips32r2el |  6.1.129-1 | mipsel
linux-image-6.1.0-32-mips32r2el-dbg |  6.1.129-1 | mipsel
linux-image-6.1.0-36-4kc-malta |  6.1.139-1 | mipsel
linux-image-6.1.0-36-4kc-malta-dbg |  6.1.139-1 | mipsel
linux-image-6.1.0-36-mips32r2el |  6.1.139-1 | mipsel
linux-image-6.1.0-36-mips32r2el-dbg |  6.1.139-1 | mipsel
linux-image-6.1.0-37-4kc-malta |  6.1.140-1 | mipsel
linux-image-6.1.0-37-4kc-malta-dbg |  6.1.140-1 | mipsel
linux-image-6.1.0-37-mips32r2el |  6.1.140-1 | mipsel
linux-image-6.1.0-37-mips32r2el-dbg |  6.1.140-1 | mipsel
linux-image-6.1.0-38-4kc-malta |  6.1.147-1 | mipsel
linux-image-6.1.0-38-4kc-malta-dbg |  6.1.147-1 | mipsel
linux-image-6.1.0-38-mips32r2el |  6.1.147-1 | mipsel
linux-image-6.1.0-38-mips32r2el-dbg |  6.1.147-1 | mipsel
loop-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
loop-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
loop-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
loop-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
loop-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
loop-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
loop-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
loop-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
md-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
md-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
md-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
md-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
md-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
md-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
md-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
md-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
minix-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
minix-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
minix-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
minix-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
minix-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
minix-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
minix-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
minix-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
mmc-core-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
mmc-core-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
mmc-core-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
mmc-core-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
mmc-core-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
mmc-core-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
mmc-core-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
mmc-core-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
mmc-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
mmc-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
mmc-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
mmc-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
mmc-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
mmc-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
mmc-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
mmc-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
mouse-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
mouse-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
mouse-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
mouse-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
mouse-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
mouse-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
mouse-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
mouse-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
multipath-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
multipath-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
multipath-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
multipath-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
multipath-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
multipath-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
multipath-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
multipath-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nbd-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nbd-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nbd-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nbd-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nbd-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nbd-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nbd-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nbd-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nfs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nfs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nfs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nfs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nfs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nfs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nfs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nfs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nic-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nic-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nic-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nic-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nic-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nic-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nic-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nic-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nic-shared-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nic-shared-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nic-shared-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nic-shared-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nic-shared-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nic-shared-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nic-shared-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nic-shared-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nic-usb-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nic-usb-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nic-usb-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nic-usb-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nic-usb-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nic-usb-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nic-usb-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nic-usb-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
nic-wireless-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
nic-wireless-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
nic-wireless-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
nic-wireless-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
nic-wireless-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
nic-wireless-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
nic-wireless-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
nic-wireless-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
pata-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
pata-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
pata-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
pata-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
pata-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
pata-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
pata-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
pata-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
ppp-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
ppp-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
ppp-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
ppp-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
ppp-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
ppp-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
ppp-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
ppp-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
sata-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
sata-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
sata-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
sata-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
sata-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
sata-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
sata-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
sata-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
scsi-core-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
scsi-core-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
scsi-core-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
scsi-core-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
scsi-core-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
scsi-core-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
scsi-core-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
scsi-core-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
scsi-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
scsi-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
scsi-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
scsi-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
scsi-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
scsi-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
scsi-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
scsi-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
scsi-nic-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
scsi-nic-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
scsi-nic-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
scsi-nic-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
scsi-nic-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
scsi-nic-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
scsi-nic-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
scsi-nic-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
sound-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
sound-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
sound-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
sound-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
sound-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
sound-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
sound-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
sound-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
speakup-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
speakup-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
speakup-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
speakup-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
speakup-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
speakup-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
speakup-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
speakup-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
squashfs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
squashfs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
squashfs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
squashfs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
squashfs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
squashfs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
squashfs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
squashfs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
udf-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
udf-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
udf-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
udf-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
udf-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
udf-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
udf-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
udf-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
usb-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
usb-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
usb-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
usb-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
usb-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
usb-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
usb-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
usb-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
usb-serial-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
usb-serial-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
usb-serial-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
usb-serial-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
usb-serial-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
usb-serial-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
usb-serial-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
usb-serial-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
usb-storage-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
usb-storage-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
usb-storage-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
usb-storage-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
usb-storage-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
usb-storage-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
usb-storage-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
usb-storage-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel
xfs-modules-6.1.0-32-4kc-malta-di |  6.1.129-1 | mipsel
xfs-modules-6.1.0-32-mips32r2el-di |  6.1.129-1 | mipsel
xfs-modules-6.1.0-36-4kc-malta-di |  6.1.139-1 | mipsel
xfs-modules-6.1.0-36-mips32r2el-di |  6.1.139-1 | mipsel
xfs-modules-6.1.0-37-4kc-malta-di |  6.1.140-1 | mipsel
xfs-modules-6.1.0-37-mips32r2el-di |  6.1.140-1 | mipsel
xfs-modules-6.1.0-38-4kc-malta-di |  6.1.147-1 | mipsel
xfs-modules-6.1.0-38-mips32r2el-di |  6.1.147-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:25:31 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

ata-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
ata-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
ata-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
ata-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
btrfs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
btrfs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
btrfs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
btrfs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
cdrom-core-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
cdrom-core-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
cdrom-core-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
cdrom-core-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
crc-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
crc-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
crc-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
crc-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
crypto-dm-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
crypto-dm-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
crypto-dm-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
crypto-dm-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
crypto-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
crypto-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
crypto-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
crypto-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
event-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
event-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
event-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
event-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
ext4-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
ext4-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
ext4-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
ext4-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
f2fs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
f2fs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
f2fs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
f2fs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
fancontrol-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
fancontrol-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
fancontrol-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
fancontrol-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
fat-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
fat-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
fat-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
fat-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
fb-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
fb-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
fb-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
fb-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
firewire-core-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
firewire-core-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
firewire-core-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
firewire-core-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
fuse-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
fuse-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
fuse-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
fuse-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
hypervisor-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
hypervisor-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
hypervisor-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
hypervisor-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
i2c-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
i2c-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
i2c-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
i2c-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
input-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
input-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
input-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
input-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
isofs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
isofs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
isofs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
isofs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
jfs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
jfs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
jfs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
jfs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
kernel-image-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
kernel-image-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
kernel-image-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
kernel-image-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
linux-headers-6.1.0-32-powerpc64le |  6.1.129-1 | ppc64el
linux-headers-6.1.0-36-powerpc64le |  6.1.139-1 | ppc64el
linux-headers-6.1.0-37-powerpc64le |  6.1.140-1 | ppc64el
linux-headers-6.1.0-38-powerpc64le |  6.1.147-1 | ppc64el
linux-image-6.1.0-32-powerpc64le |  6.1.129-1 | ppc64el
linux-image-6.1.0-32-powerpc64le-dbg |  6.1.129-1 | ppc64el
linux-image-6.1.0-36-powerpc64le |  6.1.139-1 | ppc64el
linux-image-6.1.0-36-powerpc64le-dbg |  6.1.139-1 | ppc64el
linux-image-6.1.0-37-powerpc64le |  6.1.140-1 | ppc64el
linux-image-6.1.0-37-powerpc64le-dbg |  6.1.140-1 | ppc64el
linux-image-6.1.0-38-powerpc64le |  6.1.147-1 | ppc64el
linux-image-6.1.0-38-powerpc64le-dbg |  6.1.147-1 | ppc64el
loop-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
loop-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
loop-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
loop-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
md-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
md-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
md-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
md-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
mouse-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
mouse-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
mouse-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
mouse-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
mtd-core-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
mtd-core-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
mtd-core-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
mtd-core-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
multipath-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
multipath-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
multipath-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
multipath-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
nbd-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
nbd-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
nbd-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
nbd-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
nic-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
nic-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
nic-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
nic-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
nic-shared-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
nic-shared-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
nic-shared-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
nic-shared-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
nic-usb-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
nic-usb-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
nic-usb-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
nic-usb-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
nic-wireless-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
nic-wireless-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
nic-wireless-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
nic-wireless-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
ppp-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
ppp-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
ppp-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
ppp-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
sata-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
sata-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
sata-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
sata-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
scsi-core-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
scsi-core-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
scsi-core-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
scsi-core-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
scsi-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
scsi-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
scsi-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
scsi-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
scsi-nic-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
scsi-nic-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
scsi-nic-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
scsi-nic-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
serial-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
serial-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
serial-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
serial-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
squashfs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
squashfs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
squashfs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
squashfs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
udf-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
udf-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
udf-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
udf-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
uinput-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
uinput-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
uinput-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
uinput-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
usb-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
usb-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
usb-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
usb-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
usb-serial-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
usb-serial-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
usb-serial-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
usb-serial-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
usb-storage-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
usb-storage-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
usb-storage-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
usb-storage-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el
xfs-modules-6.1.0-32-powerpc64le-di |  6.1.129-1 | ppc64el
xfs-modules-6.1.0-36-powerpc64le-di |  6.1.139-1 | ppc64el
xfs-modules-6.1.0-37-powerpc64le-di |  6.1.140-1 | ppc64el
xfs-modules-6.1.0-38-powerpc64le-di |  6.1.147-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:25:46 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

linux-headers-6.1.0-32-amd64 |  6.1.129-1 | amd64
linux-headers-6.1.0-32-cloud-amd64 |  6.1.129-1 | amd64
linux-headers-6.1.0-32-rt-amd64 |  6.1.129-1 | amd64
linux-headers-6.1.0-36-amd64 |  6.1.139-1 | amd64
linux-headers-6.1.0-36-cloud-amd64 |  6.1.139-1 | amd64
linux-headers-6.1.0-36-rt-amd64 |  6.1.139-1 | amd64
linux-headers-6.1.0-37-amd64 |  6.1.140-1 | amd64
linux-headers-6.1.0-37-cloud-amd64 |  6.1.140-1 | amd64
linux-headers-6.1.0-37-rt-amd64 |  6.1.140-1 | amd64
linux-headers-6.1.0-38-amd64 |  6.1.147-1 | amd64
linux-headers-6.1.0-38-cloud-amd64 |  6.1.147-1 | amd64
linux-headers-6.1.0-38-rt-amd64 |  6.1.147-1 | amd64
linux-image-6.1.0-32-amd64-dbg |  6.1.129-1 | amd64
linux-image-6.1.0-32-amd64-unsigned |  6.1.129-1 | amd64
linux-image-6.1.0-32-cloud-amd64-dbg |  6.1.129-1 | amd64
linux-image-6.1.0-32-cloud-amd64-unsigned |  6.1.129-1 | amd64
linux-image-6.1.0-32-rt-amd64-dbg |  6.1.129-1 | amd64
linux-image-6.1.0-32-rt-amd64-unsigned |  6.1.129-1 | amd64
linux-image-6.1.0-36-amd64-dbg |  6.1.139-1 | amd64
linux-image-6.1.0-36-amd64-unsigned |  6.1.139-1 | amd64
linux-image-6.1.0-36-cloud-amd64-dbg |  6.1.139-1 | amd64
linux-image-6.1.0-36-cloud-amd64-unsigned |  6.1.139-1 | amd64
linux-image-6.1.0-36-rt-amd64-dbg |  6.1.139-1 | amd64
linux-image-6.1.0-36-rt-amd64-unsigned |  6.1.139-1 | amd64
linux-image-6.1.0-37-amd64-dbg |  6.1.140-1 | amd64
linux-image-6.1.0-37-amd64-unsigned |  6.1.140-1 | amd64
linux-image-6.1.0-37-cloud-amd64-dbg |  6.1.140-1 | amd64
linux-image-6.1.0-37-cloud-amd64-unsigned |  6.1.140-1 | amd64
linux-image-6.1.0-37-rt-amd64-dbg |  6.1.140-1 | amd64
linux-image-6.1.0-37-rt-amd64-unsigned |  6.1.140-1 | amd64
linux-image-6.1.0-38-amd64-dbg |  6.1.147-1 | amd64
linux-image-6.1.0-38-amd64-unsigned |  6.1.147-1 | amd64
linux-image-6.1.0-38-cloud-amd64-dbg |  6.1.147-1 | amd64
linux-image-6.1.0-38-cloud-amd64-unsigned |  6.1.147-1 | amd64
linux-image-6.1.0-38-rt-amd64-dbg |  6.1.147-1 | amd64
linux-image-6.1.0-38-rt-amd64-unsigned |  6.1.147-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:25:59 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

linux-headers-6.1.0-32-arm64 |  6.1.129-1 | arm64
linux-headers-6.1.0-32-cloud-arm64 |  6.1.129-1 | arm64
linux-headers-6.1.0-32-rt-arm64 |  6.1.129-1 | arm64
linux-headers-6.1.0-36-arm64 |  6.1.139-1 | arm64
linux-headers-6.1.0-36-cloud-arm64 |  6.1.139-1 | arm64
linux-headers-6.1.0-36-rt-arm64 |  6.1.139-1 | arm64
linux-headers-6.1.0-37-arm64 |  6.1.140-1 | arm64
linux-headers-6.1.0-37-cloud-arm64 |  6.1.140-1 | arm64
linux-headers-6.1.0-37-rt-arm64 |  6.1.140-1 | arm64
linux-headers-6.1.0-38-arm64 |  6.1.147-1 | arm64
linux-headers-6.1.0-38-cloud-arm64 |  6.1.147-1 | arm64
linux-headers-6.1.0-38-rt-arm64 |  6.1.147-1 | arm64
linux-image-6.1.0-32-arm64-dbg |  6.1.129-1 | arm64
linux-image-6.1.0-32-arm64-unsigned |  6.1.129-1 | arm64
linux-image-6.1.0-32-cloud-arm64-dbg |  6.1.129-1 | arm64
linux-image-6.1.0-32-cloud-arm64-unsigned |  6.1.129-1 | arm64
linux-image-6.1.0-32-rt-arm64-dbg |  6.1.129-1 | arm64
linux-image-6.1.0-32-rt-arm64-unsigned |  6.1.129-1 | arm64
linux-image-6.1.0-36-arm64-dbg |  6.1.139-1 | arm64
linux-image-6.1.0-36-arm64-unsigned |  6.1.139-1 | arm64
linux-image-6.1.0-36-cloud-arm64-dbg |  6.1.139-1 | arm64
linux-image-6.1.0-36-cloud-arm64-unsigned |  6.1.139-1 | arm64
linux-image-6.1.0-36-rt-arm64-dbg |  6.1.139-1 | arm64
linux-image-6.1.0-36-rt-arm64-unsigned |  6.1.139-1 | arm64
linux-image-6.1.0-37-arm64-dbg |  6.1.140-1 | arm64
linux-image-6.1.0-37-arm64-unsigned |  6.1.140-1 | arm64
linux-image-6.1.0-37-cloud-arm64-dbg |  6.1.140-1 | arm64
linux-image-6.1.0-37-cloud-arm64-unsigned |  6.1.140-1 | arm64
linux-image-6.1.0-37-rt-arm64-dbg |  6.1.140-1 | arm64
linux-image-6.1.0-37-rt-arm64-unsigned |  6.1.140-1 | arm64
linux-image-6.1.0-38-arm64-dbg |  6.1.147-1 | arm64
linux-image-6.1.0-38-arm64-unsigned |  6.1.147-1 | arm64
linux-image-6.1.0-38-cloud-arm64-dbg |  6.1.147-1 | arm64
linux-image-6.1.0-38-cloud-arm64-unsigned |  6.1.147-1 | arm64
linux-image-6.1.0-38-rt-arm64-dbg |  6.1.147-1 | arm64
linux-image-6.1.0-38-rt-arm64-unsigned |  6.1.147-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:26:15 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

btrfs-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
btrfs-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
btrfs-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
btrfs-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
cdrom-core-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
cdrom-core-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
cdrom-core-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
cdrom-core-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
crc-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
crc-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
crc-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
crc-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
crypto-dm-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
crypto-dm-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
crypto-dm-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
crypto-dm-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
crypto-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
crypto-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
crypto-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
crypto-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
event-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
event-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
event-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
event-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
ext4-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
ext4-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
ext4-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
ext4-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
f2fs-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
f2fs-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
f2fs-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
f2fs-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
fat-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
fat-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
fat-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
fat-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
fb-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
fb-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
fb-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
fb-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
fuse-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
fuse-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
fuse-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
fuse-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
input-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
input-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
input-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
input-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
ipv6-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
ipv6-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
ipv6-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
ipv6-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
isofs-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
isofs-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
isofs-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
isofs-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
jffs2-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
jffs2-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
jffs2-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
jffs2-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
jfs-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
jfs-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
jfs-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
jfs-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
kernel-image-6.1.0-32-marvell-di |  6.1.129-1 | armel
kernel-image-6.1.0-36-marvell-di |  6.1.139-1 | armel
kernel-image-6.1.0-37-marvell-di |  6.1.140-1 | armel
kernel-image-6.1.0-38-marvell-di |  6.1.147-1 | armel
leds-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
leds-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
leds-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
leds-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
linux-headers-6.1.0-32-marvell |  6.1.129-1 | armel
linux-headers-6.1.0-32-rpi |  6.1.129-1 | armel
linux-headers-6.1.0-36-marvell |  6.1.139-1 | armel
linux-headers-6.1.0-36-rpi |  6.1.139-1 | armel
linux-headers-6.1.0-37-marvell |  6.1.140-1 | armel
linux-headers-6.1.0-37-rpi |  6.1.140-1 | armel
linux-headers-6.1.0-38-marvell |  6.1.147-1 | armel
linux-headers-6.1.0-38-rpi |  6.1.147-1 | armel
linux-image-6.1.0-32-marvell |  6.1.129-1 | armel
linux-image-6.1.0-32-marvell-dbg |  6.1.129-1 | armel
linux-image-6.1.0-32-rpi |  6.1.129-1 | armel
linux-image-6.1.0-32-rpi-dbg |  6.1.129-1 | armel
linux-image-6.1.0-36-marvell |  6.1.139-1 | armel
linux-image-6.1.0-36-marvell-dbg |  6.1.139-1 | armel
linux-image-6.1.0-36-rpi |  6.1.139-1 | armel
linux-image-6.1.0-36-rpi-dbg |  6.1.139-1 | armel
linux-image-6.1.0-37-marvell |  6.1.140-1 | armel
linux-image-6.1.0-37-marvell-dbg |  6.1.140-1 | armel
linux-image-6.1.0-37-rpi |  6.1.140-1 | armel
linux-image-6.1.0-37-rpi-dbg |  6.1.140-1 | armel
linux-image-6.1.0-38-marvell |  6.1.147-1 | armel
linux-image-6.1.0-38-marvell-dbg |  6.1.147-1 | armel
linux-image-6.1.0-38-rpi |  6.1.147-1 | armel
linux-image-6.1.0-38-rpi-dbg |  6.1.147-1 | armel
loop-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
loop-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
loop-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
loop-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
md-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
md-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
md-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
md-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
minix-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
minix-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
minix-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
minix-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
mmc-core-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
mmc-core-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
mmc-core-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
mmc-core-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
mmc-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
mmc-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
mmc-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
mmc-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
mouse-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
mouse-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
mouse-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
mouse-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
mtd-core-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
mtd-core-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
mtd-core-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
mtd-core-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
mtd-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
mtd-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
mtd-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
mtd-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
multipath-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
multipath-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
multipath-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
multipath-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
nbd-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
nbd-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
nbd-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
nbd-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
nic-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
nic-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
nic-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
nic-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
nic-shared-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
nic-shared-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
nic-shared-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
nic-shared-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
nic-usb-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
nic-usb-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
nic-usb-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
nic-usb-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
ppp-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
ppp-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
ppp-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
ppp-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
sata-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
sata-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
sata-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
sata-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
scsi-core-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
scsi-core-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
scsi-core-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
scsi-core-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
squashfs-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
squashfs-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
squashfs-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
squashfs-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
udf-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
udf-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
udf-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
udf-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
uinput-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
uinput-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
uinput-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
uinput-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
usb-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
usb-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
usb-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
usb-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
usb-serial-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
usb-serial-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
usb-serial-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
usb-serial-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel
usb-storage-modules-6.1.0-32-marvell-di |  6.1.129-1 | armel
usb-storage-modules-6.1.0-36-marvell-di |  6.1.139-1 | armel
usb-storage-modules-6.1.0-37-marvell-di |  6.1.140-1 | armel
usb-storage-modules-6.1.0-38-marvell-di |  6.1.147-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:26:30 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

ata-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
ata-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
ata-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
ata-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
btrfs-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
btrfs-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
btrfs-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
btrfs-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
cdrom-core-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
cdrom-core-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
cdrom-core-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
cdrom-core-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
crc-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
crc-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
crc-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
crc-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
crypto-dm-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
crypto-dm-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
crypto-dm-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
crypto-dm-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
crypto-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
crypto-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
crypto-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
crypto-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
efi-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
efi-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
efi-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
efi-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
event-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
event-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
event-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
event-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
ext4-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
ext4-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
ext4-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
ext4-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
f2fs-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
f2fs-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
f2fs-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
f2fs-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
fat-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
fat-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
fat-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
fat-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
fb-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
fb-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
fb-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
fb-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
fuse-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
fuse-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
fuse-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
fuse-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
i2c-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
i2c-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
i2c-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
i2c-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
input-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
input-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
input-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
input-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
isofs-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
isofs-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
isofs-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
isofs-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
jfs-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
jfs-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
jfs-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
jfs-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
kernel-image-6.1.0-32-armmp-di |  6.1.129-1 | armhf
kernel-image-6.1.0-36-armmp-di |  6.1.139-1 | armhf
kernel-image-6.1.0-37-armmp-di |  6.1.140-1 | armhf
kernel-image-6.1.0-38-armmp-di |  6.1.147-1 | armhf
leds-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
leds-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
leds-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
leds-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
linux-headers-6.1.0-32-armmp |  6.1.129-1 | armhf
linux-headers-6.1.0-32-armmp-lpae |  6.1.129-1 | armhf
linux-headers-6.1.0-32-rt-armmp |  6.1.129-1 | armhf
linux-headers-6.1.0-36-armmp |  6.1.139-1 | armhf
linux-headers-6.1.0-36-armmp-lpae |  6.1.139-1 | armhf
linux-headers-6.1.0-36-rt-armmp |  6.1.139-1 | armhf
linux-headers-6.1.0-37-armmp |  6.1.140-1 | armhf
linux-headers-6.1.0-37-armmp-lpae |  6.1.140-1 | armhf
linux-headers-6.1.0-37-rt-armmp |  6.1.140-1 | armhf
linux-headers-6.1.0-38-armmp |  6.1.147-1 | armhf
linux-headers-6.1.0-38-armmp-lpae |  6.1.147-1 | armhf
linux-headers-6.1.0-38-rt-armmp |  6.1.147-1 | armhf
linux-image-6.1.0-32-armmp |  6.1.129-1 | armhf
linux-image-6.1.0-32-armmp-dbg |  6.1.129-1 | armhf
linux-image-6.1.0-32-armmp-lpae |  6.1.129-1 | armhf
linux-image-6.1.0-32-armmp-lpae-dbg |  6.1.129-1 | armhf
linux-image-6.1.0-32-rt-armmp |  6.1.129-1 | armhf
linux-image-6.1.0-32-rt-armmp-dbg |  6.1.129-1 | armhf
linux-image-6.1.0-36-armmp |  6.1.139-1 | armhf
linux-image-6.1.0-36-armmp-dbg |  6.1.139-1 | armhf
linux-image-6.1.0-36-armmp-lpae |  6.1.139-1 | armhf
linux-image-6.1.0-36-armmp-lpae-dbg |  6.1.139-1 | armhf
linux-image-6.1.0-36-rt-armmp |  6.1.139-1 | armhf
linux-image-6.1.0-36-rt-armmp-dbg |  6.1.139-1 | armhf
linux-image-6.1.0-37-armmp |  6.1.140-1 | armhf
linux-image-6.1.0-37-armmp-dbg |  6.1.140-1 | armhf
linux-image-6.1.0-37-armmp-lpae |  6.1.140-1 | armhf
linux-image-6.1.0-37-armmp-lpae-dbg |  6.1.140-1 | armhf
linux-image-6.1.0-37-rt-armmp |  6.1.140-1 | armhf
linux-image-6.1.0-37-rt-armmp-dbg |  6.1.140-1 | armhf
linux-image-6.1.0-38-armmp |  6.1.147-1 | armhf
linux-image-6.1.0-38-armmp-dbg |  6.1.147-1 | armhf
linux-image-6.1.0-38-armmp-lpae |  6.1.147-1 | armhf
linux-image-6.1.0-38-armmp-lpae-dbg |  6.1.147-1 | armhf
linux-image-6.1.0-38-rt-armmp |  6.1.147-1 | armhf
linux-image-6.1.0-38-rt-armmp-dbg |  6.1.147-1 | armhf
loop-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
loop-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
loop-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
loop-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
md-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
md-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
md-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
md-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
mmc-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
mmc-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
mmc-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
mmc-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
mtd-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
mtd-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
mtd-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
mtd-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
multipath-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
multipath-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
multipath-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
multipath-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
nbd-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
nbd-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
nbd-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
nbd-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
nic-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
nic-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
nic-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
nic-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
nic-shared-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
nic-shared-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
nic-shared-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
nic-shared-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
nic-usb-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
nic-usb-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
nic-usb-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
nic-usb-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
nic-wireless-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
nic-wireless-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
nic-wireless-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
nic-wireless-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
pata-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
pata-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
pata-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
pata-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
ppp-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
ppp-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
ppp-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
ppp-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
sata-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
sata-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
sata-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
sata-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
scsi-core-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
scsi-core-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
scsi-core-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
scsi-core-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
scsi-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
scsi-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
scsi-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
scsi-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
scsi-nic-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
scsi-nic-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
scsi-nic-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
scsi-nic-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
sound-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
sound-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
sound-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
sound-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
speakup-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
speakup-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
speakup-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
speakup-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
squashfs-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
squashfs-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
squashfs-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
squashfs-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
udf-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
udf-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
udf-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
udf-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
uinput-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
uinput-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
uinput-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
uinput-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
usb-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
usb-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
usb-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
usb-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
usb-serial-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
usb-serial-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
usb-serial-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
usb-serial-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf
usb-storage-modules-6.1.0-32-armmp-di |  6.1.129-1 | armhf
usb-storage-modules-6.1.0-36-armmp-di |  6.1.139-1 | armhf
usb-storage-modules-6.1.0-37-armmp-di |  6.1.140-1 | armhf
usb-storage-modules-6.1.0-38-armmp-di |  6.1.147-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:26:40 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

linux-headers-6.1.0-32-686 |  6.1.129-1 | i386
linux-headers-6.1.0-32-686-pae |  6.1.129-1 | i386
linux-headers-6.1.0-32-rt-686-pae |  6.1.129-1 | i386
linux-headers-6.1.0-36-686 |  6.1.139-1 | i386
linux-headers-6.1.0-36-686-pae |  6.1.139-1 | i386
linux-headers-6.1.0-36-rt-686-pae |  6.1.139-1 | i386
linux-headers-6.1.0-37-686 |  6.1.140-1 | i386
linux-headers-6.1.0-37-686-pae |  6.1.140-1 | i386
linux-headers-6.1.0-37-rt-686-pae |  6.1.140-1 | i386
linux-headers-6.1.0-38-686 |  6.1.147-1 | i386
linux-headers-6.1.0-38-686-pae |  6.1.147-1 | i386
linux-headers-6.1.0-38-rt-686-pae |  6.1.147-1 | i386
linux-image-6.1.0-32-686-dbg |  6.1.129-1 | i386
linux-image-6.1.0-32-686-pae-dbg |  6.1.129-1 | i386
linux-image-6.1.0-32-686-pae-unsigned |  6.1.129-1 | i386
linux-image-6.1.0-32-686-unsigned |  6.1.129-1 | i386
linux-image-6.1.0-32-rt-686-pae-dbg |  6.1.129-1 | i386
linux-image-6.1.0-32-rt-686-pae-unsigned |  6.1.129-1 | i386
linux-image-6.1.0-36-686-dbg |  6.1.139-1 | i386
linux-image-6.1.0-36-686-pae-dbg |  6.1.139-1 | i386
linux-image-6.1.0-36-686-pae-unsigned |  6.1.139-1 | i386
linux-image-6.1.0-36-686-unsigned |  6.1.139-1 | i386
linux-image-6.1.0-36-rt-686-pae-dbg |  6.1.139-1 | i386
linux-image-6.1.0-36-rt-686-pae-unsigned |  6.1.139-1 | i386
linux-image-6.1.0-37-686-dbg |  6.1.140-1 | i386
linux-image-6.1.0-37-686-pae-dbg |  6.1.140-1 | i386
linux-image-6.1.0-37-686-pae-unsigned |  6.1.140-1 | i386
linux-image-6.1.0-37-686-unsigned |  6.1.140-1 | i386
linux-image-6.1.0-37-rt-686-pae-dbg |  6.1.140-1 | i386
linux-image-6.1.0-37-rt-686-pae-unsigned |  6.1.140-1 | i386
linux-image-6.1.0-38-686-dbg |  6.1.147-1 | i386
linux-image-6.1.0-38-686-pae-dbg |  6.1.147-1 | i386
linux-image-6.1.0-38-686-pae-unsigned |  6.1.147-1 | i386
linux-image-6.1.0-38-686-unsigned |  6.1.147-1 | i386
linux-image-6.1.0-38-rt-686-pae-dbg |  6.1.147-1 | i386
linux-image-6.1.0-38-rt-686-pae-unsigned |  6.1.147-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:26:58 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

acpi-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
acpi-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
acpi-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
acpi-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
ata-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
ata-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
ata-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
ata-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
btrfs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
btrfs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
btrfs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
btrfs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
cdrom-core-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
cdrom-core-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
cdrom-core-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
cdrom-core-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
crc-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
crc-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
crc-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
crc-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
crypto-dm-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
crypto-dm-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
crypto-dm-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
crypto-dm-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
crypto-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
crypto-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
crypto-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
crypto-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
efi-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
efi-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
efi-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
efi-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
event-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
event-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
event-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
event-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
ext4-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
ext4-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
ext4-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
ext4-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
f2fs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
f2fs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
f2fs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
f2fs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
fat-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
fat-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
fat-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
fat-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
fb-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
fb-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
fb-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
fb-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
firewire-core-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
firewire-core-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
firewire-core-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
firewire-core-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
fuse-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
fuse-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
fuse-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
fuse-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
i2c-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
i2c-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
i2c-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
i2c-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
input-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
input-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
input-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
input-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
isofs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
isofs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
isofs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
isofs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
jfs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
jfs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
jfs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
jfs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
kernel-image-6.1.0-32-amd64-di |  6.1.129-1 | amd64
kernel-image-6.1.0-36-amd64-di |  6.1.139-1 | amd64
kernel-image-6.1.0-37-amd64-di |  6.1.140-1 | amd64
kernel-image-6.1.0-38-amd64-di |  6.1.147-1 | amd64
linux-image-6.1.0-32-amd64 |  6.1.129-1 | amd64
linux-image-6.1.0-32-cloud-amd64 |  6.1.129-1 | amd64
linux-image-6.1.0-32-rt-amd64 |  6.1.129-1 | amd64
linux-image-6.1.0-36-amd64 |  6.1.139-1 | amd64
linux-image-6.1.0-36-cloud-amd64 |  6.1.139-1 | amd64
linux-image-6.1.0-36-rt-amd64 |  6.1.139-1 | amd64
linux-image-6.1.0-37-amd64 |  6.1.140-1 | amd64
linux-image-6.1.0-37-cloud-amd64 |  6.1.140-1 | amd64
linux-image-6.1.0-37-rt-amd64 |  6.1.140-1 | amd64
linux-image-6.1.0-38-amd64 |  6.1.147-1 | amd64
linux-image-6.1.0-38-cloud-amd64 |  6.1.147-1 | amd64
linux-image-6.1.0-38-rt-amd64 |  6.1.147-1 | amd64
loop-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
loop-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
loop-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
loop-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
md-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
md-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
md-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
md-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
mmc-core-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
mmc-core-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
mmc-core-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
mmc-core-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
mmc-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
mmc-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
mmc-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
mmc-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
mouse-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
mouse-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
mouse-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
mouse-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
mtd-core-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
mtd-core-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
mtd-core-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
mtd-core-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
multipath-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
multipath-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
multipath-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
multipath-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nbd-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nbd-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nbd-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nbd-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nic-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nic-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nic-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nic-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nic-pcmcia-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nic-pcmcia-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nic-pcmcia-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nic-pcmcia-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nic-shared-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nic-shared-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nic-shared-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nic-shared-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nic-usb-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nic-usb-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nic-usb-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nic-usb-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
nic-wireless-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
nic-wireless-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
nic-wireless-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
nic-wireless-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
pata-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
pata-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
pata-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
pata-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
pcmcia-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
pcmcia-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
pcmcia-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
pcmcia-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
pcmcia-storage-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
pcmcia-storage-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
pcmcia-storage-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
pcmcia-storage-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
ppp-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
ppp-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
ppp-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
ppp-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
rfkill-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
rfkill-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
rfkill-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
rfkill-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
sata-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
sata-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
sata-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
sata-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
scsi-core-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
scsi-core-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
scsi-core-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
scsi-core-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
scsi-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
scsi-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
scsi-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
scsi-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
scsi-nic-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
scsi-nic-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
scsi-nic-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
scsi-nic-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
serial-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
serial-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
serial-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
serial-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
sound-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
sound-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
sound-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
sound-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
speakup-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
speakup-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
speakup-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
speakup-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
squashfs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
squashfs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
squashfs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
squashfs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
udf-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
udf-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
udf-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
udf-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
uinput-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
uinput-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
uinput-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
uinput-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
usb-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
usb-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
usb-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
usb-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
usb-serial-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
usb-serial-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
usb-serial-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
usb-serial-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
usb-storage-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
usb-storage-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
usb-storage-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
usb-storage-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64
xfs-modules-6.1.0-32-amd64-di |  6.1.129-1 | amd64
xfs-modules-6.1.0-36-amd64-di |  6.1.139-1 | amd64
xfs-modules-6.1.0-37-amd64-di |  6.1.140-1 | amd64
xfs-modules-6.1.0-38-amd64-di |  6.1.147-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:27:11 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

ata-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
ata-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
ata-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
ata-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
btrfs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
btrfs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
btrfs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
btrfs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
cdrom-core-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
cdrom-core-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
cdrom-core-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
cdrom-core-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
crc-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
crc-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
crc-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
crc-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
crypto-dm-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
crypto-dm-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
crypto-dm-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
crypto-dm-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
crypto-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
crypto-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
crypto-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
crypto-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
efi-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
efi-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
efi-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
efi-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
event-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
event-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
event-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
event-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
ext4-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
ext4-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
ext4-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
ext4-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
f2fs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
f2fs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
f2fs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
f2fs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
fat-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
fat-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
fat-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
fat-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
fb-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
fb-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
fb-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
fb-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
fuse-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
fuse-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
fuse-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
fuse-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
i2c-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
i2c-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
i2c-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
i2c-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
input-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
input-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
input-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
input-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
isofs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
isofs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
isofs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
isofs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
jfs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
jfs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
jfs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
jfs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
kernel-image-6.1.0-32-arm64-di |  6.1.129-1 | arm64
kernel-image-6.1.0-36-arm64-di |  6.1.139-1 | arm64
kernel-image-6.1.0-37-arm64-di |  6.1.140-1 | arm64
kernel-image-6.1.0-38-arm64-di |  6.1.147-1 | arm64
leds-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
leds-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
leds-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
leds-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
linux-image-6.1.0-32-arm64 |  6.1.129-1 | arm64
linux-image-6.1.0-32-cloud-arm64 |  6.1.129-1 | arm64
linux-image-6.1.0-32-rt-arm64 |  6.1.129-1 | arm64
linux-image-6.1.0-36-arm64 |  6.1.139-1 | arm64
linux-image-6.1.0-36-cloud-arm64 |  6.1.139-1 | arm64
linux-image-6.1.0-36-rt-arm64 |  6.1.139-1 | arm64
linux-image-6.1.0-37-arm64 |  6.1.140-1 | arm64
linux-image-6.1.0-37-cloud-arm64 |  6.1.140-1 | arm64
linux-image-6.1.0-37-rt-arm64 |  6.1.140-1 | arm64
linux-image-6.1.0-38-arm64 |  6.1.147-1 | arm64
linux-image-6.1.0-38-cloud-arm64 |  6.1.147-1 | arm64
linux-image-6.1.0-38-rt-arm64 |  6.1.147-1 | arm64
loop-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
loop-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
loop-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
loop-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
md-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
md-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
md-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
md-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
mmc-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
mmc-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
mmc-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
mmc-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
mtd-core-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
mtd-core-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
mtd-core-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
mtd-core-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
multipath-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
multipath-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
multipath-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
multipath-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
nbd-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
nbd-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
nbd-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
nbd-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
nic-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
nic-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
nic-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
nic-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
nic-shared-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
nic-shared-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
nic-shared-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
nic-shared-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
nic-usb-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
nic-usb-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
nic-usb-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
nic-usb-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
nic-wireless-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
nic-wireless-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
nic-wireless-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
nic-wireless-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
ppp-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
ppp-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
ppp-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
ppp-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
sata-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
sata-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
sata-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
sata-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
scsi-core-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
scsi-core-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
scsi-core-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
scsi-core-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
scsi-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
scsi-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
scsi-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
scsi-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
scsi-nic-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
scsi-nic-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
scsi-nic-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
scsi-nic-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
sound-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
sound-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
sound-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
sound-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
speakup-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
speakup-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
speakup-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
speakup-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
squashfs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
squashfs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
squashfs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
squashfs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
udf-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
udf-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
udf-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
udf-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
uinput-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
uinput-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
uinput-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
uinput-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
usb-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
usb-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
usb-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
usb-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
usb-serial-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
usb-serial-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
usb-serial-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
usb-serial-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
usb-storage-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
usb-storage-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
usb-storage-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
usb-storage-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64
xfs-modules-6.1.0-32-arm64-di |  6.1.129-1 | arm64
xfs-modules-6.1.0-36-arm64-di |  6.1.139-1 | arm64
xfs-modules-6.1.0-37-arm64-di |  6.1.140-1 | arm64
xfs-modules-6.1.0-38-arm64-di |  6.1.147-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:27:36 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

acpi-modules-6.1.0-32-686-di |  6.1.129-1 | i386
acpi-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
acpi-modules-6.1.0-36-686-di |  6.1.139-1 | i386
acpi-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
acpi-modules-6.1.0-37-686-di |  6.1.140-1 | i386
acpi-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
acpi-modules-6.1.0-38-686-di |  6.1.147-1 | i386
acpi-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
ata-modules-6.1.0-32-686-di |  6.1.129-1 | i386
ata-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
ata-modules-6.1.0-36-686-di |  6.1.139-1 | i386
ata-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
ata-modules-6.1.0-37-686-di |  6.1.140-1 | i386
ata-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
ata-modules-6.1.0-38-686-di |  6.1.147-1 | i386
ata-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
btrfs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
btrfs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
btrfs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
btrfs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
btrfs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
btrfs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
btrfs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
btrfs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
cdrom-core-modules-6.1.0-32-686-di |  6.1.129-1 | i386
cdrom-core-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
cdrom-core-modules-6.1.0-36-686-di |  6.1.139-1 | i386
cdrom-core-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
cdrom-core-modules-6.1.0-37-686-di |  6.1.140-1 | i386
cdrom-core-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
cdrom-core-modules-6.1.0-38-686-di |  6.1.147-1 | i386
cdrom-core-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
crc-modules-6.1.0-32-686-di |  6.1.129-1 | i386
crc-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
crc-modules-6.1.0-36-686-di |  6.1.139-1 | i386
crc-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
crc-modules-6.1.0-37-686-di |  6.1.140-1 | i386
crc-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
crc-modules-6.1.0-38-686-di |  6.1.147-1 | i386
crc-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
crypto-dm-modules-6.1.0-32-686-di |  6.1.129-1 | i386
crypto-dm-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
crypto-dm-modules-6.1.0-36-686-di |  6.1.139-1 | i386
crypto-dm-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
crypto-dm-modules-6.1.0-37-686-di |  6.1.140-1 | i386
crypto-dm-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
crypto-dm-modules-6.1.0-38-686-di |  6.1.147-1 | i386
crypto-dm-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
crypto-modules-6.1.0-32-686-di |  6.1.129-1 | i386
crypto-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
crypto-modules-6.1.0-36-686-di |  6.1.139-1 | i386
crypto-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
crypto-modules-6.1.0-37-686-di |  6.1.140-1 | i386
crypto-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
crypto-modules-6.1.0-38-686-di |  6.1.147-1 | i386
crypto-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
efi-modules-6.1.0-32-686-di |  6.1.129-1 | i386
efi-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
efi-modules-6.1.0-36-686-di |  6.1.139-1 | i386
efi-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
efi-modules-6.1.0-37-686-di |  6.1.140-1 | i386
efi-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
efi-modules-6.1.0-38-686-di |  6.1.147-1 | i386
efi-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
event-modules-6.1.0-32-686-di |  6.1.129-1 | i386
event-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
event-modules-6.1.0-36-686-di |  6.1.139-1 | i386
event-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
event-modules-6.1.0-37-686-di |  6.1.140-1 | i386
event-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
event-modules-6.1.0-38-686-di |  6.1.147-1 | i386
event-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
ext4-modules-6.1.0-32-686-di |  6.1.129-1 | i386
ext4-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
ext4-modules-6.1.0-36-686-di |  6.1.139-1 | i386
ext4-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
ext4-modules-6.1.0-37-686-di |  6.1.140-1 | i386
ext4-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
ext4-modules-6.1.0-38-686-di |  6.1.147-1 | i386
ext4-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
f2fs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
f2fs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
f2fs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
f2fs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
f2fs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
f2fs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
f2fs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
f2fs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
fat-modules-6.1.0-32-686-di |  6.1.129-1 | i386
fat-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
fat-modules-6.1.0-36-686-di |  6.1.139-1 | i386
fat-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
fat-modules-6.1.0-37-686-di |  6.1.140-1 | i386
fat-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
fat-modules-6.1.0-38-686-di |  6.1.147-1 | i386
fat-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
fb-modules-6.1.0-32-686-di |  6.1.129-1 | i386
fb-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
fb-modules-6.1.0-36-686-di |  6.1.139-1 | i386
fb-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
fb-modules-6.1.0-37-686-di |  6.1.140-1 | i386
fb-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
fb-modules-6.1.0-38-686-di |  6.1.147-1 | i386
fb-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
firewire-core-modules-6.1.0-32-686-di |  6.1.129-1 | i386
firewire-core-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
firewire-core-modules-6.1.0-36-686-di |  6.1.139-1 | i386
firewire-core-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
firewire-core-modules-6.1.0-37-686-di |  6.1.140-1 | i386
firewire-core-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
firewire-core-modules-6.1.0-38-686-di |  6.1.147-1 | i386
firewire-core-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
fuse-modules-6.1.0-32-686-di |  6.1.129-1 | i386
fuse-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
fuse-modules-6.1.0-36-686-di |  6.1.139-1 | i386
fuse-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
fuse-modules-6.1.0-37-686-di |  6.1.140-1 | i386
fuse-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
fuse-modules-6.1.0-38-686-di |  6.1.147-1 | i386
fuse-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
i2c-modules-6.1.0-32-686-di |  6.1.129-1 | i386
i2c-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
i2c-modules-6.1.0-36-686-di |  6.1.139-1 | i386
i2c-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
i2c-modules-6.1.0-37-686-di |  6.1.140-1 | i386
i2c-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
i2c-modules-6.1.0-38-686-di |  6.1.147-1 | i386
i2c-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
input-modules-6.1.0-32-686-di |  6.1.129-1 | i386
input-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
input-modules-6.1.0-36-686-di |  6.1.139-1 | i386
input-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
input-modules-6.1.0-37-686-di |  6.1.140-1 | i386
input-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
input-modules-6.1.0-38-686-di |  6.1.147-1 | i386
input-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
isofs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
isofs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
isofs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
isofs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
isofs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
isofs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
isofs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
isofs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
jfs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
jfs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
jfs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
jfs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
jfs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
jfs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
jfs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
jfs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
kernel-image-6.1.0-32-686-di |  6.1.129-1 | i386
kernel-image-6.1.0-32-686-pae-di |  6.1.129-1 | i386
kernel-image-6.1.0-36-686-di |  6.1.139-1 | i386
kernel-image-6.1.0-36-686-pae-di |  6.1.139-1 | i386
kernel-image-6.1.0-37-686-di |  6.1.140-1 | i386
kernel-image-6.1.0-37-686-pae-di |  6.1.140-1 | i386
kernel-image-6.1.0-38-686-di |  6.1.147-1 | i386
kernel-image-6.1.0-38-686-pae-di |  6.1.147-1 | i386
linux-image-6.1.0-32-686 |  6.1.129-1 | i386
linux-image-6.1.0-32-686-pae |  6.1.129-1 | i386
linux-image-6.1.0-32-rt-686-pae |  6.1.129-1 | i386
linux-image-6.1.0-36-686 |  6.1.139-1 | i386
linux-image-6.1.0-36-686-pae |  6.1.139-1 | i386
linux-image-6.1.0-36-rt-686-pae |  6.1.139-1 | i386
linux-image-6.1.0-37-686 |  6.1.140-1 | i386
linux-image-6.1.0-37-686-pae |  6.1.140-1 | i386
linux-image-6.1.0-37-rt-686-pae |  6.1.140-1 | i386
linux-image-6.1.0-38-686 |  6.1.147-1 | i386
linux-image-6.1.0-38-686-pae |  6.1.147-1 | i386
linux-image-6.1.0-38-rt-686-pae |  6.1.147-1 | i386
loop-modules-6.1.0-32-686-di |  6.1.129-1 | i386
loop-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
loop-modules-6.1.0-36-686-di |  6.1.139-1 | i386
loop-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
loop-modules-6.1.0-37-686-di |  6.1.140-1 | i386
loop-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
loop-modules-6.1.0-38-686-di |  6.1.147-1 | i386
loop-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
md-modules-6.1.0-32-686-di |  6.1.129-1 | i386
md-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
md-modules-6.1.0-36-686-di |  6.1.139-1 | i386
md-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
md-modules-6.1.0-37-686-di |  6.1.140-1 | i386
md-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
md-modules-6.1.0-38-686-di |  6.1.147-1 | i386
md-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
mmc-core-modules-6.1.0-32-686-di |  6.1.129-1 | i386
mmc-core-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
mmc-core-modules-6.1.0-36-686-di |  6.1.139-1 | i386
mmc-core-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
mmc-core-modules-6.1.0-37-686-di |  6.1.140-1 | i386
mmc-core-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
mmc-core-modules-6.1.0-38-686-di |  6.1.147-1 | i386
mmc-core-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
mmc-modules-6.1.0-32-686-di |  6.1.129-1 | i386
mmc-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
mmc-modules-6.1.0-36-686-di |  6.1.139-1 | i386
mmc-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
mmc-modules-6.1.0-37-686-di |  6.1.140-1 | i386
mmc-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
mmc-modules-6.1.0-38-686-di |  6.1.147-1 | i386
mmc-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
mouse-modules-6.1.0-32-686-di |  6.1.129-1 | i386
mouse-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
mouse-modules-6.1.0-36-686-di |  6.1.139-1 | i386
mouse-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
mouse-modules-6.1.0-37-686-di |  6.1.140-1 | i386
mouse-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
mouse-modules-6.1.0-38-686-di |  6.1.147-1 | i386
mouse-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
mtd-core-modules-6.1.0-32-686-di |  6.1.129-1 | i386
mtd-core-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
mtd-core-modules-6.1.0-36-686-di |  6.1.139-1 | i386
mtd-core-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
mtd-core-modules-6.1.0-37-686-di |  6.1.140-1 | i386
mtd-core-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
mtd-core-modules-6.1.0-38-686-di |  6.1.147-1 | i386
mtd-core-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
multipath-modules-6.1.0-32-686-di |  6.1.129-1 | i386
multipath-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
multipath-modules-6.1.0-36-686-di |  6.1.139-1 | i386
multipath-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
multipath-modules-6.1.0-37-686-di |  6.1.140-1 | i386
multipath-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
multipath-modules-6.1.0-38-686-di |  6.1.147-1 | i386
multipath-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nbd-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nbd-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nbd-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nbd-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nbd-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nbd-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nbd-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nbd-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nic-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nic-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nic-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nic-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nic-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nic-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nic-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nic-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nic-pcmcia-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nic-pcmcia-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nic-pcmcia-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nic-pcmcia-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nic-pcmcia-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nic-pcmcia-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nic-pcmcia-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nic-pcmcia-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nic-shared-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nic-shared-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nic-shared-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nic-shared-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nic-shared-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nic-shared-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nic-shared-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nic-shared-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nic-usb-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nic-usb-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nic-usb-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nic-usb-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nic-usb-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nic-usb-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nic-usb-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nic-usb-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
nic-wireless-modules-6.1.0-32-686-di |  6.1.129-1 | i386
nic-wireless-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
nic-wireless-modules-6.1.0-36-686-di |  6.1.139-1 | i386
nic-wireless-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
nic-wireless-modules-6.1.0-37-686-di |  6.1.140-1 | i386
nic-wireless-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
nic-wireless-modules-6.1.0-38-686-di |  6.1.147-1 | i386
nic-wireless-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
pata-modules-6.1.0-32-686-di |  6.1.129-1 | i386
pata-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
pata-modules-6.1.0-36-686-di |  6.1.139-1 | i386
pata-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
pata-modules-6.1.0-37-686-di |  6.1.140-1 | i386
pata-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
pata-modules-6.1.0-38-686-di |  6.1.147-1 | i386
pata-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
pcmcia-modules-6.1.0-32-686-di |  6.1.129-1 | i386
pcmcia-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
pcmcia-modules-6.1.0-36-686-di |  6.1.139-1 | i386
pcmcia-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
pcmcia-modules-6.1.0-37-686-di |  6.1.140-1 | i386
pcmcia-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
pcmcia-modules-6.1.0-38-686-di |  6.1.147-1 | i386
pcmcia-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
pcmcia-storage-modules-6.1.0-32-686-di |  6.1.129-1 | i386
pcmcia-storage-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
pcmcia-storage-modules-6.1.0-36-686-di |  6.1.139-1 | i386
pcmcia-storage-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
pcmcia-storage-modules-6.1.0-37-686-di |  6.1.140-1 | i386
pcmcia-storage-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
pcmcia-storage-modules-6.1.0-38-686-di |  6.1.147-1 | i386
pcmcia-storage-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
ppp-modules-6.1.0-32-686-di |  6.1.129-1 | i386
ppp-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
ppp-modules-6.1.0-36-686-di |  6.1.139-1 | i386
ppp-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
ppp-modules-6.1.0-37-686-di |  6.1.140-1 | i386
ppp-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
ppp-modules-6.1.0-38-686-di |  6.1.147-1 | i386
ppp-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
rfkill-modules-6.1.0-32-686-di |  6.1.129-1 | i386
rfkill-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
rfkill-modules-6.1.0-36-686-di |  6.1.139-1 | i386
rfkill-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
rfkill-modules-6.1.0-37-686-di |  6.1.140-1 | i386
rfkill-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
rfkill-modules-6.1.0-38-686-di |  6.1.147-1 | i386
rfkill-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
sata-modules-6.1.0-32-686-di |  6.1.129-1 | i386
sata-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
sata-modules-6.1.0-36-686-di |  6.1.139-1 | i386
sata-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
sata-modules-6.1.0-37-686-di |  6.1.140-1 | i386
sata-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
sata-modules-6.1.0-38-686-di |  6.1.147-1 | i386
sata-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
scsi-core-modules-6.1.0-32-686-di |  6.1.129-1 | i386
scsi-core-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
scsi-core-modules-6.1.0-36-686-di |  6.1.139-1 | i386
scsi-core-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
scsi-core-modules-6.1.0-37-686-di |  6.1.140-1 | i386
scsi-core-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
scsi-core-modules-6.1.0-38-686-di |  6.1.147-1 | i386
scsi-core-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
scsi-modules-6.1.0-32-686-di |  6.1.129-1 | i386
scsi-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
scsi-modules-6.1.0-36-686-di |  6.1.139-1 | i386
scsi-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
scsi-modules-6.1.0-37-686-di |  6.1.140-1 | i386
scsi-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
scsi-modules-6.1.0-38-686-di |  6.1.147-1 | i386
scsi-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
scsi-nic-modules-6.1.0-32-686-di |  6.1.129-1 | i386
scsi-nic-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
scsi-nic-modules-6.1.0-36-686-di |  6.1.139-1 | i386
scsi-nic-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
scsi-nic-modules-6.1.0-37-686-di |  6.1.140-1 | i386
scsi-nic-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
scsi-nic-modules-6.1.0-38-686-di |  6.1.147-1 | i386
scsi-nic-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
serial-modules-6.1.0-32-686-di |  6.1.129-1 | i386
serial-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
serial-modules-6.1.0-36-686-di |  6.1.139-1 | i386
serial-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
serial-modules-6.1.0-37-686-di |  6.1.140-1 | i386
serial-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
serial-modules-6.1.0-38-686-di |  6.1.147-1 | i386
serial-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
sound-modules-6.1.0-32-686-di |  6.1.129-1 | i386
sound-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
sound-modules-6.1.0-36-686-di |  6.1.139-1 | i386
sound-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
sound-modules-6.1.0-37-686-di |  6.1.140-1 | i386
sound-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
sound-modules-6.1.0-38-686-di |  6.1.147-1 | i386
sound-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
speakup-modules-6.1.0-32-686-di |  6.1.129-1 | i386
speakup-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
speakup-modules-6.1.0-36-686-di |  6.1.139-1 | i386
speakup-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
speakup-modules-6.1.0-37-686-di |  6.1.140-1 | i386
speakup-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
speakup-modules-6.1.0-38-686-di |  6.1.147-1 | i386
speakup-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
squashfs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
squashfs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
squashfs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
squashfs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
squashfs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
squashfs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
squashfs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
squashfs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
udf-modules-6.1.0-32-686-di |  6.1.129-1 | i386
udf-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
udf-modules-6.1.0-36-686-di |  6.1.139-1 | i386
udf-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
udf-modules-6.1.0-37-686-di |  6.1.140-1 | i386
udf-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
udf-modules-6.1.0-38-686-di |  6.1.147-1 | i386
udf-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
uinput-modules-6.1.0-32-686-di |  6.1.129-1 | i386
uinput-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
uinput-modules-6.1.0-36-686-di |  6.1.139-1 | i386
uinput-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
uinput-modules-6.1.0-37-686-di |  6.1.140-1 | i386
uinput-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
uinput-modules-6.1.0-38-686-di |  6.1.147-1 | i386
uinput-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
usb-modules-6.1.0-32-686-di |  6.1.129-1 | i386
usb-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
usb-modules-6.1.0-36-686-di |  6.1.139-1 | i386
usb-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
usb-modules-6.1.0-37-686-di |  6.1.140-1 | i386
usb-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
usb-modules-6.1.0-38-686-di |  6.1.147-1 | i386
usb-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
usb-serial-modules-6.1.0-32-686-di |  6.1.129-1 | i386
usb-serial-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
usb-serial-modules-6.1.0-36-686-di |  6.1.139-1 | i386
usb-serial-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
usb-serial-modules-6.1.0-37-686-di |  6.1.140-1 | i386
usb-serial-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
usb-serial-modules-6.1.0-38-686-di |  6.1.147-1 | i386
usb-serial-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
usb-storage-modules-6.1.0-32-686-di |  6.1.129-1 | i386
usb-storage-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
usb-storage-modules-6.1.0-36-686-di |  6.1.139-1 | i386
usb-storage-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
usb-storage-modules-6.1.0-37-686-di |  6.1.140-1 | i386
usb-storage-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
usb-storage-modules-6.1.0-38-686-di |  6.1.147-1 | i386
usb-storage-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386
xfs-modules-6.1.0-32-686-di |  6.1.129-1 | i386
xfs-modules-6.1.0-32-686-pae-di |  6.1.129-1 | i386
xfs-modules-6.1.0-36-686-di |  6.1.139-1 | i386
xfs-modules-6.1.0-36-686-pae-di |  6.1.139-1 | i386
xfs-modules-6.1.0-37-686-di |  6.1.140-1 | i386
xfs-modules-6.1.0-37-686-pae-di |  6.1.140-1 | i386
xfs-modules-6.1.0-38-686-di |  6.1.147-1 | i386
xfs-modules-6.1.0-38-686-pae-di |  6.1.147-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:28:03 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

linux-headers-6.1.0-32-common |  6.1.129-1 | all
linux-headers-6.1.0-32-common-rt |  6.1.129-1 | all
linux-headers-6.1.0-36-common |  6.1.139-1 | all
linux-headers-6.1.0-36-common-rt |  6.1.139-1 | all
linux-headers-6.1.0-37-common |  6.1.140-1 | all
linux-headers-6.1.0-37-common-rt |  6.1.140-1 | all
linux-headers-6.1.0-38-common |  6.1.147-1 | all
linux-headers-6.1.0-38-common-rt |  6.1.147-1 | all
linux-support-6.1.0-32 |  6.1.129-1 | all
linux-support-6.1.0-36 |  6.1.139-1 | all
linux-support-6.1.0-37 |  6.1.140-1 | all
linux-support-6.1.0-38 |  6.1.147-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:29:58 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

libstd-rust-web-1.78 | 1.78.0+dfsg1-2~deb12u3 | amd64, arm64, armhf, i386, ppc64el, s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:30:46 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

libstd-rust-web-dev-windows | 1.78.0+dfsg1-2~deb12u3 | amd64, i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 06 Sep 2025 10:31:12 -0000] [ftpmaster: Joerg Jaspert]
Removed the following packages from oldstable:

mono-source | 6.8.0.105+dfsg-3.3 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by mono - based on source metadata)
----------------------------------------------
=========================================================================

aide (0.18.3-1+deb12u4) bookworm-security; urgency=high
 .
   * Apply upstream patch to escape control characters in report and log output
     (CVE-2025-54389)
     * also apply upstream patch to fix double free during report generation,
       which is required for the security patch
   * Apply upstream patch to fix null pointer dereference after reading
     incorrectly encoded xattr attributes from database (CVE-2025-54409)

amd64-microcode (3.20250311.1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm (revert merged-usr changes from unstable)
 .
 amd64-microcode (3.20250311.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20250311
   * New AMD-SEV firmware from AMD upstream (20250221)
     * SECURITY UPDATE (AMD-SB-3019 / CVE-2024-56161):
       Update remote attestation to be compatible with AMD systems with
       up-to-date firmware (i.e. which fixes "EntrySign"), and update
       AMD-SEV for AMD-SB-3019 mitigations.  Note that this AMD-SEV
       update DOES NOT FIX the microcode "EntrySign" vulnerability.
       (closes: #1095470)
     + Updated SEV firmware:
         Family 17h models 30h-3fh: version 0.24 build 20
         Family 19h models 00h-0fh: version 1.55 build 29
         Family 19h models 10h-1fh: version 1.55 build 39
         Family 19h models a0h-afh: version 1.55 build 39
       + New SEV firmware:
         Family 1ah models 00h-0fh: version 1.55 build 54
   * New AMD microcode updates from AMD upstream (20241121)
     + Add patches for many (non-server) family 19h processors
     * Updated Microcode patches:
       + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
     * New Microcode patches:
       + Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
       + Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
       + Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
       + Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
       + Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
       + Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
       + Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
       + Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
       + Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
       + Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
       + Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
       + Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
       + Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
       + Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
amd64-microcode (3.20240820.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240820
     * New AMD-SEV firmware from AMD upstream (20240820)
       + Updated SEV firmware:
         Family 17h models 30h-3fh: version 0.24 build 20
         Family 19h models 00h-0fh: version 1.55 build 21
         Family 19h models 10h-1fh: version 1.55 build 37
       + New SEV firmware:
         Family 19h models a0h-afh: version 1.55 build 37
   * SECURITY UPDATE (AMD-SB-3003):
     * Mitigates CVE-2023-20584: IOMMU improperly handles certain special
       address ranges with invalid device table entries (DTEs), which may allow
       an attacker with privileges and a compromised Hypervisor to induce DTE
       faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of
       guest integrity.
     * Mitigates CVE-2023-31356: Incomplete system memory cleanup in SEV
       firmware could allow a privileged attacker to corrupt guest private
       memory, potentially resulting in a loss of data integrity.

aom (3.6.0-1+deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * debian/gbp.conf: Explicitly specify debian/bookworm branch.
   * debian/patches/backport/:
     Backport upstream-recommended patch series from upstream v3.6.x branch
     to fix incompatible behavior. (Closes: #1106884)
     + 0004-Guard-support-of-7.x-and-8.x-levels-under-a-config-f.patch
     + 0005-Improve-CONFIG_CWG_C013.patch

apache2 (2.4.65-1~deb12u1) bookworm; urgency=medium
 .
   * Team upload
 .
   [ Yadd ]
   * Drop patches included in upstream
   * New upstream version 2.4.64
     (Closes: CVE-2025-23048, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394,
     CVE-2024-47252, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020)
   * New upstream version 2.4.65
     (Closes: CVE-2025-54090)
   * Unfuzz patches
 .
   [ Bastien Roucariès ]
   * Add a NEWS entry following CVE-2025-23048
apache2 (2.4.64-1) unstable; urgency=medium
 .
   [ Yadd ]
   * Add libanyevent-websocket-client-perl in test-suite dependencies
   * Add build dependency to libcrypt-dev (Closes: #1107049)
   * Update d/ch
   * Drop old and useless build helper (Closes: #1108897)
   * New upstream version 2.4.64
     (Closes: CVE-2025-23048, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394,
     CVE-2024-47252, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020)
   * Unfuzz patches
 .
   [ Jo ]
   * Adapted comment for SSLSessionTickets (Closes: #972695)
apache2 (2.4.63-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 2.4.63
   * Drop patches included in upstream
   * Back to unstable
apache2 (2.4.62-6) experimental; urgency=medium
 .
   * Fix Reverse proxy via mod_rewrite broken after 2.4.62
     (Closes: #1081266)
apache2 (2.4.62-5) experimental; urgency=medium
 .
   * Fix CVE-2024-38473 regression: error parsing URL //: with space
     (Closes: #1079171)
apache2 (2.4.62-4) experimental; urgency=medium
 .
   * Fix CVE-2024-38473 regression: error parsing URL //: Invalid host/port
     SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://" failed
     with AH01059: error
     (Closes: #1076554)
apache2 (2.4.62-3) unstable; urgency=medium
 .
   * Fix debian/changelog
apache2 (2.4.62-2) unstable; urgency=medium
 .
   * Add myself as maintainer with yadd agreement.
apache2 (2.4.62-1) unstable; urgency=medium
 .
   * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)

b43-fwcutter (1:019-8+deb12u1) bookworm; urgency=medium
 .
   * QA upload.
   * Update remote site where firmware can be fetched (Closes: #1109025)

base-files (12.4+deb12u12) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.12, for Debian 12.12 point release.

botan (2.19.3+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-34702
   * CVE-2024-34703
   * CVE-2024-39312
   * CVE-2024-50382/CVE-2024-50383 (Closes: #1086039)

ca-certificates (20230311+deb12u1) bookworm; urgency=medium
 .
   * Add 2 Sectigo roots that are in active use and causing
     interop issues; these roots were included in the Mozilla bundle
     version 2.62 (closes: #1095913):
     + Sectigo Public Server Authentication Root E46
     + Sectigo Public Server Authentication Root R46

catdoc (1:0.95-6~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Rebuild for bookworm-security
 .
 catdoc (1:0.95-6) unstable; urgency=medium
 .
   * Add patches prepared by Cisco Talos team to address multiple security
     vulnerabilities: CVE-2024-48877, CVE-2024-52035, and CVE-2024-54028.
     Thanks to Ali Rizvi-Santiago from the Talos team who found and fixed the
     vulnerabilities, and to Salvatore Bonaccorso from the Debian Security Team
     for all his help and infinite patience.
     Closes: #1107168

chromium (139.0.7258.154-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9478: Use after free in ANGLE.
       Reported by Google Big Sleep.
   * d/patches/bookworm/stdarch-arm.patch: drop to fix FTBFS on arm64
     with newer rustc-web.
chromium (139.0.7258.138-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9132: Out of bounds write in V8.
       Reported by Google Big Sleep.
chromium (139.0.7258.138-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9132: Out of bounds write in V8.
       Reported by Google Big Sleep.
chromium (139.0.7258.138-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-9132: Out of bounds write in V8.
       Reported by Google Big Sleep.
chromium (139.0.7258.127-2) unstable; urgency=high
 .
   * d/patches:
       - bookworm/adler1.patch: drop, rustc in sid is now new enough for
         adler2. Also move it into trixie/adler1.patch.
       - bookworm/libxml-parseerr.patch: drop, libxml in sid is upgraded.
         Also move it to trixie/libxml-parseerr.patch.
   * d/control: update build-deps to require rust >= 1.86, libxml >= 2.14.
chromium (139.0.7258.127-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous
     - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n).
     - CVE-2025-8901: Out of bounds write in ANGLE.
       Reported by Google Big Sleep.
     - CVE-2025-8881: Inappropriate implementation in File Picker.
       Reported by Alesandro Ortiz.
     - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq.
chromium (139.0.7258.127-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous
     - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n).
     - CVE-2025-8901: Out of bounds write in ANGLE.
       Reported by Google Big Sleep.
     - CVE-2025-8881: Inappropriate implementation in File Picker.
       Reported by Alesandro Ortiz.
     - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq.
 .
 chromium (139.0.7258.66-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-8576: Use after free in Extensions. Reported by asnine.
     - CVE-2025-8577: Inappropriate implementation in Picture In Picture.
       Reported by Umar Farooq.
     - CVE-2025-8578: Use after free in Cast. Reported by Fayez.
     - CVE-2025-8579: Inappropriate implementation in Gemini Live in
       Chrome. Reported by Alesandro Ortiz.
     - CVE-2025-8580: Inappropriate implementation in Filesystems.
       Reported by Huuuuu.
     - CVE-2025-8581: Inappropriate implementation in Extensions.
       Reported by Vincent Dragnea.
     - CVE-2025-8582: Insufficient validation of untrusted input in DOM.
       Reported by Anonymous.
     - CVE-2025-8583: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
   * d/copyright: delete third_party/enterprise_companion, as it includes
     a binary.
   * d/control: Replace elfutils build-dep with llvm-19 for switch to
     llvm-strip.
   * d/rules:
     - drop enable_nacl=false; upstream removed NaCL.
     - set enable_enterprise_companion=false.
     - disable Gemini AI (enable_glic=false).
   * d/patches:
     - disable/catapult.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - system/eu-strip.patch: drop, upstream switched to llvm-strip.
     - bookworm/gn-revert-path-exists.patch: refresh & drop unused part.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie
       now has a newer bindgen.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       Refresh for upstream changes
     - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send
       syscalls
     - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream
       changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream
       sources
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes
chromium (139.0.7258.127-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous
     - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n).
     - CVE-2025-8901: Out of bounds write in ANGLE.
       Reported by Google Big Sleep.
     - CVE-2025-8881: Inappropriate implementation in File Picker.
       Reported by Alesandro Ortiz.
     - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq.
chromium (139.0.7258.66-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-8576: Use after free in Extensions. Reported by asnine.
     - CVE-2025-8577: Inappropriate implementation in Picture In Picture.
       Reported by Umar Farooq.
     - CVE-2025-8578: Use after free in Cast. Reported by Fayez.
     - CVE-2025-8579: Inappropriate implementation in Gemini Live in
       Chrome. Reported by Alesandro Ortiz.
     - CVE-2025-8580: Inappropriate implementation in Filesystems.
       Reported by Huuuuu.
     - CVE-2025-8581: Inappropriate implementation in Extensions.
       Reported by Vincent Dragnea.
     - CVE-2025-8582: Insufficient validation of untrusted input in DOM.
       Reported by Anonymous.
     - CVE-2025-8583: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
   * d/copyright: delete third_party/enterprise_companion, as it includes
     a binary.
   * d/control: Replace elfutils build-dep with llvm-19 for switch to
     llvm-strip.
   * d/rules:
     - drop enable_nacl=false; upstream removed NaCL.
     - set enable_enterprise_companion=false.
     - disable Gemini AI (enable_glic=false).
   * d/patches:
     - disable/catapult.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - system/eu-strip.patch: drop, upstream switched to llvm-strip.
     - bookworm/gn-revert-path-exists.patch: refresh & drop unused part.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie
       now has a newer bindgen.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       Refresh for upstream changes
     - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send
       syscalls
     - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream
       changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream
       sources
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes
chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-8576: Use after free in Extensions. Reported by asnine.
     - CVE-2025-8577: Inappropriate implementation in Picture In Picture.
       Reported by Umar Farooq.
     - CVE-2025-8578: Use after free in Cast. Reported by Fayez.
     - CVE-2025-8579: Inappropriate implementation in Gemini Live in
       Chrome. Reported by Alesandro Ortiz.
     - CVE-2025-8580: Inappropriate implementation in Filesystems.
       Reported by Huuuuu.
     - CVE-2025-8581: Inappropriate implementation in Extensions.
       Reported by Vincent Dragnea.
     - CVE-2025-8582: Insufficient validation of untrusted input in DOM.
       Reported by Anonymous.
     - CVE-2025-8583: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
   * d/copyright: delete third_party/enterprise_companion, as it includes
     a binary.
   * d/control:
     - Replace elfutils build-dep with llvm-19 for switch to llvm-strip.
     - Update rustc-web build-dep to >= 1.84.
   * d/rules:
     - drop enable_nacl=false; upstream removed NaCL.
     - set enable_enterprise_companion=false.
     - disable Gemini AI (enable_glic=false).
   * d/patches:
     - disable/catapult.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - system/eu-strip.patch: drop, upstream switched to llvm-strip.
     - bookworm/gn-revert-path-exists.patch: refresh & drop unused part.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie
       now has a newer bindgen.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web.
     - bookworm/rust-unstable-features.patch: drop - newer rustc-web.
     - bookworm/bubble-contents.patch: drop, no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       Refresh for upstream changes
     - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send
       syscalls
     - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream
       changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream
       sources
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes
chromium (138.0.7204.183-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8292: Use after free in Media Stream.
chromium (138.0.7204.183-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8292: Use after free in Media Stream.
chromium (138.0.7204.168-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8010: Type Confusion in V8. Reported by Shaheen Fazim.
     - CVE-2025-8011: Type Confusion in V8. Reported by Shaheen Fazim.
   * d/patches/ppc64le/sandbox:
     - 0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh.
chromium (138.0.7204.168-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-8010: Type Confusion in V8. Reported by Shaheen Fazim.
     - CVE-2025-8011: Type Confusion in V8. Reported by Shaheen Fazim.
   * d/patches/ppc64le/sandbox:
     - 0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh.
chromium (138.0.7204.157-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-7656: Integer overflow in V8. Reported by Shaheen Fazim.
     - CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and
       GPU. Reported by Clément Lecigne and Vlad Stolyarov of Google's
       Threat Analysis Group.
     - CVE-2025-7657: Use after free in WebRTC. Reported by jakebiles.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - fixes/fix-page-allocator-overflow.patch: add to fix sporadic
       partition allocator failures on ppc64el systems.
     - third_party/use-sysconf-page-size-on-ppc64.patch: drop, no longer
       needed.
chromium (138.0.7204.157-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-7656: Integer overflow in V8. Reported by Shaheen Fazim.
     - CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and
       GPU. Reported by Clément Lecigne and Vlad Stolyarov of Google's
       Threat Analysis Group.
     - CVE-2025-7657: Use after free in WebRTC. Reported by jakebiles.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - fixes/fix-page-allocator-overflow.patch: add to fix sporadic
       partition allocator failures on ppc64el systems.
     - third_party/use-sysconf-page-size-on-ppc64.patch: drop, no longer
       needed.
chromium (138.0.7204.92-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-6554: Type Confusion in V8. Reported by
       Clément Lecigne of Google's Threat Analysis Group.
   * Add lintian override for embedded libjsoncpp in
     libtest_trace_processor.so.
   * Drop the text about extensions from d/presubj, and instead ask bug
     reporters to include output from chrome://gpu which is super useful.
chromium (138.0.7204.92-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-6554: Type Confusion in V8. Reported by
       Clément Lecigne of Google's Threat Analysis Group.
   * Add lintian override for embedded libjsoncpp in
     libtest_trace_processor.so.
   * Drop the text about extensions from d/presubj, and instead ask bug
     reporters to include output from chrome://gpu which is super useful.
chromium (138.0.7204.49-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules: drop enable_reading_list=false, as Reading List is now
     supported for all architectures.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
chromium (137.0.7151.119-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim.
     - CVE-2025-6192: Use after free in Profiler.
       Reported by Chaoyuan Peng (@ret2happy).
   * Include libtest_trace_processor.so in chromium-shell package.
     (closes: #1107837).
   * d/patches:
     - fixes/armhf-icf.patch: add workaround for build failure on armhf
       (thanks Daniel Richard G!).
chromium (137.0.7151.119-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim.
     - CVE-2025-6192: Use after free in Profiler.
       Reported by Chaoyuan Peng (@ret2happy).
   * Include libtest_trace_processor.so in chromium-shell package.
     (closes: #1107837).
   * d/patches:
     - fixes/armhf-icf.patch: add workaround for build failure on armhf
       (thanks Daniel Richard G!).
chromium (137.0.7151.103-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-5958: Use after free in Media.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
     - CVE-2025-5959: Type Confusion in V8.
       Reported by Seunghyun Lee as part of TyphoonPWN 2025.
   * Add build-dep on libc++-19-dev and switch to building statically
     against clang's libc++ (instead of gcc's libstdc++).
   * d/patches:
     - fixes/absl-optional.patch: drop, only needed for libstdc++.
     - fixes/font-gc-asan.patch: drop, only needed for libstdc++.
     - fixes/stdatomic.patch: drop, only needed for libstdc++.
     - fixes/make-pair.patch: drop, only needed for libstdc++.
     - bookworm/constflatset.patch: drop, only needed for libstdc++.
     - bookworm/constexpr3.patch: drop, only needed for libstdc++.
     - bookworm/foreach.patch: add patch from bookworm branch to fix
       clang-19 build failure.
chromium (137.0.7151.103-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-5958: Use after free in Media.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
     - CVE-2025-5959: Type Confusion in V8.
       Reported by Seunghyun Lee as part of TyphoonPWN 2025.
   * Add build-dep on libc++-19-dev and switch to building statically
     against clang's libc++ (instead of gcc's libstdc++).
   * d/patches:
     - fixes/absl-optional.patch: drop, only needed for libstdc++.
     - fixes/font-gc-asan.patch: drop, only needed for libstdc++.
     - fixes/stdatomic.patch: drop, only needed for libstdc++.
     - fixes/make-pair.patch: drop, only needed for libstdc++.
     - bookworm/constflatset.patch: drop, only needed for libstdc++.
     - bookworm/constexpr2.patch: drop, only needed for libstdc++.
     - bookworm/constexpr3.patch: drop, only needed for libstdc++.
     - bookworm/foreach.patch: add patch from bookworm branch to fix
       clang-19 build failure.
chromium (137.0.7151.68-1) unstable; urgency=high
 .
   [ Andres Salomon]
   * New upstream security release.
     - CVE-2025-5419: Out of bounds read and write in V8. Reported by
       Clement Lecigne and Benoît Sevens of Google Threat Analysis Group.
     - CVE-2025-5068: Use after free in Blink. Reported by Walkman.
 .
   [ Jianfeng Liu ]
   * d/patches/ppc64le: merge ppc64le sandbox syscall patches
chromium (137.0.7151.68-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream security release.
     - CVE-2025-5419: Out of bounds read and write in V8. Reported by
       Clement Lecigne and Benoît Sevens of Google Threat Analysis Group.
     - CVE-2025-5068: Use after free in Blink. Reported by Walkman.
 .
   [ Jianfeng Liu ]
   * d/patches/ppc64le: merge ppc64le sandbox syscall patches
chromium (137.0.7151.55-3) unstable; urgency=high
 .
   [ Timothy Pearson ]
   * Fix FTBFS on ppc64el due to third party xnnpack library
   * d/patches/ppc64le:
     - third_party/0001-add-xnn-ppc64el-support.patch: Add ppc64el support to
       xnn build system
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate xnn BUILD.gn
       file
chromium (137.0.7151.55-3~deb12u1) bookworm-security; urgency=high
 .
   [ Timothy Pearson ]
   * Fix FTBFS on ppc64el due to third party xnnpack library
   * d/patches/ppc64le:
     - third_party/0001-add-xnn-ppc64el-support.patch: Add ppc64el support to
       xnn build system
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate xnn BUILD.gn
       file
 .
 chromium (137.0.7151.55-2) unstable; urgency=high
 .
   * Switch build-deps with :all to :native.
 .
 chromium (137.0.7151.55-1) unstable; urgency=high
 .
   [ Daniel Richard G. ]
   * d/control: Elaborate Build-Depends: clause for a cross build. Also drop
     x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
     it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
     clause to avoid some snafus on Ubuntu.
   * d/patches:
     - debianization/cross-build.patch: New patch implementing the bulk of our
       cross-build support.
     - upstream/cross-build-target.patch: New upstream patch that sets
       --target=... explicitly on all builds. Needed for a cross build.
     - fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
       the preceding one.
   * d/rules: Add settings and environment exports needed for a cross build.
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
     - CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
     - CVE-2025-5064: Inappropriate implementation in Background Fetch API.
       Reported by Maurice Dauer .
     - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
       Reported by NDevTK.
     - CVE-2025-5066: Inappropriate implementation in Messages.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2025-5281: Inappropriate implementation in BFCache.
       Reported by Jesper van den Ende (Pelican Party Studios).
     - CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
     - CVE-2025-5067: Inappropriate implementation in Tab Strip.
       Reported by Khalil Zhani.
   * d/control: switch bindgen:any build-dep to bindgen:native.
   * d/rules: disable optimize_webui for now due to a rollup 3.x issue.
   * d/patches:
     - upstream/media-optional.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop part of patch merged upstream.
     - fixes/perfetto-nullptr.patch: drop due to upstream code changes.
     - upstream/arm32-crel.patch: refresh.
     - disable/tests.patch: refresh.
     - system/gperf.patch: drop, merged upstream.
     - bookworm/gn-revert-path-exists.patch: refresh.
     - bookworm/gn-allowlist.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - bookworm/clang19.patch: add new unsupported arg removal
       (-fextend-variable-liveness).
     - upstream/span-fwd.patch: add build fix pulled from upstream.
     - upstream/mojo-optional.patch: add build fix pulled from upstream.
     - bookworm/constexpr3.patch: add yet another constexpr workaround.
     - upstream/opener-heur.patch: add build fix pulled from upstream.
     - upstream/allowed-state.patch: add build fix pulled from upstream.
     - upstream/pdfium-libpng.patch: add build fix pulled from upstream.
     - upstream/safety-hub-set.patch: add build fix pulled from upstream.
     - bookworm/gn-absl.patch: add global visibility for another type.
     - bookworm/constexpr.patch: refresh.
     - bookworm/stdarch-arm.patch: update path for rust crate.
     - bookworm/rust-is-none-or.patch: add another workaround for missing
       is_none_or() function.
     - bookworm/toktrie-utf8chunks.patch: add workaround for missing
       utf8_chunks() in rustc-web 1.78.
     - bookworm/derivre-create.patch: enable rust unstable features
       everywhere, and add some that derivre requires (from newer rustc).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/features.gni: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       regenerate from upstream sources
     - fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: refresh for upstream changes
chromium (137.0.7151.55-2) unstable; urgency=high
 .
   * Switch build-deps with :all to :native.
chromium (137.0.7151.55-1) unstable; urgency=high
 .
   [ Daniel Richard G. ]
   * d/control: Elaborate Build-Depends: clause for a cross build. Also drop
     x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
     it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
     clause to avoid some snafus on Ubuntu.
   * d/patches:
     - debianization/cross-build.patch: New patch implementing the bulk of our
       cross-build support.
     - upstream/cross-build-target.patch: New upstream patch that sets
       --target=... explicitly on all builds. Needed for a cross build.
     - fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
       the preceding one.
   * d/rules: Add settings and environment exports needed for a cross build.
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
     - CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
     - CVE-2025-5064: Inappropriate implementation in Background Fetch API.
       Reported by Maurice Dauer .
     - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
       Reported by NDevTK.
     - CVE-2025-5066: Inappropriate implementation in Messages.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2025-5281: Inappropriate implementation in BFCache.
       Reported by Jesper van den Ende (Pelican Party Studios).
     - CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
     - CVE-2025-5067: Inappropriate implementation in Tab Strip.
       Reported by Khalil Zhani.
   * d/control: switch bindgen:any build-dep to bindgen:native.
   * d/rules: disable optimize_webui for now due to a rollup 3.x issue.
   * d/patches:
     - upstream/media-optional.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop part of patch merged upstream.
     - fixes/perfetto-nullptr.patch: drop due to upstream code changes.
     - upstream/arm32-crel.patch: refresh.
     - disable/tests.patch: refresh.
     - system/gperf.patch: drop, merged upstream.
     - bookworm/gn-revert-path-exists.patch: refresh.
     - bookworm/gn-allowlist.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - bookworm/clang19.patch: add new unsupported arg removal
       (-fextend-variable-liveness).
     - upstream/span-fwd.patch: add build fix pulled from upstream.
     - upstream/mojo-optional.patch: add build fix pulled from upstream.
     - bookworm/constexpr3.patch: add yet another constexpr workaround.
     - upstream/opener-heur.patch: add build fix pulled from upstream.
     - upstream/allowed-state.patch: add build fix pulled from upstream.
     - upstream/pdfium-libpng.patch: add build fix pulled from upstream.
     - upstream/safety-hub-set.patch: add build fix pulled from upstream.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/features.gni: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       regenerate from upstream sources
     - fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: refresh for upstream changes
chromium (136.0.7103.113-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-4664: Insufficient policy enforcement in Loader.
       Source: X post from @slonser_.
     - CVE-2025-4609: Incorrect handle provided in unspecified circumstances
       in Mojo. Reported by Micky.
chromium (136.0.7103.113-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-4664: Insufficient policy enforcement in Loader.
       Source: X post from @slonser_.
     - CVE-2025-4609: Incorrect handle provided in unspecified circumstances
       in Mojo. Reported by Micky.
 .
 chromium (136.0.7103.92-2) unstable; urgency=high
 .
   * d/patches/upstream/arm32-crel.patch: add another armhf FTBFS fix;
     linking with CREL causes segfaults.
chromium (136.0.7103.92-2) unstable; urgency=high
 .
   * d/patches/upstream/arm32-crel.patch: add another armhf FTBFS fix;
     linking with CREL causes segfaults.
chromium (136.0.7103.92-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
    - CVE-2025-4372: Use after free in WebAudio.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
   * Drop yasm build-dep; upstream switched to nasm about 5 years ago
     (closes: #1104218).
 .
   [ Daniel Richard G. ]
   * d/patches/fixes/armhf-no-thumb.patch: Fix armhf FTBFS due to use of a
     Rust target (thumbv7neon) that Debian does not ship.
chromium (136.0.7103.92-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
    - CVE-2025-4372: Use after free in WebAudio.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
 .
   [ Daniel Richard G. ]
   * d/patches/fixes/armhf-no-thumb.patch: Fix armhf FTBFS due to use of a
     Rust target (thumbv7neon) that Debian does not ship.
chromium (136.0.7103.59-2) unstable; urgency=high
 .
   * Delete third_party/jetstream due to non-free ("do no evil") license.
 .
 chromium (136.0.7103.59-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous.
     - CVE-2025-4050: Out of bounds memory access in DevTools.
       Reported by Anonymous.
     - CVE-2025-4051: Insufficient data validation in DevTools.
       Reported by Daniel Fröjdendahl.
     - CVE-2025-4052: Inappropriate implementation in DevTools.
       Reported by vanillawebdev.
   * d/rules: disable warning-suppression-mappings; llvm too old.
   * d/control: drop libevent-dev build-dep, no longer used.
   * d/scripts/unbundle:
     - libavif no longer used, no need to specify bundling.
     - bundle simdutf, which isn't packaged for debian.
   * d/patches:
     - fixes/pipewire14.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/buildtools-libc.patch: rework patch to be easier to maintain.
     - bookworm/gn-revert-path-exists.patch: update for a bunch of new
       path_exists() users.
     - disable/node-version-ck.patch: add patch to disable upstream's strict
       nodejs version check.
     - fixes/media-cstdint.patch: add missing header include.
     - upstream/media-optional.patch: add missing header include.
     - fixes/perfetto-nullptr.patch: add nullptr_t std qualification.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third_party-lss-Don-t-look-for-mmap2-on-ppc64.patch:
       drop due to upstream fixes
     - third_party/0002-third_party-lss-kernel-structs.patch: refresh for
       upstream changes
     - breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh for
       upstream changes
     - core/cargo-add-ppc64.diff: drop due to upstream fixes
chromium (136.0.7103.59-2~deb12u2) bookworm-security; urgency=high
 .
   * Temporarily disable CVE verification check in order to fix build;
     will be restored on next upload.
 .
 chromium (136.0.7103.59-2~deb12u1) bookworm-security; urgency=high
 .
   * Delete third_party/jetstream due to non-free ("do no evil") license.
 .
 chromium (136.0.7103.59-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous.
     - CVE-2025-4050: Out of bounds memory access in DevTools.
       Reported by Anonymous.
     - CVE-2025-4051: Insufficient data validation in DevTools.
       Reported by Daniel Fröjdendahl.
     - CVE-2025-4052: Inappropriate implementation in DevTools.
       Reported by vanillawebdev.
   * d/rules: disable warning-suppression-mappings; llvm too old.
   * d/control: drop libevent-dev build-dep, no longer used.
   * d/scripts/unbundle:
     - libavif no longer used, no need to specify bundling.
     - bundle simdutf, which isn't packaged for debian.
   * d/patches:
     - fixes/pipewire14.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/buildtools-libc.patch: rework patch to be easier to maintain.
     - bookworm/gn-revert-path-exists.patch: update for a bunch of new
       path_exists() users.
     - disable/node-version-ck.patch: add patch to disable upstream's strict
       nodejs version check.
     - fixes/media-cstdint.patch: add missing header include.
     - upstream/media-optional.patch: add missing header include.
     - fixes/perfetto-nullptr.patch: add nullptr_t std qualification.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/crabbyav1f.patch: update for changed rustflags location.
     - bookworm/node18-import.patch: add patch to work around bookworm's
       node 18 import rules.
     - bookworm/rust-is-none-or.patch: add patch to work around missing
       is_none_or() function in bookworm's rust 1.78.
     - bookworm/fmodf.patch: add gcc-12 specific build fix.
     - bookworm/dav1d-extern.patch: add linker fix for older libdav1d.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third_party-lss-Don-t-look-for-mmap2-on-ppc64.patch:
       drop due to upstream fixes
     - third_party/0002-third_party-lss-kernel-structs.patch: refresh for
       upstream changes
     - breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh for
       upstream changes
     - core/cargo-add-ppc64.diff: drop due to upstream fixes
chromium (135.0.7049.114-1) unstable; urgency=high
 .
   * New upstream security release.
   * Drop python3-pkg-resources build dep (closes: #1083336).
chromium (135.0.7049.95-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl.
     - CVE-2025-3620: Use after free in USB. Reported by @retsew0x01.
 .
   [ Daniel Richard G. ]
   * d/copyright, d/patches/system/rapidjson.patch: Slightly narrow the scope
     of the bundled RapidJSON deletion, and rework this patch so that it does
     not require the deletion in order to apply. This allows applying the
     debianization directly to the unrepackaged upstream tarball source.
   * d/patches/system/gperf.patch: Import (self-authored) upstream patch to
     prevent build breakage due to changes in gperf 3.2 generated code
     (closes: #1103226).
   * d/rules: Add new check-version rule to validate the package version.
     Also squelch error messages due to absent clang and rustc executables.
   * d/rules: Download Gentoo's upstream source tarball straight from GitHub.

cjson (1.7.15-1+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-26819: rejection of valid texts (Closes: #1103687)
   * CVE-2023-53154: heap buffer overflow

clamav (1.0.9+dfsg-1~deb12u1) bookworm; urgency=medium
 .
   * Import 1.0.9
     - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the OLE2
       file parser that could cause a denial-of-service (DoS) condition)
       Closes: #1093880
     - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the PDF
       file parser that could cause a denial-of-service (DoS) condition or
       enable remote code execution.) Closes: #1108046

cloud-init (22.4.2-1+deb12u3) bookworm; urgency=medium
 .
   * Import upstream fix for CVE-2024-6174 (Closes: #1108403)
   * salsa-ci: build in bookworm
   * Backport upstream fix for CVE-2024-11584 (Closes: #1108402)

commons-beanutils (1.9.4-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-48734: Improper access control (Closes: #1106746)

commons-vfs (2.1-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/maven.properties: Force a Java 8 build.
   * d/patches/CVE-2025-27553.patch: Fix CVE-2025-27553 (closes: #1101204).
     Arnout Engelen discovered a Relative Path Traversal vulnerability in
     Commons VFS, a Java library that provides a single API for accessing
     various different file systems. A local or remote attacker may use this
     flaw to access files and directories outside of a root folder.

corosync (3.1.7-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2025-30472 (Closes: #1102006)

criu (3.17.1-2+deb12u2) bookworm; urgency=medium
 .
   * mount-v2: enter the mount namesapce to propagation properties
     (Closes: #1110096)

curl (7.88.1-10+deb12u14) bookworm; urgency=medium
 .
   * d/p/0001-http_chunks-reset...: New patch to fix memory leak:
     - Thanks to Daniel Stenberg and dheerajsangamkar for reporting the issue
       and writing a patch
curl (7.88.1-10+deb12u13) bookworm; urgency=medium
 .
   * Team upload.
   * debian/patches/fix-CVE-2023-27534-regression-{1,2}.patch: add patches from
     upstream to restore sftp://host/~ behaviour.

debian-edu-config (2.12.46~deb12u1) bookworm; urgency=medium
 .
   * Upload to bookworm.
debian-edu-config (2.12.45) unstable; urgency=medium
 .
   * share/debian-edu-config/tools/gosa-sync:
     + From password TMPFILE, strip newline character from end-of-file.
       The LDAP whoami call for verifying the correctness of the passed-in
       user password requires a password file without trailing newline
       to succeed.
   * share/debian-edu-config/gosa.conf.template:
     + Various white-space fixes.
     + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
       quotes around placeholder variables when generating hook commands. Esp.
       when using single quotes around placeholders, they will be duplicated
       and thus eliminate eacher other. This problem occurred for users
       with space characters in their DN while changing the user's password.
       (The hook would only operate on a partial DN string, split at first
       space char occurrence in the DN string).
debian-edu-config (2.12.44) unstable; urgency=medium
 .
   * share/debian-edu-config/tools/wpad-extract:
     + Update IP of www.debian.org.
     + Don't use the proxy for accessing wpad.
   * share/debian-edu-config/tools/fetch-rootca-cert:
     + Don't use the proxy for accessing wwww.intern.
   * debian/debian-edu-config.maintscript:
     + Remove stray /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert. Should have
       been removed with 2.12.34 already. (Closes: #1061560).
     + Use <prior-version> version numbers as recommended on the
       dpkg-maintscript-helper man page (the current upload version suffixed
       by '~').

debian-installer (20230607+deb12u12) bookworm; urgency=medium
 .
   [ Pascal Hambourg ]
   * Add console-setup-pc-ekmap for arm64 and armhf cdrom. This is needed
     for keyboard layout selection to be effective (Closes: #1089010).
 .
   [ Samuel Thibault ]
   * Fix fb=false parameter into nomodeset.
 .
   [ Cyril Brulebois ]
   * Bump Linux kernel ABI to 6.1.0-39.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u12) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u12, from bookworm-proposed-updates.

debian-security-support (1:12+2025.06.20) bookworm; urgency=medium
 .
   * Query source:Package instead of Source to get the list of packages
     (Closes: #1106203)
   * Fix typo related to gobgp

distro-info-data (0.58+deb12u5) bookworm; urgency=medium
 .
   * Update data to 0.66:
     - Add Ubuntu end of Legacy Support dates (new eol-legacy column).
     - Add release and estimated EoL dates for Debian 13 "Trixie".

djvulibre (3.5.28-2.2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 djvulibre (3.5.28-2.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2021-46310: Divide by zero in IW44Image::Map::image()
     (Closes: #1052668)
   * CVE-2021-46312: Divide by zero in IWBitmap::Encode::init()
     (Closes: #1052669)
djvulibre (3.5.28-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
     (Closes: #1108729)
djvulibre (3.5.28-2.1~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Rebuild for bookworm-security
 .
 djvulibre (3.5.28-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
     (Closes: #1108729)

dpdk (22.11.9-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream release 22.11.9; for a full list of changes see:
     http://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html

dropbear (2022.83-1+deb12u3) bookworm; urgency=high
 .
   * Fix CVE-2025-47203: Shell injection vulnerability in multihop handling.

erlang (1:25.2.3+dfsg-1+deb12u3) bookworm-proposed-updates; urgency=medium
 .
   * Fix FTBFS with newer xsltproc.
erlang (1:25.2.3+dfsg-1+deb12u2) bookworm-proposed-updates; urgency=medium
 .
   * ssh: fix strict KEX hardening (CVE-2025-46712) (closes: #1104963).
   * zip: sanitize pathnames when extracting files with absolute pathnames
     (CVE-2025-4748) (closes: #1107939).

expat (2.5.0-1+deb12u2) bookworm; urgency=medium
 .
   [ Tomas Korbar <tkorbar@redhat.com> ]
   * Backport security fix for CVE-2023-52425: denial of service with really
     big tokens.
   * Backport security fix for CVE-2024-50602: crash within the
     XML_ResumeParser() function because XML_StopParser can stop/suspend an
     unstarted parser.
   * Backport security fix for CVE-2024-8176: long linear chains of entities
     crash with stack overflow.
 .
   [ Laszlo Boszormenyi (GCS) ]
   * Update libexpat1 symbols.

ffmpeg (7:5.1.7-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 5.1.7
     - Fixes CVE-2023-49502
     - Fixes CVE-2023-50007
     - Fixes CVE-2023-50008
     - Fixes CVE-2023-6602
     - Fixes CVE-2023-6604
     - Fixes CVE-2023-6605
     - Fixes CVE-2024-31582
     - Fixes CVE-2024-35367
     - Fixes CVE-2024-35368
     - Fixes CVE-2025-0518
     - Fixes CVE-2025-22919
   * debian/patches: Revert commit making tests fail
     See https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/20270

fig2dev (1:3.2.8b-3+deb12u2) bookworm; urgency=medium
 .
   * 41_CVE-2025-46397: Detect nan in spline control values.
   * 42_CVE-2025-46398: Permit \0 in 2nd line in fig file.
   * 43_CVE-2025-46399: ge output: correct spline computation.
   * 44_CVE-2025-46400: Reject arcs with a radius smaller than 3.

firebird3.0 (3.0.11.33637.ds4-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference
     (Closes: #1111321)

firefox-esr (128.14.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-66, also known as:
     CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185.
firefox-esr (128.13.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-58, also known as:
     CVE-2025-8027, CVE-2025-8028, CVE-2025-8029, CVE-2025-8030,
     CVE-2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034,
     CVE-2025-8035.
firefox-esr (128.13.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-58, also known as:
     CVE-2025-8027, CVE-2025-8028, CVE-2025-8029, CVE-2025-8030,
     CVE-2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034,
     CVE-2025-8035.
firefox-esr (128.12.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-53, also known as:
     CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430.
firefox-esr (128.12.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-53, also known as:
     CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430.
firefox-esr (128.11.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-44, also known as:
     CVE-2025-5263, CVE-2025-5264, CVE-2025-5266, CVE-2025-5267,
     CVE-2025-5268, CVE-2025-5269.
firefox-esr (128.11.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-44, also known as:
     CVE-2025-5263, CVE-2025-5264, CVE-2025-5266, CVE-2025-5267,
     CVE-2025-5268, CVE-2025-5269.
firefox-esr (128.10.1esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-37, also known as CVE-2025-4920, CVE-2025-4921.
firefox-esr (128.10.1esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-37, also known as CVE-2025-4920, CVE-2025-4921.
firefox-esr (128.10.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-29, also known as:
     CVE-2025-4083, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093.

fort-validator (1.5.4-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * d/control (Build-Depends): Add rsync for running tests.
   * d/patches/CVE-2024-45234.patch: Add patch to fix CVE-2024-45234.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) an ROA or a Manifest containing a
       signedAttrs encoded in non-canonical form. This bypasses Fort's BER
       decoder, reaching a point in the code that panics when faced with data
       not encoded in DER. Because Fort is an RPKI Relying Party, a panic can
       lead to Route Origin Validation unavailability, which can lead to
       compromised routing.
   * d/patches/CVE-2024-45235.patch: Add patch to fix CVE-2024-45235.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) a resource certificate containing an
       Authority Key Identifier extension that lacks the keyIdentifier field.
       Fort references this pointer without sanitizing it first. Because Fort
       is an RPKI Relying Party, a crash can lead to Route Origin Validation
       unavailability, which can lead to compromised routing.
   * d/patches/CVE-2024-45236.patch: Add patch to fix CVE-2024-45236.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) a signed object containing an empty
       signedAttributes field. Fort accesses the set's elements without
       sanitizing it first. Because Fort is an RPKI Relying Party, a crash can
       lead to Route Origin Validation unavailability, which can lead to
       compromised routing.
   * d/patches/CVE-2024-45237.patch: Add patch to fix CVE-2024-45237.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) a resource certificate containing a Key
       Usage extension composed of more than two bytes of data. Fort writes this
       string into a 2-byte buffer without properly sanitizing its length,
       leading to a buffer overflow.
   * d/patches/CVE-2024-45238.patch: Add patch to fix CVE-2024-45238.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) a resource certificate containing a bit
       string that doesn't properly decode into a Subject Public Key. OpenSSL
       does not report this problem during parsing, and when compiled with
       OpenSSL libcrypto versions below 3, Fort recklessly dereferences the
       pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route
       Origin Validation unavailability, which can lead to compromised routing.
   * d/patches/CVE-2024-45239.patch: Add patch to fix CVE-2024-45239.
     - A malicious RPKI repository that descends from a (trusted) Trust Anchor
       can serve (via rsync or RRDP) an ROA or a Manifest containing a null
       eContent field. Fort dereferences the pointer without sanitizing it
       first. Because Fort is an RPKI Relying Party, a crash can lead to Route
       Origin Validation unavailability, which can lead to compromised routing.
   * d/patches/CVE-2024-48943.patch: Add patch to fix CVE-2024-48943.
     - A malicious RPKI rsync repository can prevent Fort from finishing its
       validation run by drip-feeding its content. This can lead to delayed
       validation and a stale or unavailable Route Origin Validation.
       (thanks to Jochen Sprickerhof for helping backporting the test case)

galera-4 (26.4.23-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream release 26.4.23. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.22.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.21.txt
   * New upstream release fixes garbd's -w/WORK_DIR parameter (Closes: #1088076)
galera-4 (26.4.22-1) unstable; urgency=medium
 .
   * New upstream release 26.4.21. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.22.txt
   * Bump debhelper from old 12 to 13
   * Make file installation compatible with Debhelper 13
   * Bump standards version to 4.7.2
galera-4 (26.4.21-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream release 26.4.21. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.21.txt
   * Bump standards version to 4.7.0
 .
   [ Adel Belhouane ]
   * Create user _galera in galera-arbitrator-4 instead of galera-4
     (Closes: #1086726)
   * Package galera-arbitrator-4 has to depend on adduser
   * Fix garbd's -w/WORK_DIR parameter (Closes: #1088076)
galera-4 (26.4.20-1) unstable; urgency=medium
 .
   * New upstream release 26.4.20. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.20.txt
   * Extend gbp.conf and write a README.source to document new upstream import
   * Update debian/patches to be compatible with `gbp pq` which is easier
     for contributors to use, and to avoid cumbersome `quilt`

gdk-pixbuf (2.42.10+dfsg-1+deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2025-6199 (Closes: #1107994)

gimp (2.10.34-1+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2025-2760
   * CVE-2025-2761
   * CVE-2025-48797
   * CVE-2025-48798
   * ZDI-CAN-26752 (no CVE yet)

glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie

glibc (2.36-9+deb12u13) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix error reporting (false negatives) in SGID tests
     - Fix double-free after allocation failure in regcomp (GLIBC-SA-2025-0005
       / CVE-2025-8058).  Closes: #1109803.
glibc (2.36-9+deb12u12) bookworm; urgency=medium
 .
   * d/p/local-revert-aarch64-use-prefer_sve_ifuncs-for-sve-memset.diff: revert
     upstream commit "AArch64: Use prefer_sve_ifuncs for SVE memset" as
     upstream commit "AArch64: Check kernel version for SVE ifuncs" has been
     reverted in 2.36-9+deb12u9.
glibc (2.36-9+deb12u11) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fixed incorrect LD_LIBRARY_PATH search in dlopen for static setuid
       binaries (GLIBC-SA-2025-0002 / CVE-2025-4802).
     - Improve memory layout of structures in exp/exp10/expf functions.
     - Add an SVE implementation of memset on aarch64.
     - Improve generic implementation of memset on aarch64.

gnupg2 (2.2.40-1.1+deb12u1) bookworm; urgency=medium
 .
   * Make recommends on gnupg binNMU-safe.
     Fixup recommends of architecture-any packages on architecture-all package
     "gnupg" to use (= ${source:Version}) instead of binary:Version. (Thanks,
     James McCoy) Closes: #1060366

gnutls28 (3.7.9-2+deb12u5) bookworm-security; urgency=medium
 .
   * Cherry-pick fixes from 3.8.10 release:
      + libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits
        PSK Reported by Stefan Bühler.
        [GNUTLS-SA-2025-07-07-4, CVSS: medium] [CVE-2025-6395]
      + libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS
        timestamps Spotted by oss-fuzz and reported by OpenAI Security
        Research Team, and fix developed by Andrew Hamilton.
        [GNUTLS-SA-2025-07-07-1, CVSS: medium] [CVE-2025-32989]
      + libgnutls: Fix double-free upon error when exporting otherName in
        SAN Reported by OpenAI Security Research Team.
        [GNUTLS-SA-2025-07-07-2, CVSS: low] [CVE-2025-32988]
      + certtool: Fix 1-byte write buffer overrun when parsing template
        Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, CVSS: low]
        [CVE-2025-32990]
      + Fixes for memory leaks in lib/x509/x509_ext.c andlib/hello_ext.c.
      + Fix uninitialized memory read while processing the "pre_shared_key"
        extension in TLS 1.3.
      + Avoid uninitialized use of crq version.

golang-github-gin-contrib-cors (1.4.0-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2019-25211
     fix handling of wildcards

gst-plugins-bad1.0 (1.22.0-4+deb12u6) bookworm-security; urgency=medium
 .
   * CVE-2025-3887 (Closes: #1106285)

gst-plugins-base1.0 (1.22.0-3+deb12u5) bookworm; urgency=medium
 .
   * CVE-2025-47806
   * CVE-2025-47807
   * CVE-2025-47808

gst-plugins-good1.0 (1.22.0-5+deb12u3) bookworm; urgency=medium
 .
   * CVE-2025-47219

icu (72.1-3+deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-5222: Stack-based buffer overflow (Closes: #1106684)

init-system-helpers (1.65.2+deb12u1) bookworm; urgency=medium
 .
   * Add postinst to work around live-build issue on some systems. Needs to
     be somewhere that will be for sure installed, but all the live-*
     packages get removed on install, so there's nothing else. This is
     prio: essential so it's guaranteed to be there to do the cleanup. Can
     be dropped after Forky ships. (Closes: #1111039)

insighttoolkit4 (4.13.3withdata-dfsg2-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Make itkOptImageToImageMetricsTest04 not to fail on single-CPU systems.
     Closes: #1105896.

insighttoolkit5 (5.2.1-5+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Make itkOptImageToImageMetricsTest04 not to fail on single-CPU systems.
     Closes: #1105896.

intel-microcode (3.20250512.1~deb12u1) bookworm-security; urgency=high
 .
   * Backport to bookworm-security
   * debian/rules: revert use of /usr/lib/firmware for deb12
 .
 intel-microcode (3.20250512.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20250512 (closes: #1105172)
     - Mitigations for INTEL-SA-01153 (ITS: Indirect Target Selection):
       CVE-2024-28956: Processor may incompletely mitigate Branch Target
       Injection due to indirect branch predictions that are not fully
       constrained by eIBRS nor by the IBPB barrier.  Part of the "Training
       Solo" set of vulnerabilities.
     - Mitigations for INTEL-SA-01244:
       CVE-2025-20103: Insufficient resource pool in the core management
       mechanism for some Intel Processors may allow an authenticated user
       to potentially enable denial of service via local access.
       CVE-2025-20054: Uncaught exception in the core management mechanism
       for some Intel Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     - Mitigations for INTEL-SA-01247:
       CVE-2024-43420, CVE-2025-20623: Exposure of sensitive information
       caused by shared microarchitectural predictor state that influences
       transient execution for some Intel Atom and some Intel Core
       processors (10th Generation) may allow an authenticated user to
       potentially enable information disclosure via local access.
       CVE-2024-45332 (Branch Privilege Injection): Exposure of sensitive
       information caused by shared microarchitectural predictor state that
       influences transient execution in the indirect branch predictors for
       some Intel Processors may allow an authenticated user to potentially
       enable information disclosure via local access.
     - Mitigations for INTEL-SA-01322:
       CVE-2025-24495 (Training Solo): Incorrect initialization of resource
       in the branch prediction unit for some Intel Core Ultra Processors
       may allow an authenticated user to potentially enable information
       disclosure via local access (IBPB bypass)
       CVE-2025-20012 (Training Solo): Incorrect behavior order for some
       Intel Core Ultra Processors may allow an unauthenticated user to
       potentially enable information disclosure via physical access.
     - Improved fix for the Vmin Shift Instability for the Intel Core 13th
       and 14th gen processors under low-activity scenarios (sig 0xb0671).
       This microcode update is supposed to be delivered as a system
       firmware update, but according to Intel it should be effective when
       loaded by the operating system if the system firmware has revision
       0x12e.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000
     sig 0x000a06d1, pf_mask 0x20, 2025-02-07, rev 0xa0000d1, size 1635328
     sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192
     sig 0x000b06d1, pf_mask 0x80, 2025-03-18, rev 0x011f, size 79872
     sig 0x000c0662, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112
     sig 0x000c06a2, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0652, pf_mask 0x82, 2025-03-20, rev 0x0118
     sig 0x000c0664, pf_mask 0x82, 2025-03-20, rev 0x0118
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-12-12, rev 0x5003901, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-12-12, rev 0x7002b01, size 30720
     sig 0x000606a6, pf_mask 0x87, 2025-01-07, rev 0xd000404, size 309248
     sig 0x000606c1, pf_mask 0x10, 2025-01-07, rev 0x10002d0, size 300032
     sig 0x000706a8, pf_mask 0x01, 2024-12-05, rev 0x0026, size 76800
     sig 0x000706e5, pf_mask 0x80, 2025-01-07, rev 0x00ca, size 115712
     sig 0x000806c1, pf_mask 0x80, 2024-12-01, rev 0x00bc, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-12-01, rev 0x003c, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-12-11, rev 0x0056, size 105472
     sig 0x000806ec, pf_mask 0x94, 2024-11-17, rev 0x0100, size 106496
     sig 0x000806f8, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872
     sig 0x000806f7, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f6, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f5, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f4, pf_mask 0x87, 2025-01-28, rev 0x2b000639
     sig 0x000806f8, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640
     sig 0x000806f6, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f5, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x000806f4, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7
     sig 0x00090672, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304
     sig 0x00090675, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f2, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f5, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f6, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000b06f7, pf_mask 0x07, 2024-12-12, rev 0x003a
     sig 0x000906a3, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256
     sig 0x000906a4, pf_mask 0x80, 2024-12-12, rev 0x0437
     sig 0x000906a4, pf_mask 0x40, 2024-12-06, rev 0x000a, size 119808
     sig 0x000906ed, pf_mask 0x22, 2024-11-14, rev 0x0104, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-11-14, rev 0x0100, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-11-14, rev 0x0102, size 98304
     sig 0x000a0661, pf_mask 0x80, 2024-11-14, rev 0x0100, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-12-01, rev 0x0064, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2025-02-13, rev 0x0024, size 140288
     sig 0x000a06f3, pf_mask 0x01, 2025-02-10, rev 0x3000341, size 1542144
     sig 0x000b0671, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136
     sig 0x000b0674, pf_mask 0x32, 2025-03-17, rev 0x012f
     sig 0x000b06a2, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256
     sig 0x000b06a3, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06a8, pf_mask 0xe0, 2025-01-15, rev 0x4128
     sig 0x000b06e0, pf_mask 0x19, 2024-12-06, rev 0x001d, size 139264
     sig 0x000c06f2, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9
   * Removed microcodes (ES/QS steppings):
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9 [EXCLUDED]
   * Makefile: exclude QS/ES steppings 0x50656, 0xc06f1.
   * Makefile: add targets to create split F-M-S /lib/firmware dir
   * debian/rules: use new intel-ucode-{fw,fw64} Makefile targets
     Removes from the binary package the F-M-S files for extended signatures
     that were excluded by IUC_EXCLUDE.
   * source: update symlinks to reflect id of the latest release, 20250512
intel-microcode (3.20250211.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20250211 (closes: #1095805)
     - Mitigations for INTEL-SA-01166 (CVE-2024-31068)
       Improper Finite State Machines (FSMs) in Hardware Logic for some Intel
       Processors may allow privileged user to potentially enable denial of
       service via local access.
     - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
       Improper access control in the EDECCSSA user leaf function for some
       Intel Processors with Intel SGX may allow an authenticated user to
       potentially enable denial of service via local access.  Intel disclosed
       that some 9th Generation Intel Core processor models were already fixed
       by a previous microcode update.
     - Mitigations for INTEL-SA-01139 (CVE-2023-43758, CVE-2023-34440,
       CVE-2024-24582, CVE-2024-29214, CVE-2024-28127, CVE-2024-39279,
       CVE-2024-31157, CVE-2024-28047)
       Improper input validation, insufficient granularity of access control,
       and improper initialization issues in UEFI firmware for some Intel
       processors may allow escalation of privilege, denial of service, or
       information disclosure.  An UEFI firmware update is needed for complete
       mitigation.
     - Mitigations for INTEL-SA-01228 (CVE-2024-39355)
       Improper handling of physical or environmental conditions in some 13th
       and 14th Generation Intel Core Processors may allow an authenticated
       user to enable denial of service via local access.  An UEFI firmware
       update may be required for complete mitigation.
     - Mitigations for INTEL-SA-01194 (CVE-2024-37020)
       Sequence of processor instructions leads to unexpected behavior in the
       Intel DSA V1.0 for some Intel Xeon Processors may allow an authenticated
       user to potentially enable denial of service via local access.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952
     sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032
     sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824
     sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592
     sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232
     sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436
     sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808
     sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472
     sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496
     sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544
     sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
     sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124
     sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124
     sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240
     sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128
     sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291
   * source: update symlinks to reflect id of the latest release, 20250211
   * Update changelog for 3.20240813.1 with new information

iperf3 (3.12-1+deb12u2) bookworm; urgency=high
 .
   * Fix no-dsa security issues:
     - CVE-2025-54349
     - CVE-2025-54350

jinja2 (3.1.2-1+deb12u3) bookworm; urgency=medium
 .
   * CVE-2025-27516 (Closes: #1099690)

jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722)
   * CVE-2023-35790: integer underflow in patch decoding can lead to a denial
     of service issue. (Closes: #1055306)
   * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing
     recompression. (Closes: #1088818)
   * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818)

jq (1.6-2.1+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick upstream commit c6e041699d8cd31b97375a2596217aff2cfca85b to
     fix CVE-2025-48060.

kexec-tools (1:2.0.25-3+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Use the correct path systemd units for bookworm, reverting the wrong
     change in 2.0.25-3+deb12u2 (see discussion in #1086622).
kexec-tools (1:2.0.25-3+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix path for systemd units (bookworm uses /lib).
   * d/control: drop unnecessary Depends: lsb-base, dpkg.

kmail-account-wizard (4:22.12.3-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2024-50624
     fix man-in-the-middle-attack when using autoconf for retrieving
     configuration
   * for configuration with autoconf.example.com, the config is fetched
     via https and the former http as fallback.
     for configuration via example.com/.well-known/autoconfig the
     config is now fetched only with https

konsole (4:22.12.3-1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2025-49091

krb5 (1.20.1-2+deb12u4) bookworm; urgency=medium
 .
   * Non Maintainer upload by LTS team
   * Fix CVE-2025-3576. Closes: #1103525
     A Vulnerability in the MIT Kerberos implementation
     allows GSSAPI-protected messages using RC4-HMAC-MD5
     to be spoofed due to weaknesses in the MD5 checksum design.
     If RC4 is preferred over stronger encryption types,
     an attacker could exploit MD5 collisions to forge message
     integrity codes. This may lead to unauthorized
     message tampering.
   * Tickets will not be issued with RC4 or triple-DES session
     keys unless explicitly configured with the new allow_rc4
     or allow_des3 variables respectively.
   * In KDC, assume all services support aes256-sha1
     To facilitate negotiating session keys with acceptable security,
     assume that services support aes256-cts-hmac-sha1 unless a
     session_enctypes string attribute says otherwise.

kubernetes (1.20.5+really1.20.2-1.1+deb12u1) bookworm; urgency=medium
 .
   * Import patch for CVE-2021-25743
     - kubectl does not neutralize escape, meta or control sequences contained
       in the raw data it outputs to a terminal. This includes but is not
       limited to the unstructured string fields in objects such as Events.
   * d/p/*:
     - Import upstream patch to hide long and multiline strings when printing
     - Import upstream patch to restore ability to print long strings
     - CVE-2021-25743.patch: Import and backport upstream patch to fix CVE-2021-25743

libarchive (3.6.2-1+deb12u3) bookworm; urgency=medium
 .
   * CVE-2025-5914 (Closes: #1107621)
   * CVE-2025-5915 (Closes: #1107622)
   * CVE-2025-5916 (Closes: #1107623)
   * CVE-2025-5917 (Closes: #1107626)

libavif (0.11.1-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add integer overflow checks to makeRoom (CVE-2025-48174)
     (Closes: #1105885)
   * Avoid integer overflow in (32-bit) int or unsigned int arithmetic
     operations (CVE-2025-48175) (Closes: #1105883)

libblockdev (2.28-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * dont allow suid and dev set on fs resize (CVE-2025-6019)

libbpf (1.1.2-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 1.1.2 (Closes: #1101745)
     - Upstream changes:
       - libbpf: fix BPF skeleton forward/backward compat handling.
       - libbpf: Fix bpf_object__open_skeleton()'s mishandling of options.
       - libbpf: Ensure new BTF objects inherit input endianness.

libcap2 (1:2.66-4+deb12u2) bookworm; urgency=medium
 .
   [ Aurelien Jarno ]
   * Add missing Built-Using: glibc (Closes: #1106802)

libcgi-simple-perl (1.280-2+deb12u1) bookworm; urgency=medium
 .
   * Drop "Port latest header-injection refinement from CGI.pm" patch.
     (superseeded by the patch for CVE-2025-40927)
   * Sanitize all user-supplied values before inserting into HTTP headers
     (CVE-2025-40927)

libfcgi (2.4.2-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2025-23016 (Closes: #1092774)

libfile-find-rule-perl (0.34-4~deb12u1) bookworm-security; urgency=high
 .
   * Rebuild for bookworm-security.
 .
 libfile-find-rule-perl (0.34-4) unstable; urgency=high
 .
   * Team upload.
   * Fix for CVE-2011-10007: Use 3 arg open in grep() (Closes: #1107311)

libfile-tail-perl (1.3-7+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
 .
   [ Roland Rosenfeld ]
   * Fix uninitialized variable issue (Closes: #1104900).

libphp-adodb (5.21.4-1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload.
     + Fix SQL injection in pg_insert_id(). (Closes: #1104548, CVE-2025-46337)

libraw (0.20.2-2.1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2025-43961 / CVE-2025-43962 (Closes: #1103781)
   * CVE-2025-43963 (Closes: #1103782)
   * CVE-2025-43964 (Closes: #1103783)

libreoffice (4:7.4.7-1+deb12u9) bookworm; urgency=medium
 .
    * debian/patches/add-EUR-for-Bulgaria-Lew.diff: add Euro support for
      Bulgaria from libreoffice-25-8 branch (to-be 25.8.1)

libsndfile (1.2.0-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2022-33065 (Closes: #1051891)
   * CVE-2024-50612 (Closes: #1088692)

libsoup3 (3.2.3-0+deb12u2) bookworm; urgency=medium
 .
   * Team upload
   * d/p/tests-Gracefully-skip-test-if-a-large-memory-allocation-f.patch:
     Add proposed patch to fix a test failure on some 32-bit machines, in
     particular Debian 12's mipsel buildds
 .
 libsoup3 (3.2.3-0+deb12u1) bookworm; urgency=medium
 .
   * Team upload
 .
   [ Jeremy Bícha ]
   * d/control{,.in}: Add Build-Depends: ca-certificates for build-time tests
     (Closes: #1064744, #1054962)
 .
   [ Simon McVittie ]
   * Re-export patch series (no functional changes)
   * New upstream old-stable release 3.2.3
     - Fix a buffer overrun if asked to parse non-UTF-8 headers. It is
       believed that this cannot happen on the client side, but it can
       happen in SoupServer. (CVE-2024-52531, Closes: #1087417)
     - Avoid an infinite loop in WebSocket processing which can cause a denial
       of service via resource exhaustion (CVE-2024-52532, Closes: #1087416)
     - Fix denial of service (crash) when parsing invalid data URLs
       (CVE-2025-32051)
     - Fix heap overflows during content sniffing
       (CVE-2025-32052, libsoup3 equivalent of #1102214)
       (CVE-2025-32053, libsoup3 equivalent of #1102215)
     - Fix an integer overflow during parameter serialization
       (CVE-2025-32050, libsoup3 equivalent of #1102212)
   * Fix a regression introduced in 3.2.3 by backporting its fixes from
     3.6.5:
     - d/p/sniffer-Fix-potential-overflow.patch,
       d/p/sniffer-Add-better-coverage-of-skip_insignificant_space.patch:
       Fix more heap buffer overflows during content sniffing
       (CVE-2025-2784; libsoup3 equivalent of #1102208)
     - d/source/include-binaries: Configure dpkg to accept non-text diffs
       in test data for CVE-2025-2784
   * d/p/server-Add-note-about-recommended-usage.patch:
     Update documentation to indicate the level of security support for
     the server side.
     Upstream clarified the documentation in 3.6.1 to state that SoupServer
     is not intended to be exposed to untrusted clients.
     (Related to CVE-2024-52531, CVE-2024-52532)
   * d/p/tests-Add-test-for-passing-invalid-UTF-8-to-soup_header_p.patch:
     Add test coverage related to CVE-2024-52531
   * Backport additional CVE fixes from upstream release 3.5.2:
     - d/p/headers-Strictly-don-t-allow-NUL-bytes.patch:
       Reject HTTP headers if they contain NUL bytes
       (CVE-2024-52530, libsoup3 equivalent of #1088812)
   * Backport additional CVE fixes from upstream release 3.6.2:
     - d/p/content-sniffer-Handle-sniffing-resource-shorter-than-4-b.patch:
       Fix denial of service when sniffing type of a short resource
       (CVE-2025-32909, libsoup3 equivalent of #1103517)
     - d/p/auth-digest-Handle-missing-realm-in-authenticate-header.patch,
       d/p/auth-digest-Handle-missing-nonce.patch,
       d/p/auth-digest-Fix-leak.patch:
       Fix denial of service (crash) during client-side authentication
       (CVE-2025-32910, libsoup3 equivalent of #1103516)
     - d/p/soup_message_headers_get_content_disposition-Fix-NULL-der.patch,
       d/p/soup_message_headers_get_content_disposition-strdup-trunc.patch:
       Fix memory management of message headers.
       (CVE-2025-32911, CVE-2025-32913; libsoup3 equivalent of #1103515)
     - d/p/soup_header_parse_quality_list-Fix-leak.patch:
       Fix a memory leak (slow denial of service) in quality list parsing
       (CVE-2025-46420, libsoup3 equivalent of #1104055)
   * Backport additional CVE fixes from upstream release 3.6.5:
     - d/p/auth-digest-Handle-missing-nonce-1.patch,
       d/p/digest-auth-Handle-NULL-nonce.patch:
       Fix additional denial of service issues related to CVE-2025-32910
       (CVE-2025-32912, libsoup3 equivalent of #1103516)
     - d/p/headers-Handle-parsing-edge-case.patch,
       d/p/headers-Handle-parsing-only-newlines.patch:
       Fix denial of service (crash) in http server header parsing
       (CVE-2025-32906, libsoup3 equivalent of #1103521)
     - d/p/session-Strip-authentication-credentails-on-cross-origin-.patch:
       Fix credentials disclosure on cross-origin redirect
       (CVE-2025-46421, libsoup3 equivalent of #110405)
   * d/control: libsoup-3.0-tests Depends on ca-certificates
     (Equivalent of #1054962, #1064744 for autopkgtests)
   * d/p/connection-manager-don-t-crash-if-connection-outlives-its.patch:
     Add patch from upstream fixing a use-after-free during disconnection.
     In particular this resolves a hang during gnome-calculator startup,
     when it downloads currency conversion data.
     (Closes: #1077962, #1052551, #1098315, #1099119, #1100509, #1104456,
     #1100541, #1101922, #1102471, #1059773)
   * d/p/connection-auth-don-t-crash-if-connection-outlives-the-au.patch:
     Add patch from upstream fixing another use-after-free during disconnect.
     (Related to #1077962, etc.)
libsoup3 (3.2.3-0+deb12u1) bookworm; urgency=medium
 .
   * Team upload
 .
   [ Jeremy Bícha ]
   * d/control{,.in}: Add Build-Depends: ca-certificates for build-time tests
     (Closes: #1064744, #1054962)
 .
   [ Simon McVittie ]
   * Re-export patch series (no functional changes)
   * New upstream old-stable release 3.2.3
     - Fix a buffer overrun if asked to parse non-UTF-8 headers. It is
       believed that this cannot happen on the client side, but it can
       happen in SoupServer. (CVE-2024-52531, Closes: #1087417)
     - Avoid an infinite loop in WebSocket processing which can cause a denial
       of service via resource exhaustion (CVE-2024-52532, Closes: #1087416)
     - Fix denial of service (crash) when parsing invalid data URLs
       (CVE-2025-32051)
     - Fix heap overflows during content sniffing
       (CVE-2025-32052, libsoup3 equivalent of #1102214)
       (CVE-2025-32053, libsoup3 equivalent of #1102215)
     - Fix an integer overflow during parameter serialization
       (CVE-2025-32050, libsoup3 equivalent of #1102212)
   * Fix a regression introduced in 3.2.3 by backporting its fixes from
     3.6.5:
     - d/p/sniffer-Fix-potential-overflow.patch,
       d/p/sniffer-Add-better-coverage-of-skip_insignificant_space.patch:
       Fix more heap buffer overflows during content sniffing
       (CVE-2025-2784; libsoup3 equivalent of #1102208)
     - d/source/include-binaries: Configure dpkg to accept non-text diffs
       in test data for CVE-2025-2784
   * d/p/server-Add-note-about-recommended-usage.patch:
     Update documentation to indicate the level of security support for
     the server side.
     Upstream clarified the documentation in 3.6.1 to state that SoupServer
     is not intended to be exposed to untrusted clients.
     (Related to CVE-2024-52531, CVE-2024-52532)
   * d/p/tests-Add-test-for-passing-invalid-UTF-8-to-soup_header_p.patch:
     Add test coverage related to CVE-2024-52531
   * Backport additional CVE fixes from upstream release 3.5.2:
     - d/p/headers-Strictly-don-t-allow-NUL-bytes.patch:
       Reject HTTP headers if they contain NUL bytes
       (CVE-2024-52530, libsoup3 equivalent of #1088812)
   * Backport additional CVE fixes from upstream release 3.6.2:
     - d/p/content-sniffer-Handle-sniffing-resource-shorter-than-4-b.patch:
       Fix denial of service when sniffing type of a short resource
       (CVE-2025-32909, libsoup3 equivalent of #1103517)
     - d/p/auth-digest-Handle-missing-realm-in-authenticate-header.patch,
       d/p/auth-digest-Handle-missing-nonce.patch,
       d/p/auth-digest-Fix-leak.patch:
       Fix denial of service (crash) during client-side authentication
       (CVE-2025-32910, libsoup3 equivalent of #1103516)
     - d/p/soup_message_headers_get_content_disposition-Fix-NULL-der.patch,
       d/p/soup_message_headers_get_content_disposition-strdup-trunc.patch:
       Fix memory management of message headers.
       (CVE-2025-32911, CVE-2025-32913; libsoup3 equivalent of #1103515)
     - d/p/soup_header_parse_quality_list-Fix-leak.patch:
       Fix a memory leak (slow denial of service) in quality list parsing
       (CVE-2025-46420, libsoup3 equivalent of #1104055)
   * Backport additional CVE fixes from upstream release 3.6.5:
     - d/p/auth-digest-Handle-missing-nonce-1.patch,
       d/p/digest-auth-Handle-NULL-nonce.patch:
       Fix additional denial of service issues related to CVE-2025-32910
       (CVE-2025-32912, libsoup3 equivalent of #1103516)
     - d/p/headers-Handle-parsing-edge-case.patch,
       d/p/headers-Handle-parsing-only-newlines.patch:
       Fix denial of service (crash) in http server header parsing
       (CVE-2025-32906, libsoup3 equivalent of #1103521)
     - d/p/session-Strip-authentication-credentails-on-cross-origin-.patch:
       Fix credentials disclosure on cross-origin redirect
       (CVE-2025-46421, libsoup3 equivalent of #110405)
   * d/control: libsoup-3.0-tests Depends on ca-certificates
     (Equivalent of #1054962, #1064744 for autopkgtests)
   * d/p/connection-manager-don-t-crash-if-connection-outlives-its.patch:
     Add patch from upstream fixing a use-after-free during disconnection.
     In particular this resolves a hang during gnome-calculator startup,
     when it downloads currency conversion data.
     (Closes: #1077962, #1052551, #1098315, #1099119, #1100509, #1104456,
     #1100541, #1101922, #1102471, #1059773)
   * d/p/connection-auth-don-t-crash-if-connection-outlives-the-au.patch:
     Add patch from upstream fixing another use-after-free during disconnect.
     (Related to #1077962, etc.)

libtheora (1.1.1+dfsg.1-16.1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
 .
   * Added patches fixing issues found using GCC sanitize.
   * Acknowledge NMU 1.1.1+dfsg.1-16.1.

libtpms (0.9.2-3.1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2025-49133 (Closes: #1107617)

libvpx (1.12.0-1+deb12u4) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * vpx_codec_enc_init_multi: fix double free on init failure
     (Closes: #1106689)

libxml2 (2.9.14+dfsg-1.3~deb12u4) bookworm-security; urgency=high
 .
   * CVE-2025-7425: heap-use-after-free in xmlFreeID caused by `atype`
     corruption (Closes: #1109122)
libxml2 (2.9.14+dfsg-1.3~deb12u3) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
     #1107720).
   * Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
     (Closes: #1107938).
   * Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
     (Closes: #1107755).
   * Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
     (Closes: #1107752).
libxml2 (2.9.14+dfsg-1.3~deb12u2) bookworm-security; urgency=high
 .
   * Security fixes:
     - CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
       (Closes: #1051230)
     - CVE-2023-45322: use-after-free in xmlUnlinkNode()
       (Closes: #1053629)
     - CVE-2024-25062: use-after-free in xmlValidatePopElement()
       (Closes: #1063234)
     - CVE-2025-32414: out-of-bounds read in Python bindings
       (Closes: #1102521)
     - CVE-2025-32415: heap-based buffer under-read via
       xmlSchemaIDCFillNodeTables() (Closes: #1103511)
     - CVE-2022-49043: use-after-free in xmlXIncludeAddNode()
       (Closes: #1094238)
     - CVE-2024-34459: buffer over-read in xmlHTMLPrintFileContext of xmllint
       (Closes: #1071162)
     - CVE-2024-56171: use-after-free after xmlSchemaItemListAdd()
       (Closes: #1098320)
     - CVE-2025-24928: stack-buffer-overflow in xmlSnprintfElements()
       (Closes: #1098321)
     - CVE-2025-27113: NULL pointer dereference in xmlPatMatch()
       (Closes: #1098322)

libxslt (1.1.35-1+deb12u2) bookworm-security; urgency=high
 .
   * Fix information disclosure with improved memory handling of generated-id()
     (Closes: #1108074, CVE-2023-40403)
   * Fix type confusion in xmlNode.psvi between stylesheet and source nodes
     (Closes: #1109123, CVE-2025-7424)

libyaml-libyaml-perl (0.86+ds-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Use 3-arg form of open in LoadFile (CVE-2025-40908)

lintian (2.116.3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * data/changes-file/known-dists: Add releases bookworm to duke.
     (Closes: #1051140)
   * Don't emit source-nmu-has-incorrect-version-number for stable updates.
     (Closes: #1022759)

linux (6.1.148-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.148
     - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
       (CVE-2025-38335)
     - regulator: core: fix NULL dereference on unbind due to stale coupling data
     - RDMA/core: Rate limit GID cache warning messages
     - iio: adc: ad7949: use spi_is_bpw_supported()
     - regmap: fix potential memory leak of regmap_bus
     - [x86] hyperv: Fix usage of cpu_online_mask to get valid cpu
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_SUCCESS usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_ERROR usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_RETRY usage
     - [arm64,armhf] staging: vchiq_arm: Make vchiq_shutdown never fail
     - xfrm: interface: fix use-after-free after changing collect_md xfrm
       interface (CVE-2025-38500)
     - net/mlx5: Fix memory leak in cmd_exec()
     - i40e: Add rx_missed_errors for buffer exhaustion
     - i40e: report VF tx_dropped with tx_errors instead of tx_discards
     - i40e: When removing VF MAC filters, only check PF-set MAC
     - net: appletalk: Fix use-after-free in AARP proxy probe
     - can: dev: can_restart(): reverse logic to remove need for goto
     - can: dev: can_restart(): move debug message and stats after successful
       restart
     - can: netlink: can_changelink(): fix NULL pointer deref of struct
       can_priv::do_set_mode
     - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in
       ti_sn_bridge_probe()
     - [arm64] net: hns3: fix concurrent setting vlan filter issue
     - [arm64] net: hns3: disable interrupt when ptp init failed
     - [arm64] net: hns3: fixed vf get max channels bug
     - [x86] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
       boots
     - i2c: qup: jump out of the loop in case of timeout
     - i2c: tegra: Fix reset error handling with ACPI
     - i2c: virtio: Avoid hang by using interruptible completion wait
     - bus: fsl-mc: Fix potential double device reference in
       fsl_mc_get_endpoint()
     - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
     - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint
       handling
     - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
     - e1000e: ignore uninitialized checksum word on tgp
     - gve: Fix stuck TX queue for DQ queue format
     - ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
     - nilfs2: reject invalid file types when reading inodes
     - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
     - drm/amdkfd: Don't call mmput from MMU notifier callback
     - usb: typec: tcpm: allow to use sink in accessory mode
     - usb: typec: tcpm: allow switching to mode accessory to mux properly
     - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
     - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925)
     - [x86] comedi: comedi_test: Fix possible deletion of uninitialized timers
     - ALSA: hda/tegra: Add Tegra264 support
     - ALSA: hda: Add missing NVIDIA HDA codec IDs
     - [x86] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x
     - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
     - erofs: get rid of debug_one_dentry()
     - erofs: sunset erofs_dbg()
     - erofs: drop z_erofs_page_mark_eio()
     - erofs: simplify z_erofs_transform_plain()
     - erofs: address D-cache aliasing
     - usb: chipidea: add USB PHY event
     - usb: phy: mxs: disconnect line when USB charger is attached
     - ethernet: intel: fix building with large NR_CPUS
     - [x86] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx
     - ASoC: Intel: fix SND_SOC_SOF dependencies
     - fs_context: fix parameter name in infofc() macro
     - ublk: use vmalloc for ublk_device's __queues
     - hfsplus: remove mutex_lock check in hfsplus_free_extents
     - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
     - ASoC: ops: dynamically allocate struct snd_ctl_elem_value
     - soc: qcom: QMI encoding/decoding for big endian
     - [arm64] dts: qcom: sdm845: Expand IMEM region
     - [arm64] dts: qcom: sc7180: Expand IMEM region
     - [arm64,armhf] usb: host: xhci-plat: fix incorrect type for of_match
       variable in xhci_plat_probe()
     - usb: misc: apple-mfi-fastcharge: Make power supply names unique
     - vmci: Prevent the dispatching of uninitialized payloads
     - pps: fix poll support
     - Revert "vmci: Prevent the dispatching of uninitialized payloads"
     - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
     - usb: early: xhci-dbc: Fix early_ioremap leak
     - [armhf] dts: ti: omap: Fixup pinheader typo
     - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed
     - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed
     - PM / devfreq: Check governor before using governor->name
     - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
     - cpufreq: Initialize cpufreq-based frequency-invariance later
     - cpufreq: Init policy->rwsem before it may be possibly used
     - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
     - bpf, sockmap: Fix psock incorrectly pointing to sk
     - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
     - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain
     - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
     - wifi: rtl818x: Kill URBs before clearing tx status queue
     - wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
     - iwlwifi: Add missing check for alloc_ordered_workqueue
     - wifi: ath11k: clear initialized flag for deinit-ed srng lists
     - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
     - net/mlx5: Check device memory pointer before usage
     - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
     - fbcon: Fix outdated registered_fb reference in comment
     - netfilter: nf_tables: adjust lockdep assertions handling
     - net/sched: Restrict conditions for adding duplicating netems to qdisc tree
     - net_sched: act_ctinfo: use atomic64_t for three counters
     - xen/gntdev: remove struct gntdev_copy_batch from stack
     - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
     - mwl8k: Add missing check after DMA map
     - wifi: mac80211: reject TDLS operations when station is not associated
     - wifi: plfxlc: Fix error handling in usb driver probe
     - wifi: mac80211: Do not schedule stopped TXQs
     - wifi: mac80211: Don't call fq_flow_idx() for management frames
     - wifi: mac80211: Check 802.11 encaps offloading in
       ieee80211_tx_h_select_key()
     - Reapply "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
       IE
     - can: peak_usb: fix USB FD devices potential malfunction
     - can: kvaser_pciefd: Store device channel index
     - can: kvaser_usb: Assign netdev.dev_port based on device channel index
     - netfilter: xt_nfacct: don't assume acct name is null-terminated
     - vrf: Drop existing dst reference in vrf_ip6_input_dst
     - ipv6: prevent infinite loop in rt6_nlmsg_size()
     - ipv6: fix possible infinite loop in fib6_info_uses_dev()
     - ipv6: annotate data-races around rt->fib6_nsiblings
     - bpf/preload: Don't select USERMODE_DRIVER
     - PCI: rockchip-host: Fix "Unexpected Completion" log message
     - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg()
     - [arm*] crypto: marvell/cesa - Fix engine load inaccuracy
     - mtd: fix possible integer overflow in erase_xfer()
     - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
     - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
     - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
     - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar()
       fails
     - [arm64,armhf] pinctrl: sunxi: Fix memory leak on krealloc failure
     - perf sched: Fix memory leaks for evsel->priv in timehist
     - perf sched: Fix memory leaks in 'perf sched latency'
     - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value
     - crypto: ccp - Fix crash when rebind ccp device for ccp.ko
     - [arm64] RDMA/hns: Fix -Wframe-larger-than issue
     - kernel: trace: preemptirq_delay_test: use offstack cpu mask
     - proc: use the same treatment to check proc_lseek as ones for
       proc_read_iter et.al
     - perf tests bp_account: Fix leaked file descriptor
     - [armhf] clk: sunxi-ng: v3s: Fix de clock definition
     - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
     - scsi: elx: efct: Fix dma_unmap_sg() nents value
     - scsi: mvsas: Fix dma_unmap_sg() nents value
     - scsi: isci: Fix dma_unmap_sg() nents value
     - soundwire: stream: restore params when prepare ports fail
     - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
     - fs/orangefs: Allow 2 more characters in do_c_string()
     - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
     - [x86] crypto: qat - fix seq_file position update in adf_ring_next()
     - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
     - jfs: fix metapage reference count leak in dbAllocCtl
     - vhost-scsi: Fix log flooding with target does not exist errors
     - bpf: Check flow_dissector ctx accesses are aligned
     - apparmor: ensure WB_HISTORY_SIZE value is a power of 2
     - module: Restore the moduleparam prefix length check
     - ucount: fix atomic_long_inc_below() argument type
     - rtc: ds1307: fix incorrect maximum clock rate handling
     - rtc: hym8563: fix incorrect maximum clock rate handling
     - rtc: nct3018y: fix incorrect maximum clock rate handling
     - rtc: pcf85063: fix incorrect maximum clock rate handling
     - rtc: pcf8563: fix incorrect maximum clock rate handling
     - rtc: rv3028: fix incorrect maximum clock rate handling
     - f2fs: fix KMSAN uninit-value in extent_info usage
     - f2fs: doc: fix wrong quota mount option description
     - f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
     - f2fs: fix to avoid panic in f2fs_evict_inode
     - f2fs: fix to avoid out-of-boundary access in devs.path
     - f2fs: vm_unmap_ram() may be called from an invalid context
     - f2fs: fix to update upper_p in __get_secs_required() correctly
     - f2fs: fix to calculate dirty data during has_not_enough_free_secs()
     - vfio/pci: Separate SR-IOV VF dev_set
     - scsi: mpt3sas: Fix a fw_event memory leak
     - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
     - scsi: ufs: core: Use link recovery when h8 exit fails during runtime
       resume
     - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
     - PCI: pnv_php: Clean up allocated IRQs on unplug
     - PCI: pnv_php: Work around switches with broken presence detection
     - [powerpc*] eeh: Export eeh_unfreeze_pe()
     - [powerpc*] eeh: Rely on dev->link_active_reporting
     - [powerpc*] eeh: Make EEH driver device hotplug safe
     - PCI: pnv_php: Fix surprise plug detection and recovery
     - pNFS/flexfiles: don't attempt pnfs on fatal DS errors
     - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up()
     - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate()
     - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
     - NFSv4.2: another fix for listxattr
     - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
     - netpoll: prevent hanging NAPI when netcons gets enabled
     - phy: mscc: Fix parsing of unicast frames
     - pptp: ensure minimal skb length in pptp_xmit()
     - net/mlx5: Correctly set gso_segs when LRO is used
     - ipv6: reject malicious packets in ipv6_gso_segment()
     - net: drop UFO packets in udp_rcv_segment()
     - benet: fix BUG when creating VFs
     - irqchip: Build IMX_MU_MSI only on ARM
     - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
     - smb: server: remove separate empty_recvmsg_queue
     - smb: server: make sure we call ib_dma_unmap_single() only if we called
       ib_dma_map_single already
     - smb: server: let recv_done() consistently call
       put_recvmsg/smb_direct_disconnect_rdma_connection
     - smb: server: let recv_done() avoid touching data_transfer after
       cleanup/move
     - smb: client: let recv_done() cleanup before notifying the callers.
     - pptp: fix pptp_xmit() error path
     - perf/core: Don't leak AUX buffer refcount on allocation failure
     - perf/core: Exit early on perf_mmap() fail
     - perf/core: Prevent VMA split of buffer mappings
     - net/packet: fix a race in packet_set_ring() and packet_notifier()
     - vsock: Do not allow binding to VMADDR_PORT_ANY
     - ksmbd: fix null pointer dereference error in generate_encryptionkey
     - ksmbd: fix Preauh_HashValue race condition
     - ksmbd: fix corrupted mtime and ctime in smb2_open
     - ksmbd: limit repeated connections from clients with the same IP
       (CVE-2025-38501)
     - smb: server: Fix extension string in ksmbd_extract_shortname()
     - USB: serial: option: add Foxconn T99W709
     - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
     - net: usbnet: Fix the wrong netif_carrier_on() call
     - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331)
     - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
     - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
     - [x86] fpu: Delay instruction pointer fixup until after warning
     - [mips*] mm: tlb-r4k: Uniquify TLB entries on init
     - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
     - usb: gadget : fix use-after-free in composite_dev_cleanup()
 .
   [ Bastian Blank ]
   * Drop not needed extra step to add debug links
   * Sign modules using an ephemeral key: (closes: #1040901)
     - Set MODULE_SIG_ALL to sign all modules.
     - Not longer request Secure Boot signing for modules.
     - Don't trust Secure Boot key any longer.
   * Store build time signing key encrypted.
   * Sign modules and support lockdown always.
 .
   [ Ben Hutchings ]
   * d/b/buildcheck.py, d/rules.real: Run buildcheck.py in setup as well
   * d/b/buildcheck.py: Check config of kernel to be signed
   * d/rules: Include target suite as an input to gencontrol.py
   * Generate kernel ABI name suffix automatically if not configured
   * Delete ABI name suffix and ABI reference
   * d/salsa-ci.yml: Ignore pycodestyle error E241
   * d/rules.real: Move module installation to the image build rule
   * proc: fix missing pde_set_flags() for net proc files
 .
   [ Salvatore Bonaccorso ]
   * [amd64] udeb: kernel-image: Include SPI drivers
   * netlink: avoid infinite retry looping in netlink_unicast()
     (Closes: #1111017)
   * ext4: don't try to clear the orphan_present feature block device is r/o
     (Closes: #1108271)
linux (6.1.147-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.141
     - [arm64,armhf] gpio: pca953x: Add missing header(s)
     - [arm64,armhf] gpio: pca953x: Split pca953x_restore_context() and
       pca953x_save_context()
     - [arm64,armhf] gpio: pca953x: Simplify code with cleanup helpers
     - [arm64,armhf] gpio: pca953x: fix IRQ storm on system wake up
     - [arm64] phy: renesas: rcar-gen3-usb2: Add support to initialize the bus
     - [arm64] phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
     - [arm64] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and
       driver data
     - [arm64] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
     - scsi: target: iscsi: Fix timeout on deleted connection
     - virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - scsi: mpi3mr: Add level check to control event logging
     - [arm64] net: enetc: refactor bulk flipping of RX buffers to separate
       function
     - drm/amdgpu: Allow P2P access through XGMI
     - bpf: fix possible endless loop in BPF map iteration
     - kconfig: merge_config: use an empty file as initfile
     - [s390x] vfio-ap: Fix no AP queue sharing allowed message written to kernel
       log
     - cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES
     - cifs: Fix querying and creating MF symlinks over SMB1
     - cifs: Fix negotiate retry functionality
     - fuse: Return EPERM rather than ENOSYS from link()
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - NFS: Don't allow waiting for exiting tasks
     - SUNRPC: Don't allow waiting for exiting tasks
     - [arm64] Add support for HIP09 Spectre-BHB mitigation
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - cifs: Fix establishing NetBIOS session for SMB2+ connection
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - [arm64] thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - objtool: Properly disable uaccess validation
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - [amd64] PCI: vmd: Disable MSI remapping bypass under Xen
     - libnvdimm/labels: Fix divide error in nd_label_data_init()
     - mmc: host: Wait for Vdd to settle on card power off
     - [x86] mm: Check return value from memblock_phys_alloc_range()
     - [arm64] i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: run btrfs_error_commit_super() early
     - btrfs: fix non-empty delayed iputs list on unmount due to async workers
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
     - drm/amd/display: Guard against setting dispclk low for dcn31x
     - dlm: make tcp still work in multi-link env
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - bpf: Return prog btf_id without capable check
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - [x86] thunderbolt: Do not add non-active NVM if NVM upgrade is disabled
       for retimer
     - kbuild: fix argument parsing in scripts/config
     - dm: restrict dm device size to 2^63-512 bytes
     - net/smc: use the correct ndev to find pnetid by pnetid table
     - xen: Add support for XenServer 6.1 platform device
     - [arm64,armhf] pinctrl-tegra: Restore SFSEL bit when freeing pins
     - [armhf] ASoC: sun4i-codec: support hp-det-gpios property
     - ext4: reject the 'data_err=abort' option in nojournal mode
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - [arm64] mm: Check PUD_TYPE_TABLE in pud_bad()
     - [armhf] mmc: dw_mmc: add exynos7870 DW MMC support
     - mmc: sdhci: Disable SD card clock before changing parameters
     - [x86] hwmon: (dell-smm) Increment the number of fans
     - ipv6: save dontfrag in cork
     - drm/amd/display: calculate the remain segments for all pipes
     - gfs2: Check for empty queue in run_queue
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - [amd64] iommu/amd/pgtbl_v2: Improve error handling
     - crypto: lzo - Fix compression buffer overrun
     - [arm64] tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - [powerpc*] prom_init: Fixup missing #size-cells on PowerBook6,7
     - ALSA: seq: Improve data consistency at polling
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - dm cache: prevent BUG_ON by blocking retries on failed device resumes
     - orangefs: Do not truncate file size
     - net: phylink: use pl->link_interface in phylink_expects_phy()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - media: cx231xx: set device_caps for 417
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - [armhf] net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type
     - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - drm/rockchip: vop2: Add uv swap for cluster window
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - [arm64] clk: imx8mp: inform CCF of maximum frequency of clocks
     - [x86] bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - [arm*] hwmon: (gpio-fan) Add missing mutex locks
     - [arm64] PCI: brcmstb: Expand inbound window size up to 64GB
     - [arm64] PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - drm/amdkfd: KFD release_work possible circular locking
     - leds: pwm-multicolor: Add check for fwnode_property_read_u32
     - net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - [arm64] soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - [x86] build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - [x86] nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid discarding useful information
     - libbpf: Fix out-of-bound read
     - dm: fix unconditional IO throttle caused by REQ_PREFLUSH
     - [x86] kaslr: Reduce KASLR entropy on most x86 systems
     - [mips*] Use arch specific syscall name match function
     - genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of
       iommu_cookie
     - [mips*] pm-cps: Use per-CPU variables as per-CPU, not per-core
     - [mips*] clocksource: mips-gic-timer: Enable counter when CPUs start
     - scsi: mpt3sas: Send a diag reset if target reset fails
     - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
     - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
     - net: pktgen: fix access outside of user given buffer in
       pktgen_thread_write()
     - [x86] EDAC/ie31200: work around false positive build warning
     - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
     - RDMA/core: Fix best page size finding when it can cross SG entries
     - [arm64,armhf] pmdomain: imx: gpcv2: use proper helper for property
       detection
     - can: c_can: Use of_property_present() to test existence of DT property
     - eth: mlx4: don't try to complete XDP frames in netpoll
     - PCI: Fix old_size lower bound in calculate_iosize() too
     - ACPI: HED: Always initialize before evged
     - vxlan: Join / leave MC group after remote changes
     - media: test-drivers: vivid: don't call schedule in loop
     - net/mlx5: Modify LSB bitmask in temperature event to include only the
       first bit
     - net/mlx5: Apply rate-limiting to high temperature warning
     - ASoC: ops: Enforce platform maximum on initial value
     - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
     - pinctrl: devicetree: do not goto err when probing hogs in
       pinctrl_dt_to_map
     - kunit: tool: Use qboot on QEMU x86_64
     - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
     - [arm64] clk: qcom: clk-alpha-pll: Do not use random stack value for recalc
       rate
     - serial: sh-sci: Update the suspend/resume support
     - phy: core: don't require set_mode() callback for phy_get_mode() to work
     - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
     - drm/amd/display: Initial psr_version with correct setting
     - drm/amdgpu: enlarge the VBIOS binary size limit
     - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer()
     - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
     - net/mlx5e: set the tx_queue_len for pfifo_fast
     - net/mlx5e: reduce rep rxq depth to 256 for ECPF
     - wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
     - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
     - [powerpc*] arch/powerpc/perf: Check the instruction type before creating
       sample with perf_mem_data_src
     - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
     - r8152: add vendor/device ID pair for Dell Alienware AW1022z
     - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
     - [arm64] hwmon: (xgene-hwmon) use appropriate type for the latency value
     - vxlan: Annotate FDB data races
     - r8169: don't scan PHY addresses > 0
     - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
     - rcu: handle unstable rdp in rcu_read_unlock_strict()
     - rcu: fix header guard for rcu_all_qs()
     - perf: Avoid the read if the count is already updated
     - ice: count combined queues using Rx/Tx count
     - net/mana: fix warning in the writer of client oob
     - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
     - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector()
       fails
     - scsi: st: Restore some drive settings after reset
     - HID: usbkbd: Fix the bit shift number for LED_KANA
     - drm/ast: Find VBIOS mode from regular display size
     - bpftool: Fix readlink usage in get_fd_type
     - [x86] perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
     - wifi: rtl8xxxu: retry firmware download on error
     - wifi: rtw88: Don't use static local variable in
       rtw8822b_set_tx_power_index_by_rate
     - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet
     - wifi: ath9k: return by of_get_mac_address
     - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
     - drm/panel-edp: Add Starry 116KHD024006
     - drm: Add valid clones check
     - [arm64,armhf] pinctrl: meson: define the pull up/down resistor value as 60
       kOhm
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
     - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
     - nvmet-tcp: don't restore null sk_state_change
     - io_uring/fdinfo: annotate racy sq/cq head/tail reads
     - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
     - wifi: iwlwifi: add support for Killer on MTL
     - xenbus: Allow PVH dom0 a non-local xenstore
     - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
     - espintcp: remove encap socket caching to avoid reference leak
     - [amd64] dmaengine: idxd: add per DSA wq workqueue for processing cr faults
     - [amd64] dmaengine: idxd: add idxd_copy_cr() to copy user completion record
       during page fault handling
     - [amd64] dmaengine: idxd: Fix allowing write() from different address
       spaces
     - remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
     - xfrm: Sanitize marks before insert
     - [amd64] dmaengine: idxd: Fix ->poll() return value
     - Bluetooth: L2CAP: Fix not checking l2cap_chan security level
     - bridge: netfilter: Fix forwarding of fragmented packets
     - ice: fix vf->num_mac count with port representors
     - [arm64,armhf] net: dwmac-sun8i: Use parsed internal PHY address instead of
       1
     - net: lan743x: Restore SGMII CTRL register on resume
     - io_uring: fix overflow resched cqe reordering
     - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
       (CVE-2025-38000)
     - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
     - crypto: algif_hash - fix double free in hash_accept
     - padata: do not leak refcount in reorder_work
     - can: slcan: allow reception of short error messages
     - can: bcm: add locking for bcm_op runtime updates
     - can: bcm: add missing rcu read protection for procfs content
     - ALSA: pcm: Fix race of buffer access at PCM OSS layer
     - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
     - llc: fix data loss when reading from a socket in llc_ui_recvmsg()
     - [x86] platform/x86: dell-wmi-sysman: Avoid buffer overflow in
       current_password_store()
     - drm/edid: fixed the bug that hdr metadata was not reset
     - smb: client: Fix use-after-free in cifs_fill_dirent
     - smb: client: Reset all search buffer pointers when releasing buffer
     - Revert "drm/amd: Keep display off while going into S4" (Closes: #1107511)
     - memcg: always call cond_resched() after fn()
     - mm/page_alloc.c: avoid infinite retries caused by cpuset race
     - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
     - ksmbd: fix stream write failure
     - [arm64] spi: spi-fsl-dspi: restrict register range for regmap access
     - [arm64] spi: spi-fsl-dspi: Halt the module after a new message transfer
     - [arm64] spi: spi-fsl-dspi: Reset SR flags before sending a new message
     - kbuild: Disable -Wdefault-const-init-unsafe
     - serial: sh-sci: Save and restore more registers
     - [arm64,armhf] pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
     - [x86] mm/init: Handle the special case of device private pages in
       add_pages(), to not increase max_pfn and trigger dma_addressing_limited()
       bounce buffers bounce buffers
     - [amd64] dmaengine: idxd: Fix passing freed memory in idxd_cdev_open()
     - hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
       (CVE-2025-21816)
     - btrfs: check folio mapping after unlock in relocate_one_folio()
       (CVE-2024-56758)
     - af_unix: Kconfig: make CONFIG_UNIX bool
     - af_unix: Return struct unix_sock from unix_get_socket().
     - af_unix: Run GC on only one CPU.
     - af_unix: Try to run GC async.
     - af_unix: Replace BUG_ON() with WARN_ON_ONCE().
     - af_unix: Remove io_uring code for GC.
     - af_unix: Remove CONFIG_UNIX_SCM.
     - af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd.
     - af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd.
     - af_unix: Link struct unix_edge when queuing skb.
     - af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb.
     - af_unix: Iterate all vertices by DFS.
     - af_unix: Detect Strongly Connected Components.
     - af_unix: Save listener for embryo socket.
     - af_unix: Fix up unix_edge.successor for embryo socket.
     - af_unix: Save O(n) setup of Tarjan's algo.
     - af_unix: Skip GC if no cycle exists.
     - af_unix: Avoid Tarjan's algorithm if unnecessary.
     - af_unix: Assign a unique index to SCC.
     - af_unix: Detect dead SCC.
     - af_unix: Replace garbage collection algorithm.
     - af_unix: Remove lock dance in unix_peek_fds().
     - af_unix: Try not to hold unix_gc_lock during accept().
     - af_unix: Don't access successor in unix_del_edges() during GC.
     - af_unix: Add dead flag to struct scm_fp_list.
     - af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS
     - af_unix: Fix uninit-value in __unix_walk_scc()
     - [arm64] dts: qcom: sm8350: Fix typo in pil_camera_mem node
     - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
     - [arm64] perf/arm-cmn: Fix REQ2/SNP2 mixup
     - [arm64] perf/arm-cmn: Initialise cmn->cpu earlier
     - coredump: fix error handling for replace_fd()
     - pid: add pidfd_prepare()
     - fork: use pidfd_prepare()
     - coredump: hand a pidfd to the usermode coredump helper
     - HID: quirks: Add ADATA XPG alpha wireless mouse support
     - nfs: don't share pNFS DS connections between net namespaces
     - [x86] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
     - [armhf] spi: spi-sun4i: fix early activation
     - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
     - NFS: Avoid flushing data while holding directory locks in nfs_rename()
     - [x86] platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
     - [x86] platform/x86: thinkpad_acpi: Ignore battery threshold change event
       notification
     - [arm64] net: ethernet: ti: am65-cpsw: Lower random mac address error print
       to info
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.142
     - mm/uffd: fix vma operation where start addr cuts part of vma
     - tracing: Fix compilation warning on arm32
     - [arm64] pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs >
       31
     - [arm64] pinctrl: armada-37xx: set GPIO output value before setting
       direction
     - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
     - rtc: Make rtc_time64_to_tm() support dates before 1970
     - rtc: Fix offset calculation for .start_secs < 0
     - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
     - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
     - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
     - Bluetooth: hci_qca: move the SoC type check to the right place
     - usb: usbtmc: Fix timeout value in get_stb
     - [x86] thunderbolt: Do not double dequeue a configuration request
     - gfs2: gfs2_create_inode error handling fix
     - perf/core: Fix broken throttling when max_samples_per_tick=1
     - [arm64] crypto: sun8i-ce-cipher - fix error handling in
       sun8i_ce_cipher_prepare()
     - [powerpc*] crash: Fix non-smp kexec preparation
     - [x86] cpu: Sanitize CPUID(0x80000000) output
     - [arm*] crypto: marvell/cesa - Handle zero-length skcipher requests
     - [arm*] crypto: marvell/cesa - Avoid empty transfer descriptor
     - crypto: lrw - Only add ecb if it is not already there
     - crypto: xts - Only add ecb if it is not already there
     - [amd64] EDAC/skx_common: Fix general protection fault
     - power: reset: at91-reset: Optimize at91_reset()
     - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
     - [x86] mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
     - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
     - drm/vmwgfx: Add seqno waiter for sync_files
     - drm/amd/pp: Fix potential NULL pointer dereference in
       atomctrl_initialize_mc_reg_table
     - [arm64] media: rkvdec: Fix frame size enumeration
     - [arm64] fpsimd: Discard stale CPU state when handling SME traps
     - [arm64] fpsimd: Fix merging of FPSIMD state during signal return
     - watchdog: exar: Shorten identity name to fit correctly
     - firmware: psci: Fix refcount leak in psci_dt_init
     - [arm64] Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
     - [arm64,armhf] drm/tegra: rgb: Fix the unbound reference count
     - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
     - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
     - wifi: ath11k: fix node corruption in ar->arvifs list
     - IB/cm: use rwlock for MAD agent lock
     - bpf: fix ktls panic with sockmap
     - bpf, sockmap: fix duplicated data transmission
     - bpf, sockmap: Fix panic when calling skb_linearize
     - f2fs: fix to do sanity check on sbi->total_valid_block_count
     - net: ncsi: Fix GCPS 64-bit member variables
     - libbpf: Fix buffer overflow in bpf_object__init_prog
     - wifi: rtw88: do not ignore hardware read error during DPK
     - [arm64] RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
     - [arm64] scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
     - iommu: Protect against overflow in iommu_pgsize()
     - f2fs: clean up w/ fscrypt_is_bounce_page()
     - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
     - libbpf: Use proper errno value in linker
     - netfilter: bridge: Move specific fragmented packet to slow_path instead of
       dropping it
     - netfilter: nft_quota: match correctly when the quota just depleted
     - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
     - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
     - [arm64,armhf] clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
     - efi/libstub: Describe missing 'out' parameter in efi_load_initrd
     - tracing: Rename event_trigger_alloc() to trigger_data_alloc()
     - tracing: Fix error handling in event_trigger_parse()
     - libbpf: Use proper errno value in nlattr
     - bpf: Fix WARN() in get_bpf_raw_tp_regs
     - [s390x] bpf: Store backchain even for leaf progs
     - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
     - iommu: remove duplicate selection of DMAR_TABLE
     - wifi: ath9k_htc: Abort software beacon handling if disabled
     - kernfs: Relax constraint in draining guard
     - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
     - vfio/type1: Fix error unwind in migration dirty bitmap allocation
     - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
     - bpf, sockmap: Avoid using sk_socket after free when sending
     - netfilter: nft_tunnel: fix geneve_opt dump
     - net: usb: aqc111: fix error handling of usbnet read calls
     - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
     - bpf: Avoid __bpf_prog_ret0_warn when jit fails
     - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - calipso: Don't call calipso functions for AF_INET sk.
     - net: openvswitch: Fix the dead loop of MPLS parse
     - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
     - f2fs: use d_inode(dentry) cleanup dentry->d_inode
     - f2fs: fix to correct check conditions in f2fs_cross_rename
     - [arm64] dts: qcom: sm8250: Fix CPU7 opp table
     - [arm64] dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
     - [arm64] dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
     - [arm64] dts: imx8mm-beacon: Fix RTC capacitive load
     - [arm64] dts: imx8mn-beacon: Fix RTC capacitive load
     - [arm64] dts: mt6359: Add missing 'compatible' property to regulators node
     - [arm64] dts: qcom: sdm660-lavender: Add missing USB phy supply
     - [arm64] dts: qcom: sda660-ifc6560: Fix dt-validate warning
     - Squashfs: check return result of sb_min_blocksize
     - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
     - nilfs2: add pointer check for nilfs_direct_propagate()
     - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
     - bus: fsl-mc: fix double-free on mc_dev
     - dt-bindings: vendor-prefixes: Add Liontron name
     - [arm64] dts: rockchip: disable unrouted USB controllers and PHY on RK3399
       Puma with Haikou
     - [armhf] soc: aspeed: lpc: Fix impossible judgment condition
     - [armhf] soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
     - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - perf build: Warn when libdebuginfod devel files are not available
     - perf ui browser hists: Set actions->thread before calling do_zoom_thread()
     - dm: don't change md if dm_table_set_restrictions() fails
     - dm: free table mempools if not used in __bind
     - backlight: pm8941: Add NULL check in wled_configure()
     - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
     - hwmon: (asus-ec-sensors) check sensor index in read_string()
     - perf intel-pt: Fix PEBS-via-PT data_src
     - perf scripts python: exported-sql-viewer.py: Fix pattern matching with
       Python 3
     - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
     - remoteproc: k3-r5: Drop check performed in
       k3_r5_rproc_{mbox_callback/kick}
     - perf tests switch-tracking: Fix timestamp comparison
     - perf record: Fix incorrect --user-regs comments
     - nfs: clear SB_RDONLY before getting superblock
     - nfs: ignore SB_RDONLY when remounting nfs
     - [arm64] PCI: cadence: Fix runtime atomic count underflow
     - [arm64] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
     - [arm64] dmaengine: ti: Add NULL check in udma_probe()
     - PCI/DPC: Initialize aer_err_info before using it
     - usb: renesas_usbhs: Reorder clock handling and power management in probe
     - serial: Fix potential null-ptr-deref in mlb_usio_probe()
     - counter: interrupt-cnt: Protect enable/disable OPs with mutex
     - coresight: prevent deactivate active config while enabling the config
     - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
     - net: stmmac: platform: guarantee uniqueness of bus_id
     - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
     - net: tipc: fix refcount warning in tipc_aead_encrypt
     - net/mlx4_en: Prevent potential integer overflow calculating Hz
     - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
     - ice: create new Tx scheduler nodes for new queues only
     - ice: fix rebuilding the Tx scheduler tree for large queue counts
     - [armhf] net: dsa: tag_brcm: legacy: fix pskb_may_pull length
     - net: stmmac: make sure that ptp_rate is not 0 before configuring
       timestamping
     - net: fix udp gso skb_segment after pull from frag_list
     - vmxnet3: correctly report gso type for UDP tunnels
     - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
     - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
     - netfilter: nf_set_pipapo_avx2: fix initial map fill
     - wireguard: device: enable threaded NAPI
     - seg6: Fix validation of nexthop addresses
     - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
     - do_change_type(): refuse to operate on unmounted/not ours mounts
     - xfs: fix interval filtering in multi-step fsmap queries
     - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends
     - xfs: fix getfsmap reporting past the last rt extent
     - xfs: clean up the rtbitmap fsmap backend
     - xfs: fix logdev fsmap query result filtering
     - xfs: validate fsmap offsets specified in the query keys
     - xfs: fix xfs_btree_query_range callers to initialize btree rec fully
     - xfs: fix an agbno overflow in __xfs_getfsmap_datadev
     - xfs: fix the contact address for the sysfs ABI documentation
     - xfs: verify buffer, inode, and dquot items every tx commit
     - xfs: use consistent uid/gid when grabbing dquots for inodes
     - xfs: declare xfs_file.c symbols in xfs_file.h
     - xfs: create a new helper to return a file's allocation unit
     - xfs: Fix xfs_flush_unmap_range() range for RT
     - xfs: Fix xfs_prepare_shift() range for RT
     - xfs: don't walk off the end of a directory data block (CVE-2024-41013)
     - xfs: remove unused parameter in macro XFS_DQUOT_LOGRES
     - xfs: attr forks require attr, not attr2
     - xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set
     - xfs: Fix the owner setting issue for rmap query in xfs fsmap
     - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
     - xfs: take m_growlock when running growfsrt
     - xfs: reset rootdir extent size hint after growfsrt
     - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
     - Input: synaptics-rmi - fix crash with unsupported versions of F34
     - [arm64] serial: sh-sci: Check if TX data was written to device in
       .tx_empty()
     - [arm64] serial: sh-sci: Move runtime PM enable to sci_probe_single()
     - [arm64] serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - scsi: core: ufs: Fix a hang in the error handler
     - Bluetooth: hci_core: fix list_for_each_entry_rcu usage
     - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
     - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
     - ath10k: snoc: fix unbalanced IRQ enable in crash recovery
     - wifi: ath11k: remove unused function ath11k_tm_event_wmi()
     - wifi: ath11k: fix soc_dp_stats debugfs file permission
     - wifi: ath11k: convert timeouts to secs_to_jiffies()
     - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
     - wifi: ath11k: don't use static variables in
       ath11k_debugfs_fw_stats_process()
     - wifi: ath11k: don't wait when there is no vdev started
     - wifi: ath11k: validate ath11k_crypto_mode on top of
       ath11k_core_qmi_firmware_ready
     - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
     - pinctrl: qcom: pinctrl-qcm2290: Add missing pins
     - scsi: iscsi: Fix incorrect error path labels for flashnode operations
     - net_sched: sch_sfq: fix a potential crash on gso_skb handling
     - [powerpc*] powernv/memtrace: Fix out of bounds issue in memtrace mmap
       (CVE-2025-38088)
     - [powerpc*] vas: Return -EINVAL if the offset is non-zero in mmap()
     - [arm64] drm/meson: use unsigned long long / Hz for frequency types
     - [arm64] drm/meson: fix debug log statement when setting the HDMI clocks
     - [arm64] drm/meson: use vclk_freq instead of pixel_freq in debug print
     - [arm64] drm/meson: fix more rounding issues with 59.94Hz modes
     - i40e: return false from i40e_reset_vf if reset is in progress
     - i40e: retry VFLR handling if there is ongoing VF reset
     - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
     - net: Fix TOCTOU issue in sk_is_readable()
     - macsec: MACsec SCI assignment for ES = 0
     - net: mdio: C22 is now optional, EOPNOTSUPP if not provided
     - net/mdiobus: Fix potential out-of-bounds read/write access
     - Bluetooth: Fix NULL pointer deference on eir_get_service_data
     - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
     - Bluetooth: MGMT: Fix sparse errors
     - net/mlx5: Ensure fw pages are always allocated on same NUMA
     - net/mlx5: Fix return value when searching for existing flow group
     - net/mlx5e: Fix leak of Geneve TLV option object
     - net_sched: prio: fix a race in prio_tune() (CVE-2025-38083)
     - net_sched: red: fix a race in __red_change()
     - net_sched: tbf: fix a race in tbf_change()
     - net_sched: ets: fix a race in ets_qdisc_change()
     - fs/filesystems: Fix potential unsigned integer underflow in fs_name()
     - nvmet-fcloop: access fcpreq only when holding reqlock
     - perf: Ensure bpf_perf_link path is properly serialized
     - bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
     - tools/resolve_btfids: Fix build when cross compiling kernel with clang.
     - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
     - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
     - Revert "io_uring: ensure deferred completions are posted for multishot"
     - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
       posix_cpu_timer_del()
     - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
     - kbuild: Add KBUILD_CPPFLAGS to as-option invocation
     - usb: usbtmc: Fix read_stb function and get_stb ioctl
     - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
     - usb: Flush altsetting 0 endpoints before reinitializating them after
       reset.
     - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
     - [arm64] xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
     - [x86] iopl: Cure TIF_IO_BITMAP inconsistencies
     - calipso: unlock rcu before returning -EAFNOSUPPORT
     - net: usb: aqc111: debug info before sanitation
     - [arm64] drm/meson: Use 1000ULL when operating with mode->clock
     - configfs: Do not override creating attribute file failure in
       populate_attrs()
     - crypto: marvell/cesa - Do not chain submitted requests
     - gfs2: move msleep to sleepable context
     - [arm64,armhf] ASoC: meson: meson-card-utils: use of_property_present() for
       DT parsing
     - io_uring: account drain memory to cgroup
     - [powerpc*] pseries/msi: Avoid reading PCI device registers in reduced
       power states
     - regulator: max20086: Fix MAX200086 chip id
     - regulator: max20086: Change enable gpio to optional
     - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
     - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
     - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
     - wifi: ath11k: fix rx completion meta data corruption
     - wifi: ath11k: fix ring-buffer corruption
     - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
     - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
     - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
     - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
     - media: cxusb: no longer judge rbuf when the write fails
     - media: gspca: Add error handling for stv06xx_read_sensor()
     - media: omap3isp: use sgtable-based scatterlist wrappers
     - media: v4l2-dev: fix error handling in __video_register_device()
     - media: videobuf2: use sgtable-based scatterlist wrappers
     - media: vidtv: Terminating the subsequent process of initialization failure
     - media: vivid: Change the siize of the composing
     - media: uvcvideo: Return the number of processed controls
     - media: uvcvideo: Send control events for partial succeeds
     - media: uvcvideo: Fix deferred probing error
     - [armel,armhf] 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
     - bus: mhi: host: Fix conflict between power_up and SYSERR
     - can: tcan4x5x: fix power regulator retrieval during probe
     - ceph: set superblock s_magic for IMA fsmagic matching
     - cgroup,freezer: fix incomplete freezing when attaching tasks
     - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
     - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
     - bus: fsl-mc: fix GET/SET_TAILDROP command ids
     - ext4: inline: fix len overflow in ext4_prepare_inline_data
     - ext4: fix calculation of credits for extent tree modification
     - ext4: factor out ext4_get_maxbytes()
     - ext4: ensure i_size is smaller than maxbytes
     - Input: ims-pcu - check record size in ims_pcu_flash_firmware()
     - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
     - f2fs: prevent kernel warning due to negative i_nlink from corrupted image
     - f2fs: fix to do sanity check on sit_bitmap_size
     - NFC: nci: uart: Set tty->disc_data only in success path
     - net: ftgmac100: select FIXED_PHY
     - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
     - vgacon: Add check for vc_origin address range in vgacon_scroll()
     - [arm64] clk: meson-g12a: add missing fclk_div2 to spicc
     - ipc: fix to protect IPCS lookups using RCU
     - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
     - mm: fix ratelimit_pages update error in dirty_ratio_handler()
     - [armhf] mtd: rawnand: sunxi: Add randomizer configuration in
       sunxi_nfc_hw_ecc_write_chunk
     - [armhf] mtd: nand: sunxi: Add randomizer configuration before randomizer
       enable
     - [x86] KVM: SVM: Clear current_vmcb during vCPU free for all *possible*
       CPUs
     - dm-mirror: fix a tiny race condition
     - ftrace: Fix UAF when lookup kallsym after ftrace disabled
     - net: ch9200: fix uninitialised access during mii_nway_restart
       (CVE-2025-38086)
     - [s390x] KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
     - staging: iio: ad5933: Correct settling cycles encoding per datasheet
     - regulator: max14577: Add error check for max14577_read_reg()
     - remoteproc: core: Cleanup acquired resources when rproc_handle_resources()
       fails in rproc_attach()
     - remoteproc: core: Release rproc->clean_table after rproc_attach() fails
     - cifs: reset connections for all channels when reconnect requested
     - uio_hv_generic: Use correct size for interrupt and monitor pages
     - PCI: cadence-ep: Correct PBA offset in .set_msix() callback
     - PCI: Add ACS quirk for Loongson PCIe
     - PCI: Fix lock symmetry in pci_slot_unlock()
     - PCI: dw-rockchip: Fix PHY function call sequence in
       rockchip_pcie_phy_deinit()
     - iio: accel: fxls8962af: Fix temperature scan element sign
     - iio: imu: inv_icm42600: Fix temperature calculation
     - iio: adc: ad7606_spi: fix reg write value mask
     - ACPICA: fix acpi operand cache leak in dswstate.c
     - [x86] ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
     - clocksource: Fix the CPUs' choice in the watchdog per CPU verification
     - mmc: Add quirk to disable DDR50 tuning
     - ACPICA: Avoid sequence overread in call to strncmp()
     - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
     - ACPI: bus: Bail out if acpi_kobj registration fails
     - ACPICA: fix acpi parse and parseext cache leaks
     - power: supply: bq27xxx: Retrieve again when busy
     - ACPICA: utilities: Fix overflow check in vsnprintf()
     - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
     - ACPI: battery: negate current when discharging
     - net: macb: Check return value of dma_set_mask_and_coherent()
     - net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
     - tipc: use kfree_sensitive() for aead cleanup
     - bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
     - i2c: designware: Invoke runtime suspend on quick slave re-registration
     - emulex/benet: correct command version selection in be_cmd_get_stats()
     - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
     - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
     - sctp: Do not wake readers in __sctp_write_space()
     - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
     - i2c: tegra: check msg length in SMBUS block read
     - i2c: npcm: Add clock toggle recovery
     - net: dlink: add synchronization for stats update
     - wifi: ath11k: Fix QMI memory reuse logic
     - tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
     - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
     - [x86] sgx: Prevent attempts to reclaim poisoned pages
     - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
     - net: atlantic: generate software timestamp just before the doorbell
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_set_by_name()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_gpio_get_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_gpio_set_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
     - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
     - net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
     - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
     - wifi: mac80211: do not offer a mesh path if forwarding is disabled
     - clk: rockchip: rk3036: mark ddrphy as critical
     - libbpf: Add identical pointer detection to btf_dedup_is_equiv()
     - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
     - [amd64] iommu/amd: Ensure GA log notifier callbacks finish running before
       module unload
     - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
     - net: bridge: mcast: update multicast contex when vlan state is changed
     - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
       functions
     - vxlan: Do not treat dst cache initialization errors as fatal
     - software node: Correct a OOB check in software_node_get_reference_args()
     - pinctrl: mcp23s08: Reset all pins to input at probe
     - scsi: lpfc: Use memcpy() for BIOS version
     - sock: Correct error checking condition for (assign|release)_proto_idx()
     - i40e: fix MMIO write access to an invalid page in i40e_clear_hw
     - ice: fix check for existing switch rule
     - bpf, sockmap: Fix data lost during EAGAIN retries
     - net: ethernet: cortina: Use TOE/TSO on all TCP
     - fbcon: Make sure modelist not set on unregistered console
     - watchdog: da9052_wdt: respect TWDMIN
     - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
     - [armhf] OMAP2+: Fix l4ls clk domain handling in STANDBY
     - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
       first"
     - [x86] platform/x86: dell_rbu: Fix list usage
     - [x86] platform/x86: dell_rbu: Stop overwriting data buffer
     - [powerpc*] eeh: Fix missing PE bridge reconfiguration during VFIO EEH
       recovery
     - Revert "x86/bugs: Make spectre user default depend on
       MITIGATION_SPECTRE_V2" on v6.6 and older
     - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (CVE-2025-38090)
     - jffs2: check that raw node were preallocated before writing summary
     - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
     - smb: improve directory cache reuse for readdir operations
     - scsi: storvsc: Increase the timeouts to storvsc_timeout
     - scsi: s390: zfcp: Ensure synchronous unit_add
     - net_sched: sch_sfq: reject invalid perturb period
     - udmabuf: use sgtable-based scatterlist wrappers
     - ksmbd: fix null pointer dereference in destroy_previous_session
     - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
     - atm: Revert atm_account_tx() if copy_from_iter_full() fails.
     - Input: sparcspkr - avoid unannotated fall-through
     - wifi: cfg80211: init wiphy_work before allocating rfkill fails
       (CVE-2025-22119)
     - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
       card
     - ALSA: hda/intel: Add Thinkpad E15 to PM deny list
     - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
     - mm/hugetlb: unshare page tables during VMA split, not before
       (CVE-2025-38084)
     - mm: hugetlb: independent PMD page table shared count (CVE-2024-57883)
     - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
     - mm/huge_memory: fix dereferencing invalid pmd migration entry
       (CVE-2025-37958)
     - net: Fix checksum update for ILA adj-transport
     - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
     - erofs: remove unused trace event erofs_destroy_inode
     - [arm64] drm/msm/disp: Correct porch timing for SDM845
     - [arm64] drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
     - ionic: Prevent driver/fw getting out of sync on devcmd(s)
     - drm/nouveau/bl: increase buffer size to avoid truncate warning
     - hwmon: (occ) Rework attribute registration for stack usage
     - hwmon: (occ) fix unaligned accesses
     - pldmfw: Select CRC32 when PLDMFW is selected
     - aoe: clean device rq_list in aoedev_downdev()
     - net: ice: Perform accurate aRFS flow match
     - ptp: fix breakage after ptp_vclock_in_use() rework
     - ptp: allow reading of currently dialed frequency to succeed on
       free-running clocks
     - wifi: carl9170: do not ping device which has failed to load firmware
     - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
     - atm: atmtcp: Free invalid length skb in atmtcp_c_send().
     - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
       behavior
     - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
     - tcp: fix passive TFO socket having invalid NAPI ID
     - net: microchip: lan743x: Reduce PTP timeout on HW failure
     - net: lan743x: fix potential out-of-bounds write in
       lan743x_ptp_io_event_clock_get()
     - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
     - net: atm: add lec_mutex
     - net: atm: fix /proc/net/atm/lec handling
     - dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
     - [x86] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
     - [arm64] dts: ti: k3-j721e-sk: Add DT nodes for power regulators
     - serial: sh-sci: Increment the runtime usage counter for the earlycon
       device
     - Revert "cpufreq: tegra186: Share policy per cluster"
     - smb: client: fix first command failure during re-negotiation
     - [s390x] pci: Fix __pcilg_mio_inuser() inline assembly
     - perf: Fix sample vs do_exit()
     - [arm64] ptrace: Fix stack-out-of-bounds read in
       regs_get_kernel_stack_nth()
     - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.143
     - cifs: Correctly set SMB1 SessionKey field in Session Setup Request
     - cifs: Fix cifs_query_path_info() for Windows NT servers
     - NFSv4: Always set NLINK even if the server doesn't support it
     - NFSv4.2: fix listxattr to return selinux security label
     - [arm*] mailbox: Not protect module_put with spin_lock_irqsave
     - leds: multicolor: Fix intensity setting while SW blinking
     - NFSv4: xattr handlers should check for absent nfs filehandles
     - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
       extension
     - md/md-bitmap: fix dm-raid max_write_behind setting
     - amd/amdkfd: fix a kfd_process ref leak
     - bcache: fix NULL pointer in cache_set_flush()
     - iio: pressure: zpa2326: Use aligned_s64 for the timestamp
     - [arm64] coresight: Only check bottom two claim bits
     - [arm64,armhf] usb: dwc2: also exit clock_gating when stopping udc while
       suspended
     - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
     - usb: potential integer overflow in usbg_make_tpg()
     - usb: common: usb-conn-gpio: use a unique name for usb connector device
     - usb: Add checks for snprintf() calls in usb_alloc_dev()
     - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
     - usb: typec: displayport: Receive DP Status Update NAK request exit dp
       altmode
     - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
     - ALSA: hda: Ignore unsol events for cards being shut down
     - ALSA: hda: Add new pci id for AMD GPU display HD audio controller
     - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
     - ceph: fix possible integer overflow in ceph_zero_objects()
     - ovl: Check for NULL d_inode() in ovl_dentry_upper()
     - btrfs: handle csum tree error with rescue=ibadroots correctly
     - [x86] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
     - [x86] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on
       DG1"
     - fs/jfs: consolidate sanity checking in dbMount
     - jfs: validate AG parameters in dbMount() to prevent crashes
       (CVE-2025-38230)
     - media: imx-jpeg: Cleanup after an allocation error (CVE-2025-38225)
     - f2fs: don't over-report free space or inodes in statvfs
     - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in
       fb_videomode_to_var (CVE-2025-38215)
     - drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
     - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
     - Drivers: hv: move panic report code from vmbus to hv early init code
     - Drivers: hv: Change hv_free_hyperv_page() to take void * argument
     - Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
       (CVE-2024-36913)
     - Drivers: hv: Allocate interrupt and monitor pages aligned to system page
       boundary
     - Drivers: hv: vmbus: Add utility function for querying ring size
     - uio_hv_generic: Query the ringbuffer size for device
     - uio_hv_generic: Align ring size to system page
     - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
     - vgacon: remove unneeded forward declarations
     - tty: vt: make init parameter of consw::con_init() a bool
     - tty: vt: sanitize arguments of consw::con_clear()
     - tty: vt: make consw::con_switch() return a bool
     - dummycon: Trigger redraw when switching consoles with deferred takeover
     - af_unix: Don't call skb_get() for OOB skb.
     - af_unix: Don't leave consecutive consumed OOB skbs.
     - i2c: tiny-usb: disable zero-length read messages
     - i2c: robotfuzz-osif: disable zero-length read messages
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
     - [s390x] pkey: Prevent overflow in size calculation for memdup_user()
     - atm: clip: prevent NULL deref in clip_push()
     - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
     - attach_recursive_mnt(): do not lock the covering tree when sliding
       something under it
     - libbpf: Fix null pointer dereference in btf_dump__free on allocation
       failure
     - wifi: mac80211: fix beacon interval calculation overflow
     - af_unix: Don't set -ECONNRESET for consumed OOB skb.
     - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
     - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
     - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
       (Closes: #1108069)
     - net: selftests: fix TCP packet checksum
     - [arm64] drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
     - [arm64] drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
     - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
     - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
     - serial: imx: Restore original RXTL for console to fix data loss
     - Bluetooth: L2CAP: Fix L2CAP MTU negotiation
     - dm-raid: fix variable in journal device check
     - btrfs: fix a race between renames and directory logging
     - btrfs: update superblock's device bytes_used when dropping chunk
     - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
     - HID: wacom: fix memory leak on kobject creation failure
     - HID: wacom: fix memory leak on sysfs attribute creation failure
     - HID: wacom: fix kobject reference count leak
     - scsi: megaraid_sas: Fix invalid node index
     - [arm64,armhf] drm/etnaviv: Protect the scheduler's pending list with its
       lock
     - [arm64,armhf] drm/tegra: Assign plane type before registration
     - [arm64,armhf] drm/tegra: Fix a possible null pointer dereference
     - drm/udl: Unregister device before cleaning up on disconnect
     - [arm64] drm/msm/gpu: Fix crash when throttling GPU immediately during boot
     - drm/amdkfd: Fix race in GWS queue scheduling
     - drm/amd/display: Add null pointer check for get_first_active_display()
     - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
     - drm/amdgpu: Add kicker device detection
     - ksmbd: Use unsafe_memcpy() for ntlm_negotiate
     - ksmbd: remove unsafe_memcpy use in session setup
     - fs: omfs: Use flexible-array member in struct omfs_extent
     - fbdev: hyperv_fb: Convert comma to semicolon
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - media: uvcvideo: Rollback non processed entities on error
     - [s390x] entry: Fix last breaking event handling in case of stack
       corruption
     - Kunit to check the longest symbol length
     - [x86] tools: Drop duplicate unlikely() definition in insn_decoder_test.c
     - Revert "ipv6: save dontfrag in cork"
     - nvme: always punt polled uring_cmd end_io work to task_work
     - io_uring/kbuf: account ring io_buffer_list memory
     - [arm64] firmware: arm_scmi: Add a common helper to check if a message is
       supported
     - [arm64] firmware: arm_scmi: Ensure that the message-id supports
       fastchannel
     - [arm64] Restrict pagetable teardown to avoid false warning
     - [arm*] 9354/1: ptrace: Use bitfield helpers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.144
     - rtc: cmos: use spin_lock_irqsave in cmos_interrupt
     - [s390x] pci: Do not try re-enabling load/store if device is disabled
     - vsock/vmci: Clear the vmci transport packet properly when initializing it
     - mmc: sdhci: Add a helper function for dump register in dynamic debug mode
     - Revert "mmc: sdhci: Disable SD card clock before changing parameters"
       (Closes: #1108065)
     - Bluetooth: hci_sync: revert some mesh modifications
     - Bluetooth: MGMT: set_mesh: update LE scan interval and window
     - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising
     - [arm64,armhf] regulator: gpio: Fix the out-of-bounds access to
       drvdata::gpiods
     - usb: typec: altmodes/displayport: do not index invalid pin_assignments
     - [arm64] dts: apple: t8103: Fix PCIe BCM4377 nodename
     - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
     - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
     - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
     - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
     - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
     - scsi: ufs: core: Fix spelling of a sysfs attribute name
     - RDMA/mlx5: Fix CC counters query for MPV
     - Bluetooth: Prevent unintended pause by checking if advertising is active
     - btrfs: fix missing error handling when searching for inode refs during log
       replay
     - btrfs: fix iteration of extrefs during log replay
     - ethernet: atl1: Add missing DMA mapping error checks and count errors
     - [armhf] drm/exynos: fimd: Guard display clock control with runtime PM
       calls
     - [arm64] spi: spi-fsl-dspi: Clear completion counter before initiating
       transfer
     - [x86] platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
       callbacks
     - [x86] drm/i915/gt: Fix timeline left held on VMA alloc error
     - [x86] drm/i915/gsc: mei interrupt top half should be in irq disabled
       context
     - igc: disable L1.2 PCI-E link substate to avoid performance issue
     - [amd64,arm64] amd-xgbe: align CL37 AN sequence as per databook
     - enic: fix incorrect MTU comparison in enic_change_mtu()
     - rose: fix dangling neighbour pointers in rose_rt_device_down()
     - nui: Fix dma_mapping_error() check
     - net/sched: Always pass notifications when child class becomes empty
     - smb: client: fix race condition in negotiate timeout by using more precise
       timing
     - [arm64] drm/msm: Fix a fence leak in submit error path
     - [arm64] drm/msm: Fix another leak in the submit error path
     - ALSA: sb: Don't allow changing the DMA mode during operations
     - ALSA: sb: Force to disable DMAs once when DMA mode is changed
     - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled
     - ata: pata_cs5536: fix build on 32-bit UML
     - [powerpc*] Fix struct termio related ioctl macros
     - [x86] ASoC: amd: yc: update quirk data for HP Victus
     - scsi: target: Fix NULL pointer dereference in
       core_scsi3_decode_spec_i_port()
     - aoe: defer rexmit timer downdev work to workqueue
     - wifi: mac80211: drop invalid source address OCB frames
     - wifi: ath6kl: remove WARN on bad firmware input
     - ACPICA: Refuse to evaluate a method if arguments are missing
     - mtd: spinand: fix memory leak of ECC engine conf
     - rcu: Return early if callback is not specified
     - virtio-net: ensure the received length does not exceed allocated size
     - [arm64] drm/v3d: Disable interrupts before resetting the GPU
     - NFSv4/flexfiles: Fix handling of NFS level errors in I/O
     - btrfs: use btrfs_record_snapshot_destroy() during rmdir
     - [arm64] dpaa2-eth: fix xdp_rxq_info leak
     - [x86] platform/x86: think-lmi: Fix class device unregistration
     - [x86] platform/x86: dell-wmi-sysman: Fix class device unregistration
     - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
     - xhci: dbctty: disable ECHO flag by default
     - xhci: dbc: Flush queued requests before stopping dbc
     - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
     - usb: cdnsp: do not disable slot for disabled slot
     - dma-buf: fix timeout handling in dma_resv_wait_timeout v2
     - i2c/designware: Fix an initialization issue
     - Logitech C-270 even more broken
     - [x86] platform/x86: think-lmi: Create ksets consecutively
     - [x86] platform/x86: think-lmi: Fix kobject cleanup
     - usb: typec: displayport: Fix potential deadlock
     - [amd64] Mitigations Transitive Scheduler Attacks (TSA) (CVE-2024-36350,
       CVE-2024-36357)
       + x86/bugs: Rename MDS machinery to something more generic
       + x86/bugs: Add a Transient Scheduler Attacks mitigation
       + KVM: SVM: Advertise TSA CPUID bits to guests
       + x86/process: Move the buffer clearing before MONITOR
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.145
     - [amd64] x86/CPU/AMD: Properly check the TSA microcode
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.146
     - [x86] platform/x86: ideapad-laptop: use usleep_range() for EC polling
     - perf: Revert to requiring CAP_SYS_ADMIN for uprobes
     - Bluetooth: hci_sync: Fix not disabling advertising instance
     - fix proc_sys_compare() handling of in-lookup dentries
     - netlink: Fix wraparounds of sk->sk_rmem_alloc.
     - tipc: Fix use-after-free in tipc_conn_close().
     - vsock: Fix transport_{g2h,h2g} TOCTOU
     - vsock: Fix transport_* TOCTOU
     - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
     - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
     - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
     - atm: clip: Fix potential null-ptr-deref in to_atmarpd().
     - atm: clip: Fix memory leak of struct clip_vcc.
     - atm: clip: Fix infinite recursive call of clip_push().
     - atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
     - net/sched: Abort __tc_modify_qdisc if parent class does not exist
     - maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
     - rxrpc: Fix oops due to non-existence of prealloc backlog struct
     - [x86] boot: Compile boot code with -std=gnu11 too
     - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
     - [x86] mce/amd: Fix threshold limit reset
     - [x86] mce: Don't remove sysfs if thresholding sysfs init fails
     - [x86] mce: Make sure CMCI banks are cleared during shutdown on Intel
     - [x86] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ
       routing table.
     - [x86] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is
       in-flight
     - gre: Fix IPv6 multicast route creation. (Closes: #1108430)
     - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734)
     - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts
     - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558)
     - drm/sched: Increment job count before swapping tail spsc queue
     - drm/ttm: fix error handling in ttm_buffer_object_transfer
     - drm/gem: Fix race in drm_gem_handle_create_tail()
     - usb: gadget: u_serial: Fix race condition in TTY wakeup
     - Revert "ACPI: battery: negate current when discharging"
     - kallsyms: fix build without execinfo
     - maple_tree: fix mt_destroy_walk() on root leaf node
     - pwm: mediatek: Ensure to disable clocks in error path
     - smb: server: make use of rdma_destroy_qp()
     - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
     - netlink: Fix rmem check in netlink_broadcast_deliver().
     - netlink: make sure we allow at least one dump skb
     - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
     - btrfs: propagate last_unlink_trans earlier when doing a rmdir
     - xhci: Allow RPM on the USB controller (1022:43f7) by default
     - usb: xhci: quirk for data loss in ISOC transfers
     - Input: xpad - support Acer NGR 200 Controller
     - [arm64,armhf] usb: dwc3: Abort suspend on soft disconnect failure
     - wifi: zd1211rw: Fix potential NULL pointer dereference in
       zd_mac_tx_to_dev()
     - [arm64,armhf] drm/tegra: nvdec: Fix dma_alloc_coherent error check
     - md/raid1: Fix stack memory use after return in raid1_reshape
     - raid10: cleanup memleak at raid10_make_request
     - nbd: fix uaf in nbd_genl_connect() error path
     - erofs: remove the member readahead from struct z_erofs_decompress_frontend
     - erofs: clean up z_erofs_pcluster_readmore()
     - erofs: allocate extra bvec pages directly instead of retrying
     - erofs: avoid on-stack pagepool directly passed by arguments
     - erofs: adapt folios for z_erofs_read_folio()
     - erofs: fix to add missing tracepoint in erofs_read_folio()
     - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
     - net: appletalk: Fix device refcount leak in atrtr_create()
     - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
     - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
     - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
       debug level
     - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
     - bnxt_en: Fix DCB ETS validation
     - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
     - atm: idt77252: Add missing `dma_map_error()`
     - [x86] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
     - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
     - net: usb: qmi_wwan: add SIMCom 8230C composition
     - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
     - btrfs: fix assertion when building free space tree
     - vt: add missing notification when switching back to text mode
     - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
     - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
     - Input: atkbd - do not skip atkbd_deactivate() when skipping
       ATKBD_CMD_GETID
     - vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074)
     - [x86] mm: Disable hugetlb page table sharing on 32-bit
     - [x86] Fix X86_FEATURE_VERW_CLEAR definition
     - ksmbd: fix potential use-after-free in oplock/lease break ack
     - rseq: Fix segfault on registration when rseq_cs is non-zero
       (CVE-2025-38067)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.147
     - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
     - USB: serial: option: add Foxconn T99W640
     - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
     - usb: gadget: configfs: Fix OOB read on empty string write
     - [armhf] i2c: stm32: fix the device used for the DMA map
     - [x86] thunderbolt: Fix bit masking in tb_dp_port_set_hops()
     - Input: xpad - set correct controller type for Acer NGR200
     - pch_uart: Fix dma_sync_sg_for_device() nents value
     - HID: core: ensure the allocated report buffer can contain the reserved
       report ID
     - HID: core: ensure __hid_request reserves the report ID as the first byte
     - HID: core: do not bypass hid_hw_raw_request
     - tracing: Add down_write(trace_event_sem) when adding trace event
     - io_uring/poll: fix POLLERR handling
     - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
       pep_sock_accept()
     - net/mlx5: Update the list of the PCI supported devices
     - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
     - af_packet: fix soft lockup issue caused by tpacket_snd()
     - isofs: Verify inode mode when loading from disk
     - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
     - [arm64,armhf] mmc: bcm2835: Fix dma_unmap_sg() nents value
     - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
       Positivo models
     - [arm64] mmc: sdhci_am654: Workaround for Errata i2312
     - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
     - smb: client: fix use-after-free in crypt_message when using async crypto
     - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order
     - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
     - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
     - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
     - iio: adc: max1363: Reorder mode_list[] entries
     - iio: adc: stm32-adc: Fix race in installing chained IRQ handler
     - [i386] comedi: pcl812: Fix bit shift out of bounds
     - [i386] comedi: aio_iiro_16: Fix bit shift out of bounds
     - [i386] comedi: das16m1: Fix bit shift out of bounds
     - [i386] comedi: das6402: Fix bit shift out of bounds
     - [i386] comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
     - [i386] comedi: Fix some signed shift left operations
     - [i386] comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
     - [i386] comedi: Fix initialization of data for instructions that write to
       subdevice
     - bpf: Reject %p% format string in bprintf-like helpers
     - cachefiles: Fix the incorrect return value in __cachefiles_write()
     - net/sched: sch_qfq: Fix race condition on qfq_aggregate
     - rpl: Fix use-after-free in rpl_do_srh_inline().
     - smb: client: fix use-after-free in cifs_oplock_break
     - nvme: fix misaccounting of nvme-mpath inflight I/O
     - [x86] hwmon: (corsair-cpro) Validate the size of the received input buffer
     - usb: net: sierra: check for no status endpoint
     - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
     - Bluetooth: hci_sync: fix connectable extended advertising when using
       static random address
     - Bluetooth: SMP: If an unallowed command is received consider it a failure
     - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
     - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant
       without board ID
     - net/mlx5: Correctly set gso_size when LRO is used
     - ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
     - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
     - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
     - tls: always refresh the queue when reading sock
     - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
       runtime
     - net: bridge: Do not offload IGMP/MLD messages
     - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
     - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
     - sched: Change nr_uninterruptible type to unsigned long
     - HID: mcp2221: Set driver data before I2C adapter add
     - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right
       userns
     - usb: hub: fix detection of high tier USB3 devices behind suspended hubs
     - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
       pm
     - usb: hub: Fix flushing of delayed work used for post resume purposes
     - usb: hub: Don't try to recover devices lost during warm reset.
     - usb: musb: Add and use inline functions musb_{get,set}_state
     - usb: musb: fix gadget state on disconnect
     - [arm64] usb: dwc3: qcom: Don't leave BCR asserted
     - [arm64] ASoC: fsl_sai: Force a software reset when starting in consumer
       mode
     - Bluetooth: HCI: Set extended advertising data synchronously
     - mm/vmalloc: leave lazy MMU mode on PTE mapping error
     - nvmem: layouts: u-boot-env: remove crc32 endianness conversion
 .
   [ Uwe Kleine-König ]
   * Disable CONFIG_CDROM_PKTCDVD for all archs as this driver is
     orphaned, buggy and not needed. (Closes: #1107479)
 .
   [ Salvatore Bonaccorso ]
   * [amd64] drivers/acpi: Make ACPI_HED built-in
   * Bump ABI to 38
   * [rt] Update to 6.1.141-rt52
   * net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
     qfq_delete_class
   * [amd64] x86/bugs: Fix use of possibly uninit value in
     amd_check_tsa_microcode()
 .
   [ Kevin P. Fleming ]
   * test-patches: Add defaults for DEBEMAIL and DEBFULLNAME
linux (6.1.140-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.140
     - binfmt: Fix whitespace issues
     - binfmt_elf: Support segments with 0 filesz and misaligned starts
     - binfmt_elf: elf_bss no longer used by load_elf_binary()
     - binfmt_elf: Leave a gap between .bss and brk
     - binfmt_elf: Calculate total_size earlier
     - binfmt_elf: Honor PT_LOAD alignment for static PIE
     - binfmt_elf: Move brk for static PIE even if ASLR disabled
     - [x86] platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - tpm: tis: Double the timeout B to 4s
     - iio: adc: ad7266: Fix potential timestamp alignment issue.
     - drm/amd: Stop evicting resources on APUs in suspend
     - drm/amdgpu: Fix the runtime resume failure issue
     - drm/amdgpu: trigger flr_work if reading pf2vf data failed
     - drm/amd: Add Suspend/Hibernate notification callback support
     - Revert "drm/amd: Stop evicting resources on APUs in suspend"
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
     - HID: uclogic: Add NULL check in uclogic_input_configured()
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - net_sched: Flush gso_skb list too during ->change()
     - net: mctp: Ensure keys maintain only one ref to corresponding dev
     - [arm64] net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - nvme-pci: make nvme_pci_npages_prp() __always_inline
     - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - net/mlx5e: Disable MACsec offload for uplink representor profile
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - net/tls: fix kernel panic when alloc_page failed
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - drm/amd/display: Correct the reply value when AUX write incomplete
     - drm/amd/display: Avoid flooding unnecessary info messages
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - dma-buf: insert memory barrier before updating num_fences
     - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
     - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
     - hv_netvsc: Remove rmsg_pgcnt
     - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
     - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - [arm64,armhf] phy: Fix error handling in tegra_xusb_port_init
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
     - [arm64] phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
     - smb: client: fix memory leak during error handling for POSIX mkdir
     - wifi: mt76: disable napi on driver removal
     - net: qede: Initialize qede_ll_ops with designated initializer
     - [arm64] dmaengine: ti: k3-udma: Add missing locking
     - [arm64] dmaengine: ti: k3-udma: Use cap_mask directly from dma_device
       structure instead of a local copy
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_wqs
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - [amd64] dmaengine: idxd: Add missing cleanup for early error out in
       idxd_setup_internals
     - [amd64] dmaengine: idxd: Add missing cleanups in cleanup internals
     - [amd64] dmaengine: idxd: Add missing idxd cleanup to fix memory leak in
       remove call
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_alloc
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_pci_probe
     - usb: typec: ucsi: displayport: Fix deadlock (CVE-2025-37967)
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group (CVE-2024-35790)
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
       (CVE-2024-53203)
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
     - [arm64] bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
       (CVE-2024-43840)
     - [arm64] bpf, arm64: Fix address emission with tag-based KASAN enabled
     - hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
       (CVE-2025-21931)
     - sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
     - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - [arm64] sme: Always exit sme_alloc() early with existing storage
     - [x86] platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually
       enabled it (CVE-2025-21645)
     - bnxt_en: Fix receive ring space parameters when XDP is active
       (CVE-2024-53209)
     - ipv6: Fix potential uninit-value access in __ip6_make_skb()
       (CVE-2024-36903)
     - ipv4: Fix uninit-value access in __ip_make_skb() (CVE-2024-36927)
     - spi: cadence-qspi: fix pointer reference in runtime PM hooks
       (CVE-2024-26807)
     - drm/amdgpu: fix pm notifier handling
     - [x86] modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 37
linux (6.1.139-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
     - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
     - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
     - [arm64] i2c: imx-lpi2c: Fix clock count when probe defers
     - [arm64] errata: Add missing sentinels to Spectre-BHB MIDR arrays
     - [x86] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
       value.
     - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
       offload
     - [arm64] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
     - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
     - dm-integrity: fix a warning on invalid table line
     - dm: always update the array size in realloc_argv on success
     - [amd64] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
     - [amd64] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
     - [x86] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
       hotplug
     - ksmbd: fix use-after-free in kerberos authentication
     - cpufreq: Avoid using inconsistent policy->min and policy->max
     - cpufreq: Fix setting policy limits when frequency tables are used
     - tracing: Fix oob write in trace_seq_to_buffer()
     - xfs: fix error returns from xfs_bmapi_write
     - xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
     - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
     - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item
       recovery
     - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
     - xfs: validate recovered name buffers when recovering xattr items
     - xfs: revert commit 44af6c7e59b12
     - xfs: match lock mode in xfs_buffered_write_iomap_begin()
     - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
     - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
     - xfs: convert delayed extents to unwritten when zeroing post eof blocks
     - xfs: allow symlinks with short remote targets
     - xfs: make sure sb_fdblocks is non-negative
     - xfs: fix freeing speculative preallocations for preallocated files
     - xfs: allow unlinked symlinks and dirs with zero size
     - xfs: restrict when we try to align cow fork delalloc to cowextsz hints
     - [x86] KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
       loop (CVE-2025-21839)
     - dm-bufio: don't schedule in atomic context
     - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
     - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
     - vxlan: vnifilter: Fix unlocked deletion of default FDB entry
     - net/mlx5: E-Switch, Initialize MAC Address for Default GID
     - net/mlx5: E-switch, Fix error handling for enabling roce
     - [arm64] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged
     - [arm64] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
     - net_sched: drr: Fix double list add in class with netem as child qdisc
     - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
       qdisc
     - net_sched: ets: Fix double list add in class with netem as child qdisc
     - net_sched: qfq: Fix double list add in class with netem as child qdisc
     - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
     - net: dlink: Correct endianness handling of led_mode
     - [arm64] net: dsa: felix: fix broken taprio gate states after clock jump
     - net: ipv6: fix UDPv6 GSO segmentation with NAT
     - bnxt_en: Fix coredump logic to free allocated buffer
     - bnxt_en: Fix out-of-bound memcpy() during ethtool -w
     - bnxt_en: Fix ethtool -d byte order for 32-bit values
     - nvme-tcp: fix premature queue removal and I/O failover
     - net: lan743x: Fix memleak issue when GSO enabled
     - net: fec: ERR007885 Workaround for conventional TX
     - [arm64] net: hns3: store rx VLAN tag offload state for VF
     - [arm64] net: hns3: fix an interrupt residual problem
     - [arm64] net: hns3: fixed debugfs tm_qset size
     - [arm64] net: hns3: defer calling ptp_clock_register()
     - PCI: imx6: Skip controller_id generation logic for i.MX7D
     - sch_htb: make htb_qlen_notify() idempotent
     - sch_drr: make drr_qlen_notify() idempotent
     - sch_hfsc: make hfsc_qlen_notify() idempotent
     - sch_qfq: make qfq_qlen_notify() idempotent
     - sch_ets: make est_qlen_notify() idempotent
     - [x86] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables
       separately"
     - [arm64] firmware: arm_scmi: Balance device refcount when destroying
       devices
     - net: phy: microchip: force IRQ polling mode for lan88xx
     - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
     - [arm64,armhf] irqchip/gic-v2m: Mark a few functions __init
     - [arm64,armhf] irqchip/gic-v2m: Prevent use after free of
       gicv2m_get_fwnode() (CVE-2025-37819)
     - dm: fix copying after src array boundaries
     - [arm64] iommu/arm-smmu-v3: Use the new rb tree helpers
     - [arm64] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated
       stream ids
     - drm/amd/display: phase2 enable mst hdcp multiple displays
     - drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c
     - drm/amd/display: Change HDCP update sequence for DM
     - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
     - drm/amd/display: Fix slab-use-after-free in hdcp
     - ASoC: Use of_property_read_bool()
     - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
       properties
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.139
     - dm: add missing unlock on in dm_keyslot_evict()
     - [arm64] dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
     - [arm64] can: mcan: m_can_class_unregister(): fix order of unregistration
       calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - ksmbd: prevent out-of-bounds stream writes by validating *pos
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - ksmbd: fix memory leak in parse_lease_state()
     - sch_htb: make htb_deactivate() idempotent
     - gre: Fix again IPv6 link-local address generation.
     - can: mcp251xfd: fix TDC setting for low data bit rates
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - ipv4: Drop tos parameter from flowi4_update_output()
     - ipvs: fix uninit-value for saddr in do_output_route4
     - netfilter: ipset: fix region locking in hash types
     - bpf: Scrub packet on bpf_redirect_peer
     - [armhf] net: dsa: b53: allow leaky reserved multicast
     - [armhf] net: dsa: b53: fix clearing PVID of a port
     - [armhf] net: dsa: b53: fix flushing old pvid VLAN on pvid change
     - [armhf] net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
     - [armhf] net: dsa: b53: always rejoin default untagged VLAN on bridge leave
     - [armhf] net: dsa: b53: fix learning on VLAN unaware bridges
     - Input: synaptics - enable InterTouch on Dynabook Portege X30-D
     - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
     - Input: synaptics - enable InterTouch on Dell Precision M3800
     - Input: synaptics - enable SMBus for HP Elitebook 850 G1
     - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
     - [x86] mm: Eliminate window where TLB flushes may be inadvertently skipped
     - drm/amd/display: Shift DMUB AUX reply command if necessary
     - iio: adc: ad7606: fix serial register access
     - iio: adis16201: Correct inclinometer channel resolution
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
     - [arm64] drm/v3d: Add job to pending list if the reset was skipped
     - drm/amd/display: Fix the checking condition in dmub aux handling
     - drm/amd/display: Remove incorrect checking in dmub aux handler
     - drm/amd/display: Fix wrong handling for AUX_DEFER case
     - drm/amd/display: Copy AUX read reply data whenever length > 0
     - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
     - usb: uhci-platform: Make the clock really optional
     - xenbus: Use kref to track req lifetime
     - module: ensure that kobject_put() is safe for module type kobjects
     - ocfs2: switch osb->disable_recovery to enum
     - ocfs2: implement handshaking with ocfs2 recovery thread
     - ocfs2: stop quota recovery before disabling quotas
     - [arm64,armhf] usb: host: tegra: Prevent host controller crash when OTG
       port is used
     - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
     - usb: typec: ucsi: displayport: Fix NULL pointer access
     - USB: usbtmc: use interruptible sleep in usbtmc_read
     - usb: usbtmc: Fix erroneous get_stb ioctl error returns
     - usb: usbtmc: Fix erroneous wait_srq ioctl return
     - usb: usbtmc: Fix erroneous generic_read ioctl return
     - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
     - types: Complement the aligned types with signed 64-bit one
     - [mips*] Fix MAX_REG_OFFSET
     - drm/panel: simple: Update timings for AUO G101EVN010
     - nvme: unblock ctrl state transition for firmware update
     - do_umount(): add missing barrier before refcount checks in sync case
     - io_uring: always arm linked timeouts prior to issue
     - io_uring: ensure deferred completions are posted for multishot
     - Revert "net: phy: microchip: force IRQ polling mode for lan88xx"
     - [arm64] insn: Add support for encoding DSB
     - [arm64] proton-pack: Expose whether the platform is mitigated by firmware
     - [arm64] proton-pack: Expose whether the branchy loop k value
     - [arm64] bpf: Add BHB mitigation to the epilogue for cBPF programs
     - [arm64] bpf: Only mitigate cBPF programs loaded by unprivileged users
     - [arm64] proton-pack: Add new CPUs 'k' values for branch mitigation
     - [x86] bpf: Call branch history clearing sequence on exit
     - [x86] bpf: Add IBHF call at end of classic BPF
     - [x86] bhi: Do not set BHI_DIS_S in 32-bit mode
     - [x86] speculation: Simplify and make CALL_NOSPEC consistent
     - [x86] speculation: Add a conditional CS prefix to CALL_NOSPEC
     - [x86] speculation: Remove the extra #ifdef around CALL_NOSPEC
     - [amd64] Mitigations Indirect Target Selection (ITS) (CVE-2024-28956)
       + Documentation: x86/bugs/its: Add ITS documentation
       + x86/its: Enumerate Indirect Target Selection (ITS) bug
       + x86/its: Add support for ITS-safe indirect thunk
       + x86/its: Add support for ITS-safe return thunk
       + x86/its: Enable Indirect Target Selection mitigation
       + x86/its: Add "vmexit" option to skip mitigation on some CPUs
       + x86/its: Align RETs in BHB clear sequence to avoid thunking
       + x86/ibt: Keep IBT disabled during alternative patching
       + x86/its: Use dynamic thunks for indirect branches
       + x86/its: Fix build errors when CONFIG_MODULES=n
       + x86/alternative: Optimize returns patching
       + x86/alternatives: Remove faulty optimization
       + x86/its: FineIBT-paranoid vs ITS
 .
   [ Uwe Kleine-König ]
   * d/b/test-patches: Handle kernel release strings without ABI number.
     This is a backport from 6.10.1-1_exp1 to enable building bookworm kernels
     on trixie and newer.
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 36

linux-signed-amd64 (6.1.148+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.148-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.148
     - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
       (CVE-2025-38335)
     - regulator: core: fix NULL dereference on unbind due to stale coupling data
     - RDMA/core: Rate limit GID cache warning messages
     - iio: adc: ad7949: use spi_is_bpw_supported()
     - regmap: fix potential memory leak of regmap_bus
     - [x86] hyperv: Fix usage of cpu_online_mask to get valid cpu
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_SUCCESS usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_ERROR usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_RETRY usage
     - [arm64,armhf] staging: vchiq_arm: Make vchiq_shutdown never fail
     - xfrm: interface: fix use-after-free after changing collect_md xfrm
       interface (CVE-2025-38500)
     - net/mlx5: Fix memory leak in cmd_exec()
     - i40e: Add rx_missed_errors for buffer exhaustion
     - i40e: report VF tx_dropped with tx_errors instead of tx_discards
     - i40e: When removing VF MAC filters, only check PF-set MAC
     - net: appletalk: Fix use-after-free in AARP proxy probe
     - can: dev: can_restart(): reverse logic to remove need for goto
     - can: dev: can_restart(): move debug message and stats after successful
       restart
     - can: netlink: can_changelink(): fix NULL pointer deref of struct
       can_priv::do_set_mode
     - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in
       ti_sn_bridge_probe()
     - [arm64] net: hns3: fix concurrent setting vlan filter issue
     - [arm64] net: hns3: disable interrupt when ptp init failed
     - [arm64] net: hns3: fixed vf get max channels bug
     - [x86] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
       boots
     - i2c: qup: jump out of the loop in case of timeout
     - i2c: tegra: Fix reset error handling with ACPI
     - i2c: virtio: Avoid hang by using interruptible completion wait
     - bus: fsl-mc: Fix potential double device reference in
       fsl_mc_get_endpoint()
     - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
     - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint
       handling
     - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
     - e1000e: ignore uninitialized checksum word on tgp
     - gve: Fix stuck TX queue for DQ queue format
     - ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
     - nilfs2: reject invalid file types when reading inodes
     - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
     - drm/amdkfd: Don't call mmput from MMU notifier callback
     - usb: typec: tcpm: allow to use sink in accessory mode
     - usb: typec: tcpm: allow switching to mode accessory to mux properly
     - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
     - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925)
     - [x86] comedi: comedi_test: Fix possible deletion of uninitialized timers
     - ALSA: hda/tegra: Add Tegra264 support
     - ALSA: hda: Add missing NVIDIA HDA codec IDs
     - [x86] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x
     - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
     - erofs: get rid of debug_one_dentry()
     - erofs: sunset erofs_dbg()
     - erofs: drop z_erofs_page_mark_eio()
     - erofs: simplify z_erofs_transform_plain()
     - erofs: address D-cache aliasing
     - usb: chipidea: add USB PHY event
     - usb: phy: mxs: disconnect line when USB charger is attached
     - ethernet: intel: fix building with large NR_CPUS
     - [x86] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx
     - ASoC: Intel: fix SND_SOC_SOF dependencies
     - fs_context: fix parameter name in infofc() macro
     - ublk: use vmalloc for ublk_device's __queues
     - hfsplus: remove mutex_lock check in hfsplus_free_extents
     - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
     - ASoC: ops: dynamically allocate struct snd_ctl_elem_value
     - soc: qcom: QMI encoding/decoding for big endian
     - [arm64] dts: qcom: sdm845: Expand IMEM region
     - [arm64] dts: qcom: sc7180: Expand IMEM region
     - [arm64,armhf] usb: host: xhci-plat: fix incorrect type for of_match
       variable in xhci_plat_probe()
     - usb: misc: apple-mfi-fastcharge: Make power supply names unique
     - vmci: Prevent the dispatching of uninitialized payloads
     - pps: fix poll support
     - Revert "vmci: Prevent the dispatching of uninitialized payloads"
     - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
     - usb: early: xhci-dbc: Fix early_ioremap leak
     - [armhf] dts: ti: omap: Fixup pinheader typo
     - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed
     - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed
     - PM / devfreq: Check governor before using governor->name
     - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
     - cpufreq: Initialize cpufreq-based frequency-invariance later
     - cpufreq: Init policy->rwsem before it may be possibly used
     - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
     - bpf, sockmap: Fix psock incorrectly pointing to sk
     - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
     - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain
     - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
     - wifi: rtl818x: Kill URBs before clearing tx status queue
     - wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
     - iwlwifi: Add missing check for alloc_ordered_workqueue
     - wifi: ath11k: clear initialized flag for deinit-ed srng lists
     - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
     - net/mlx5: Check device memory pointer before usage
     - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
     - fbcon: Fix outdated registered_fb reference in comment
     - netfilter: nf_tables: adjust lockdep assertions handling
     - net/sched: Restrict conditions for adding duplicating netems to qdisc tree
     - net_sched: act_ctinfo: use atomic64_t for three counters
     - xen/gntdev: remove struct gntdev_copy_batch from stack
     - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
     - mwl8k: Add missing check after DMA map
     - wifi: mac80211: reject TDLS operations when station is not associated
     - wifi: plfxlc: Fix error handling in usb driver probe
     - wifi: mac80211: Do not schedule stopped TXQs
     - wifi: mac80211: Don't call fq_flow_idx() for management frames
     - wifi: mac80211: Check 802.11 encaps offloading in
       ieee80211_tx_h_select_key()
     - Reapply "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
       IE
     - can: peak_usb: fix USB FD devices potential malfunction
     - can: kvaser_pciefd: Store device channel index
     - can: kvaser_usb: Assign netdev.dev_port based on device channel index
     - netfilter: xt_nfacct: don't assume acct name is null-terminated
     - vrf: Drop existing dst reference in vrf_ip6_input_dst
     - ipv6: prevent infinite loop in rt6_nlmsg_size()
     - ipv6: fix possible infinite loop in fib6_info_uses_dev()
     - ipv6: annotate data-races around rt->fib6_nsiblings
     - bpf/preload: Don't select USERMODE_DRIVER
     - PCI: rockchip-host: Fix "Unexpected Completion" log message
     - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg()
     - [arm*] crypto: marvell/cesa - Fix engine load inaccuracy
     - mtd: fix possible integer overflow in erase_xfer()
     - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
     - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
     - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
     - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar()
       fails
     - [arm64,armhf] pinctrl: sunxi: Fix memory leak on krealloc failure
     - perf sched: Fix memory leaks for evsel->priv in timehist
     - perf sched: Fix memory leaks in 'perf sched latency'
     - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value
     - crypto: ccp - Fix crash when rebind ccp device for ccp.ko
     - [arm64] RDMA/hns: Fix -Wframe-larger-than issue
     - kernel: trace: preemptirq_delay_test: use offstack cpu mask
     - proc: use the same treatment to check proc_lseek as ones for
       proc_read_iter et.al
     - perf tests bp_account: Fix leaked file descriptor
     - [armhf] clk: sunxi-ng: v3s: Fix de clock definition
     - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
     - scsi: elx: efct: Fix dma_unmap_sg() nents value
     - scsi: mvsas: Fix dma_unmap_sg() nents value
     - scsi: isci: Fix dma_unmap_sg() nents value
     - soundwire: stream: restore params when prepare ports fail
     - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
     - fs/orangefs: Allow 2 more characters in do_c_string()
     - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
     - [x86] crypto: qat - fix seq_file position update in adf_ring_next()
     - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
     - jfs: fix metapage reference count leak in dbAllocCtl
     - vhost-scsi: Fix log flooding with target does not exist errors
     - bpf: Check flow_dissector ctx accesses are aligned
     - apparmor: ensure WB_HISTORY_SIZE value is a power of 2
     - module: Restore the moduleparam prefix length check
     - ucount: fix atomic_long_inc_below() argument type
     - rtc: ds1307: fix incorrect maximum clock rate handling
     - rtc: hym8563: fix incorrect maximum clock rate handling
     - rtc: nct3018y: fix incorrect maximum clock rate handling
     - rtc: pcf85063: fix incorrect maximum clock rate handling
     - rtc: pcf8563: fix incorrect maximum clock rate handling
     - rtc: rv3028: fix incorrect maximum clock rate handling
     - f2fs: fix KMSAN uninit-value in extent_info usage
     - f2fs: doc: fix wrong quota mount option description
     - f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
     - f2fs: fix to avoid panic in f2fs_evict_inode
     - f2fs: fix to avoid out-of-boundary access in devs.path
     - f2fs: vm_unmap_ram() may be called from an invalid context
     - f2fs: fix to update upper_p in __get_secs_required() correctly
     - f2fs: fix to calculate dirty data during has_not_enough_free_secs()
     - vfio/pci: Separate SR-IOV VF dev_set
     - scsi: mpt3sas: Fix a fw_event memory leak
     - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
     - scsi: ufs: core: Use link recovery when h8 exit fails during runtime
       resume
     - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
     - PCI: pnv_php: Clean up allocated IRQs on unplug
     - PCI: pnv_php: Work around switches with broken presence detection
     - [powerpc*] eeh: Export eeh_unfreeze_pe()
     - [powerpc*] eeh: Rely on dev->link_active_reporting
     - [powerpc*] eeh: Make EEH driver device hotplug safe
     - PCI: pnv_php: Fix surprise plug detection and recovery
     - pNFS/flexfiles: don't attempt pnfs on fatal DS errors
     - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up()
     - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate()
     - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
     - NFSv4.2: another fix for listxattr
     - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
     - netpoll: prevent hanging NAPI when netcons gets enabled
     - phy: mscc: Fix parsing of unicast frames
     - pptp: ensure minimal skb length in pptp_xmit()
     - net/mlx5: Correctly set gso_segs when LRO is used
     - ipv6: reject malicious packets in ipv6_gso_segment()
     - net: drop UFO packets in udp_rcv_segment()
     - benet: fix BUG when creating VFs
     - irqchip: Build IMX_MU_MSI only on ARM
     - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
     - smb: server: remove separate empty_recvmsg_queue
     - smb: server: make sure we call ib_dma_unmap_single() only if we called
       ib_dma_map_single already
     - smb: server: let recv_done() consistently call
       put_recvmsg/smb_direct_disconnect_rdma_connection
     - smb: server: let recv_done() avoid touching data_transfer after
       cleanup/move
     - smb: client: let recv_done() cleanup before notifying the callers.
     - pptp: fix pptp_xmit() error path
     - perf/core: Don't leak AUX buffer refcount on allocation failure
     - perf/core: Exit early on perf_mmap() fail
     - perf/core: Prevent VMA split of buffer mappings
     - net/packet: fix a race in packet_set_ring() and packet_notifier()
     - vsock: Do not allow binding to VMADDR_PORT_ANY
     - ksmbd: fix null pointer dereference error in generate_encryptionkey
     - ksmbd: fix Preauh_HashValue race condition
     - ksmbd: fix corrupted mtime and ctime in smb2_open
     - ksmbd: limit repeated connections from clients with the same IP
       (CVE-2025-38501)
     - smb: server: Fix extension string in ksmbd_extract_shortname()
     - USB: serial: option: add Foxconn T99W709
     - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
     - net: usbnet: Fix the wrong netif_carrier_on() call
     - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331)
     - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
     - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
     - [x86] fpu: Delay instruction pointer fixup until after warning
     - [mips*] mm: tlb-r4k: Uniquify TLB entries on init
     - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
     - usb: gadget : fix use-after-free in composite_dev_cleanup()
 .
   [ Bastian Blank ]
   * Drop not needed extra step to add debug links
   * Sign modules using an ephemeral key: (closes: #1040901)
     - Set MODULE_SIG_ALL to sign all modules.
     - Not longer request Secure Boot signing for modules.
     - Don't trust Secure Boot key any longer.
   * Store build time signing key encrypted.
   * Sign modules and support lockdown always.
 .
   [ Ben Hutchings ]
   * d/b/buildcheck.py, d/rules.real: Run buildcheck.py in setup as well
   * d/b/buildcheck.py: Check config of kernel to be signed
   * d/rules: Include target suite as an input to gencontrol.py
   * Generate kernel ABI name suffix automatically if not configured
   * Delete ABI name suffix and ABI reference
   * d/salsa-ci.yml: Ignore pycodestyle error E241
   * d/rules.real: Move module installation to the image build rule
   * proc: fix missing pde_set_flags() for net proc files
 .
   [ Salvatore Bonaccorso ]
   * [amd64] udeb: kernel-image: Include SPI drivers
   * netlink: avoid infinite retry looping in netlink_unicast()
     (Closes: #1111017)
   * ext4: don't try to clear the orphan_present feature block device is r/o
     (Closes: #1108271)
linux-signed-amd64 (6.1.147+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.147-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.141
     - [arm64,armhf] gpio: pca953x: Add missing header(s)
     - [arm64,armhf] gpio: pca953x: Split pca953x_restore_context() and
       pca953x_save_context()
     - [arm64,armhf] gpio: pca953x: Simplify code with cleanup helpers
     - [arm64,armhf] gpio: pca953x: fix IRQ storm on system wake up
     - [arm64] phy: renesas: rcar-gen3-usb2: Add support to initialize the bus
     - [arm64] phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
     - [arm64] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and
       driver data
     - [arm64] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
     - scsi: target: iscsi: Fix timeout on deleted connection
     - virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - scsi: mpi3mr: Add level check to control event logging
     - [arm64] net: enetc: refactor bulk flipping of RX buffers to separate
       function
     - drm/amdgpu: Allow P2P access through XGMI
     - bpf: fix possible endless loop in BPF map iteration
     - kconfig: merge_config: use an empty file as initfile
     - [s390x] vfio-ap: Fix no AP queue sharing allowed message written to kernel
       log
     - cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES
     - cifs: Fix querying and creating MF symlinks over SMB1
     - cifs: Fix negotiate retry functionality
     - fuse: Return EPERM rather than ENOSYS from link()
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - NFS: Don't allow waiting for exiting tasks
     - SUNRPC: Don't allow waiting for exiting tasks
     - [arm64] Add support for HIP09 Spectre-BHB mitigation
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - cifs: Fix establishing NetBIOS session for SMB2+ connection
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - [arm64] thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - objtool: Properly disable uaccess validation
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - [amd64] PCI: vmd: Disable MSI remapping bypass under Xen
     - libnvdimm/labels: Fix divide error in nd_label_data_init()
     - mmc: host: Wait for Vdd to settle on card power off
     - [x86] mm: Check return value from memblock_phys_alloc_range()
     - [arm64] i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: run btrfs_error_commit_super() early
     - btrfs: fix non-empty delayed iputs list on unmount due to async workers
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
     - drm/amd/display: Guard against setting dispclk low for dcn31x
     - dlm: make tcp still work in multi-link env
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - bpf: Return prog btf_id without capable check
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - [x86] thunderbolt: Do not add non-active NVM if NVM upgrade is disabled
       for retimer
     - kbuild: fix argument parsing in scripts/config
     - dm: restrict dm device size to 2^63-512 bytes
     - net/smc: use the correct ndev to find pnetid by pnetid table
     - xen: Add support for XenServer 6.1 platform device
     - [arm64,armhf] pinctrl-tegra: Restore SFSEL bit when freeing pins
     - [armhf] ASoC: sun4i-codec: support hp-det-gpios property
     - ext4: reject the 'data_err=abort' option in nojournal mode
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - [arm64] mm: Check PUD_TYPE_TABLE in pud_bad()
     - [armhf] mmc: dw_mmc: add exynos7870 DW MMC support
     - mmc: sdhci: Disable SD card clock before changing parameters
     - [x86] hwmon: (dell-smm) Increment the number of fans
     - ipv6: save dontfrag in cork
     - drm/amd/display: calculate the remain segments for all pipes
     - gfs2: Check for empty queue in run_queue
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - [amd64] iommu/amd/pgtbl_v2: Improve error handling
     - crypto: lzo - Fix compression buffer overrun
     - [arm64] tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - [powerpc*] prom_init: Fixup missing #size-cells on PowerBook6,7
     - ALSA: seq: Improve data consistency at polling
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - dm cache: prevent BUG_ON by blocking retries on failed device resumes
     - orangefs: Do not truncate file size
     - net: phylink: use pl->link_interface in phylink_expects_phy()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - media: cx231xx: set device_caps for 417
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - [armhf] net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type
     - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - drm/rockchip: vop2: Add uv swap for cluster window
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - [arm64] clk: imx8mp: inform CCF of maximum frequency of clocks
     - [x86] bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - [arm*] hwmon: (gpio-fan) Add missing mutex locks
     - [arm64] PCI: brcmstb: Expand inbound window size up to 64GB
     - [arm64] PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - drm/amdkfd: KFD release_work possible circular locking
     - leds: pwm-multicolor: Add check for fwnode_property_read_u32
     - net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - [arm64] soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - [x86] build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - [x86] nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid discarding useful information
     - libbpf: Fix out-of-bound read
     - dm: fix unconditional IO throttle caused by REQ_PREFLUSH
     - [x86] kaslr: Reduce KASLR entropy on most x86 systems
     - [mips*] Use arch specific syscall name match function
     - genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of
       iommu_cookie
     - [mips*] pm-cps: Use per-CPU variables as per-CPU, not per-core
     - [mips*] clocksource: mips-gic-timer: Enable counter when CPUs start
     - scsi: mpt3sas: Send a diag reset if target reset fails
     - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
     - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
     - net: pktgen: fix access outside of user given buffer in
       pktgen_thread_write()
     - [x86] EDAC/ie31200: work around false positive build warning
     - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
     - RDMA/core: Fix best page size finding when it can cross SG entries
     - [arm64,armhf] pmdomain: imx: gpcv2: use proper helper for property
       detection
     - can: c_can: Use of_property_present() to test existence of DT property
     - eth: mlx4: don't try to complete XDP frames in netpoll
     - PCI: Fix old_size lower bound in calculate_iosize() too
     - ACPI: HED: Always initialize before evged
     - vxlan: Join / leave MC group after remote changes
     - media: test-drivers: vivid: don't call schedule in loop
     - net/mlx5: Modify LSB bitmask in temperature event to include only the
       first bit
     - net/mlx5: Apply rate-limiting to high temperature warning
     - ASoC: ops: Enforce platform maximum on initial value
     - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
     - pinctrl: devicetree: do not goto err when probing hogs in
       pinctrl_dt_to_map
     - kunit: tool: Use qboot on QEMU x86_64
     - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
     - [arm64] clk: qcom: clk-alpha-pll: Do not use random stack value for recalc
       rate
     - serial: sh-sci: Update the suspend/resume support
     - phy: core: don't require set_mode() callback for phy_get_mode() to work
     - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
     - drm/amd/display: Initial psr_version with correct setting
     - drm/amdgpu: enlarge the VBIOS binary size limit
     - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer()
     - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
     - net/mlx5e: set the tx_queue_len for pfifo_fast
     - net/mlx5e: reduce rep rxq depth to 256 for ECPF
     - wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
     - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
     - [powerpc*] arch/powerpc/perf: Check the instruction type before creating
       sample with perf_mem_data_src
     - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
     - r8152: add vendor/device ID pair for Dell Alienware AW1022z
     - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
     - [arm64] hwmon: (xgene-hwmon) use appropriate type for the latency value
     - vxlan: Annotate FDB data races
     - r8169: don't scan PHY addresses > 0
     - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
     - rcu: handle unstable rdp in rcu_read_unlock_strict()
     - rcu: fix header guard for rcu_all_qs()
     - perf: Avoid the read if the count is already updated
     - ice: count combined queues using Rx/Tx count
     - net/mana: fix warning in the writer of client oob
     - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
     - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector()
       fails
     - scsi: st: Restore some drive settings after reset
     - HID: usbkbd: Fix the bit shift number for LED_KANA
     - drm/ast: Find VBIOS mode from regular display size
     - bpftool: Fix readlink usage in get_fd_type
     - [x86] perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
     - wifi: rtl8xxxu: retry firmware download on error
     - wifi: rtw88: Don't use static local variable in
       rtw8822b_set_tx_power_index_by_rate
     - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet
     - wifi: ath9k: return by of_get_mac_address
     - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
     - drm/panel-edp: Add Starry 116KHD024006
     - drm: Add valid clones check
     - [arm64,armhf] pinctrl: meson: define the pull up/down resistor value as 60
       kOhm
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
     - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
     - nvmet-tcp: don't restore null sk_state_change
     - io_uring/fdinfo: annotate racy sq/cq head/tail reads
     - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
     - wifi: iwlwifi: add support for Killer on MTL
     - xenbus: Allow PVH dom0 a non-local xenstore
     - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
     - espintcp: remove encap socket caching to avoid reference leak
     - [amd64] dmaengine: idxd: add per DSA wq workqueue for processing cr faults
     - [amd64] dmaengine: idxd: add idxd_copy_cr() to copy user completion record
       during page fault handling
     - [amd64] dmaengine: idxd: Fix allowing write() from different address
       spaces
     - remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
     - xfrm: Sanitize marks before insert
     - [amd64] dmaengine: idxd: Fix ->poll() return value
     - Bluetooth: L2CAP: Fix not checking l2cap_chan security level
     - bridge: netfilter: Fix forwarding of fragmented packets
     - ice: fix vf->num_mac count with port representors
     - [arm64,armhf] net: dwmac-sun8i: Use parsed internal PHY address instead of
       1
     - net: lan743x: Restore SGMII CTRL register on resume
     - io_uring: fix overflow resched cqe reordering
     - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
       (CVE-2025-38000)
     - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
     - crypto: algif_hash - fix double free in hash_accept
     - padata: do not leak refcount in reorder_work
     - can: slcan: allow reception of short error messages
     - can: bcm: add locking for bcm_op runtime updates
     - can: bcm: add missing rcu read protection for procfs content
     - ALSA: pcm: Fix race of buffer access at PCM OSS layer
     - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
     - llc: fix data loss when reading from a socket in llc_ui_recvmsg()
     - [x86] platform/x86: dell-wmi-sysman: Avoid buffer overflow in
       current_password_store()
     - drm/edid: fixed the bug that hdr metadata was not reset
     - smb: client: Fix use-after-free in cifs_fill_dirent
     - smb: client: Reset all search buffer pointers when releasing buffer
     - Revert "drm/amd: Keep display off while going into S4" (Closes: #1107511)
     - memcg: always call cond_resched() after fn()
     - mm/page_alloc.c: avoid infinite retries caused by cpuset race
     - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
     - ksmbd: fix stream write failure
     - [arm64] spi: spi-fsl-dspi: restrict register range for regmap access
     - [arm64] spi: spi-fsl-dspi: Halt the module after a new message transfer
     - [arm64] spi: spi-fsl-dspi: Reset SR flags before sending a new message
     - kbuild: Disable -Wdefault-const-init-unsafe
     - serial: sh-sci: Save and restore more registers
     - [arm64,armhf] pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
     - [x86] mm/init: Handle the special case of device private pages in
       add_pages(), to not increase max_pfn and trigger dma_addressing_limited()
       bounce buffers bounce buffers
     - [amd64] dmaengine: idxd: Fix passing freed memory in idxd_cdev_open()
     - hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
       (CVE-2025-21816)
     - btrfs: check folio mapping after unlock in relocate_one_folio()
       (CVE-2024-56758)
     - af_unix: Kconfig: make CONFIG_UNIX bool
     - af_unix: Return struct unix_sock from unix_get_socket().
     - af_unix: Run GC on only one CPU.
     - af_unix: Try to run GC async.
     - af_unix: Replace BUG_ON() with WARN_ON_ONCE().
     - af_unix: Remove io_uring code for GC.
     - af_unix: Remove CONFIG_UNIX_SCM.
     - af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd.
     - af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd.
     - af_unix: Link struct unix_edge when queuing skb.
     - af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb.
     - af_unix: Iterate all vertices by DFS.
     - af_unix: Detect Strongly Connected Components.
     - af_unix: Save listener for embryo socket.
     - af_unix: Fix up unix_edge.successor for embryo socket.
     - af_unix: Save O(n) setup of Tarjan's algo.
     - af_unix: Skip GC if no cycle exists.
     - af_unix: Avoid Tarjan's algorithm if unnecessary.
     - af_unix: Assign a unique index to SCC.
     - af_unix: Detect dead SCC.
     - af_unix: Replace garbage collection algorithm.
     - af_unix: Remove lock dance in unix_peek_fds().
     - af_unix: Try not to hold unix_gc_lock during accept().
     - af_unix: Don't access successor in unix_del_edges() during GC.
     - af_unix: Add dead flag to struct scm_fp_list.
     - af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS
     - af_unix: Fix uninit-value in __unix_walk_scc()
     - [arm64] dts: qcom: sm8350: Fix typo in pil_camera_mem node
     - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
     - [arm64] perf/arm-cmn: Fix REQ2/SNP2 mixup
     - [arm64] perf/arm-cmn: Initialise cmn->cpu earlier
     - coredump: fix error handling for replace_fd()
     - pid: add pidfd_prepare()
     - fork: use pidfd_prepare()
     - coredump: hand a pidfd to the usermode coredump helper
     - HID: quirks: Add ADATA XPG alpha wireless mouse support
     - nfs: don't share pNFS DS connections between net namespaces
     - [x86] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
     - [armhf] spi: spi-sun4i: fix early activation
     - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
     - NFS: Avoid flushing data while holding directory locks in nfs_rename()
     - [x86] platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
     - [x86] platform/x86: thinkpad_acpi: Ignore battery threshold change event
       notification
     - [arm64] net: ethernet: ti: am65-cpsw: Lower random mac address error print
       to info
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.142
     - mm/uffd: fix vma operation where start addr cuts part of vma
     - tracing: Fix compilation warning on arm32
     - [arm64] pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs >
       31
     - [arm64] pinctrl: armada-37xx: set GPIO output value before setting
       direction
     - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
     - rtc: Make rtc_time64_to_tm() support dates before 1970
     - rtc: Fix offset calculation for .start_secs < 0
     - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
     - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
     - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
     - Bluetooth: hci_qca: move the SoC type check to the right place
     - usb: usbtmc: Fix timeout value in get_stb
     - [x86] thunderbolt: Do not double dequeue a configuration request
     - gfs2: gfs2_create_inode error handling fix
     - perf/core: Fix broken throttling when max_samples_per_tick=1
     - [arm64] crypto: sun8i-ce-cipher - fix error handling in
       sun8i_ce_cipher_prepare()
     - [powerpc*] crash: Fix non-smp kexec preparation
     - [x86] cpu: Sanitize CPUID(0x80000000) output
     - [arm*] crypto: marvell/cesa - Handle zero-length skcipher requests
     - [arm*] crypto: marvell/cesa - Avoid empty transfer descriptor
     - crypto: lrw - Only add ecb if it is not already there
     - crypto: xts - Only add ecb if it is not already there
     - [amd64] EDAC/skx_common: Fix general protection fault
     - power: reset: at91-reset: Optimize at91_reset()
     - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
     - [x86] mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
     - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
     - drm/vmwgfx: Add seqno waiter for sync_files
     - drm/amd/pp: Fix potential NULL pointer dereference in
       atomctrl_initialize_mc_reg_table
     - [arm64] media: rkvdec: Fix frame size enumeration
     - [arm64] fpsimd: Discard stale CPU state when handling SME traps
     - [arm64] fpsimd: Fix merging of FPSIMD state during signal return
     - watchdog: exar: Shorten identity name to fit correctly
     - firmware: psci: Fix refcount leak in psci_dt_init
     - [arm64] Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
     - [arm64,armhf] drm/tegra: rgb: Fix the unbound reference count
     - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
     - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
     - wifi: ath11k: fix node corruption in ar->arvifs list
     - IB/cm: use rwlock for MAD agent lock
     - bpf: fix ktls panic with sockmap
     - bpf, sockmap: fix duplicated data transmission
     - bpf, sockmap: Fix panic when calling skb_linearize
     - f2fs: fix to do sanity check on sbi->total_valid_block_count
     - net: ncsi: Fix GCPS 64-bit member variables
     - libbpf: Fix buffer overflow in bpf_object__init_prog
     - wifi: rtw88: do not ignore hardware read error during DPK
     - [arm64] RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
     - [arm64] scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
     - iommu: Protect against overflow in iommu_pgsize()
     - f2fs: clean up w/ fscrypt_is_bounce_page()
     - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
     - libbpf: Use proper errno value in linker
     - netfilter: bridge: Move specific fragmented packet to slow_path instead of
       dropping it
     - netfilter: nft_quota: match correctly when the quota just depleted
     - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
     - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
     - [arm64,armhf] clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
     - efi/libstub: Describe missing 'out' parameter in efi_load_initrd
     - tracing: Rename event_trigger_alloc() to trigger_data_alloc()
     - tracing: Fix error handling in event_trigger_parse()
     - libbpf: Use proper errno value in nlattr
     - bpf: Fix WARN() in get_bpf_raw_tp_regs
     - [s390x] bpf: Store backchain even for leaf progs
     - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
     - iommu: remove duplicate selection of DMAR_TABLE
     - wifi: ath9k_htc: Abort software beacon handling if disabled
     - kernfs: Relax constraint in draining guard
     - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
     - vfio/type1: Fix error unwind in migration dirty bitmap allocation
     - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
     - bpf, sockmap: Avoid using sk_socket after free when sending
     - netfilter: nft_tunnel: fix geneve_opt dump
     - net: usb: aqc111: fix error handling of usbnet read calls
     - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
     - bpf: Avoid __bpf_prog_ret0_warn when jit fails
     - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - calipso: Don't call calipso functions for AF_INET sk.
     - net: openvswitch: Fix the dead loop of MPLS parse
     - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
     - f2fs: use d_inode(dentry) cleanup dentry->d_inode
     - f2fs: fix to correct check conditions in f2fs_cross_rename
     - [arm64] dts: qcom: sm8250: Fix CPU7 opp table
     - [arm64] dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
     - [arm64] dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
     - [arm64] dts: imx8mm-beacon: Fix RTC capacitive load
     - [arm64] dts: imx8mn-beacon: Fix RTC capacitive load
     - [arm64] dts: mt6359: Add missing 'compatible' property to regulators node
     - [arm64] dts: qcom: sdm660-lavender: Add missing USB phy supply
     - [arm64] dts: qcom: sda660-ifc6560: Fix dt-validate warning
     - Squashfs: check return result of sb_min_blocksize
     - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
     - nilfs2: add pointer check for nilfs_direct_propagate()
     - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
     - bus: fsl-mc: fix double-free on mc_dev
     - dt-bindings: vendor-prefixes: Add Liontron name
     - [arm64] dts: rockchip: disable unrouted USB controllers and PHY on RK3399
       Puma with Haikou
     - [armhf] soc: aspeed: lpc: Fix impossible judgment condition
     - [armhf] soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
     - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - perf build: Warn when libdebuginfod devel files are not available
     - perf ui browser hists: Set actions->thread before calling do_zoom_thread()
     - dm: don't change md if dm_table_set_restrictions() fails
     - dm: free table mempools if not used in __bind
     - backlight: pm8941: Add NULL check in wled_configure()
     - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
     - hwmon: (asus-ec-sensors) check sensor index in read_string()
     - perf intel-pt: Fix PEBS-via-PT data_src
     - perf scripts python: exported-sql-viewer.py: Fix pattern matching with
       Python 3
     - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
     - remoteproc: k3-r5: Drop check performed in
       k3_r5_rproc_{mbox_callback/kick}
     - perf tests switch-tracking: Fix timestamp comparison
     - perf record: Fix incorrect --user-regs comments
     - nfs: clear SB_RDONLY before getting superblock
     - nfs: ignore SB_RDONLY when remounting nfs
     - [arm64] PCI: cadence: Fix runtime atomic count underflow
     - [arm64] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
     - [arm64] dmaengine: ti: Add NULL check in udma_probe()
     - PCI/DPC: Initialize aer_err_info before using it
     - usb: renesas_usbhs: Reorder clock handling and power management in probe
     - serial: Fix potential null-ptr-deref in mlb_usio_probe()
     - counter: interrupt-cnt: Protect enable/disable OPs with mutex
     - coresight: prevent deactivate active config while enabling the config
     - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
     - net: stmmac: platform: guarantee uniqueness of bus_id
     - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
     - net: tipc: fix refcount warning in tipc_aead_encrypt
     - net/mlx4_en: Prevent potential integer overflow calculating Hz
     - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
     - ice: create new Tx scheduler nodes for new queues only
     - ice: fix rebuilding the Tx scheduler tree for large queue counts
     - [armhf] net: dsa: tag_brcm: legacy: fix pskb_may_pull length
     - net: stmmac: make sure that ptp_rate is not 0 before configuring
       timestamping
     - net: fix udp gso skb_segment after pull from frag_list
     - vmxnet3: correctly report gso type for UDP tunnels
     - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
     - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
     - netfilter: nf_set_pipapo_avx2: fix initial map fill
     - wireguard: device: enable threaded NAPI
     - seg6: Fix validation of nexthop addresses
     - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
     - do_change_type(): refuse to operate on unmounted/not ours mounts
     - xfs: fix interval filtering in multi-step fsmap queries
     - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends
     - xfs: fix getfsmap reporting past the last rt extent
     - xfs: clean up the rtbitmap fsmap backend
     - xfs: fix logdev fsmap query result filtering
     - xfs: validate fsmap offsets specified in the query keys
     - xfs: fix xfs_btree_query_range callers to initialize btree rec fully
     - xfs: fix an agbno overflow in __xfs_getfsmap_datadev
     - xfs: fix the contact address for the sysfs ABI documentation
     - xfs: verify buffer, inode, and dquot items every tx commit
     - xfs: use consistent uid/gid when grabbing dquots for inodes
     - xfs: declare xfs_file.c symbols in xfs_file.h
     - xfs: create a new helper to return a file's allocation unit
     - xfs: Fix xfs_flush_unmap_range() range for RT
     - xfs: Fix xfs_prepare_shift() range for RT
     - xfs: don't walk off the end of a directory data block (CVE-2024-41013)
     - xfs: remove unused parameter in macro XFS_DQUOT_LOGRES
     - xfs: attr forks require attr, not attr2
     - xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set
     - xfs: Fix the owner setting issue for rmap query in xfs fsmap
     - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
     - xfs: take m_growlock when running growfsrt
     - xfs: reset rootdir extent size hint after growfsrt
     - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
     - Input: synaptics-rmi - fix crash with unsupported versions of F34
     - [arm64] serial: sh-sci: Check if TX data was written to device in
       .tx_empty()
     - [arm64] serial: sh-sci: Move runtime PM enable to sci_probe_single()
     - [arm64] serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - scsi: core: ufs: Fix a hang in the error handler
     - Bluetooth: hci_core: fix list_for_each_entry_rcu usage
     - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
     - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
     - ath10k: snoc: fix unbalanced IRQ enable in crash recovery
     - wifi: ath11k: remove unused function ath11k_tm_event_wmi()
     - wifi: ath11k: fix soc_dp_stats debugfs file permission
     - wifi: ath11k: convert timeouts to secs_to_jiffies()
     - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
     - wifi: ath11k: don't use static variables in
       ath11k_debugfs_fw_stats_process()
     - wifi: ath11k: don't wait when there is no vdev started
     - wifi: ath11k: validate ath11k_crypto_mode on top of
       ath11k_core_qmi_firmware_ready
     - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
     - pinctrl: qcom: pinctrl-qcm2290: Add missing pins
     - scsi: iscsi: Fix incorrect error path labels for flashnode operations
     - net_sched: sch_sfq: fix a potential crash on gso_skb handling
     - [powerpc*] powernv/memtrace: Fix out of bounds issue in memtrace mmap
       (CVE-2025-38088)
     - [powerpc*] vas: Return -EINVAL if the offset is non-zero in mmap()
     - [arm64] drm/meson: use unsigned long long / Hz for frequency types
     - [arm64] drm/meson: fix debug log statement when setting the HDMI clocks
     - [arm64] drm/meson: use vclk_freq instead of pixel_freq in debug print
     - [arm64] drm/meson: fix more rounding issues with 59.94Hz modes
     - i40e: return false from i40e_reset_vf if reset is in progress
     - i40e: retry VFLR handling if there is ongoing VF reset
     - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
     - net: Fix TOCTOU issue in sk_is_readable()
     - macsec: MACsec SCI assignment for ES = 0
     - net: mdio: C22 is now optional, EOPNOTSUPP if not provided
     - net/mdiobus: Fix potential out-of-bounds read/write access
     - Bluetooth: Fix NULL pointer deference on eir_get_service_data
     - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
     - Bluetooth: MGMT: Fix sparse errors
     - net/mlx5: Ensure fw pages are always allocated on same NUMA
     - net/mlx5: Fix return value when searching for existing flow group
     - net/mlx5e: Fix leak of Geneve TLV option object
     - net_sched: prio: fix a race in prio_tune() (CVE-2025-38083)
     - net_sched: red: fix a race in __red_change()
     - net_sched: tbf: fix a race in tbf_change()
     - net_sched: ets: fix a race in ets_qdisc_change()
     - fs/filesystems: Fix potential unsigned integer underflow in fs_name()
     - nvmet-fcloop: access fcpreq only when holding reqlock
     - perf: Ensure bpf_perf_link path is properly serialized
     - bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
     - tools/resolve_btfids: Fix build when cross compiling kernel with clang.
     - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
     - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
     - Revert "io_uring: ensure deferred completions are posted for multishot"
     - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
       posix_cpu_timer_del()
     - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
     - kbuild: Add KBUILD_CPPFLAGS to as-option invocation
     - usb: usbtmc: Fix read_stb function and get_stb ioctl
     - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
     - usb: Flush altsetting 0 endpoints before reinitializating them after
       reset.
     - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
     - [arm64] xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
     - [x86] iopl: Cure TIF_IO_BITMAP inconsistencies
     - calipso: unlock rcu before returning -EAFNOSUPPORT
     - net: usb: aqc111: debug info before sanitation
     - [arm64] drm/meson: Use 1000ULL when operating with mode->clock
     - configfs: Do not override creating attribute file failure in
       populate_attrs()
     - crypto: marvell/cesa - Do not chain submitted requests
     - gfs2: move msleep to sleepable context
     - [arm64,armhf] ASoC: meson: meson-card-utils: use of_property_present() for
       DT parsing
     - io_uring: account drain memory to cgroup
     - [powerpc*] pseries/msi: Avoid reading PCI device registers in reduced
       power states
     - regulator: max20086: Fix MAX200086 chip id
     - regulator: max20086: Change enable gpio to optional
     - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
     - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
     - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
     - wifi: ath11k: fix rx completion meta data corruption
     - wifi: ath11k: fix ring-buffer corruption
     - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
     - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
     - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
     - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
     - media: cxusb: no longer judge rbuf when the write fails
     - media: gspca: Add error handling for stv06xx_read_sensor()
     - media: omap3isp: use sgtable-based scatterlist wrappers
     - media: v4l2-dev: fix error handling in __video_register_device()
     - media: videobuf2: use sgtable-based scatterlist wrappers
     - media: vidtv: Terminating the subsequent process of initialization failure
     - media: vivid: Change the siize of the composing
     - media: uvcvideo: Return the number of processed controls
     - media: uvcvideo: Send control events for partial succeeds
     - media: uvcvideo: Fix deferred probing error
     - [armel,armhf] 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
     - bus: mhi: host: Fix conflict between power_up and SYSERR
     - can: tcan4x5x: fix power regulator retrieval during probe
     - ceph: set superblock s_magic for IMA fsmagic matching
     - cgroup,freezer: fix incomplete freezing when attaching tasks
     - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
     - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
     - bus: fsl-mc: fix GET/SET_TAILDROP command ids
     - ext4: inline: fix len overflow in ext4_prepare_inline_data
     - ext4: fix calculation of credits for extent tree modification
     - ext4: factor out ext4_get_maxbytes()
     - ext4: ensure i_size is smaller than maxbytes
     - Input: ims-pcu - check record size in ims_pcu_flash_firmware()
     - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
     - f2fs: prevent kernel warning due to negative i_nlink from corrupted image
     - f2fs: fix to do sanity check on sit_bitmap_size
     - NFC: nci: uart: Set tty->disc_data only in success path
     - net: ftgmac100: select FIXED_PHY
     - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
     - vgacon: Add check for vc_origin address range in vgacon_scroll()
     - [arm64] clk: meson-g12a: add missing fclk_div2 to spicc
     - ipc: fix to protect IPCS lookups using RCU
     - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
     - mm: fix ratelimit_pages update error in dirty_ratio_handler()
     - [armhf] mtd: rawnand: sunxi: Add randomizer configuration in
       sunxi_nfc_hw_ecc_write_chunk
     - [armhf] mtd: nand: sunxi: Add randomizer configuration before randomizer
       enable
     - [x86] KVM: SVM: Clear current_vmcb during vCPU free for all *possible*
       CPUs
     - dm-mirror: fix a tiny race condition
     - ftrace: Fix UAF when lookup kallsym after ftrace disabled
     - net: ch9200: fix uninitialised access during mii_nway_restart
       (CVE-2025-38086)
     - [s390x] KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
     - staging: iio: ad5933: Correct settling cycles encoding per datasheet
     - regulator: max14577: Add error check for max14577_read_reg()
     - remoteproc: core: Cleanup acquired resources when rproc_handle_resources()
       fails in rproc_attach()
     - remoteproc: core: Release rproc->clean_table after rproc_attach() fails
     - cifs: reset connections for all channels when reconnect requested
     - uio_hv_generic: Use correct size for interrupt and monitor pages
     - PCI: cadence-ep: Correct PBA offset in .set_msix() callback
     - PCI: Add ACS quirk for Loongson PCIe
     - PCI: Fix lock symmetry in pci_slot_unlock()
     - PCI: dw-rockchip: Fix PHY function call sequence in
       rockchip_pcie_phy_deinit()
     - iio: accel: fxls8962af: Fix temperature scan element sign
     - iio: imu: inv_icm42600: Fix temperature calculation
     - iio: adc: ad7606_spi: fix reg write value mask
     - ACPICA: fix acpi operand cache leak in dswstate.c
     - [x86] ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
     - clocksource: Fix the CPUs' choice in the watchdog per CPU verification
     - mmc: Add quirk to disable DDR50 tuning
     - ACPICA: Avoid sequence overread in call to strncmp()
     - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
     - ACPI: bus: Bail out if acpi_kobj registration fails
     - ACPICA: fix acpi parse and parseext cache leaks
     - power: supply: bq27xxx: Retrieve again when busy
     - ACPICA: utilities: Fix overflow check in vsnprintf()
     - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
     - ACPI: battery: negate current when discharging
     - net: macb: Check return value of dma_set_mask_and_coherent()
     - net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
     - tipc: use kfree_sensitive() for aead cleanup
     - bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
     - i2c: designware: Invoke runtime suspend on quick slave re-registration
     - emulex/benet: correct command version selection in be_cmd_get_stats()
     - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
     - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
     - sctp: Do not wake readers in __sctp_write_space()
     - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
     - i2c: tegra: check msg length in SMBUS block read
     - i2c: npcm: Add clock toggle recovery
     - net: dlink: add synchronization for stats update
     - wifi: ath11k: Fix QMI memory reuse logic
     - tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
     - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
     - [x86] sgx: Prevent attempts to reclaim poisoned pages
     - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
     - net: atlantic: generate software timestamp just before the doorbell
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_set_by_name()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_gpio_get_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_gpio_set_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
     - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
     - net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
     - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
     - wifi: mac80211: do not offer a mesh path if forwarding is disabled
     - clk: rockchip: rk3036: mark ddrphy as critical
     - libbpf: Add identical pointer detection to btf_dedup_is_equiv()
     - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
     - [amd64] iommu/amd: Ensure GA log notifier callbacks finish running before
       module unload
     - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
     - net: bridge: mcast: update multicast contex when vlan state is changed
     - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
       functions
     - vxlan: Do not treat dst cache initialization errors as fatal
     - software node: Correct a OOB check in software_node_get_reference_args()
     - pinctrl: mcp23s08: Reset all pins to input at probe
     - scsi: lpfc: Use memcpy() for BIOS version
     - sock: Correct error checking condition for (assign|release)_proto_idx()
     - i40e: fix MMIO write access to an invalid page in i40e_clear_hw
     - ice: fix check for existing switch rule
     - bpf, sockmap: Fix data lost during EAGAIN retries
     - net: ethernet: cortina: Use TOE/TSO on all TCP
     - fbcon: Make sure modelist not set on unregistered console
     - watchdog: da9052_wdt: respect TWDMIN
     - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
     - [armhf] OMAP2+: Fix l4ls clk domain handling in STANDBY
     - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
       first"
     - [x86] platform/x86: dell_rbu: Fix list usage
     - [x86] platform/x86: dell_rbu: Stop overwriting data buffer
     - [powerpc*] eeh: Fix missing PE bridge reconfiguration during VFIO EEH
       recovery
     - Revert "x86/bugs: Make spectre user default depend on
       MITIGATION_SPECTRE_V2" on v6.6 and older
     - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (CVE-2025-38090)
     - jffs2: check that raw node were preallocated before writing summary
     - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
     - smb: improve directory cache reuse for readdir operations
     - scsi: storvsc: Increase the timeouts to storvsc_timeout
     - scsi: s390: zfcp: Ensure synchronous unit_add
     - net_sched: sch_sfq: reject invalid perturb period
     - udmabuf: use sgtable-based scatterlist wrappers
     - ksmbd: fix null pointer dereference in destroy_previous_session
     - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
     - atm: Revert atm_account_tx() if copy_from_iter_full() fails.
     - Input: sparcspkr - avoid unannotated fall-through
     - wifi: cfg80211: init wiphy_work before allocating rfkill fails
       (CVE-2025-22119)
     - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
       card
     - ALSA: hda/intel: Add Thinkpad E15 to PM deny list
     - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
     - mm/hugetlb: unshare page tables during VMA split, not before
       (CVE-2025-38084)
     - mm: hugetlb: independent PMD page table shared count (CVE-2024-57883)
     - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
     - mm/huge_memory: fix dereferencing invalid pmd migration entry
       (CVE-2025-37958)
     - net: Fix checksum update for ILA adj-transport
     - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
     - erofs: remove unused trace event erofs_destroy_inode
     - [arm64] drm/msm/disp: Correct porch timing for SDM845
     - [arm64] drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
     - ionic: Prevent driver/fw getting out of sync on devcmd(s)
     - drm/nouveau/bl: increase buffer size to avoid truncate warning
     - hwmon: (occ) Rework attribute registration for stack usage
     - hwmon: (occ) fix unaligned accesses
     - pldmfw: Select CRC32 when PLDMFW is selected
     - aoe: clean device rq_list in aoedev_downdev()
     - net: ice: Perform accurate aRFS flow match
     - ptp: fix breakage after ptp_vclock_in_use() rework
     - ptp: allow reading of currently dialed frequency to succeed on
       free-running clocks
     - wifi: carl9170: do not ping device which has failed to load firmware
     - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
     - atm: atmtcp: Free invalid length skb in atmtcp_c_send().
     - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
       behavior
     - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
     - tcp: fix passive TFO socket having invalid NAPI ID
     - net: microchip: lan743x: Reduce PTP timeout on HW failure
     - net: lan743x: fix potential out-of-bounds write in
       lan743x_ptp_io_event_clock_get()
     - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
     - net: atm: add lec_mutex
     - net: atm: fix /proc/net/atm/lec handling
     - dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
     - [x86] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
     - [arm64] dts: ti: k3-j721e-sk: Add DT nodes for power regulators
     - serial: sh-sci: Increment the runtime usage counter for the earlycon
       device
     - Revert "cpufreq: tegra186: Share policy per cluster"
     - smb: client: fix first command failure during re-negotiation
     - [s390x] pci: Fix __pcilg_mio_inuser() inline assembly
     - perf: Fix sample vs do_exit()
     - [arm64] ptrace: Fix stack-out-of-bounds read in
       regs_get_kernel_stack_nth()
     - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.143
     - cifs: Correctly set SMB1 SessionKey field in Session Setup Request
     - cifs: Fix cifs_query_path_info() for Windows NT servers
     - NFSv4: Always set NLINK even if the server doesn't support it
     - NFSv4.2: fix listxattr to return selinux security label
     - [arm*] mailbox: Not protect module_put with spin_lock_irqsave
     - leds: multicolor: Fix intensity setting while SW blinking
     - NFSv4: xattr handlers should check for absent nfs filehandles
     - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
       extension
     - md/md-bitmap: fix dm-raid max_write_behind setting
     - amd/amdkfd: fix a kfd_process ref leak
     - bcache: fix NULL pointer in cache_set_flush()
     - iio: pressure: zpa2326: Use aligned_s64 for the timestamp
     - [arm64] coresight: Only check bottom two claim bits
     - [arm64,armhf] usb: dwc2: also exit clock_gating when stopping udc while
       suspended
     - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
     - usb: potential integer overflow in usbg_make_tpg()
     - usb: common: usb-conn-gpio: use a unique name for usb connector device
     - usb: Add checks for snprintf() calls in usb_alloc_dev()
     - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
     - usb: typec: displayport: Receive DP Status Update NAK request exit dp
       altmode
     - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
     - ALSA: hda: Ignore unsol events for cards being shut down
     - ALSA: hda: Add new pci id for AMD GPU display HD audio controller
     - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
     - ceph: fix possible integer overflow in ceph_zero_objects()
     - ovl: Check for NULL d_inode() in ovl_dentry_upper()
     - btrfs: handle csum tree error with rescue=ibadroots correctly
     - [x86] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
     - [x86] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on
       DG1"
     - fs/jfs: consolidate sanity checking in dbMount
     - jfs: validate AG parameters in dbMount() to prevent crashes
       (CVE-2025-38230)
     - media: imx-jpeg: Cleanup after an allocation error (CVE-2025-38225)
     - f2fs: don't over-report free space or inodes in statvfs
     - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in
       fb_videomode_to_var (CVE-2025-38215)
     - drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
     - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
     - Drivers: hv: move panic report code from vmbus to hv early init code
     - Drivers: hv: Change hv_free_hyperv_page() to take void * argument
     - Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
       (CVE-2024-36913)
     - Drivers: hv: Allocate interrupt and monitor pages aligned to system page
       boundary
     - Drivers: hv: vmbus: Add utility function for querying ring size
     - uio_hv_generic: Query the ringbuffer size for device
     - uio_hv_generic: Align ring size to system page
     - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
     - vgacon: remove unneeded forward declarations
     - tty: vt: make init parameter of consw::con_init() a bool
     - tty: vt: sanitize arguments of consw::con_clear()
     - tty: vt: make consw::con_switch() return a bool
     - dummycon: Trigger redraw when switching consoles with deferred takeover
     - af_unix: Don't call skb_get() for OOB skb.
     - af_unix: Don't leave consecutive consumed OOB skbs.
     - i2c: tiny-usb: disable zero-length read messages
     - i2c: robotfuzz-osif: disable zero-length read messages
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
     - [s390x] pkey: Prevent overflow in size calculation for memdup_user()
     - atm: clip: prevent NULL deref in clip_push()
     - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
     - attach_recursive_mnt(): do not lock the covering tree when sliding
       something under it
     - libbpf: Fix null pointer dereference in btf_dump__free on allocation
       failure
     - wifi: mac80211: fix beacon interval calculation overflow
     - af_unix: Don't set -ECONNRESET for consumed OOB skb.
     - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
     - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
     - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
       (Closes: #1108069)
     - net: selftests: fix TCP packet checksum
     - [arm64] drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
     - [arm64] drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
     - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
     - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
     - serial: imx: Restore original RXTL for console to fix data loss
     - Bluetooth: L2CAP: Fix L2CAP MTU negotiation
     - dm-raid: fix variable in journal device check
     - btrfs: fix a race between renames and directory logging
     - btrfs: update superblock's device bytes_used when dropping chunk
     - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
     - HID: wacom: fix memory leak on kobject creation failure
     - HID: wacom: fix memory leak on sysfs attribute creation failure
     - HID: wacom: fix kobject reference count leak
     - scsi: megaraid_sas: Fix invalid node index
     - [arm64,armhf] drm/etnaviv: Protect the scheduler's pending list with its
       lock
     - [arm64,armhf] drm/tegra: Assign plane type before registration
     - [arm64,armhf] drm/tegra: Fix a possible null pointer dereference
     - drm/udl: Unregister device before cleaning up on disconnect
     - [arm64] drm/msm/gpu: Fix crash when throttling GPU immediately during boot
     - drm/amdkfd: Fix race in GWS queue scheduling
     - drm/amd/display: Add null pointer check for get_first_active_display()
     - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
     - drm/amdgpu: Add kicker device detection
     - ksmbd: Use unsafe_memcpy() for ntlm_negotiate
     - ksmbd: remove unsafe_memcpy use in session setup
     - fs: omfs: Use flexible-array member in struct omfs_extent
     - fbdev: hyperv_fb: Convert comma to semicolon
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - media: uvcvideo: Rollback non processed entities on error
     - [s390x] entry: Fix last breaking event handling in case of stack
       corruption
     - Kunit to check the longest symbol length
     - [x86] tools: Drop duplicate unlikely() definition in insn_decoder_test.c
     - Revert "ipv6: save dontfrag in cork"
     - nvme: always punt polled uring_cmd end_io work to task_work
     - io_uring/kbuf: account ring io_buffer_list memory
     - [arm64] firmware: arm_scmi: Add a common helper to check if a message is
       supported
     - [arm64] firmware: arm_scmi: Ensure that the message-id supports
       fastchannel
     - [arm64] Restrict pagetable teardown to avoid false warning
     - [arm*] 9354/1: ptrace: Use bitfield helpers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.144
     - rtc: cmos: use spin_lock_irqsave in cmos_interrupt
     - [s390x] pci: Do not try re-enabling load/store if device is disabled
     - vsock/vmci: Clear the vmci transport packet properly when initializing it
     - mmc: sdhci: Add a helper function for dump register in dynamic debug mode
     - Revert "mmc: sdhci: Disable SD card clock before changing parameters"
       (Closes: #1108065)
     - Bluetooth: hci_sync: revert some mesh modifications
     - Bluetooth: MGMT: set_mesh: update LE scan interval and window
     - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising
     - [arm64,armhf] regulator: gpio: Fix the out-of-bounds access to
       drvdata::gpiods
     - usb: typec: altmodes/displayport: do not index invalid pin_assignments
     - [arm64] dts: apple: t8103: Fix PCIe BCM4377 nodename
     - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
     - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
     - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
     - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
     - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
     - scsi: ufs: core: Fix spelling of a sysfs attribute name
     - RDMA/mlx5: Fix CC counters query for MPV
     - Bluetooth: Prevent unintended pause by checking if advertising is active
     - btrfs: fix missing error handling when searching for inode refs during log
       replay
     - btrfs: fix iteration of extrefs during log replay
     - ethernet: atl1: Add missing DMA mapping error checks and count errors
     - [armhf] drm/exynos: fimd: Guard display clock control with runtime PM
       calls
     - [arm64] spi: spi-fsl-dspi: Clear completion counter before initiating
       transfer
     - [x86] platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
       callbacks
     - [x86] drm/i915/gt: Fix timeline left held on VMA alloc error
     - [x86] drm/i915/gsc: mei interrupt top half should be in irq disabled
       context
     - igc: disable L1.2 PCI-E link substate to avoid performance issue
     - [amd64,arm64] amd-xgbe: align CL37 AN sequence as per databook
     - enic: fix incorrect MTU comparison in enic_change_mtu()
     - rose: fix dangling neighbour pointers in rose_rt_device_down()
     - nui: Fix dma_mapping_error() check
     - net/sched: Always pass notifications when child class becomes empty
     - smb: client: fix race condition in negotiate timeout by using more precise
       timing
     - [arm64] drm/msm: Fix a fence leak in submit error path
     - [arm64] drm/msm: Fix another leak in the submit error path
     - ALSA: sb: Don't allow changing the DMA mode during operations
     - ALSA: sb: Force to disable DMAs once when DMA mode is changed
     - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled
     - ata: pata_cs5536: fix build on 32-bit UML
     - [powerpc*] Fix struct termio related ioctl macros
     - [x86] ASoC: amd: yc: update quirk data for HP Victus
     - scsi: target: Fix NULL pointer dereference in
       core_scsi3_decode_spec_i_port()
     - aoe: defer rexmit timer downdev work to workqueue
     - wifi: mac80211: drop invalid source address OCB frames
     - wifi: ath6kl: remove WARN on bad firmware input
     - ACPICA: Refuse to evaluate a method if arguments are missing
     - mtd: spinand: fix memory leak of ECC engine conf
     - rcu: Return early if callback is not specified
     - virtio-net: ensure the received length does not exceed allocated size
     - [arm64] drm/v3d: Disable interrupts before resetting the GPU
     - NFSv4/flexfiles: Fix handling of NFS level errors in I/O
     - btrfs: use btrfs_record_snapshot_destroy() during rmdir
     - [arm64] dpaa2-eth: fix xdp_rxq_info leak
     - [x86] platform/x86: think-lmi: Fix class device unregistration
     - [x86] platform/x86: dell-wmi-sysman: Fix class device unregistration
     - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
     - xhci: dbctty: disable ECHO flag by default
     - xhci: dbc: Flush queued requests before stopping dbc
     - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
     - usb: cdnsp: do not disable slot for disabled slot
     - dma-buf: fix timeout handling in dma_resv_wait_timeout v2
     - i2c/designware: Fix an initialization issue
     - Logitech C-270 even more broken
     - [x86] platform/x86: think-lmi: Create ksets consecutively
     - [x86] platform/x86: think-lmi: Fix kobject cleanup
     - usb: typec: displayport: Fix potential deadlock
     - [amd64] Mitigations Transitive Scheduler Attacks (TSA) (CVE-2024-36350,
       CVE-2024-36357)
       + x86/bugs: Rename MDS machinery to something more generic
       + x86/bugs: Add a Transient Scheduler Attacks mitigation
       + KVM: SVM: Advertise TSA CPUID bits to guests
       + x86/process: Move the buffer clearing before MONITOR
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.145
     - [amd64] x86/CPU/AMD: Properly check the TSA microcode
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.146
     - [x86] platform/x86: ideapad-laptop: use usleep_range() for EC polling
     - perf: Revert to requiring CAP_SYS_ADMIN for uprobes
     - Bluetooth: hci_sync: Fix not disabling advertising instance
     - fix proc_sys_compare() handling of in-lookup dentries
     - netlink: Fix wraparounds of sk->sk_rmem_alloc.
     - tipc: Fix use-after-free in tipc_conn_close().
     - vsock: Fix transport_{g2h,h2g} TOCTOU
     - vsock: Fix transport_* TOCTOU
     - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
     - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
     - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
     - atm: clip: Fix potential null-ptr-deref in to_atmarpd().
     - atm: clip: Fix memory leak of struct clip_vcc.
     - atm: clip: Fix infinite recursive call of clip_push().
     - atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
     - net/sched: Abort __tc_modify_qdisc if parent class does not exist
     - maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
     - rxrpc: Fix oops due to non-existence of prealloc backlog struct
     - [x86] boot: Compile boot code with -std=gnu11 too
     - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
     - [x86] mce/amd: Fix threshold limit reset
     - [x86] mce: Don't remove sysfs if thresholding sysfs init fails
     - [x86] mce: Make sure CMCI banks are cleared during shutdown on Intel
     - [x86] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ
       routing table.
     - [x86] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is
       in-flight
     - gre: Fix IPv6 multicast route creation. (Closes: #1108430)
     - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734)
     - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts
     - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558)
     - drm/sched: Increment job count before swapping tail spsc queue
     - drm/ttm: fix error handling in ttm_buffer_object_transfer
     - drm/gem: Fix race in drm_gem_handle_create_tail()
     - usb: gadget: u_serial: Fix race condition in TTY wakeup
     - Revert "ACPI: battery: negate current when discharging"
     - kallsyms: fix build without execinfo
     - maple_tree: fix mt_destroy_walk() on root leaf node
     - pwm: mediatek: Ensure to disable clocks in error path
     - smb: server: make use of rdma_destroy_qp()
     - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
     - netlink: Fix rmem check in netlink_broadcast_deliver().
     - netlink: make sure we allow at least one dump skb
     - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
     - btrfs: propagate last_unlink_trans earlier when doing a rmdir
     - xhci: Allow RPM on the USB controller (1022:43f7) by default
     - usb: xhci: quirk for data loss in ISOC transfers
     - Input: xpad - support Acer NGR 200 Controller
     - [arm64,armhf] usb: dwc3: Abort suspend on soft disconnect failure
     - wifi: zd1211rw: Fix potential NULL pointer dereference in
       zd_mac_tx_to_dev()
     - [arm64,armhf] drm/tegra: nvdec: Fix dma_alloc_coherent error check
     - md/raid1: Fix stack memory use after return in raid1_reshape
     - raid10: cleanup memleak at raid10_make_request
     - nbd: fix uaf in nbd_genl_connect() error path
     - erofs: remove the member readahead from struct z_erofs_decompress_frontend
     - erofs: clean up z_erofs_pcluster_readmore()
     - erofs: allocate extra bvec pages directly instead of retrying
     - erofs: avoid on-stack pagepool directly passed by arguments
     - erofs: adapt folios for z_erofs_read_folio()
     - erofs: fix to add missing tracepoint in erofs_read_folio()
     - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
     - net: appletalk: Fix device refcount leak in atrtr_create()
     - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
     - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
     - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
       debug level
     - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
     - bnxt_en: Fix DCB ETS validation
     - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
     - atm: idt77252: Add missing `dma_map_error()`
     - [x86] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
     - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
     - net: usb: qmi_wwan: add SIMCom 8230C composition
     - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
     - btrfs: fix assertion when building free space tree
     - vt: add missing notification when switching back to text mode
     - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
     - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
     - Input: atkbd - do not skip atkbd_deactivate() when skipping
       ATKBD_CMD_GETID
     - vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074)
     - [x86] mm: Disable hugetlb page table sharing on 32-bit
     - [x86] Fix X86_FEATURE_VERW_CLEAR definition
     - ksmbd: fix potential use-after-free in oplock/lease break ack
     - rseq: Fix segfault on registration when rseq_cs is non-zero
       (CVE-2025-38067)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.147
     - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
     - USB: serial: option: add Foxconn T99W640
     - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
     - usb: gadget: configfs: Fix OOB read on empty string write
     - [armhf] i2c: stm32: fix the device used for the DMA map
     - [x86] thunderbolt: Fix bit masking in tb_dp_port_set_hops()
     - Input: xpad - set correct controller type for Acer NGR200
     - pch_uart: Fix dma_sync_sg_for_device() nents value
     - HID: core: ensure the allocated report buffer can contain the reserved
       report ID
     - HID: core: ensure __hid_request reserves the report ID as the first byte
     - HID: core: do not bypass hid_hw_raw_request
     - tracing: Add down_write(trace_event_sem) when adding trace event
     - io_uring/poll: fix POLLERR handling
     - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
       pep_sock_accept()
     - net/mlx5: Update the list of the PCI supported devices
     - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
     - af_packet: fix soft lockup issue caused by tpacket_snd()
     - isofs: Verify inode mode when loading from disk
     - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
     - [arm64,armhf] mmc: bcm2835: Fix dma_unmap_sg() nents value
     - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
       Positivo models
     - [arm64] mmc: sdhci_am654: Workaround for Errata i2312
     - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
     - smb: client: fix use-after-free in crypt_message when using async crypto
     - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order
     - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
     - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
     - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
     - iio: adc: max1363: Reorder mode_list[] entries
     - iio: adc: stm32-adc: Fix race in installing chained IRQ handler
     - [i386] comedi: pcl812: Fix bit shift out of bounds
     - [i386] comedi: aio_iiro_16: Fix bit shift out of bounds
     - [i386] comedi: das16m1: Fix bit shift out of bounds
     - [i386] comedi: das6402: Fix bit shift out of bounds
     - [i386] comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
     - [i386] comedi: Fix some signed shift left operations
     - [i386] comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
     - [i386] comedi: Fix initialization of data for instructions that write to
       subdevice
     - bpf: Reject %p% format string in bprintf-like helpers
     - cachefiles: Fix the incorrect return value in __cachefiles_write()
     - net/sched: sch_qfq: Fix race condition on qfq_aggregate
     - rpl: Fix use-after-free in rpl_do_srh_inline().
     - smb: client: fix use-after-free in cifs_oplock_break
     - nvme: fix misaccounting of nvme-mpath inflight I/O
     - [x86] hwmon: (corsair-cpro) Validate the size of the received input buffer
     - usb: net: sierra: check for no status endpoint
     - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
     - Bluetooth: hci_sync: fix connectable extended advertising when using
       static random address
     - Bluetooth: SMP: If an unallowed command is received consider it a failure
     - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
     - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant
       without board ID
     - net/mlx5: Correctly set gso_size when LRO is used
     - ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
     - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
     - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
     - tls: always refresh the queue when reading sock
     - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
       runtime
     - net: bridge: Do not offload IGMP/MLD messages
     - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
     - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
     - sched: Change nr_uninterruptible type to unsigned long
     - HID: mcp2221: Set driver data before I2C adapter add
     - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right
       userns
     - usb: hub: fix detection of high tier USB3 devices behind suspended hubs
     - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
       pm
     - usb: hub: Fix flushing of delayed work used for post resume purposes
     - usb: hub: Don't try to recover devices lost during warm reset.
     - usb: musb: Add and use inline functions musb_{get,set}_state
     - usb: musb: fix gadget state on disconnect
     - [arm64] usb: dwc3: qcom: Don't leave BCR asserted
     - [arm64] ASoC: fsl_sai: Force a software reset when starting in consumer
       mode
     - Bluetooth: HCI: Set extended advertising data synchronously
     - mm/vmalloc: leave lazy MMU mode on PTE mapping error
     - nvmem: layouts: u-boot-env: remove crc32 endianness conversion
 .
   [ Uwe Kleine-König ]
   * Disable CONFIG_CDROM_PKTCDVD for all archs as this driver is
     orphaned, buggy and not needed. (Closes: #1107479)
 .
   [ Salvatore Bonaccorso ]
   * [amd64] drivers/acpi: Make ACPI_HED built-in
   * Bump ABI to 38
   * [rt] Update to 6.1.141-rt52
   * net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
     qfq_delete_class
   * [amd64] x86/bugs: Fix use of possibly uninit value in
     amd_check_tsa_microcode()
 .
   [ Kevin P. Fleming ]
   * test-patches: Add defaults for DEBEMAIL and DEBFULLNAME
linux-signed-amd64 (6.1.140+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.140-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.140
     - binfmt: Fix whitespace issues
     - binfmt_elf: Support segments with 0 filesz and misaligned starts
     - binfmt_elf: elf_bss no longer used by load_elf_binary()
     - binfmt_elf: Leave a gap between .bss and brk
     - binfmt_elf: Calculate total_size earlier
     - binfmt_elf: Honor PT_LOAD alignment for static PIE
     - binfmt_elf: Move brk for static PIE even if ASLR disabled
     - [x86] platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - tpm: tis: Double the timeout B to 4s
     - iio: adc: ad7266: Fix potential timestamp alignment issue.
     - drm/amd: Stop evicting resources on APUs in suspend
     - drm/amdgpu: Fix the runtime resume failure issue
     - drm/amdgpu: trigger flr_work if reading pf2vf data failed
     - drm/amd: Add Suspend/Hibernate notification callback support
     - Revert "drm/amd: Stop evicting resources on APUs in suspend"
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
     - HID: uclogic: Add NULL check in uclogic_input_configured()
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - net_sched: Flush gso_skb list too during ->change()
     - net: mctp: Ensure keys maintain only one ref to corresponding dev
     - [arm64] net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - nvme-pci: make nvme_pci_npages_prp() __always_inline
     - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - net/mlx5e: Disable MACsec offload for uplink representor profile
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - net/tls: fix kernel panic when alloc_page failed
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - drm/amd/display: Correct the reply value when AUX write incomplete
     - drm/amd/display: Avoid flooding unnecessary info messages
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - dma-buf: insert memory barrier before updating num_fences
     - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
     - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
     - hv_netvsc: Remove rmsg_pgcnt
     - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
     - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - [arm64,armhf] phy: Fix error handling in tegra_xusb_port_init
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
     - [arm64] phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
     - smb: client: fix memory leak during error handling for POSIX mkdir
     - wifi: mt76: disable napi on driver removal
     - net: qede: Initialize qede_ll_ops with designated initializer
     - [arm64] dmaengine: ti: k3-udma: Add missing locking
     - [arm64] dmaengine: ti: k3-udma: Use cap_mask directly from dma_device
       structure instead of a local copy
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_wqs
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - [amd64] dmaengine: idxd: Add missing cleanup for early error out in
       idxd_setup_internals
     - [amd64] dmaengine: idxd: Add missing cleanups in cleanup internals
     - [amd64] dmaengine: idxd: Add missing idxd cleanup to fix memory leak in
       remove call
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_alloc
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_pci_probe
     - usb: typec: ucsi: displayport: Fix deadlock (CVE-2025-37967)
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group (CVE-2024-35790)
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
       (CVE-2024-53203)
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
     - [arm64] bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
       (CVE-2024-43840)
     - [arm64] bpf, arm64: Fix address emission with tag-based KASAN enabled
     - hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
       (CVE-2025-21931)
     - sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
     - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - [arm64] sme: Always exit sme_alloc() early with existing storage
     - [x86] platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually
       enabled it (CVE-2025-21645)
     - bnxt_en: Fix receive ring space parameters when XDP is active
       (CVE-2024-53209)
     - ipv6: Fix potential uninit-value access in __ip6_make_skb()
       (CVE-2024-36903)
     - ipv4: Fix uninit-value access in __ip_make_skb() (CVE-2024-36927)
     - spi: cadence-qspi: fix pointer reference in runtime PM hooks
       (CVE-2024-26807)
     - drm/amdgpu: fix pm notifier handling
     - [x86] modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 37
linux-signed-amd64 (6.1.139+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.139-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
     - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
     - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
     - [arm64] i2c: imx-lpi2c: Fix clock count when probe defers
     - [arm64] errata: Add missing sentinels to Spectre-BHB MIDR arrays
     - [x86] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
       value.
     - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
       offload
     - [arm64] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
     - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
     - dm-integrity: fix a warning on invalid table line
     - dm: always update the array size in realloc_argv on success
     - [amd64] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
     - [amd64] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
     - [x86] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
       hotplug
     - ksmbd: fix use-after-free in kerberos authentication
     - cpufreq: Avoid using inconsistent policy->min and policy->max
     - cpufreq: Fix setting policy limits when frequency tables are used
     - tracing: Fix oob write in trace_seq_to_buffer()
     - xfs: fix error returns from xfs_bmapi_write
     - xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
     - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
     - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item
       recovery
     - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
     - xfs: validate recovered name buffers when recovering xattr items
     - xfs: revert commit 44af6c7e59b12
     - xfs: match lock mode in xfs_buffered_write_iomap_begin()
     - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
     - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
     - xfs: convert delayed extents to unwritten when zeroing post eof blocks
     - xfs: allow symlinks with short remote targets
     - xfs: make sure sb_fdblocks is non-negative
     - xfs: fix freeing speculative preallocations for preallocated files
     - xfs: allow unlinked symlinks and dirs with zero size
     - xfs: restrict when we try to align cow fork delalloc to cowextsz hints
     - [x86] KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
       loop (CVE-2025-21839)
     - dm-bufio: don't schedule in atomic context
     - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
     - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
     - vxlan: vnifilter: Fix unlocked deletion of default FDB entry
     - net/mlx5: E-Switch, Initialize MAC Address for Default GID
     - net/mlx5: E-switch, Fix error handling for enabling roce
     - [arm64] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged
     - [arm64] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
     - net_sched: drr: Fix double list add in class with netem as child qdisc
     - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
       qdisc
     - net_sched: ets: Fix double list add in class with netem as child qdisc
     - net_sched: qfq: Fix double list add in class with netem as child qdisc
     - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
     - net: dlink: Correct endianness handling of led_mode
     - [arm64] net: dsa: felix: fix broken taprio gate states after clock jump
     - net: ipv6: fix UDPv6 GSO segmentation with NAT
     - bnxt_en: Fix coredump logic to free allocated buffer
     - bnxt_en: Fix out-of-bound memcpy() during ethtool -w
     - bnxt_en: Fix ethtool -d byte order for 32-bit values
     - nvme-tcp: fix premature queue removal and I/O failover
     - net: lan743x: Fix memleak issue when GSO enabled
     - net: fec: ERR007885 Workaround for conventional TX
     - [arm64] net: hns3: store rx VLAN tag offload state for VF
     - [arm64] net: hns3: fix an interrupt residual problem
     - [arm64] net: hns3: fixed debugfs tm_qset size
     - [arm64] net: hns3: defer calling ptp_clock_register()
     - PCI: imx6: Skip controller_id generation logic for i.MX7D
     - sch_htb: make htb_qlen_notify() idempotent
     - sch_drr: make drr_qlen_notify() idempotent
     - sch_hfsc: make hfsc_qlen_notify() idempotent
     - sch_qfq: make qfq_qlen_notify() idempotent
     - sch_ets: make est_qlen_notify() idempotent
     - [x86] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables
       separately"
     - [arm64] firmware: arm_scmi: Balance device refcount when destroying
       devices
     - net: phy: microchip: force IRQ polling mode for lan88xx
     - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
     - [arm64,armhf] irqchip/gic-v2m: Mark a few functions __init
     - [arm64,armhf] irqchip/gic-v2m: Prevent use after free of
       gicv2m_get_fwnode() (CVE-2025-37819)
     - dm: fix copying after src array boundaries
     - [arm64] iommu/arm-smmu-v3: Use the new rb tree helpers
     - [arm64] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated
       stream ids
     - drm/amd/display: phase2 enable mst hdcp multiple displays
     - drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c
     - drm/amd/display: Change HDCP update sequence for DM
     - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
     - drm/amd/display: Fix slab-use-after-free in hdcp
     - ASoC: Use of_property_read_bool()
     - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
       properties
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.139
     - dm: add missing unlock on in dm_keyslot_evict()
     - [arm64] dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
     - [arm64] can: mcan: m_can_class_unregister(): fix order of unregistration
       calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - ksmbd: prevent out-of-bounds stream writes by validating *pos
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - ksmbd: fix memory leak in parse_lease_state()
     - sch_htb: make htb_deactivate() idempotent
     - gre: Fix again IPv6 link-local address generation.
     - can: mcp251xfd: fix TDC setting for low data bit rates
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - ipv4: Drop tos parameter from flowi4_update_output()
     - ipvs: fix uninit-value for saddr in do_output_route4
     - netfilter: ipset: fix region locking in hash types
     - bpf: Scrub packet on bpf_redirect_peer
     - [armhf] net: dsa: b53: allow leaky reserved multicast
     - [armhf] net: dsa: b53: fix clearing PVID of a port
     - [armhf] net: dsa: b53: fix flushing old pvid VLAN on pvid change
     - [armhf] net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
     - [armhf] net: dsa: b53: always rejoin default untagged VLAN on bridge leave
     - [armhf] net: dsa: b53: fix learning on VLAN unaware bridges
     - Input: synaptics - enable InterTouch on Dynabook Portege X30-D
     - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
     - Input: synaptics - enable InterTouch on Dell Precision M3800
     - Input: synaptics - enable SMBus for HP Elitebook 850 G1
     - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
     - [x86] mm: Eliminate window where TLB flushes may be inadvertently skipped
     - drm/amd/display: Shift DMUB AUX reply command if necessary
     - iio: adc: ad7606: fix serial register access
     - iio: adis16201: Correct inclinometer channel resolution
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
     - [arm64] drm/v3d: Add job to pending list if the reset was skipped
     - drm/amd/display: Fix the checking condition in dmub aux handling
     - drm/amd/display: Remove incorrect checking in dmub aux handler
     - drm/amd/display: Fix wrong handling for AUX_DEFER case
     - drm/amd/display: Copy AUX read reply data whenever length > 0
     - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
     - usb: uhci-platform: Make the clock really optional
     - xenbus: Use kref to track req lifetime
     - module: ensure that kobject_put() is safe for module type kobjects
     - ocfs2: switch osb->disable_recovery to enum
     - ocfs2: implement handshaking with ocfs2 recovery thread
     - ocfs2: stop quota recovery before disabling quotas
     - [arm64,armhf] usb: host: tegra: Prevent host controller crash when OTG
       port is used
     - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
     - usb: typec: ucsi: displayport: Fix NULL pointer access
     - USB: usbtmc: use interruptible sleep in usbtmc_read
     - usb: usbtmc: Fix erroneous get_stb ioctl error returns
     - usb: usbtmc: Fix erroneous wait_srq ioctl return
     - usb: usbtmc: Fix erroneous generic_read ioctl return
     - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
     - types: Complement the aligned types with signed 64-bit one
     - [mips*] Fix MAX_REG_OFFSET
     - drm/panel: simple: Update timings for AUO G101EVN010
     - nvme: unblock ctrl state transition for firmware update
     - do_umount(): add missing barrier before refcount checks in sync case
     - io_uring: always arm linked timeouts prior to issue
     - io_uring: ensure deferred completions are posted for multishot
     - Revert "net: phy: microchip: force IRQ polling mode for lan88xx"
     - [arm64] insn: Add support for encoding DSB
     - [arm64] proton-pack: Expose whether the platform is mitigated by firmware
     - [arm64] proton-pack: Expose whether the branchy loop k value
     - [arm64] bpf: Add BHB mitigation to the epilogue for cBPF programs
     - [arm64] bpf: Only mitigate cBPF programs loaded by unprivileged users
     - [arm64] proton-pack: Add new CPUs 'k' values for branch mitigation
     - [x86] bpf: Call branch history clearing sequence on exit
     - [x86] bpf: Add IBHF call at end of classic BPF
     - [x86] bhi: Do not set BHI_DIS_S in 32-bit mode
     - [x86] speculation: Simplify and make CALL_NOSPEC consistent
     - [x86] speculation: Add a conditional CS prefix to CALL_NOSPEC
     - [x86] speculation: Remove the extra #ifdef around CALL_NOSPEC
     - [amd64] Mitigations Indirect Target Selection (ITS) (CVE-2024-28956)
       + Documentation: x86/bugs/its: Add ITS documentation
       + x86/its: Enumerate Indirect Target Selection (ITS) bug
       + x86/its: Add support for ITS-safe indirect thunk
       + x86/its: Add support for ITS-safe return thunk
       + x86/its: Enable Indirect Target Selection mitigation
       + x86/its: Add "vmexit" option to skip mitigation on some CPUs
       + x86/its: Align RETs in BHB clear sequence to avoid thunking
       + x86/ibt: Keep IBT disabled during alternative patching
       + x86/its: Use dynamic thunks for indirect branches
       + x86/its: Fix build errors when CONFIG_MODULES=n
       + x86/alternative: Optimize returns patching
       + x86/alternatives: Remove faulty optimization
       + x86/its: FineIBT-paranoid vs ITS
 .
   [ Uwe Kleine-König ]
   * d/b/test-patches: Handle kernel release strings without ABI number.
     This is a backport from 6.10.1-1_exp1 to enable building bookworm kernels
     on trixie and newer.
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 36

linux-signed-arm64 (6.1.148+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.148-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.148
     - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
       (CVE-2025-38335)
     - regulator: core: fix NULL dereference on unbind due to stale coupling data
     - RDMA/core: Rate limit GID cache warning messages
     - iio: adc: ad7949: use spi_is_bpw_supported()
     - regmap: fix potential memory leak of regmap_bus
     - [x86] hyperv: Fix usage of cpu_online_mask to get valid cpu
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_SUCCESS usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_ERROR usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_RETRY usage
     - [arm64,armhf] staging: vchiq_arm: Make vchiq_shutdown never fail
     - xfrm: interface: fix use-after-free after changing collect_md xfrm
       interface (CVE-2025-38500)
     - net/mlx5: Fix memory leak in cmd_exec()
     - i40e: Add rx_missed_errors for buffer exhaustion
     - i40e: report VF tx_dropped with tx_errors instead of tx_discards
     - i40e: When removing VF MAC filters, only check PF-set MAC
     - net: appletalk: Fix use-after-free in AARP proxy probe
     - can: dev: can_restart(): reverse logic to remove need for goto
     - can: dev: can_restart(): move debug message and stats after successful
       restart
     - can: netlink: can_changelink(): fix NULL pointer deref of struct
       can_priv::do_set_mode
     - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in
       ti_sn_bridge_probe()
     - [arm64] net: hns3: fix concurrent setting vlan filter issue
     - [arm64] net: hns3: disable interrupt when ptp init failed
     - [arm64] net: hns3: fixed vf get max channels bug
     - [x86] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
       boots
     - i2c: qup: jump out of the loop in case of timeout
     - i2c: tegra: Fix reset error handling with ACPI
     - i2c: virtio: Avoid hang by using interruptible completion wait
     - bus: fsl-mc: Fix potential double device reference in
       fsl_mc_get_endpoint()
     - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
     - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint
       handling
     - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
     - e1000e: ignore uninitialized checksum word on tgp
     - gve: Fix stuck TX queue for DQ queue format
     - ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
     - nilfs2: reject invalid file types when reading inodes
     - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
     - drm/amdkfd: Don't call mmput from MMU notifier callback
     - usb: typec: tcpm: allow to use sink in accessory mode
     - usb: typec: tcpm: allow switching to mode accessory to mux properly
     - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
     - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925)
     - [x86] comedi: comedi_test: Fix possible deletion of uninitialized timers
     - ALSA: hda/tegra: Add Tegra264 support
     - ALSA: hda: Add missing NVIDIA HDA codec IDs
     - [x86] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x
     - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
     - erofs: get rid of debug_one_dentry()
     - erofs: sunset erofs_dbg()
     - erofs: drop z_erofs_page_mark_eio()
     - erofs: simplify z_erofs_transform_plain()
     - erofs: address D-cache aliasing
     - usb: chipidea: add USB PHY event
     - usb: phy: mxs: disconnect line when USB charger is attached
     - ethernet: intel: fix building with large NR_CPUS
     - [x86] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx
     - ASoC: Intel: fix SND_SOC_SOF dependencies
     - fs_context: fix parameter name in infofc() macro
     - ublk: use vmalloc for ublk_device's __queues
     - hfsplus: remove mutex_lock check in hfsplus_free_extents
     - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
     - ASoC: ops: dynamically allocate struct snd_ctl_elem_value
     - soc: qcom: QMI encoding/decoding for big endian
     - [arm64] dts: qcom: sdm845: Expand IMEM region
     - [arm64] dts: qcom: sc7180: Expand IMEM region
     - [arm64,armhf] usb: host: xhci-plat: fix incorrect type for of_match
       variable in xhci_plat_probe()
     - usb: misc: apple-mfi-fastcharge: Make power supply names unique
     - vmci: Prevent the dispatching of uninitialized payloads
     - pps: fix poll support
     - Revert "vmci: Prevent the dispatching of uninitialized payloads"
     - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
     - usb: early: xhci-dbc: Fix early_ioremap leak
     - [armhf] dts: ti: omap: Fixup pinheader typo
     - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed
     - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed
     - PM / devfreq: Check governor before using governor->name
     - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
     - cpufreq: Initialize cpufreq-based frequency-invariance later
     - cpufreq: Init policy->rwsem before it may be possibly used
     - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
     - bpf, sockmap: Fix psock incorrectly pointing to sk
     - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
     - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain
     - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
     - wifi: rtl818x: Kill URBs before clearing tx status queue
     - wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
     - iwlwifi: Add missing check for alloc_ordered_workqueue
     - wifi: ath11k: clear initialized flag for deinit-ed srng lists
     - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
     - net/mlx5: Check device memory pointer before usage
     - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
     - fbcon: Fix outdated registered_fb reference in comment
     - netfilter: nf_tables: adjust lockdep assertions handling
     - net/sched: Restrict conditions for adding duplicating netems to qdisc tree
     - net_sched: act_ctinfo: use atomic64_t for three counters
     - xen/gntdev: remove struct gntdev_copy_batch from stack
     - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
     - mwl8k: Add missing check after DMA map
     - wifi: mac80211: reject TDLS operations when station is not associated
     - wifi: plfxlc: Fix error handling in usb driver probe
     - wifi: mac80211: Do not schedule stopped TXQs
     - wifi: mac80211: Don't call fq_flow_idx() for management frames
     - wifi: mac80211: Check 802.11 encaps offloading in
       ieee80211_tx_h_select_key()
     - Reapply "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
       IE
     - can: peak_usb: fix USB FD devices potential malfunction
     - can: kvaser_pciefd: Store device channel index
     - can: kvaser_usb: Assign netdev.dev_port based on device channel index
     - netfilter: xt_nfacct: don't assume acct name is null-terminated
     - vrf: Drop existing dst reference in vrf_ip6_input_dst
     - ipv6: prevent infinite loop in rt6_nlmsg_size()
     - ipv6: fix possible infinite loop in fib6_info_uses_dev()
     - ipv6: annotate data-races around rt->fib6_nsiblings
     - bpf/preload: Don't select USERMODE_DRIVER
     - PCI: rockchip-host: Fix "Unexpected Completion" log message
     - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg()
     - [arm*] crypto: marvell/cesa - Fix engine load inaccuracy
     - mtd: fix possible integer overflow in erase_xfer()
     - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
     - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
     - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
     - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar()
       fails
     - [arm64,armhf] pinctrl: sunxi: Fix memory leak on krealloc failure
     - perf sched: Fix memory leaks for evsel->priv in timehist
     - perf sched: Fix memory leaks in 'perf sched latency'
     - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value
     - crypto: ccp - Fix crash when rebind ccp device for ccp.ko
     - [arm64] RDMA/hns: Fix -Wframe-larger-than issue
     - kernel: trace: preemptirq_delay_test: use offstack cpu mask
     - proc: use the same treatment to check proc_lseek as ones for
       proc_read_iter et.al
     - perf tests bp_account: Fix leaked file descriptor
     - [armhf] clk: sunxi-ng: v3s: Fix de clock definition
     - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
     - scsi: elx: efct: Fix dma_unmap_sg() nents value
     - scsi: mvsas: Fix dma_unmap_sg() nents value
     - scsi: isci: Fix dma_unmap_sg() nents value
     - soundwire: stream: restore params when prepare ports fail
     - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
     - fs/orangefs: Allow 2 more characters in do_c_string()
     - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
     - [x86] crypto: qat - fix seq_file position update in adf_ring_next()
     - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
     - jfs: fix metapage reference count leak in dbAllocCtl
     - vhost-scsi: Fix log flooding with target does not exist errors
     - bpf: Check flow_dissector ctx accesses are aligned
     - apparmor: ensure WB_HISTORY_SIZE value is a power of 2
     - module: Restore the moduleparam prefix length check
     - ucount: fix atomic_long_inc_below() argument type
     - rtc: ds1307: fix incorrect maximum clock rate handling
     - rtc: hym8563: fix incorrect maximum clock rate handling
     - rtc: nct3018y: fix incorrect maximum clock rate handling
     - rtc: pcf85063: fix incorrect maximum clock rate handling
     - rtc: pcf8563: fix incorrect maximum clock rate handling
     - rtc: rv3028: fix incorrect maximum clock rate handling
     - f2fs: fix KMSAN uninit-value in extent_info usage
     - f2fs: doc: fix wrong quota mount option description
     - f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
     - f2fs: fix to avoid panic in f2fs_evict_inode
     - f2fs: fix to avoid out-of-boundary access in devs.path
     - f2fs: vm_unmap_ram() may be called from an invalid context
     - f2fs: fix to update upper_p in __get_secs_required() correctly
     - f2fs: fix to calculate dirty data during has_not_enough_free_secs()
     - vfio/pci: Separate SR-IOV VF dev_set
     - scsi: mpt3sas: Fix a fw_event memory leak
     - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
     - scsi: ufs: core: Use link recovery when h8 exit fails during runtime
       resume
     - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
     - PCI: pnv_php: Clean up allocated IRQs on unplug
     - PCI: pnv_php: Work around switches with broken presence detection
     - [powerpc*] eeh: Export eeh_unfreeze_pe()
     - [powerpc*] eeh: Rely on dev->link_active_reporting
     - [powerpc*] eeh: Make EEH driver device hotplug safe
     - PCI: pnv_php: Fix surprise plug detection and recovery
     - pNFS/flexfiles: don't attempt pnfs on fatal DS errors
     - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up()
     - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate()
     - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
     - NFSv4.2: another fix for listxattr
     - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
     - netpoll: prevent hanging NAPI when netcons gets enabled
     - phy: mscc: Fix parsing of unicast frames
     - pptp: ensure minimal skb length in pptp_xmit()
     - net/mlx5: Correctly set gso_segs when LRO is used
     - ipv6: reject malicious packets in ipv6_gso_segment()
     - net: drop UFO packets in udp_rcv_segment()
     - benet: fix BUG when creating VFs
     - irqchip: Build IMX_MU_MSI only on ARM
     - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
     - smb: server: remove separate empty_recvmsg_queue
     - smb: server: make sure we call ib_dma_unmap_single() only if we called
       ib_dma_map_single already
     - smb: server: let recv_done() consistently call
       put_recvmsg/smb_direct_disconnect_rdma_connection
     - smb: server: let recv_done() avoid touching data_transfer after
       cleanup/move
     - smb: client: let recv_done() cleanup before notifying the callers.
     - pptp: fix pptp_xmit() error path
     - perf/core: Don't leak AUX buffer refcount on allocation failure
     - perf/core: Exit early on perf_mmap() fail
     - perf/core: Prevent VMA split of buffer mappings
     - net/packet: fix a race in packet_set_ring() and packet_notifier()
     - vsock: Do not allow binding to VMADDR_PORT_ANY
     - ksmbd: fix null pointer dereference error in generate_encryptionkey
     - ksmbd: fix Preauh_HashValue race condition
     - ksmbd: fix corrupted mtime and ctime in smb2_open
     - ksmbd: limit repeated connections from clients with the same IP
       (CVE-2025-38501)
     - smb: server: Fix extension string in ksmbd_extract_shortname()
     - USB: serial: option: add Foxconn T99W709
     - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
     - net: usbnet: Fix the wrong netif_carrier_on() call
     - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331)
     - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
     - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
     - [x86] fpu: Delay instruction pointer fixup until after warning
     - [mips*] mm: tlb-r4k: Uniquify TLB entries on init
     - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
     - usb: gadget : fix use-after-free in composite_dev_cleanup()
 .
   [ Bastian Blank ]
   * Drop not needed extra step to add debug links
   * Sign modules using an ephemeral key: (closes: #1040901)
     - Set MODULE_SIG_ALL to sign all modules.
     - Not longer request Secure Boot signing for modules.
     - Don't trust Secure Boot key any longer.
   * Store build time signing key encrypted.
   * Sign modules and support lockdown always.
 .
   [ Ben Hutchings ]
   * d/b/buildcheck.py, d/rules.real: Run buildcheck.py in setup as well
   * d/b/buildcheck.py: Check config of kernel to be signed
   * d/rules: Include target suite as an input to gencontrol.py
   * Generate kernel ABI name suffix automatically if not configured
   * Delete ABI name suffix and ABI reference
   * d/salsa-ci.yml: Ignore pycodestyle error E241
   * d/rules.real: Move module installation to the image build rule
   * proc: fix missing pde_set_flags() for net proc files
 .
   [ Salvatore Bonaccorso ]
   * [amd64] udeb: kernel-image: Include SPI drivers
   * netlink: avoid infinite retry looping in netlink_unicast()
     (Closes: #1111017)
   * ext4: don't try to clear the orphan_present feature block device is r/o
     (Closes: #1108271)
linux-signed-arm64 (6.1.147+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.147-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.141
     - [arm64,armhf] gpio: pca953x: Add missing header(s)
     - [arm64,armhf] gpio: pca953x: Split pca953x_restore_context() and
       pca953x_save_context()
     - [arm64,armhf] gpio: pca953x: Simplify code with cleanup helpers
     - [arm64,armhf] gpio: pca953x: fix IRQ storm on system wake up
     - [arm64] phy: renesas: rcar-gen3-usb2: Add support to initialize the bus
     - [arm64] phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
     - [arm64] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and
       driver data
     - [arm64] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
     - scsi: target: iscsi: Fix timeout on deleted connection
     - virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - scsi: mpi3mr: Add level check to control event logging
     - [arm64] net: enetc: refactor bulk flipping of RX buffers to separate
       function
     - drm/amdgpu: Allow P2P access through XGMI
     - bpf: fix possible endless loop in BPF map iteration
     - kconfig: merge_config: use an empty file as initfile
     - [s390x] vfio-ap: Fix no AP queue sharing allowed message written to kernel
       log
     - cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES
     - cifs: Fix querying and creating MF symlinks over SMB1
     - cifs: Fix negotiate retry functionality
     - fuse: Return EPERM rather than ENOSYS from link()
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - NFS: Don't allow waiting for exiting tasks
     - SUNRPC: Don't allow waiting for exiting tasks
     - [arm64] Add support for HIP09 Spectre-BHB mitigation
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - cifs: Fix establishing NetBIOS session for SMB2+ connection
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - [arm64] thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - objtool: Properly disable uaccess validation
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - [amd64] PCI: vmd: Disable MSI remapping bypass under Xen
     - libnvdimm/labels: Fix divide error in nd_label_data_init()
     - mmc: host: Wait for Vdd to settle on card power off
     - [x86] mm: Check return value from memblock_phys_alloc_range()
     - [arm64] i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: run btrfs_error_commit_super() early
     - btrfs: fix non-empty delayed iputs list on unmount due to async workers
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
     - drm/amd/display: Guard against setting dispclk low for dcn31x
     - dlm: make tcp still work in multi-link env
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - bpf: Return prog btf_id without capable check
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - [x86] thunderbolt: Do not add non-active NVM if NVM upgrade is disabled
       for retimer
     - kbuild: fix argument parsing in scripts/config
     - dm: restrict dm device size to 2^63-512 bytes
     - net/smc: use the correct ndev to find pnetid by pnetid table
     - xen: Add support for XenServer 6.1 platform device
     - [arm64,armhf] pinctrl-tegra: Restore SFSEL bit when freeing pins
     - [armhf] ASoC: sun4i-codec: support hp-det-gpios property
     - ext4: reject the 'data_err=abort' option in nojournal mode
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - [arm64] mm: Check PUD_TYPE_TABLE in pud_bad()
     - [armhf] mmc: dw_mmc: add exynos7870 DW MMC support
     - mmc: sdhci: Disable SD card clock before changing parameters
     - [x86] hwmon: (dell-smm) Increment the number of fans
     - ipv6: save dontfrag in cork
     - drm/amd/display: calculate the remain segments for all pipes
     - gfs2: Check for empty queue in run_queue
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - [amd64] iommu/amd/pgtbl_v2: Improve error handling
     - crypto: lzo - Fix compression buffer overrun
     - [arm64] tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - [powerpc*] prom_init: Fixup missing #size-cells on PowerBook6,7
     - ALSA: seq: Improve data consistency at polling
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - dm cache: prevent BUG_ON by blocking retries on failed device resumes
     - orangefs: Do not truncate file size
     - net: phylink: use pl->link_interface in phylink_expects_phy()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - media: cx231xx: set device_caps for 417
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - [armhf] net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type
     - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - drm/rockchip: vop2: Add uv swap for cluster window
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - [arm64] clk: imx8mp: inform CCF of maximum frequency of clocks
     - [x86] bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - [arm*] hwmon: (gpio-fan) Add missing mutex locks
     - [arm64] PCI: brcmstb: Expand inbound window size up to 64GB
     - [arm64] PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - drm/amdkfd: KFD release_work possible circular locking
     - leds: pwm-multicolor: Add check for fwnode_property_read_u32
     - net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - [arm64] soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - [x86] build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - [x86] nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid discarding useful information
     - libbpf: Fix out-of-bound read
     - dm: fix unconditional IO throttle caused by REQ_PREFLUSH
     - [x86] kaslr: Reduce KASLR entropy on most x86 systems
     - [mips*] Use arch specific syscall name match function
     - genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of
       iommu_cookie
     - [mips*] pm-cps: Use per-CPU variables as per-CPU, not per-core
     - [mips*] clocksource: mips-gic-timer: Enable counter when CPUs start
     - scsi: mpt3sas: Send a diag reset if target reset fails
     - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
     - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
     - net: pktgen: fix access outside of user given buffer in
       pktgen_thread_write()
     - [x86] EDAC/ie31200: work around false positive build warning
     - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
     - RDMA/core: Fix best page size finding when it can cross SG entries
     - [arm64,armhf] pmdomain: imx: gpcv2: use proper helper for property
       detection
     - can: c_can: Use of_property_present() to test existence of DT property
     - eth: mlx4: don't try to complete XDP frames in netpoll
     - PCI: Fix old_size lower bound in calculate_iosize() too
     - ACPI: HED: Always initialize before evged
     - vxlan: Join / leave MC group after remote changes
     - media: test-drivers: vivid: don't call schedule in loop
     - net/mlx5: Modify LSB bitmask in temperature event to include only the
       first bit
     - net/mlx5: Apply rate-limiting to high temperature warning
     - ASoC: ops: Enforce platform maximum on initial value
     - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
     - pinctrl: devicetree: do not goto err when probing hogs in
       pinctrl_dt_to_map
     - kunit: tool: Use qboot on QEMU x86_64
     - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
     - [arm64] clk: qcom: clk-alpha-pll: Do not use random stack value for recalc
       rate
     - serial: sh-sci: Update the suspend/resume support
     - phy: core: don't require set_mode() callback for phy_get_mode() to work
     - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
     - drm/amd/display: Initial psr_version with correct setting
     - drm/amdgpu: enlarge the VBIOS binary size limit
     - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer()
     - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
     - net/mlx5e: set the tx_queue_len for pfifo_fast
     - net/mlx5e: reduce rep rxq depth to 256 for ECPF
     - wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
     - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
     - [powerpc*] arch/powerpc/perf: Check the instruction type before creating
       sample with perf_mem_data_src
     - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
     - r8152: add vendor/device ID pair for Dell Alienware AW1022z
     - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
     - [arm64] hwmon: (xgene-hwmon) use appropriate type for the latency value
     - vxlan: Annotate FDB data races
     - r8169: don't scan PHY addresses > 0
     - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
     - rcu: handle unstable rdp in rcu_read_unlock_strict()
     - rcu: fix header guard for rcu_all_qs()
     - perf: Avoid the read if the count is already updated
     - ice: count combined queues using Rx/Tx count
     - net/mana: fix warning in the writer of client oob
     - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
     - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector()
       fails
     - scsi: st: Restore some drive settings after reset
     - HID: usbkbd: Fix the bit shift number for LED_KANA
     - drm/ast: Find VBIOS mode from regular display size
     - bpftool: Fix readlink usage in get_fd_type
     - [x86] perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
     - wifi: rtl8xxxu: retry firmware download on error
     - wifi: rtw88: Don't use static local variable in
       rtw8822b_set_tx_power_index_by_rate
     - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet
     - wifi: ath9k: return by of_get_mac_address
     - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
     - drm/panel-edp: Add Starry 116KHD024006
     - drm: Add valid clones check
     - [arm64,armhf] pinctrl: meson: define the pull up/down resistor value as 60
       kOhm
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
     - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
     - nvmet-tcp: don't restore null sk_state_change
     - io_uring/fdinfo: annotate racy sq/cq head/tail reads
     - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
     - wifi: iwlwifi: add support for Killer on MTL
     - xenbus: Allow PVH dom0 a non-local xenstore
     - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
     - espintcp: remove encap socket caching to avoid reference leak
     - [amd64] dmaengine: idxd: add per DSA wq workqueue for processing cr faults
     - [amd64] dmaengine: idxd: add idxd_copy_cr() to copy user completion record
       during page fault handling
     - [amd64] dmaengine: idxd: Fix allowing write() from different address
       spaces
     - remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
     - xfrm: Sanitize marks before insert
     - [amd64] dmaengine: idxd: Fix ->poll() return value
     - Bluetooth: L2CAP: Fix not checking l2cap_chan security level
     - bridge: netfilter: Fix forwarding of fragmented packets
     - ice: fix vf->num_mac count with port representors
     - [arm64,armhf] net: dwmac-sun8i: Use parsed internal PHY address instead of
       1
     - net: lan743x: Restore SGMII CTRL register on resume
     - io_uring: fix overflow resched cqe reordering
     - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
       (CVE-2025-38000)
     - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
     - crypto: algif_hash - fix double free in hash_accept
     - padata: do not leak refcount in reorder_work
     - can: slcan: allow reception of short error messages
     - can: bcm: add locking for bcm_op runtime updates
     - can: bcm: add missing rcu read protection for procfs content
     - ALSA: pcm: Fix race of buffer access at PCM OSS layer
     - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
     - llc: fix data loss when reading from a socket in llc_ui_recvmsg()
     - [x86] platform/x86: dell-wmi-sysman: Avoid buffer overflow in
       current_password_store()
     - drm/edid: fixed the bug that hdr metadata was not reset
     - smb: client: Fix use-after-free in cifs_fill_dirent
     - smb: client: Reset all search buffer pointers when releasing buffer
     - Revert "drm/amd: Keep display off while going into S4" (Closes: #1107511)
     - memcg: always call cond_resched() after fn()
     - mm/page_alloc.c: avoid infinite retries caused by cpuset race
     - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
     - ksmbd: fix stream write failure
     - [arm64] spi: spi-fsl-dspi: restrict register range for regmap access
     - [arm64] spi: spi-fsl-dspi: Halt the module after a new message transfer
     - [arm64] spi: spi-fsl-dspi: Reset SR flags before sending a new message
     - kbuild: Disable -Wdefault-const-init-unsafe
     - serial: sh-sci: Save and restore more registers
     - [arm64,armhf] pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
     - [x86] mm/init: Handle the special case of device private pages in
       add_pages(), to not increase max_pfn and trigger dma_addressing_limited()
       bounce buffers bounce buffers
     - [amd64] dmaengine: idxd: Fix passing freed memory in idxd_cdev_open()
     - hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
       (CVE-2025-21816)
     - btrfs: check folio mapping after unlock in relocate_one_folio()
       (CVE-2024-56758)
     - af_unix: Kconfig: make CONFIG_UNIX bool
     - af_unix: Return struct unix_sock from unix_get_socket().
     - af_unix: Run GC on only one CPU.
     - af_unix: Try to run GC async.
     - af_unix: Replace BUG_ON() with WARN_ON_ONCE().
     - af_unix: Remove io_uring code for GC.
     - af_unix: Remove CONFIG_UNIX_SCM.
     - af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd.
     - af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd.
     - af_unix: Link struct unix_edge when queuing skb.
     - af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb.
     - af_unix: Iterate all vertices by DFS.
     - af_unix: Detect Strongly Connected Components.
     - af_unix: Save listener for embryo socket.
     - af_unix: Fix up unix_edge.successor for embryo socket.
     - af_unix: Save O(n) setup of Tarjan's algo.
     - af_unix: Skip GC if no cycle exists.
     - af_unix: Avoid Tarjan's algorithm if unnecessary.
     - af_unix: Assign a unique index to SCC.
     - af_unix: Detect dead SCC.
     - af_unix: Replace garbage collection algorithm.
     - af_unix: Remove lock dance in unix_peek_fds().
     - af_unix: Try not to hold unix_gc_lock during accept().
     - af_unix: Don't access successor in unix_del_edges() during GC.
     - af_unix: Add dead flag to struct scm_fp_list.
     - af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS
     - af_unix: Fix uninit-value in __unix_walk_scc()
     - [arm64] dts: qcom: sm8350: Fix typo in pil_camera_mem node
     - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
     - [arm64] perf/arm-cmn: Fix REQ2/SNP2 mixup
     - [arm64] perf/arm-cmn: Initialise cmn->cpu earlier
     - coredump: fix error handling for replace_fd()
     - pid: add pidfd_prepare()
     - fork: use pidfd_prepare()
     - coredump: hand a pidfd to the usermode coredump helper
     - HID: quirks: Add ADATA XPG alpha wireless mouse support
     - nfs: don't share pNFS DS connections between net namespaces
     - [x86] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
     - [armhf] spi: spi-sun4i: fix early activation
     - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
     - NFS: Avoid flushing data while holding directory locks in nfs_rename()
     - [x86] platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
     - [x86] platform/x86: thinkpad_acpi: Ignore battery threshold change event
       notification
     - [arm64] net: ethernet: ti: am65-cpsw: Lower random mac address error print
       to info
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.142
     - mm/uffd: fix vma operation where start addr cuts part of vma
     - tracing: Fix compilation warning on arm32
     - [arm64] pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs >
       31
     - [arm64] pinctrl: armada-37xx: set GPIO output value before setting
       direction
     - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
     - rtc: Make rtc_time64_to_tm() support dates before 1970
     - rtc: Fix offset calculation for .start_secs < 0
     - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
     - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
     - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
     - Bluetooth: hci_qca: move the SoC type check to the right place
     - usb: usbtmc: Fix timeout value in get_stb
     - [x86] thunderbolt: Do not double dequeue a configuration request
     - gfs2: gfs2_create_inode error handling fix
     - perf/core: Fix broken throttling when max_samples_per_tick=1
     - [arm64] crypto: sun8i-ce-cipher - fix error handling in
       sun8i_ce_cipher_prepare()
     - [powerpc*] crash: Fix non-smp kexec preparation
     - [x86] cpu: Sanitize CPUID(0x80000000) output
     - [arm*] crypto: marvell/cesa - Handle zero-length skcipher requests
     - [arm*] crypto: marvell/cesa - Avoid empty transfer descriptor
     - crypto: lrw - Only add ecb if it is not already there
     - crypto: xts - Only add ecb if it is not already there
     - [amd64] EDAC/skx_common: Fix general protection fault
     - power: reset: at91-reset: Optimize at91_reset()
     - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
     - [x86] mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
     - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
     - drm/vmwgfx: Add seqno waiter for sync_files
     - drm/amd/pp: Fix potential NULL pointer dereference in
       atomctrl_initialize_mc_reg_table
     - [arm64] media: rkvdec: Fix frame size enumeration
     - [arm64] fpsimd: Discard stale CPU state when handling SME traps
     - [arm64] fpsimd: Fix merging of FPSIMD state during signal return
     - watchdog: exar: Shorten identity name to fit correctly
     - firmware: psci: Fix refcount leak in psci_dt_init
     - [arm64] Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
     - [arm64,armhf] drm/tegra: rgb: Fix the unbound reference count
     - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
     - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
     - wifi: ath11k: fix node corruption in ar->arvifs list
     - IB/cm: use rwlock for MAD agent lock
     - bpf: fix ktls panic with sockmap
     - bpf, sockmap: fix duplicated data transmission
     - bpf, sockmap: Fix panic when calling skb_linearize
     - f2fs: fix to do sanity check on sbi->total_valid_block_count
     - net: ncsi: Fix GCPS 64-bit member variables
     - libbpf: Fix buffer overflow in bpf_object__init_prog
     - wifi: rtw88: do not ignore hardware read error during DPK
     - [arm64] RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
     - [arm64] scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
     - iommu: Protect against overflow in iommu_pgsize()
     - f2fs: clean up w/ fscrypt_is_bounce_page()
     - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
     - libbpf: Use proper errno value in linker
     - netfilter: bridge: Move specific fragmented packet to slow_path instead of
       dropping it
     - netfilter: nft_quota: match correctly when the quota just depleted
     - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
     - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
     - [arm64,armhf] clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
     - efi/libstub: Describe missing 'out' parameter in efi_load_initrd
     - tracing: Rename event_trigger_alloc() to trigger_data_alloc()
     - tracing: Fix error handling in event_trigger_parse()
     - libbpf: Use proper errno value in nlattr
     - bpf: Fix WARN() in get_bpf_raw_tp_regs
     - [s390x] bpf: Store backchain even for leaf progs
     - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
     - iommu: remove duplicate selection of DMAR_TABLE
     - wifi: ath9k_htc: Abort software beacon handling if disabled
     - kernfs: Relax constraint in draining guard
     - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
     - vfio/type1: Fix error unwind in migration dirty bitmap allocation
     - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
     - bpf, sockmap: Avoid using sk_socket after free when sending
     - netfilter: nft_tunnel: fix geneve_opt dump
     - net: usb: aqc111: fix error handling of usbnet read calls
     - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
     - bpf: Avoid __bpf_prog_ret0_warn when jit fails
     - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - calipso: Don't call calipso functions for AF_INET sk.
     - net: openvswitch: Fix the dead loop of MPLS parse
     - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
     - f2fs: use d_inode(dentry) cleanup dentry->d_inode
     - f2fs: fix to correct check conditions in f2fs_cross_rename
     - [arm64] dts: qcom: sm8250: Fix CPU7 opp table
     - [arm64] dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
     - [arm64] dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
     - [arm64] dts: imx8mm-beacon: Fix RTC capacitive load
     - [arm64] dts: imx8mn-beacon: Fix RTC capacitive load
     - [arm64] dts: mt6359: Add missing 'compatible' property to regulators node
     - [arm64] dts: qcom: sdm660-lavender: Add missing USB phy supply
     - [arm64] dts: qcom: sda660-ifc6560: Fix dt-validate warning
     - Squashfs: check return result of sb_min_blocksize
     - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
     - nilfs2: add pointer check for nilfs_direct_propagate()
     - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
     - bus: fsl-mc: fix double-free on mc_dev
     - dt-bindings: vendor-prefixes: Add Liontron name
     - [arm64] dts: rockchip: disable unrouted USB controllers and PHY on RK3399
       Puma with Haikou
     - [armhf] soc: aspeed: lpc: Fix impossible judgment condition
     - [armhf] soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
     - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - perf build: Warn when libdebuginfod devel files are not available
     - perf ui browser hists: Set actions->thread before calling do_zoom_thread()
     - dm: don't change md if dm_table_set_restrictions() fails
     - dm: free table mempools if not used in __bind
     - backlight: pm8941: Add NULL check in wled_configure()
     - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
     - hwmon: (asus-ec-sensors) check sensor index in read_string()
     - perf intel-pt: Fix PEBS-via-PT data_src
     - perf scripts python: exported-sql-viewer.py: Fix pattern matching with
       Python 3
     - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
     - remoteproc: k3-r5: Drop check performed in
       k3_r5_rproc_{mbox_callback/kick}
     - perf tests switch-tracking: Fix timestamp comparison
     - perf record: Fix incorrect --user-regs comments
     - nfs: clear SB_RDONLY before getting superblock
     - nfs: ignore SB_RDONLY when remounting nfs
     - [arm64] PCI: cadence: Fix runtime atomic count underflow
     - [arm64] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
     - [arm64] dmaengine: ti: Add NULL check in udma_probe()
     - PCI/DPC: Initialize aer_err_info before using it
     - usb: renesas_usbhs: Reorder clock handling and power management in probe
     - serial: Fix potential null-ptr-deref in mlb_usio_probe()
     - counter: interrupt-cnt: Protect enable/disable OPs with mutex
     - coresight: prevent deactivate active config while enabling the config
     - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
     - net: stmmac: platform: guarantee uniqueness of bus_id
     - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
     - net: tipc: fix refcount warning in tipc_aead_encrypt
     - net/mlx4_en: Prevent potential integer overflow calculating Hz
     - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
     - ice: create new Tx scheduler nodes for new queues only
     - ice: fix rebuilding the Tx scheduler tree for large queue counts
     - [armhf] net: dsa: tag_brcm: legacy: fix pskb_may_pull length
     - net: stmmac: make sure that ptp_rate is not 0 before configuring
       timestamping
     - net: fix udp gso skb_segment after pull from frag_list
     - vmxnet3: correctly report gso type for UDP tunnels
     - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
     - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
     - netfilter: nf_set_pipapo_avx2: fix initial map fill
     - wireguard: device: enable threaded NAPI
     - seg6: Fix validation of nexthop addresses
     - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
     - do_change_type(): refuse to operate on unmounted/not ours mounts
     - xfs: fix interval filtering in multi-step fsmap queries
     - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends
     - xfs: fix getfsmap reporting past the last rt extent
     - xfs: clean up the rtbitmap fsmap backend
     - xfs: fix logdev fsmap query result filtering
     - xfs: validate fsmap offsets specified in the query keys
     - xfs: fix xfs_btree_query_range callers to initialize btree rec fully
     - xfs: fix an agbno overflow in __xfs_getfsmap_datadev
     - xfs: fix the contact address for the sysfs ABI documentation
     - xfs: verify buffer, inode, and dquot items every tx commit
     - xfs: use consistent uid/gid when grabbing dquots for inodes
     - xfs: declare xfs_file.c symbols in xfs_file.h
     - xfs: create a new helper to return a file's allocation unit
     - xfs: Fix xfs_flush_unmap_range() range for RT
     - xfs: Fix xfs_prepare_shift() range for RT
     - xfs: don't walk off the end of a directory data block (CVE-2024-41013)
     - xfs: remove unused parameter in macro XFS_DQUOT_LOGRES
     - xfs: attr forks require attr, not attr2
     - xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set
     - xfs: Fix the owner setting issue for rmap query in xfs fsmap
     - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
     - xfs: take m_growlock when running growfsrt
     - xfs: reset rootdir extent size hint after growfsrt
     - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
     - Input: synaptics-rmi - fix crash with unsupported versions of F34
     - [arm64] serial: sh-sci: Check if TX data was written to device in
       .tx_empty()
     - [arm64] serial: sh-sci: Move runtime PM enable to sci_probe_single()
     - [arm64] serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - scsi: core: ufs: Fix a hang in the error handler
     - Bluetooth: hci_core: fix list_for_each_entry_rcu usage
     - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
     - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
     - ath10k: snoc: fix unbalanced IRQ enable in crash recovery
     - wifi: ath11k: remove unused function ath11k_tm_event_wmi()
     - wifi: ath11k: fix soc_dp_stats debugfs file permission
     - wifi: ath11k: convert timeouts to secs_to_jiffies()
     - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
     - wifi: ath11k: don't use static variables in
       ath11k_debugfs_fw_stats_process()
     - wifi: ath11k: don't wait when there is no vdev started
     - wifi: ath11k: validate ath11k_crypto_mode on top of
       ath11k_core_qmi_firmware_ready
     - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
     - pinctrl: qcom: pinctrl-qcm2290: Add missing pins
     - scsi: iscsi: Fix incorrect error path labels for flashnode operations
     - net_sched: sch_sfq: fix a potential crash on gso_skb handling
     - [powerpc*] powernv/memtrace: Fix out of bounds issue in memtrace mmap
       (CVE-2025-38088)
     - [powerpc*] vas: Return -EINVAL if the offset is non-zero in mmap()
     - [arm64] drm/meson: use unsigned long long / Hz for frequency types
     - [arm64] drm/meson: fix debug log statement when setting the HDMI clocks
     - [arm64] drm/meson: use vclk_freq instead of pixel_freq in debug print
     - [arm64] drm/meson: fix more rounding issues with 59.94Hz modes
     - i40e: return false from i40e_reset_vf if reset is in progress
     - i40e: retry VFLR handling if there is ongoing VF reset
     - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
     - net: Fix TOCTOU issue in sk_is_readable()
     - macsec: MACsec SCI assignment for ES = 0
     - net: mdio: C22 is now optional, EOPNOTSUPP if not provided
     - net/mdiobus: Fix potential out-of-bounds read/write access
     - Bluetooth: Fix NULL pointer deference on eir_get_service_data
     - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
     - Bluetooth: MGMT: Fix sparse errors
     - net/mlx5: Ensure fw pages are always allocated on same NUMA
     - net/mlx5: Fix return value when searching for existing flow group
     - net/mlx5e: Fix leak of Geneve TLV option object
     - net_sched: prio: fix a race in prio_tune() (CVE-2025-38083)
     - net_sched: red: fix a race in __red_change()
     - net_sched: tbf: fix a race in tbf_change()
     - net_sched: ets: fix a race in ets_qdisc_change()
     - fs/filesystems: Fix potential unsigned integer underflow in fs_name()
     - nvmet-fcloop: access fcpreq only when holding reqlock
     - perf: Ensure bpf_perf_link path is properly serialized
     - bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
     - tools/resolve_btfids: Fix build when cross compiling kernel with clang.
     - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
     - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
     - Revert "io_uring: ensure deferred completions are posted for multishot"
     - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
       posix_cpu_timer_del()
     - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
     - kbuild: Add KBUILD_CPPFLAGS to as-option invocation
     - usb: usbtmc: Fix read_stb function and get_stb ioctl
     - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
     - usb: Flush altsetting 0 endpoints before reinitializating them after
       reset.
     - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
     - [arm64] xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
     - [x86] iopl: Cure TIF_IO_BITMAP inconsistencies
     - calipso: unlock rcu before returning -EAFNOSUPPORT
     - net: usb: aqc111: debug info before sanitation
     - [arm64] drm/meson: Use 1000ULL when operating with mode->clock
     - configfs: Do not override creating attribute file failure in
       populate_attrs()
     - crypto: marvell/cesa - Do not chain submitted requests
     - gfs2: move msleep to sleepable context
     - [arm64,armhf] ASoC: meson: meson-card-utils: use of_property_present() for
       DT parsing
     - io_uring: account drain memory to cgroup
     - [powerpc*] pseries/msi: Avoid reading PCI device registers in reduced
       power states
     - regulator: max20086: Fix MAX200086 chip id
     - regulator: max20086: Change enable gpio to optional
     - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
     - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
     - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
     - wifi: ath11k: fix rx completion meta data corruption
     - wifi: ath11k: fix ring-buffer corruption
     - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
     - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
     - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
     - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
     - media: cxusb: no longer judge rbuf when the write fails
     - media: gspca: Add error handling for stv06xx_read_sensor()
     - media: omap3isp: use sgtable-based scatterlist wrappers
     - media: v4l2-dev: fix error handling in __video_register_device()
     - media: videobuf2: use sgtable-based scatterlist wrappers
     - media: vidtv: Terminating the subsequent process of initialization failure
     - media: vivid: Change the siize of the composing
     - media: uvcvideo: Return the number of processed controls
     - media: uvcvideo: Send control events for partial succeeds
     - media: uvcvideo: Fix deferred probing error
     - [armel,armhf] 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
     - bus: mhi: host: Fix conflict between power_up and SYSERR
     - can: tcan4x5x: fix power regulator retrieval during probe
     - ceph: set superblock s_magic for IMA fsmagic matching
     - cgroup,freezer: fix incomplete freezing when attaching tasks
     - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
     - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
     - bus: fsl-mc: fix GET/SET_TAILDROP command ids
     - ext4: inline: fix len overflow in ext4_prepare_inline_data
     - ext4: fix calculation of credits for extent tree modification
     - ext4: factor out ext4_get_maxbytes()
     - ext4: ensure i_size is smaller than maxbytes
     - Input: ims-pcu - check record size in ims_pcu_flash_firmware()
     - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
     - f2fs: prevent kernel warning due to negative i_nlink from corrupted image
     - f2fs: fix to do sanity check on sit_bitmap_size
     - NFC: nci: uart: Set tty->disc_data only in success path
     - net: ftgmac100: select FIXED_PHY
     - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
     - vgacon: Add check for vc_origin address range in vgacon_scroll()
     - [arm64] clk: meson-g12a: add missing fclk_div2 to spicc
     - ipc: fix to protect IPCS lookups using RCU
     - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
     - mm: fix ratelimit_pages update error in dirty_ratio_handler()
     - [armhf] mtd: rawnand: sunxi: Add randomizer configuration in
       sunxi_nfc_hw_ecc_write_chunk
     - [armhf] mtd: nand: sunxi: Add randomizer configuration before randomizer
       enable
     - [x86] KVM: SVM: Clear current_vmcb during vCPU free for all *possible*
       CPUs
     - dm-mirror: fix a tiny race condition
     - ftrace: Fix UAF when lookup kallsym after ftrace disabled
     - net: ch9200: fix uninitialised access during mii_nway_restart
       (CVE-2025-38086)
     - [s390x] KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
     - staging: iio: ad5933: Correct settling cycles encoding per datasheet
     - regulator: max14577: Add error check for max14577_read_reg()
     - remoteproc: core: Cleanup acquired resources when rproc_handle_resources()
       fails in rproc_attach()
     - remoteproc: core: Release rproc->clean_table after rproc_attach() fails
     - cifs: reset connections for all channels when reconnect requested
     - uio_hv_generic: Use correct size for interrupt and monitor pages
     - PCI: cadence-ep: Correct PBA offset in .set_msix() callback
     - PCI: Add ACS quirk for Loongson PCIe
     - PCI: Fix lock symmetry in pci_slot_unlock()
     - PCI: dw-rockchip: Fix PHY function call sequence in
       rockchip_pcie_phy_deinit()
     - iio: accel: fxls8962af: Fix temperature scan element sign
     - iio: imu: inv_icm42600: Fix temperature calculation
     - iio: adc: ad7606_spi: fix reg write value mask
     - ACPICA: fix acpi operand cache leak in dswstate.c
     - [x86] ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
     - clocksource: Fix the CPUs' choice in the watchdog per CPU verification
     - mmc: Add quirk to disable DDR50 tuning
     - ACPICA: Avoid sequence overread in call to strncmp()
     - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
     - ACPI: bus: Bail out if acpi_kobj registration fails
     - ACPICA: fix acpi parse and parseext cache leaks
     - power: supply: bq27xxx: Retrieve again when busy
     - ACPICA: utilities: Fix overflow check in vsnprintf()
     - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
     - ACPI: battery: negate current when discharging
     - net: macb: Check return value of dma_set_mask_and_coherent()
     - net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
     - tipc: use kfree_sensitive() for aead cleanup
     - bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
     - i2c: designware: Invoke runtime suspend on quick slave re-registration
     - emulex/benet: correct command version selection in be_cmd_get_stats()
     - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
     - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
     - sctp: Do not wake readers in __sctp_write_space()
     - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
     - i2c: tegra: check msg length in SMBUS block read
     - i2c: npcm: Add clock toggle recovery
     - net: dlink: add synchronization for stats update
     - wifi: ath11k: Fix QMI memory reuse logic
     - tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
     - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
     - [x86] sgx: Prevent attempts to reclaim poisoned pages
     - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
     - net: atlantic: generate software timestamp just before the doorbell
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_set_by_name()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_gpio_get_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_gpio_set_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
     - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
     - net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
     - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
     - wifi: mac80211: do not offer a mesh path if forwarding is disabled
     - clk: rockchip: rk3036: mark ddrphy as critical
     - libbpf: Add identical pointer detection to btf_dedup_is_equiv()
     - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
     - [amd64] iommu/amd: Ensure GA log notifier callbacks finish running before
       module unload
     - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
     - net: bridge: mcast: update multicast contex when vlan state is changed
     - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
       functions
     - vxlan: Do not treat dst cache initialization errors as fatal
     - software node: Correct a OOB check in software_node_get_reference_args()
     - pinctrl: mcp23s08: Reset all pins to input at probe
     - scsi: lpfc: Use memcpy() for BIOS version
     - sock: Correct error checking condition for (assign|release)_proto_idx()
     - i40e: fix MMIO write access to an invalid page in i40e_clear_hw
     - ice: fix check for existing switch rule
     - bpf, sockmap: Fix data lost during EAGAIN retries
     - net: ethernet: cortina: Use TOE/TSO on all TCP
     - fbcon: Make sure modelist not set on unregistered console
     - watchdog: da9052_wdt: respect TWDMIN
     - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
     - [armhf] OMAP2+: Fix l4ls clk domain handling in STANDBY
     - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
       first"
     - [x86] platform/x86: dell_rbu: Fix list usage
     - [x86] platform/x86: dell_rbu: Stop overwriting data buffer
     - [powerpc*] eeh: Fix missing PE bridge reconfiguration during VFIO EEH
       recovery
     - Revert "x86/bugs: Make spectre user default depend on
       MITIGATION_SPECTRE_V2" on v6.6 and older
     - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (CVE-2025-38090)
     - jffs2: check that raw node were preallocated before writing summary
     - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
     - smb: improve directory cache reuse for readdir operations
     - scsi: storvsc: Increase the timeouts to storvsc_timeout
     - scsi: s390: zfcp: Ensure synchronous unit_add
     - net_sched: sch_sfq: reject invalid perturb period
     - udmabuf: use sgtable-based scatterlist wrappers
     - ksmbd: fix null pointer dereference in destroy_previous_session
     - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
     - atm: Revert atm_account_tx() if copy_from_iter_full() fails.
     - Input: sparcspkr - avoid unannotated fall-through
     - wifi: cfg80211: init wiphy_work before allocating rfkill fails
       (CVE-2025-22119)
     - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
       card
     - ALSA: hda/intel: Add Thinkpad E15 to PM deny list
     - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
     - mm/hugetlb: unshare page tables during VMA split, not before
       (CVE-2025-38084)
     - mm: hugetlb: independent PMD page table shared count (CVE-2024-57883)
     - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
     - mm/huge_memory: fix dereferencing invalid pmd migration entry
       (CVE-2025-37958)
     - net: Fix checksum update for ILA adj-transport
     - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
     - erofs: remove unused trace event erofs_destroy_inode
     - [arm64] drm/msm/disp: Correct porch timing for SDM845
     - [arm64] drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
     - ionic: Prevent driver/fw getting out of sync on devcmd(s)
     - drm/nouveau/bl: increase buffer size to avoid truncate warning
     - hwmon: (occ) Rework attribute registration for stack usage
     - hwmon: (occ) fix unaligned accesses
     - pldmfw: Select CRC32 when PLDMFW is selected
     - aoe: clean device rq_list in aoedev_downdev()
     - net: ice: Perform accurate aRFS flow match
     - ptp: fix breakage after ptp_vclock_in_use() rework
     - ptp: allow reading of currently dialed frequency to succeed on
       free-running clocks
     - wifi: carl9170: do not ping device which has failed to load firmware
     - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
     - atm: atmtcp: Free invalid length skb in atmtcp_c_send().
     - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
       behavior
     - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
     - tcp: fix passive TFO socket having invalid NAPI ID
     - net: microchip: lan743x: Reduce PTP timeout on HW failure
     - net: lan743x: fix potential out-of-bounds write in
       lan743x_ptp_io_event_clock_get()
     - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
     - net: atm: add lec_mutex
     - net: atm: fix /proc/net/atm/lec handling
     - dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
     - [x86] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
     - [arm64] dts: ti: k3-j721e-sk: Add DT nodes for power regulators
     - serial: sh-sci: Increment the runtime usage counter for the earlycon
       device
     - Revert "cpufreq: tegra186: Share policy per cluster"
     - smb: client: fix first command failure during re-negotiation
     - [s390x] pci: Fix __pcilg_mio_inuser() inline assembly
     - perf: Fix sample vs do_exit()
     - [arm64] ptrace: Fix stack-out-of-bounds read in
       regs_get_kernel_stack_nth()
     - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.143
     - cifs: Correctly set SMB1 SessionKey field in Session Setup Request
     - cifs: Fix cifs_query_path_info() for Windows NT servers
     - NFSv4: Always set NLINK even if the server doesn't support it
     - NFSv4.2: fix listxattr to return selinux security label
     - [arm*] mailbox: Not protect module_put with spin_lock_irqsave
     - leds: multicolor: Fix intensity setting while SW blinking
     - NFSv4: xattr handlers should check for absent nfs filehandles
     - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
       extension
     - md/md-bitmap: fix dm-raid max_write_behind setting
     - amd/amdkfd: fix a kfd_process ref leak
     - bcache: fix NULL pointer in cache_set_flush()
     - iio: pressure: zpa2326: Use aligned_s64 for the timestamp
     - [arm64] coresight: Only check bottom two claim bits
     - [arm64,armhf] usb: dwc2: also exit clock_gating when stopping udc while
       suspended
     - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
     - usb: potential integer overflow in usbg_make_tpg()
     - usb: common: usb-conn-gpio: use a unique name for usb connector device
     - usb: Add checks for snprintf() calls in usb_alloc_dev()
     - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
     - usb: typec: displayport: Receive DP Status Update NAK request exit dp
       altmode
     - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
     - ALSA: hda: Ignore unsol events for cards being shut down
     - ALSA: hda: Add new pci id for AMD GPU display HD audio controller
     - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
     - ceph: fix possible integer overflow in ceph_zero_objects()
     - ovl: Check for NULL d_inode() in ovl_dentry_upper()
     - btrfs: handle csum tree error with rescue=ibadroots correctly
     - [x86] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
     - [x86] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on
       DG1"
     - fs/jfs: consolidate sanity checking in dbMount
     - jfs: validate AG parameters in dbMount() to prevent crashes
       (CVE-2025-38230)
     - media: imx-jpeg: Cleanup after an allocation error (CVE-2025-38225)
     - f2fs: don't over-report free space or inodes in statvfs
     - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in
       fb_videomode_to_var (CVE-2025-38215)
     - drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
     - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
     - Drivers: hv: move panic report code from vmbus to hv early init code
     - Drivers: hv: Change hv_free_hyperv_page() to take void * argument
     - Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
       (CVE-2024-36913)
     - Drivers: hv: Allocate interrupt and monitor pages aligned to system page
       boundary
     - Drivers: hv: vmbus: Add utility function for querying ring size
     - uio_hv_generic: Query the ringbuffer size for device
     - uio_hv_generic: Align ring size to system page
     - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
     - vgacon: remove unneeded forward declarations
     - tty: vt: make init parameter of consw::con_init() a bool
     - tty: vt: sanitize arguments of consw::con_clear()
     - tty: vt: make consw::con_switch() return a bool
     - dummycon: Trigger redraw when switching consoles with deferred takeover
     - af_unix: Don't call skb_get() for OOB skb.
     - af_unix: Don't leave consecutive consumed OOB skbs.
     - i2c: tiny-usb: disable zero-length read messages
     - i2c: robotfuzz-osif: disable zero-length read messages
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
     - [s390x] pkey: Prevent overflow in size calculation for memdup_user()
     - atm: clip: prevent NULL deref in clip_push()
     - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
     - attach_recursive_mnt(): do not lock the covering tree when sliding
       something under it
     - libbpf: Fix null pointer dereference in btf_dump__free on allocation
       failure
     - wifi: mac80211: fix beacon interval calculation overflow
     - af_unix: Don't set -ECONNRESET for consumed OOB skb.
     - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
     - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
     - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
       (Closes: #1108069)
     - net: selftests: fix TCP packet checksum
     - [arm64] drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
     - [arm64] drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
     - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
     - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
     - serial: imx: Restore original RXTL for console to fix data loss
     - Bluetooth: L2CAP: Fix L2CAP MTU negotiation
     - dm-raid: fix variable in journal device check
     - btrfs: fix a race between renames and directory logging
     - btrfs: update superblock's device bytes_used when dropping chunk
     - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
     - HID: wacom: fix memory leak on kobject creation failure
     - HID: wacom: fix memory leak on sysfs attribute creation failure
     - HID: wacom: fix kobject reference count leak
     - scsi: megaraid_sas: Fix invalid node index
     - [arm64,armhf] drm/etnaviv: Protect the scheduler's pending list with its
       lock
     - [arm64,armhf] drm/tegra: Assign plane type before registration
     - [arm64,armhf] drm/tegra: Fix a possible null pointer dereference
     - drm/udl: Unregister device before cleaning up on disconnect
     - [arm64] drm/msm/gpu: Fix crash when throttling GPU immediately during boot
     - drm/amdkfd: Fix race in GWS queue scheduling
     - drm/amd/display: Add null pointer check for get_first_active_display()
     - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
     - drm/amdgpu: Add kicker device detection
     - ksmbd: Use unsafe_memcpy() for ntlm_negotiate
     - ksmbd: remove unsafe_memcpy use in session setup
     - fs: omfs: Use flexible-array member in struct omfs_extent
     - fbdev: hyperv_fb: Convert comma to semicolon
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - media: uvcvideo: Rollback non processed entities on error
     - [s390x] entry: Fix last breaking event handling in case of stack
       corruption
     - Kunit to check the longest symbol length
     - [x86] tools: Drop duplicate unlikely() definition in insn_decoder_test.c
     - Revert "ipv6: save dontfrag in cork"
     - nvme: always punt polled uring_cmd end_io work to task_work
     - io_uring/kbuf: account ring io_buffer_list memory
     - [arm64] firmware: arm_scmi: Add a common helper to check if a message is
       supported
     - [arm64] firmware: arm_scmi: Ensure that the message-id supports
       fastchannel
     - [arm64] Restrict pagetable teardown to avoid false warning
     - [arm*] 9354/1: ptrace: Use bitfield helpers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.144
     - rtc: cmos: use spin_lock_irqsave in cmos_interrupt
     - [s390x] pci: Do not try re-enabling load/store if device is disabled
     - vsock/vmci: Clear the vmci transport packet properly when initializing it
     - mmc: sdhci: Add a helper function for dump register in dynamic debug mode
     - Revert "mmc: sdhci: Disable SD card clock before changing parameters"
       (Closes: #1108065)
     - Bluetooth: hci_sync: revert some mesh modifications
     - Bluetooth: MGMT: set_mesh: update LE scan interval and window
     - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising
     - [arm64,armhf] regulator: gpio: Fix the out-of-bounds access to
       drvdata::gpiods
     - usb: typec: altmodes/displayport: do not index invalid pin_assignments
     - [arm64] dts: apple: t8103: Fix PCIe BCM4377 nodename
     - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
     - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
     - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
     - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
     - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
     - scsi: ufs: core: Fix spelling of a sysfs attribute name
     - RDMA/mlx5: Fix CC counters query for MPV
     - Bluetooth: Prevent unintended pause by checking if advertising is active
     - btrfs: fix missing error handling when searching for inode refs during log
       replay
     - btrfs: fix iteration of extrefs during log replay
     - ethernet: atl1: Add missing DMA mapping error checks and count errors
     - [armhf] drm/exynos: fimd: Guard display clock control with runtime PM
       calls
     - [arm64] spi: spi-fsl-dspi: Clear completion counter before initiating
       transfer
     - [x86] platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
       callbacks
     - [x86] drm/i915/gt: Fix timeline left held on VMA alloc error
     - [x86] drm/i915/gsc: mei interrupt top half should be in irq disabled
       context
     - igc: disable L1.2 PCI-E link substate to avoid performance issue
     - [amd64,arm64] amd-xgbe: align CL37 AN sequence as per databook
     - enic: fix incorrect MTU comparison in enic_change_mtu()
     - rose: fix dangling neighbour pointers in rose_rt_device_down()
     - nui: Fix dma_mapping_error() check
     - net/sched: Always pass notifications when child class becomes empty
     - smb: client: fix race condition in negotiate timeout by using more precise
       timing
     - [arm64] drm/msm: Fix a fence leak in submit error path
     - [arm64] drm/msm: Fix another leak in the submit error path
     - ALSA: sb: Don't allow changing the DMA mode during operations
     - ALSA: sb: Force to disable DMAs once when DMA mode is changed
     - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled
     - ata: pata_cs5536: fix build on 32-bit UML
     - [powerpc*] Fix struct termio related ioctl macros
     - [x86] ASoC: amd: yc: update quirk data for HP Victus
     - scsi: target: Fix NULL pointer dereference in
       core_scsi3_decode_spec_i_port()
     - aoe: defer rexmit timer downdev work to workqueue
     - wifi: mac80211: drop invalid source address OCB frames
     - wifi: ath6kl: remove WARN on bad firmware input
     - ACPICA: Refuse to evaluate a method if arguments are missing
     - mtd: spinand: fix memory leak of ECC engine conf
     - rcu: Return early if callback is not specified
     - virtio-net: ensure the received length does not exceed allocated size
     - [arm64] drm/v3d: Disable interrupts before resetting the GPU
     - NFSv4/flexfiles: Fix handling of NFS level errors in I/O
     - btrfs: use btrfs_record_snapshot_destroy() during rmdir
     - [arm64] dpaa2-eth: fix xdp_rxq_info leak
     - [x86] platform/x86: think-lmi: Fix class device unregistration
     - [x86] platform/x86: dell-wmi-sysman: Fix class device unregistration
     - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
     - xhci: dbctty: disable ECHO flag by default
     - xhci: dbc: Flush queued requests before stopping dbc
     - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
     - usb: cdnsp: do not disable slot for disabled slot
     - dma-buf: fix timeout handling in dma_resv_wait_timeout v2
     - i2c/designware: Fix an initialization issue
     - Logitech C-270 even more broken
     - [x86] platform/x86: think-lmi: Create ksets consecutively
     - [x86] platform/x86: think-lmi: Fix kobject cleanup
     - usb: typec: displayport: Fix potential deadlock
     - [amd64] Mitigations Transitive Scheduler Attacks (TSA) (CVE-2024-36350,
       CVE-2024-36357)
       + x86/bugs: Rename MDS machinery to something more generic
       + x86/bugs: Add a Transient Scheduler Attacks mitigation
       + KVM: SVM: Advertise TSA CPUID bits to guests
       + x86/process: Move the buffer clearing before MONITOR
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.145
     - [amd64] x86/CPU/AMD: Properly check the TSA microcode
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.146
     - [x86] platform/x86: ideapad-laptop: use usleep_range() for EC polling
     - perf: Revert to requiring CAP_SYS_ADMIN for uprobes
     - Bluetooth: hci_sync: Fix not disabling advertising instance
     - fix proc_sys_compare() handling of in-lookup dentries
     - netlink: Fix wraparounds of sk->sk_rmem_alloc.
     - tipc: Fix use-after-free in tipc_conn_close().
     - vsock: Fix transport_{g2h,h2g} TOCTOU
     - vsock: Fix transport_* TOCTOU
     - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
     - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
     - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
     - atm: clip: Fix potential null-ptr-deref in to_atmarpd().
     - atm: clip: Fix memory leak of struct clip_vcc.
     - atm: clip: Fix infinite recursive call of clip_push().
     - atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
     - net/sched: Abort __tc_modify_qdisc if parent class does not exist
     - maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
     - rxrpc: Fix oops due to non-existence of prealloc backlog struct
     - [x86] boot: Compile boot code with -std=gnu11 too
     - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
     - [x86] mce/amd: Fix threshold limit reset
     - [x86] mce: Don't remove sysfs if thresholding sysfs init fails
     - [x86] mce: Make sure CMCI banks are cleared during shutdown on Intel
     - [x86] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ
       routing table.
     - [x86] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is
       in-flight
     - gre: Fix IPv6 multicast route creation. (Closes: #1108430)
     - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734)
     - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts
     - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558)
     - drm/sched: Increment job count before swapping tail spsc queue
     - drm/ttm: fix error handling in ttm_buffer_object_transfer
     - drm/gem: Fix race in drm_gem_handle_create_tail()
     - usb: gadget: u_serial: Fix race condition in TTY wakeup
     - Revert "ACPI: battery: negate current when discharging"
     - kallsyms: fix build without execinfo
     - maple_tree: fix mt_destroy_walk() on root leaf node
     - pwm: mediatek: Ensure to disable clocks in error path
     - smb: server: make use of rdma_destroy_qp()
     - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
     - netlink: Fix rmem check in netlink_broadcast_deliver().
     - netlink: make sure we allow at least one dump skb
     - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
     - btrfs: propagate last_unlink_trans earlier when doing a rmdir
     - xhci: Allow RPM on the USB controller (1022:43f7) by default
     - usb: xhci: quirk for data loss in ISOC transfers
     - Input: xpad - support Acer NGR 200 Controller
     - [arm64,armhf] usb: dwc3: Abort suspend on soft disconnect failure
     - wifi: zd1211rw: Fix potential NULL pointer dereference in
       zd_mac_tx_to_dev()
     - [arm64,armhf] drm/tegra: nvdec: Fix dma_alloc_coherent error check
     - md/raid1: Fix stack memory use after return in raid1_reshape
     - raid10: cleanup memleak at raid10_make_request
     - nbd: fix uaf in nbd_genl_connect() error path
     - erofs: remove the member readahead from struct z_erofs_decompress_frontend
     - erofs: clean up z_erofs_pcluster_readmore()
     - erofs: allocate extra bvec pages directly instead of retrying
     - erofs: avoid on-stack pagepool directly passed by arguments
     - erofs: adapt folios for z_erofs_read_folio()
     - erofs: fix to add missing tracepoint in erofs_read_folio()
     - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
     - net: appletalk: Fix device refcount leak in atrtr_create()
     - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
     - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
     - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
       debug level
     - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
     - bnxt_en: Fix DCB ETS validation
     - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
     - atm: idt77252: Add missing `dma_map_error()`
     - [x86] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
     - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
     - net: usb: qmi_wwan: add SIMCom 8230C composition
     - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
     - btrfs: fix assertion when building free space tree
     - vt: add missing notification when switching back to text mode
     - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
     - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
     - Input: atkbd - do not skip atkbd_deactivate() when skipping
       ATKBD_CMD_GETID
     - vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074)
     - [x86] mm: Disable hugetlb page table sharing on 32-bit
     - [x86] Fix X86_FEATURE_VERW_CLEAR definition
     - ksmbd: fix potential use-after-free in oplock/lease break ack
     - rseq: Fix segfault on registration when rseq_cs is non-zero
       (CVE-2025-38067)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.147
     - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
     - USB: serial: option: add Foxconn T99W640
     - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
     - usb: gadget: configfs: Fix OOB read on empty string write
     - [armhf] i2c: stm32: fix the device used for the DMA map
     - [x86] thunderbolt: Fix bit masking in tb_dp_port_set_hops()
     - Input: xpad - set correct controller type for Acer NGR200
     - pch_uart: Fix dma_sync_sg_for_device() nents value
     - HID: core: ensure the allocated report buffer can contain the reserved
       report ID
     - HID: core: ensure __hid_request reserves the report ID as the first byte
     - HID: core: do not bypass hid_hw_raw_request
     - tracing: Add down_write(trace_event_sem) when adding trace event
     - io_uring/poll: fix POLLERR handling
     - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
       pep_sock_accept()
     - net/mlx5: Update the list of the PCI supported devices
     - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
     - af_packet: fix soft lockup issue caused by tpacket_snd()
     - isofs: Verify inode mode when loading from disk
     - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
     - [arm64,armhf] mmc: bcm2835: Fix dma_unmap_sg() nents value
     - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
       Positivo models
     - [arm64] mmc: sdhci_am654: Workaround for Errata i2312
     - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
     - smb: client: fix use-after-free in crypt_message when using async crypto
     - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order
     - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
     - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
     - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
     - iio: adc: max1363: Reorder mode_list[] entries
     - iio: adc: stm32-adc: Fix race in installing chained IRQ handler
     - [i386] comedi: pcl812: Fix bit shift out of bounds
     - [i386] comedi: aio_iiro_16: Fix bit shift out of bounds
     - [i386] comedi: das16m1: Fix bit shift out of bounds
     - [i386] comedi: das6402: Fix bit shift out of bounds
     - [i386] comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
     - [i386] comedi: Fix some signed shift left operations
     - [i386] comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
     - [i386] comedi: Fix initialization of data for instructions that write to
       subdevice
     - bpf: Reject %p% format string in bprintf-like helpers
     - cachefiles: Fix the incorrect return value in __cachefiles_write()
     - net/sched: sch_qfq: Fix race condition on qfq_aggregate
     - rpl: Fix use-after-free in rpl_do_srh_inline().
     - smb: client: fix use-after-free in cifs_oplock_break
     - nvme: fix misaccounting of nvme-mpath inflight I/O
     - [x86] hwmon: (corsair-cpro) Validate the size of the received input buffer
     - usb: net: sierra: check for no status endpoint
     - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
     - Bluetooth: hci_sync: fix connectable extended advertising when using
       static random address
     - Bluetooth: SMP: If an unallowed command is received consider it a failure
     - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
     - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant
       without board ID
     - net/mlx5: Correctly set gso_size when LRO is used
     - ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
     - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
     - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
     - tls: always refresh the queue when reading sock
     - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
       runtime
     - net: bridge: Do not offload IGMP/MLD messages
     - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
     - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
     - sched: Change nr_uninterruptible type to unsigned long
     - HID: mcp2221: Set driver data before I2C adapter add
     - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right
       userns
     - usb: hub: fix detection of high tier USB3 devices behind suspended hubs
     - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
       pm
     - usb: hub: Fix flushing of delayed work used for post resume purposes
     - usb: hub: Don't try to recover devices lost during warm reset.
     - usb: musb: Add and use inline functions musb_{get,set}_state
     - usb: musb: fix gadget state on disconnect
     - [arm64] usb: dwc3: qcom: Don't leave BCR asserted
     - [arm64] ASoC: fsl_sai: Force a software reset when starting in consumer
       mode
     - Bluetooth: HCI: Set extended advertising data synchronously
     - mm/vmalloc: leave lazy MMU mode on PTE mapping error
     - nvmem: layouts: u-boot-env: remove crc32 endianness conversion
 .
   [ Uwe Kleine-König ]
   * Disable CONFIG_CDROM_PKTCDVD for all archs as this driver is
     orphaned, buggy and not needed. (Closes: #1107479)
 .
   [ Salvatore Bonaccorso ]
   * [amd64] drivers/acpi: Make ACPI_HED built-in
   * Bump ABI to 38
   * [rt] Update to 6.1.141-rt52
   * net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
     qfq_delete_class
   * [amd64] x86/bugs: Fix use of possibly uninit value in
     amd_check_tsa_microcode()
 .
   [ Kevin P. Fleming ]
   * test-patches: Add defaults for DEBEMAIL and DEBFULLNAME
linux-signed-arm64 (6.1.140+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.140-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.140
     - binfmt: Fix whitespace issues
     - binfmt_elf: Support segments with 0 filesz and misaligned starts
     - binfmt_elf: elf_bss no longer used by load_elf_binary()
     - binfmt_elf: Leave a gap between .bss and brk
     - binfmt_elf: Calculate total_size earlier
     - binfmt_elf: Honor PT_LOAD alignment for static PIE
     - binfmt_elf: Move brk for static PIE even if ASLR disabled
     - [x86] platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - tpm: tis: Double the timeout B to 4s
     - iio: adc: ad7266: Fix potential timestamp alignment issue.
     - drm/amd: Stop evicting resources on APUs in suspend
     - drm/amdgpu: Fix the runtime resume failure issue
     - drm/amdgpu: trigger flr_work if reading pf2vf data failed
     - drm/amd: Add Suspend/Hibernate notification callback support
     - Revert "drm/amd: Stop evicting resources on APUs in suspend"
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
     - HID: uclogic: Add NULL check in uclogic_input_configured()
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - net_sched: Flush gso_skb list too during ->change()
     - net: mctp: Ensure keys maintain only one ref to corresponding dev
     - [arm64] net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - nvme-pci: make nvme_pci_npages_prp() __always_inline
     - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - net/mlx5e: Disable MACsec offload for uplink representor profile
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - net/tls: fix kernel panic when alloc_page failed
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - drm/amd/display: Correct the reply value when AUX write incomplete
     - drm/amd/display: Avoid flooding unnecessary info messages
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - dma-buf: insert memory barrier before updating num_fences
     - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
     - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
     - hv_netvsc: Remove rmsg_pgcnt
     - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
     - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - [arm64,armhf] phy: Fix error handling in tegra_xusb_port_init
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
     - [arm64] phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
     - smb: client: fix memory leak during error handling for POSIX mkdir
     - wifi: mt76: disable napi on driver removal
     - net: qede: Initialize qede_ll_ops with designated initializer
     - [arm64] dmaengine: ti: k3-udma: Add missing locking
     - [arm64] dmaengine: ti: k3-udma: Use cap_mask directly from dma_device
       structure instead of a local copy
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_wqs
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - [amd64] dmaengine: idxd: Add missing cleanup for early error out in
       idxd_setup_internals
     - [amd64] dmaengine: idxd: Add missing cleanups in cleanup internals
     - [amd64] dmaengine: idxd: Add missing idxd cleanup to fix memory leak in
       remove call
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_alloc
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_pci_probe
     - usb: typec: ucsi: displayport: Fix deadlock (CVE-2025-37967)
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group (CVE-2024-35790)
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
       (CVE-2024-53203)
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
     - [arm64] bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
       (CVE-2024-43840)
     - [arm64] bpf, arm64: Fix address emission with tag-based KASAN enabled
     - hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
       (CVE-2025-21931)
     - sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
     - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - [arm64] sme: Always exit sme_alloc() early with existing storage
     - [x86] platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually
       enabled it (CVE-2025-21645)
     - bnxt_en: Fix receive ring space parameters when XDP is active
       (CVE-2024-53209)
     - ipv6: Fix potential uninit-value access in __ip6_make_skb()
       (CVE-2024-36903)
     - ipv4: Fix uninit-value access in __ip_make_skb() (CVE-2024-36927)
     - spi: cadence-qspi: fix pointer reference in runtime PM hooks
       (CVE-2024-26807)
     - drm/amdgpu: fix pm notifier handling
     - [x86] modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 37
linux-signed-arm64 (6.1.139+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.139-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
     - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
     - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
     - [arm64] i2c: imx-lpi2c: Fix clock count when probe defers
     - [arm64] errata: Add missing sentinels to Spectre-BHB MIDR arrays
     - [x86] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
       value.
     - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
       offload
     - [arm64] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
     - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
     - dm-integrity: fix a warning on invalid table line
     - dm: always update the array size in realloc_argv on success
     - [amd64] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
     - [amd64] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
     - [x86] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
       hotplug
     - ksmbd: fix use-after-free in kerberos authentication
     - cpufreq: Avoid using inconsistent policy->min and policy->max
     - cpufreq: Fix setting policy limits when frequency tables are used
     - tracing: Fix oob write in trace_seq_to_buffer()
     - xfs: fix error returns from xfs_bmapi_write
     - xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
     - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
     - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item
       recovery
     - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
     - xfs: validate recovered name buffers when recovering xattr items
     - xfs: revert commit 44af6c7e59b12
     - xfs: match lock mode in xfs_buffered_write_iomap_begin()
     - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
     - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
     - xfs: convert delayed extents to unwritten when zeroing post eof blocks
     - xfs: allow symlinks with short remote targets
     - xfs: make sure sb_fdblocks is non-negative
     - xfs: fix freeing speculative preallocations for preallocated files
     - xfs: allow unlinked symlinks and dirs with zero size
     - xfs: restrict when we try to align cow fork delalloc to cowextsz hints
     - [x86] KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
       loop (CVE-2025-21839)
     - dm-bufio: don't schedule in atomic context
     - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
     - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
     - vxlan: vnifilter: Fix unlocked deletion of default FDB entry
     - net/mlx5: E-Switch, Initialize MAC Address for Default GID
     - net/mlx5: E-switch, Fix error handling for enabling roce
     - [arm64] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged
     - [arm64] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
     - net_sched: drr: Fix double list add in class with netem as child qdisc
     - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
       qdisc
     - net_sched: ets: Fix double list add in class with netem as child qdisc
     - net_sched: qfq: Fix double list add in class with netem as child qdisc
     - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
     - net: dlink: Correct endianness handling of led_mode
     - [arm64] net: dsa: felix: fix broken taprio gate states after clock jump
     - net: ipv6: fix UDPv6 GSO segmentation with NAT
     - bnxt_en: Fix coredump logic to free allocated buffer
     - bnxt_en: Fix out-of-bound memcpy() during ethtool -w
     - bnxt_en: Fix ethtool -d byte order for 32-bit values
     - nvme-tcp: fix premature queue removal and I/O failover
     - net: lan743x: Fix memleak issue when GSO enabled
     - net: fec: ERR007885 Workaround for conventional TX
     - [arm64] net: hns3: store rx VLAN tag offload state for VF
     - [arm64] net: hns3: fix an interrupt residual problem
     - [arm64] net: hns3: fixed debugfs tm_qset size
     - [arm64] net: hns3: defer calling ptp_clock_register()
     - PCI: imx6: Skip controller_id generation logic for i.MX7D
     - sch_htb: make htb_qlen_notify() idempotent
     - sch_drr: make drr_qlen_notify() idempotent
     - sch_hfsc: make hfsc_qlen_notify() idempotent
     - sch_qfq: make qfq_qlen_notify() idempotent
     - sch_ets: make est_qlen_notify() idempotent
     - [x86] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables
       separately"
     - [arm64] firmware: arm_scmi: Balance device refcount when destroying
       devices
     - net: phy: microchip: force IRQ polling mode for lan88xx
     - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
     - [arm64,armhf] irqchip/gic-v2m: Mark a few functions __init
     - [arm64,armhf] irqchip/gic-v2m: Prevent use after free of
       gicv2m_get_fwnode() (CVE-2025-37819)
     - dm: fix copying after src array boundaries
     - [arm64] iommu/arm-smmu-v3: Use the new rb tree helpers
     - [arm64] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated
       stream ids
     - drm/amd/display: phase2 enable mst hdcp multiple displays
     - drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c
     - drm/amd/display: Change HDCP update sequence for DM
     - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
     - drm/amd/display: Fix slab-use-after-free in hdcp
     - ASoC: Use of_property_read_bool()
     - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
       properties
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.139
     - dm: add missing unlock on in dm_keyslot_evict()
     - [arm64] dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
     - [arm64] can: mcan: m_can_class_unregister(): fix order of unregistration
       calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - ksmbd: prevent out-of-bounds stream writes by validating *pos
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - ksmbd: fix memory leak in parse_lease_state()
     - sch_htb: make htb_deactivate() idempotent
     - gre: Fix again IPv6 link-local address generation.
     - can: mcp251xfd: fix TDC setting for low data bit rates
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - ipv4: Drop tos parameter from flowi4_update_output()
     - ipvs: fix uninit-value for saddr in do_output_route4
     - netfilter: ipset: fix region locking in hash types
     - bpf: Scrub packet on bpf_redirect_peer
     - [armhf] net: dsa: b53: allow leaky reserved multicast
     - [armhf] net: dsa: b53: fix clearing PVID of a port
     - [armhf] net: dsa: b53: fix flushing old pvid VLAN on pvid change
     - [armhf] net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
     - [armhf] net: dsa: b53: always rejoin default untagged VLAN on bridge leave
     - [armhf] net: dsa: b53: fix learning on VLAN unaware bridges
     - Input: synaptics - enable InterTouch on Dynabook Portege X30-D
     - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
     - Input: synaptics - enable InterTouch on Dell Precision M3800
     - Input: synaptics - enable SMBus for HP Elitebook 850 G1
     - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
     - [x86] mm: Eliminate window where TLB flushes may be inadvertently skipped
     - drm/amd/display: Shift DMUB AUX reply command if necessary
     - iio: adc: ad7606: fix serial register access
     - iio: adis16201: Correct inclinometer channel resolution
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
     - [arm64] drm/v3d: Add job to pending list if the reset was skipped
     - drm/amd/display: Fix the checking condition in dmub aux handling
     - drm/amd/display: Remove incorrect checking in dmub aux handler
     - drm/amd/display: Fix wrong handling for AUX_DEFER case
     - drm/amd/display: Copy AUX read reply data whenever length > 0
     - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
     - usb: uhci-platform: Make the clock really optional
     - xenbus: Use kref to track req lifetime
     - module: ensure that kobject_put() is safe for module type kobjects
     - ocfs2: switch osb->disable_recovery to enum
     - ocfs2: implement handshaking with ocfs2 recovery thread
     - ocfs2: stop quota recovery before disabling quotas
     - [arm64,armhf] usb: host: tegra: Prevent host controller crash when OTG
       port is used
     - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
     - usb: typec: ucsi: displayport: Fix NULL pointer access
     - USB: usbtmc: use interruptible sleep in usbtmc_read
     - usb: usbtmc: Fix erroneous get_stb ioctl error returns
     - usb: usbtmc: Fix erroneous wait_srq ioctl return
     - usb: usbtmc: Fix erroneous generic_read ioctl return
     - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
     - types: Complement the aligned types with signed 64-bit one
     - [mips*] Fix MAX_REG_OFFSET
     - drm/panel: simple: Update timings for AUO G101EVN010
     - nvme: unblock ctrl state transition for firmware update
     - do_umount(): add missing barrier before refcount checks in sync case
     - io_uring: always arm linked timeouts prior to issue
     - io_uring: ensure deferred completions are posted for multishot
     - Revert "net: phy: microchip: force IRQ polling mode for lan88xx"
     - [arm64] insn: Add support for encoding DSB
     - [arm64] proton-pack: Expose whether the platform is mitigated by firmware
     - [arm64] proton-pack: Expose whether the branchy loop k value
     - [arm64] bpf: Add BHB mitigation to the epilogue for cBPF programs
     - [arm64] bpf: Only mitigate cBPF programs loaded by unprivileged users
     - [arm64] proton-pack: Add new CPUs 'k' values for branch mitigation
     - [x86] bpf: Call branch history clearing sequence on exit
     - [x86] bpf: Add IBHF call at end of classic BPF
     - [x86] bhi: Do not set BHI_DIS_S in 32-bit mode
     - [x86] speculation: Simplify and make CALL_NOSPEC consistent
     - [x86] speculation: Add a conditional CS prefix to CALL_NOSPEC
     - [x86] speculation: Remove the extra #ifdef around CALL_NOSPEC
     - [amd64] Mitigations Indirect Target Selection (ITS) (CVE-2024-28956)
       + Documentation: x86/bugs/its: Add ITS documentation
       + x86/its: Enumerate Indirect Target Selection (ITS) bug
       + x86/its: Add support for ITS-safe indirect thunk
       + x86/its: Add support for ITS-safe return thunk
       + x86/its: Enable Indirect Target Selection mitigation
       + x86/its: Add "vmexit" option to skip mitigation on some CPUs
       + x86/its: Align RETs in BHB clear sequence to avoid thunking
       + x86/ibt: Keep IBT disabled during alternative patching
       + x86/its: Use dynamic thunks for indirect branches
       + x86/its: Fix build errors when CONFIG_MODULES=n
       + x86/alternative: Optimize returns patching
       + x86/alternatives: Remove faulty optimization
       + x86/its: FineIBT-paranoid vs ITS
 .
   [ Uwe Kleine-König ]
   * d/b/test-patches: Handle kernel release strings without ABI number.
     This is a backport from 6.10.1-1_exp1 to enable building bookworm kernels
     on trixie and newer.
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 36

linux-signed-i386 (6.1.148+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.148-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.148
     - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
       (CVE-2025-38335)
     - regulator: core: fix NULL dereference on unbind due to stale coupling data
     - RDMA/core: Rate limit GID cache warning messages
     - iio: adc: ad7949: use spi_is_bpw_supported()
     - regmap: fix potential memory leak of regmap_bus
     - [x86] hyperv: Fix usage of cpu_online_mask to get valid cpu
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_SUCCESS usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_ERROR usage
     - [arm64,armhf] staging: vc04_services: Drop VCHIQ_RETRY usage
     - [arm64,armhf] staging: vchiq_arm: Make vchiq_shutdown never fail
     - xfrm: interface: fix use-after-free after changing collect_md xfrm
       interface (CVE-2025-38500)
     - net/mlx5: Fix memory leak in cmd_exec()
     - i40e: Add rx_missed_errors for buffer exhaustion
     - i40e: report VF tx_dropped with tx_errors instead of tx_discards
     - i40e: When removing VF MAC filters, only check PF-set MAC
     - net: appletalk: Fix use-after-free in AARP proxy probe
     - can: dev: can_restart(): reverse logic to remove need for goto
     - can: dev: can_restart(): move debug message and stats after successful
       restart
     - can: netlink: can_changelink(): fix NULL pointer deref of struct
       can_priv::do_set_mode
     - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in
       ti_sn_bridge_probe()
     - [arm64] net: hns3: fix concurrent setting vlan filter issue
     - [arm64] net: hns3: disable interrupt when ptp init failed
     - [arm64] net: hns3: fixed vf get max channels bug
     - [x86] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
       boots
     - i2c: qup: jump out of the loop in case of timeout
     - i2c: tegra: Fix reset error handling with ACPI
     - i2c: virtio: Avoid hang by using interruptible completion wait
     - bus: fsl-mc: Fix potential double device reference in
       fsl_mc_get_endpoint()
     - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
     - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint
       handling
     - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
     - e1000e: ignore uninitialized checksum word on tgp
     - gve: Fix stuck TX queue for DQ queue format
     - ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
     - nilfs2: reject invalid file types when reading inodes
     - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
     - drm/amdkfd: Don't call mmput from MMU notifier callback
     - usb: typec: tcpm: allow to use sink in accessory mode
     - usb: typec: tcpm: allow switching to mode accessory to mux properly
     - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
     - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925)
     - [x86] comedi: comedi_test: Fix possible deletion of uninitialized timers
     - ALSA: hda/tegra: Add Tegra264 support
     - ALSA: hda: Add missing NVIDIA HDA codec IDs
     - [x86] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x
     - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma
     - erofs: get rid of debug_one_dentry()
     - erofs: sunset erofs_dbg()
     - erofs: drop z_erofs_page_mark_eio()
     - erofs: simplify z_erofs_transform_plain()
     - erofs: address D-cache aliasing
     - usb: chipidea: add USB PHY event
     - usb: phy: mxs: disconnect line when USB charger is attached
     - ethernet: intel: fix building with large NR_CPUS
     - [x86] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx
     - ASoC: Intel: fix SND_SOC_SOF dependencies
     - fs_context: fix parameter name in infofc() macro
     - ublk: use vmalloc for ublk_device's __queues
     - hfsplus: remove mutex_lock check in hfsplus_free_extents
     - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
     - ASoC: ops: dynamically allocate struct snd_ctl_elem_value
     - soc: qcom: QMI encoding/decoding for big endian
     - [arm64] dts: qcom: sdm845: Expand IMEM region
     - [arm64] dts: qcom: sc7180: Expand IMEM region
     - [arm64,armhf] usb: host: xhci-plat: fix incorrect type for of_match
       variable in xhci_plat_probe()
     - usb: misc: apple-mfi-fastcharge: Make power supply names unique
     - vmci: Prevent the dispatching of uninitialized payloads
     - pps: fix poll support
     - Revert "vmci: Prevent the dispatching of uninitialized payloads"
     - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
     - usb: early: xhci-dbc: Fix early_ioremap leak
     - [armhf] dts: ti: omap: Fixup pinheader typo
     - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed
     - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed
     - PM / devfreq: Check governor before using governor->name
     - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
     - cpufreq: Initialize cpufreq-based frequency-invariance later
     - cpufreq: Init policy->rwsem before it may be possibly used
     - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
     - bpf, sockmap: Fix psock incorrectly pointing to sk
     - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
     - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain
     - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
     - wifi: rtl818x: Kill URBs before clearing tx status queue
     - wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
     - iwlwifi: Add missing check for alloc_ordered_workqueue
     - wifi: ath11k: clear initialized flag for deinit-ed srng lists
     - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
     - net/mlx5: Check device memory pointer before usage
     - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
     - fbcon: Fix outdated registered_fb reference in comment
     - netfilter: nf_tables: adjust lockdep assertions handling
     - net/sched: Restrict conditions for adding duplicating netems to qdisc tree
     - net_sched: act_ctinfo: use atomic64_t for three counters
     - xen/gntdev: remove struct gntdev_copy_batch from stack
     - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
     - mwl8k: Add missing check after DMA map
     - wifi: mac80211: reject TDLS operations when station is not associated
     - wifi: plfxlc: Fix error handling in usb driver probe
     - wifi: mac80211: Do not schedule stopped TXQs
     - wifi: mac80211: Don't call fq_flow_idx() for management frames
     - wifi: mac80211: Check 802.11 encaps offloading in
       ieee80211_tx_h_select_key()
     - Reapply "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
       IE
     - can: peak_usb: fix USB FD devices potential malfunction
     - can: kvaser_pciefd: Store device channel index
     - can: kvaser_usb: Assign netdev.dev_port based on device channel index
     - netfilter: xt_nfacct: don't assume acct name is null-terminated
     - vrf: Drop existing dst reference in vrf_ip6_input_dst
     - ipv6: prevent infinite loop in rt6_nlmsg_size()
     - ipv6: fix possible infinite loop in fib6_info_uses_dev()
     - ipv6: annotate data-races around rt->fib6_nsiblings
     - bpf/preload: Don't select USERMODE_DRIVER
     - PCI: rockchip-host: Fix "Unexpected Completion" log message
     - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg()
     - [arm*] crypto: marvell/cesa - Fix engine load inaccuracy
     - mtd: fix possible integer overflow in erase_xfer()
     - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
     - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
     - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
     - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar()
       fails
     - [arm64,armhf] pinctrl: sunxi: Fix memory leak on krealloc failure
     - perf sched: Fix memory leaks for evsel->priv in timehist
     - perf sched: Fix memory leaks in 'perf sched latency'
     - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value
     - crypto: ccp - Fix crash when rebind ccp device for ccp.ko
     - [arm64] RDMA/hns: Fix -Wframe-larger-than issue
     - kernel: trace: preemptirq_delay_test: use offstack cpu mask
     - proc: use the same treatment to check proc_lseek as ones for
       proc_read_iter et.al
     - perf tests bp_account: Fix leaked file descriptor
     - [armhf] clk: sunxi-ng: v3s: Fix de clock definition
     - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
     - scsi: elx: efct: Fix dma_unmap_sg() nents value
     - scsi: mvsas: Fix dma_unmap_sg() nents value
     - scsi: isci: Fix dma_unmap_sg() nents value
     - soundwire: stream: restore params when prepare ports fail
     - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
     - fs/orangefs: Allow 2 more characters in do_c_string()
     - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
     - [x86] crypto: qat - fix seq_file position update in adf_ring_next()
     - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
     - jfs: fix metapage reference count leak in dbAllocCtl
     - vhost-scsi: Fix log flooding with target does not exist errors
     - bpf: Check flow_dissector ctx accesses are aligned
     - apparmor: ensure WB_HISTORY_SIZE value is a power of 2
     - module: Restore the moduleparam prefix length check
     - ucount: fix atomic_long_inc_below() argument type
     - rtc: ds1307: fix incorrect maximum clock rate handling
     - rtc: hym8563: fix incorrect maximum clock rate handling
     - rtc: nct3018y: fix incorrect maximum clock rate handling
     - rtc: pcf85063: fix incorrect maximum clock rate handling
     - rtc: pcf8563: fix incorrect maximum clock rate handling
     - rtc: rv3028: fix incorrect maximum clock rate handling
     - f2fs: fix KMSAN uninit-value in extent_info usage
     - f2fs: doc: fix wrong quota mount option description
     - f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
     - f2fs: fix to avoid panic in f2fs_evict_inode
     - f2fs: fix to avoid out-of-boundary access in devs.path
     - f2fs: vm_unmap_ram() may be called from an invalid context
     - f2fs: fix to update upper_p in __get_secs_required() correctly
     - f2fs: fix to calculate dirty data during has_not_enough_free_secs()
     - vfio/pci: Separate SR-IOV VF dev_set
     - scsi: mpt3sas: Fix a fw_event memory leak
     - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
     - scsi: ufs: core: Use link recovery when h8 exit fails during runtime
       resume
     - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
     - PCI: pnv_php: Clean up allocated IRQs on unplug
     - PCI: pnv_php: Work around switches with broken presence detection
     - [powerpc*] eeh: Export eeh_unfreeze_pe()
     - [powerpc*] eeh: Rely on dev->link_active_reporting
     - [powerpc*] eeh: Make EEH driver device hotplug safe
     - PCI: pnv_php: Fix surprise plug detection and recovery
     - pNFS/flexfiles: don't attempt pnfs on fatal DS errors
     - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up()
     - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate()
     - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
     - NFSv4.2: another fix for listxattr
     - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
     - netpoll: prevent hanging NAPI when netcons gets enabled
     - phy: mscc: Fix parsing of unicast frames
     - pptp: ensure minimal skb length in pptp_xmit()
     - net/mlx5: Correctly set gso_segs when LRO is used
     - ipv6: reject malicious packets in ipv6_gso_segment()
     - net: drop UFO packets in udp_rcv_segment()
     - benet: fix BUG when creating VFs
     - irqchip: Build IMX_MU_MSI only on ARM
     - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
     - smb: server: remove separate empty_recvmsg_queue
     - smb: server: make sure we call ib_dma_unmap_single() only if we called
       ib_dma_map_single already
     - smb: server: let recv_done() consistently call
       put_recvmsg/smb_direct_disconnect_rdma_connection
     - smb: server: let recv_done() avoid touching data_transfer after
       cleanup/move
     - smb: client: let recv_done() cleanup before notifying the callers.
     - pptp: fix pptp_xmit() error path
     - perf/core: Don't leak AUX buffer refcount on allocation failure
     - perf/core: Exit early on perf_mmap() fail
     - perf/core: Prevent VMA split of buffer mappings
     - net/packet: fix a race in packet_set_ring() and packet_notifier()
     - vsock: Do not allow binding to VMADDR_PORT_ANY
     - ksmbd: fix null pointer dereference error in generate_encryptionkey
     - ksmbd: fix Preauh_HashValue race condition
     - ksmbd: fix corrupted mtime and ctime in smb2_open
     - ksmbd: limit repeated connections from clients with the same IP
       (CVE-2025-38501)
     - smb: server: Fix extension string in ksmbd_extract_shortname()
     - USB: serial: option: add Foxconn T99W709
     - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
     - net: usbnet: Fix the wrong netif_carrier_on() call
     - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331)
     - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
     - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
     - [x86] fpu: Delay instruction pointer fixup until after warning
     - [mips*] mm: tlb-r4k: Uniquify TLB entries on init
     - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
     - usb: gadget : fix use-after-free in composite_dev_cleanup()
 .
   [ Bastian Blank ]
   * Drop not needed extra step to add debug links
   * Sign modules using an ephemeral key: (closes: #1040901)
     - Set MODULE_SIG_ALL to sign all modules.
     - Not longer request Secure Boot signing for modules.
     - Don't trust Secure Boot key any longer.
   * Store build time signing key encrypted.
   * Sign modules and support lockdown always.
 .
   [ Ben Hutchings ]
   * d/b/buildcheck.py, d/rules.real: Run buildcheck.py in setup as well
   * d/b/buildcheck.py: Check config of kernel to be signed
   * d/rules: Include target suite as an input to gencontrol.py
   * Generate kernel ABI name suffix automatically if not configured
   * Delete ABI name suffix and ABI reference
   * d/salsa-ci.yml: Ignore pycodestyle error E241
   * d/rules.real: Move module installation to the image build rule
   * proc: fix missing pde_set_flags() for net proc files
 .
   [ Salvatore Bonaccorso ]
   * [amd64] udeb: kernel-image: Include SPI drivers
   * netlink: avoid infinite retry looping in netlink_unicast()
     (Closes: #1111017)
   * ext4: don't try to clear the orphan_present feature block device is r/o
     (Closes: #1108271)
linux-signed-i386 (6.1.147+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.147-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.141
     - [arm64,armhf] gpio: pca953x: Add missing header(s)
     - [arm64,armhf] gpio: pca953x: Split pca953x_restore_context() and
       pca953x_save_context()
     - [arm64,armhf] gpio: pca953x: Simplify code with cleanup helpers
     - [arm64,armhf] gpio: pca953x: fix IRQ storm on system wake up
     - [arm64] phy: renesas: rcar-gen3-usb2: Add support to initialize the bus
     - [arm64] phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
     - [arm64] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and
       driver data
     - [arm64] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
     - scsi: target: iscsi: Fix timeout on deleted connection
     - virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - scsi: mpi3mr: Add level check to control event logging
     - [arm64] net: enetc: refactor bulk flipping of RX buffers to separate
       function
     - drm/amdgpu: Allow P2P access through XGMI
     - bpf: fix possible endless loop in BPF map iteration
     - kconfig: merge_config: use an empty file as initfile
     - [s390x] vfio-ap: Fix no AP queue sharing allowed message written to kernel
       log
     - cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES
     - cifs: Fix querying and creating MF symlinks over SMB1
     - cifs: Fix negotiate retry functionality
     - fuse: Return EPERM rather than ENOSYS from link()
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - NFS: Don't allow waiting for exiting tasks
     - SUNRPC: Don't allow waiting for exiting tasks
     - [arm64] Add support for HIP09 Spectre-BHB mitigation
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - cifs: Fix establishing NetBIOS session for SMB2+ connection
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - [arm64] thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - objtool: Properly disable uaccess validation
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - [amd64] PCI: vmd: Disable MSI remapping bypass under Xen
     - libnvdimm/labels: Fix divide error in nd_label_data_init()
     - mmc: host: Wait for Vdd to settle on card power off
     - [x86] mm: Check return value from memblock_phys_alloc_range()
     - [arm64] i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: run btrfs_error_commit_super() early
     - btrfs: fix non-empty delayed iputs list on unmount due to async workers
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
     - drm/amd/display: Guard against setting dispclk low for dcn31x
     - dlm: make tcp still work in multi-link env
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - bpf: Return prog btf_id without capable check
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - [x86] thunderbolt: Do not add non-active NVM if NVM upgrade is disabled
       for retimer
     - kbuild: fix argument parsing in scripts/config
     - dm: restrict dm device size to 2^63-512 bytes
     - net/smc: use the correct ndev to find pnetid by pnetid table
     - xen: Add support for XenServer 6.1 platform device
     - [arm64,armhf] pinctrl-tegra: Restore SFSEL bit when freeing pins
     - [armhf] ASoC: sun4i-codec: support hp-det-gpios property
     - ext4: reject the 'data_err=abort' option in nojournal mode
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - [arm64] mm: Check PUD_TYPE_TABLE in pud_bad()
     - [armhf] mmc: dw_mmc: add exynos7870 DW MMC support
     - mmc: sdhci: Disable SD card clock before changing parameters
     - [x86] hwmon: (dell-smm) Increment the number of fans
     - ipv6: save dontfrag in cork
     - drm/amd/display: calculate the remain segments for all pipes
     - gfs2: Check for empty queue in run_queue
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - [amd64] iommu/amd/pgtbl_v2: Improve error handling
     - crypto: lzo - Fix compression buffer overrun
     - [arm64] tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - [powerpc*] prom_init: Fixup missing #size-cells on PowerBook6,7
     - ALSA: seq: Improve data consistency at polling
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - dm cache: prevent BUG_ON by blocking retries on failed device resumes
     - orangefs: Do not truncate file size
     - net: phylink: use pl->link_interface in phylink_expects_phy()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - media: cx231xx: set device_caps for 417
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - [armhf] net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type
     - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - drm/rockchip: vop2: Add uv swap for cluster window
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - [arm64] clk: imx8mp: inform CCF of maximum frequency of clocks
     - [x86] bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - [arm*] hwmon: (gpio-fan) Add missing mutex locks
     - [arm64] PCI: brcmstb: Expand inbound window size up to 64GB
     - [arm64] PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - drm/amdkfd: KFD release_work possible circular locking
     - leds: pwm-multicolor: Add check for fwnode_property_read_u32
     - net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - [arm64] soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - [x86] build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - [x86] nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid discarding useful information
     - libbpf: Fix out-of-bound read
     - dm: fix unconditional IO throttle caused by REQ_PREFLUSH
     - [x86] kaslr: Reduce KASLR entropy on most x86 systems
     - [mips*] Use arch specific syscall name match function
     - genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of
       iommu_cookie
     - [mips*] pm-cps: Use per-CPU variables as per-CPU, not per-core
     - [mips*] clocksource: mips-gic-timer: Enable counter when CPUs start
     - scsi: mpt3sas: Send a diag reset if target reset fails
     - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
     - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
     - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
     - net: pktgen: fix access outside of user given buffer in
       pktgen_thread_write()
     - [x86] EDAC/ie31200: work around false positive build warning
     - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
     - RDMA/core: Fix best page size finding when it can cross SG entries
     - [arm64,armhf] pmdomain: imx: gpcv2: use proper helper for property
       detection
     - can: c_can: Use of_property_present() to test existence of DT property
     - eth: mlx4: don't try to complete XDP frames in netpoll
     - PCI: Fix old_size lower bound in calculate_iosize() too
     - ACPI: HED: Always initialize before evged
     - vxlan: Join / leave MC group after remote changes
     - media: test-drivers: vivid: don't call schedule in loop
     - net/mlx5: Modify LSB bitmask in temperature event to include only the
       first bit
     - net/mlx5: Apply rate-limiting to high temperature warning
     - ASoC: ops: Enforce platform maximum on initial value
     - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
     - pinctrl: devicetree: do not goto err when probing hogs in
       pinctrl_dt_to_map
     - kunit: tool: Use qboot on QEMU x86_64
     - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
     - [arm64] clk: qcom: clk-alpha-pll: Do not use random stack value for recalc
       rate
     - serial: sh-sci: Update the suspend/resume support
     - phy: core: don't require set_mode() callback for phy_get_mode() to work
     - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
     - drm/amd/display: Initial psr_version with correct setting
     - drm/amdgpu: enlarge the VBIOS binary size limit
     - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer()
     - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
     - net/mlx5e: set the tx_queue_len for pfifo_fast
     - net/mlx5e: reduce rep rxq depth to 256 for ECPF
     - wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
     - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
     - [powerpc*] arch/powerpc/perf: Check the instruction type before creating
       sample with perf_mem_data_src
     - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
     - r8152: add vendor/device ID pair for Dell Alienware AW1022z
     - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
     - [arm64] hwmon: (xgene-hwmon) use appropriate type for the latency value
     - vxlan: Annotate FDB data races
     - r8169: don't scan PHY addresses > 0
     - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
     - rcu: handle unstable rdp in rcu_read_unlock_strict()
     - rcu: fix header guard for rcu_all_qs()
     - perf: Avoid the read if the count is already updated
     - ice: count combined queues using Rx/Tx count
     - net/mana: fix warning in the writer of client oob
     - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
     - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector()
       fails
     - scsi: st: Restore some drive settings after reset
     - HID: usbkbd: Fix the bit shift number for LED_KANA
     - drm/ast: Find VBIOS mode from regular display size
     - bpftool: Fix readlink usage in get_fd_type
     - [x86] perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
     - wifi: rtl8xxxu: retry firmware download on error
     - wifi: rtw88: Don't use static local variable in
       rtw8822b_set_tx_power_index_by_rate
     - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet
     - wifi: ath9k: return by of_get_mac_address
     - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
     - drm/panel-edp: Add Starry 116KHD024006
     - drm: Add valid clones check
     - [arm64,armhf] pinctrl: meson: define the pull up/down resistor value as 60
       kOhm
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
     - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
     - nvmet-tcp: don't restore null sk_state_change
     - io_uring/fdinfo: annotate racy sq/cq head/tail reads
     - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
     - wifi: iwlwifi: add support for Killer on MTL
     - xenbus: Allow PVH dom0 a non-local xenstore
     - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
     - espintcp: remove encap socket caching to avoid reference leak
     - [amd64] dmaengine: idxd: add per DSA wq workqueue for processing cr faults
     - [amd64] dmaengine: idxd: add idxd_copy_cr() to copy user completion record
       during page fault handling
     - [amd64] dmaengine: idxd: Fix allowing write() from different address
       spaces
     - remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
     - xfrm: Sanitize marks before insert
     - [amd64] dmaengine: idxd: Fix ->poll() return value
     - Bluetooth: L2CAP: Fix not checking l2cap_chan security level
     - bridge: netfilter: Fix forwarding of fragmented packets
     - ice: fix vf->num_mac count with port representors
     - [arm64,armhf] net: dwmac-sun8i: Use parsed internal PHY address instead of
       1
     - net: lan743x: Restore SGMII CTRL register on resume
     - io_uring: fix overflow resched cqe reordering
     - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
       (CVE-2025-38000)
     - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
     - crypto: algif_hash - fix double free in hash_accept
     - padata: do not leak refcount in reorder_work
     - can: slcan: allow reception of short error messages
     - can: bcm: add locking for bcm_op runtime updates
     - can: bcm: add missing rcu read protection for procfs content
     - ALSA: pcm: Fix race of buffer access at PCM OSS layer
     - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
     - llc: fix data loss when reading from a socket in llc_ui_recvmsg()
     - [x86] platform/x86: dell-wmi-sysman: Avoid buffer overflow in
       current_password_store()
     - drm/edid: fixed the bug that hdr metadata was not reset
     - smb: client: Fix use-after-free in cifs_fill_dirent
     - smb: client: Reset all search buffer pointers when releasing buffer
     - Revert "drm/amd: Keep display off while going into S4" (Closes: #1107511)
     - memcg: always call cond_resched() after fn()
     - mm/page_alloc.c: avoid infinite retries caused by cpuset race
     - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
     - ksmbd: fix stream write failure
     - [arm64] spi: spi-fsl-dspi: restrict register range for regmap access
     - [arm64] spi: spi-fsl-dspi: Halt the module after a new message transfer
     - [arm64] spi: spi-fsl-dspi: Reset SR flags before sending a new message
     - kbuild: Disable -Wdefault-const-init-unsafe
     - serial: sh-sci: Save and restore more registers
     - [arm64,armhf] pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
     - [x86] mm/init: Handle the special case of device private pages in
       add_pages(), to not increase max_pfn and trigger dma_addressing_limited()
       bounce buffers bounce buffers
     - [amd64] dmaengine: idxd: Fix passing freed memory in idxd_cdev_open()
     - hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
       (CVE-2025-21816)
     - btrfs: check folio mapping after unlock in relocate_one_folio()
       (CVE-2024-56758)
     - af_unix: Kconfig: make CONFIG_UNIX bool
     - af_unix: Return struct unix_sock from unix_get_socket().
     - af_unix: Run GC on only one CPU.
     - af_unix: Try to run GC async.
     - af_unix: Replace BUG_ON() with WARN_ON_ONCE().
     - af_unix: Remove io_uring code for GC.
     - af_unix: Remove CONFIG_UNIX_SCM.
     - af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd.
     - af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd.
     - af_unix: Link struct unix_edge when queuing skb.
     - af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb.
     - af_unix: Iterate all vertices by DFS.
     - af_unix: Detect Strongly Connected Components.
     - af_unix: Save listener for embryo socket.
     - af_unix: Fix up unix_edge.successor for embryo socket.
     - af_unix: Save O(n) setup of Tarjan's algo.
     - af_unix: Skip GC if no cycle exists.
     - af_unix: Avoid Tarjan's algorithm if unnecessary.
     - af_unix: Assign a unique index to SCC.
     - af_unix: Detect dead SCC.
     - af_unix: Replace garbage collection algorithm.
     - af_unix: Remove lock dance in unix_peek_fds().
     - af_unix: Try not to hold unix_gc_lock during accept().
     - af_unix: Don't access successor in unix_del_edges() during GC.
     - af_unix: Add dead flag to struct scm_fp_list.
     - af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS
     - af_unix: Fix uninit-value in __unix_walk_scc()
     - [arm64] dts: qcom: sm8350: Fix typo in pil_camera_mem node
     - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
     - [arm64] perf/arm-cmn: Fix REQ2/SNP2 mixup
     - [arm64] perf/arm-cmn: Initialise cmn->cpu earlier
     - coredump: fix error handling for replace_fd()
     - pid: add pidfd_prepare()
     - fork: use pidfd_prepare()
     - coredump: hand a pidfd to the usermode coredump helper
     - HID: quirks: Add ADATA XPG alpha wireless mouse support
     - nfs: don't share pNFS DS connections between net namespaces
     - [x86] platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
     - [armhf] spi: spi-sun4i: fix early activation
     - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
     - NFS: Avoid flushing data while holding directory locks in nfs_rename()
     - [x86] platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
     - [x86] platform/x86: thinkpad_acpi: Ignore battery threshold change event
       notification
     - [arm64] net: ethernet: ti: am65-cpsw: Lower random mac address error print
       to info
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.142
     - mm/uffd: fix vma operation where start addr cuts part of vma
     - tracing: Fix compilation warning on arm32
     - [arm64] pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs >
       31
     - [arm64] pinctrl: armada-37xx: set GPIO output value before setting
       direction
     - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
     - rtc: Make rtc_time64_to_tm() support dates before 1970
     - rtc: Fix offset calculation for .start_secs < 0
     - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
     - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
     - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
     - Bluetooth: hci_qca: move the SoC type check to the right place
     - usb: usbtmc: Fix timeout value in get_stb
     - [x86] thunderbolt: Do not double dequeue a configuration request
     - gfs2: gfs2_create_inode error handling fix
     - perf/core: Fix broken throttling when max_samples_per_tick=1
     - [arm64] crypto: sun8i-ce-cipher - fix error handling in
       sun8i_ce_cipher_prepare()
     - [powerpc*] crash: Fix non-smp kexec preparation
     - [x86] cpu: Sanitize CPUID(0x80000000) output
     - [arm*] crypto: marvell/cesa - Handle zero-length skcipher requests
     - [arm*] crypto: marvell/cesa - Avoid empty transfer descriptor
     - crypto: lrw - Only add ecb if it is not already there
     - crypto: xts - Only add ecb if it is not already there
     - [amd64] EDAC/skx_common: Fix general protection fault
     - power: reset: at91-reset: Optimize at91_reset()
     - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
     - [x86] mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
     - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
     - drm/vmwgfx: Add seqno waiter for sync_files
     - drm/amd/pp: Fix potential NULL pointer dereference in
       atomctrl_initialize_mc_reg_table
     - [arm64] media: rkvdec: Fix frame size enumeration
     - [arm64] fpsimd: Discard stale CPU state when handling SME traps
     - [arm64] fpsimd: Fix merging of FPSIMD state during signal return
     - watchdog: exar: Shorten identity name to fit correctly
     - firmware: psci: Fix refcount leak in psci_dt_init
     - [arm64] Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
     - [arm64,armhf] drm/tegra: rgb: Fix the unbound reference count
     - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
     - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
     - wifi: ath11k: fix node corruption in ar->arvifs list
     - IB/cm: use rwlock for MAD agent lock
     - bpf: fix ktls panic with sockmap
     - bpf, sockmap: fix duplicated data transmission
     - bpf, sockmap: Fix panic when calling skb_linearize
     - f2fs: fix to do sanity check on sbi->total_valid_block_count
     - net: ncsi: Fix GCPS 64-bit member variables
     - libbpf: Fix buffer overflow in bpf_object__init_prog
     - wifi: rtw88: do not ignore hardware read error during DPK
     - [arm64] RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
     - [arm64] scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
     - iommu: Protect against overflow in iommu_pgsize()
     - f2fs: clean up w/ fscrypt_is_bounce_page()
     - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
     - libbpf: Use proper errno value in linker
     - netfilter: bridge: Move specific fragmented packet to slow_path instead of
       dropping it
     - netfilter: nft_quota: match correctly when the quota just depleted
     - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
     - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
     - [arm64,armhf] clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
     - efi/libstub: Describe missing 'out' parameter in efi_load_initrd
     - tracing: Rename event_trigger_alloc() to trigger_data_alloc()
     - tracing: Fix error handling in event_trigger_parse()
     - libbpf: Use proper errno value in nlattr
     - bpf: Fix WARN() in get_bpf_raw_tp_regs
     - [s390x] bpf: Store backchain even for leaf progs
     - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
     - iommu: remove duplicate selection of DMAR_TABLE
     - wifi: ath9k_htc: Abort software beacon handling if disabled
     - kernfs: Relax constraint in draining guard
     - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
     - vfio/type1: Fix error unwind in migration dirty bitmap allocation
     - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
     - bpf, sockmap: Avoid using sk_socket after free when sending
     - netfilter: nft_tunnel: fix geneve_opt dump
     - net: usb: aqc111: fix error handling of usbnet read calls
     - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
     - bpf: Avoid __bpf_prog_ret0_warn when jit fails
     - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - calipso: Don't call calipso functions for AF_INET sk.
     - net: openvswitch: Fix the dead loop of MPLS parse
     - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
     - f2fs: use d_inode(dentry) cleanup dentry->d_inode
     - f2fs: fix to correct check conditions in f2fs_cross_rename
     - [arm64] dts: qcom: sm8250: Fix CPU7 opp table
     - [arm64] dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
     - [arm64] dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
     - [arm64] dts: imx8mm-beacon: Fix RTC capacitive load
     - [arm64] dts: imx8mn-beacon: Fix RTC capacitive load
     - [arm64] dts: mt6359: Add missing 'compatible' property to regulators node
     - [arm64] dts: qcom: sdm660-lavender: Add missing USB phy supply
     - [arm64] dts: qcom: sda660-ifc6560: Fix dt-validate warning
     - Squashfs: check return result of sb_min_blocksize
     - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
     - nilfs2: add pointer check for nilfs_direct_propagate()
     - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
     - bus: fsl-mc: fix double-free on mc_dev
     - dt-bindings: vendor-prefixes: Add Liontron name
     - [arm64] dts: rockchip: disable unrouted USB controllers and PHY on RK3399
       Puma with Haikou
     - [armhf] soc: aspeed: lpc: Fix impossible judgment condition
     - [armhf] soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
     - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - perf build: Warn when libdebuginfod devel files are not available
     - perf ui browser hists: Set actions->thread before calling do_zoom_thread()
     - dm: don't change md if dm_table_set_restrictions() fails
     - dm: free table mempools if not used in __bind
     - backlight: pm8941: Add NULL check in wled_configure()
     - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
     - hwmon: (asus-ec-sensors) check sensor index in read_string()
     - perf intel-pt: Fix PEBS-via-PT data_src
     - perf scripts python: exported-sql-viewer.py: Fix pattern matching with
       Python 3
     - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
     - remoteproc: k3-r5: Drop check performed in
       k3_r5_rproc_{mbox_callback/kick}
     - perf tests switch-tracking: Fix timestamp comparison
     - perf record: Fix incorrect --user-regs comments
     - nfs: clear SB_RDONLY before getting superblock
     - nfs: ignore SB_RDONLY when remounting nfs
     - [arm64] PCI: cadence: Fix runtime atomic count underflow
     - [arm64] phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
     - [arm64] dmaengine: ti: Add NULL check in udma_probe()
     - PCI/DPC: Initialize aer_err_info before using it
     - usb: renesas_usbhs: Reorder clock handling and power management in probe
     - serial: Fix potential null-ptr-deref in mlb_usio_probe()
     - counter: interrupt-cnt: Protect enable/disable OPs with mutex
     - coresight: prevent deactivate active config while enabling the config
     - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
     - net: stmmac: platform: guarantee uniqueness of bus_id
     - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
     - net: tipc: fix refcount warning in tipc_aead_encrypt
     - net/mlx4_en: Prevent potential integer overflow calculating Hz
     - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
     - ice: create new Tx scheduler nodes for new queues only
     - ice: fix rebuilding the Tx scheduler tree for large queue counts
     - [armhf] net: dsa: tag_brcm: legacy: fix pskb_may_pull length
     - net: stmmac: make sure that ptp_rate is not 0 before configuring
       timestamping
     - net: fix udp gso skb_segment after pull from frag_list
     - vmxnet3: correctly report gso type for UDP tunnels
     - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
     - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
     - netfilter: nf_set_pipapo_avx2: fix initial map fill
     - wireguard: device: enable threaded NAPI
     - seg6: Fix validation of nexthop addresses
     - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
     - do_change_type(): refuse to operate on unmounted/not ours mounts
     - xfs: fix interval filtering in multi-step fsmap queries
     - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends
     - xfs: fix getfsmap reporting past the last rt extent
     - xfs: clean up the rtbitmap fsmap backend
     - xfs: fix logdev fsmap query result filtering
     - xfs: validate fsmap offsets specified in the query keys
     - xfs: fix xfs_btree_query_range callers to initialize btree rec fully
     - xfs: fix an agbno overflow in __xfs_getfsmap_datadev
     - xfs: fix the contact address for the sysfs ABI documentation
     - xfs: verify buffer, inode, and dquot items every tx commit
     - xfs: use consistent uid/gid when grabbing dquots for inodes
     - xfs: declare xfs_file.c symbols in xfs_file.h
     - xfs: create a new helper to return a file's allocation unit
     - xfs: Fix xfs_flush_unmap_range() range for RT
     - xfs: Fix xfs_prepare_shift() range for RT
     - xfs: don't walk off the end of a directory data block (CVE-2024-41013)
     - xfs: remove unused parameter in macro XFS_DQUOT_LOGRES
     - xfs: attr forks require attr, not attr2
     - xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set
     - xfs: Fix the owner setting issue for rmap query in xfs fsmap
     - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
     - xfs: take m_growlock when running growfsrt
     - xfs: reset rootdir extent size hint after growfsrt
     - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
     - Input: synaptics-rmi - fix crash with unsupported versions of F34
     - [arm64] serial: sh-sci: Check if TX data was written to device in
       .tx_empty()
     - [arm64] serial: sh-sci: Move runtime PM enable to sci_probe_single()
     - [arm64] serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - scsi: core: ufs: Fix a hang in the error handler
     - Bluetooth: hci_core: fix list_for_each_entry_rcu usage
     - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
     - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
     - ath10k: snoc: fix unbalanced IRQ enable in crash recovery
     - wifi: ath11k: remove unused function ath11k_tm_event_wmi()
     - wifi: ath11k: fix soc_dp_stats debugfs file permission
     - wifi: ath11k: convert timeouts to secs_to_jiffies()
     - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
     - wifi: ath11k: don't use static variables in
       ath11k_debugfs_fw_stats_process()
     - wifi: ath11k: don't wait when there is no vdev started
     - wifi: ath11k: validate ath11k_crypto_mode on top of
       ath11k_core_qmi_firmware_ready
     - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
     - pinctrl: qcom: pinctrl-qcm2290: Add missing pins
     - scsi: iscsi: Fix incorrect error path labels for flashnode operations
     - net_sched: sch_sfq: fix a potential crash on gso_skb handling
     - [powerpc*] powernv/memtrace: Fix out of bounds issue in memtrace mmap
       (CVE-2025-38088)
     - [powerpc*] vas: Return -EINVAL if the offset is non-zero in mmap()
     - [arm64] drm/meson: use unsigned long long / Hz for frequency types
     - [arm64] drm/meson: fix debug log statement when setting the HDMI clocks
     - [arm64] drm/meson: use vclk_freq instead of pixel_freq in debug print
     - [arm64] drm/meson: fix more rounding issues with 59.94Hz modes
     - i40e: return false from i40e_reset_vf if reset is in progress
     - i40e: retry VFLR handling if there is ongoing VF reset
     - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
     - net: Fix TOCTOU issue in sk_is_readable()
     - macsec: MACsec SCI assignment for ES = 0
     - net: mdio: C22 is now optional, EOPNOTSUPP if not provided
     - net/mdiobus: Fix potential out-of-bounds read/write access
     - Bluetooth: Fix NULL pointer deference on eir_get_service_data
     - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
     - Bluetooth: MGMT: Fix sparse errors
     - net/mlx5: Ensure fw pages are always allocated on same NUMA
     - net/mlx5: Fix return value when searching for existing flow group
     - net/mlx5e: Fix leak of Geneve TLV option object
     - net_sched: prio: fix a race in prio_tune() (CVE-2025-38083)
     - net_sched: red: fix a race in __red_change()
     - net_sched: tbf: fix a race in tbf_change()
     - net_sched: ets: fix a race in ets_qdisc_change()
     - fs/filesystems: Fix potential unsigned integer underflow in fs_name()
     - nvmet-fcloop: access fcpreq only when holding reqlock
     - perf: Ensure bpf_perf_link path is properly serialized
     - bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
     - tools/resolve_btfids: Fix build when cross compiling kernel with clang.
     - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
     - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
     - Revert "io_uring: ensure deferred completions are posted for multishot"
     - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
       posix_cpu_timer_del()
     - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
     - kbuild: Add KBUILD_CPPFLAGS to as-option invocation
     - usb: usbtmc: Fix read_stb function and get_stb ioctl
     - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
     - usb: Flush altsetting 0 endpoints before reinitializating them after
       reset.
     - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
     - [arm64] xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
     - [x86] iopl: Cure TIF_IO_BITMAP inconsistencies
     - calipso: unlock rcu before returning -EAFNOSUPPORT
     - net: usb: aqc111: debug info before sanitation
     - [arm64] drm/meson: Use 1000ULL when operating with mode->clock
     - configfs: Do not override creating attribute file failure in
       populate_attrs()
     - crypto: marvell/cesa - Do not chain submitted requests
     - gfs2: move msleep to sleepable context
     - [arm64,armhf] ASoC: meson: meson-card-utils: use of_property_present() for
       DT parsing
     - io_uring: account drain memory to cgroup
     - [powerpc*] pseries/msi: Avoid reading PCI device registers in reduced
       power states
     - regulator: max20086: Fix MAX200086 chip id
     - regulator: max20086: Change enable gpio to optional
     - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
     - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
     - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
     - wifi: ath11k: fix rx completion meta data corruption
     - wifi: ath11k: fix ring-buffer corruption
     - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
     - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
     - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
     - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
     - media: cxusb: no longer judge rbuf when the write fails
     - media: gspca: Add error handling for stv06xx_read_sensor()
     - media: omap3isp: use sgtable-based scatterlist wrappers
     - media: v4l2-dev: fix error handling in __video_register_device()
     - media: videobuf2: use sgtable-based scatterlist wrappers
     - media: vidtv: Terminating the subsequent process of initialization failure
     - media: vivid: Change the siize of the composing
     - media: uvcvideo: Return the number of processed controls
     - media: uvcvideo: Send control events for partial succeeds
     - media: uvcvideo: Fix deferred probing error
     - [armel,armhf] 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
     - bus: mhi: host: Fix conflict between power_up and SYSERR
     - can: tcan4x5x: fix power regulator retrieval during probe
     - ceph: set superblock s_magic for IMA fsmagic matching
     - cgroup,freezer: fix incomplete freezing when attaching tasks
     - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
     - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
     - bus: fsl-mc: fix GET/SET_TAILDROP command ids
     - ext4: inline: fix len overflow in ext4_prepare_inline_data
     - ext4: fix calculation of credits for extent tree modification
     - ext4: factor out ext4_get_maxbytes()
     - ext4: ensure i_size is smaller than maxbytes
     - Input: ims-pcu - check record size in ims_pcu_flash_firmware()
     - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
     - f2fs: prevent kernel warning due to negative i_nlink from corrupted image
     - f2fs: fix to do sanity check on sit_bitmap_size
     - NFC: nci: uart: Set tty->disc_data only in success path
     - net: ftgmac100: select FIXED_PHY
     - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
     - vgacon: Add check for vc_origin address range in vgacon_scroll()
     - [arm64] clk: meson-g12a: add missing fclk_div2 to spicc
     - ipc: fix to protect IPCS lookups using RCU
     - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
     - mm: fix ratelimit_pages update error in dirty_ratio_handler()
     - [armhf] mtd: rawnand: sunxi: Add randomizer configuration in
       sunxi_nfc_hw_ecc_write_chunk
     - [armhf] mtd: nand: sunxi: Add randomizer configuration before randomizer
       enable
     - [x86] KVM: SVM: Clear current_vmcb during vCPU free for all *possible*
       CPUs
     - dm-mirror: fix a tiny race condition
     - ftrace: Fix UAF when lookup kallsym after ftrace disabled
     - net: ch9200: fix uninitialised access during mii_nway_restart
       (CVE-2025-38086)
     - [s390x] KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
     - staging: iio: ad5933: Correct settling cycles encoding per datasheet
     - regulator: max14577: Add error check for max14577_read_reg()
     - remoteproc: core: Cleanup acquired resources when rproc_handle_resources()
       fails in rproc_attach()
     - remoteproc: core: Release rproc->clean_table after rproc_attach() fails
     - cifs: reset connections for all channels when reconnect requested
     - uio_hv_generic: Use correct size for interrupt and monitor pages
     - PCI: cadence-ep: Correct PBA offset in .set_msix() callback
     - PCI: Add ACS quirk for Loongson PCIe
     - PCI: Fix lock symmetry in pci_slot_unlock()
     - PCI: dw-rockchip: Fix PHY function call sequence in
       rockchip_pcie_phy_deinit()
     - iio: accel: fxls8962af: Fix temperature scan element sign
     - iio: imu: inv_icm42600: Fix temperature calculation
     - iio: adc: ad7606_spi: fix reg write value mask
     - ACPICA: fix acpi operand cache leak in dswstate.c
     - [x86] ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
     - clocksource: Fix the CPUs' choice in the watchdog per CPU verification
     - mmc: Add quirk to disable DDR50 tuning
     - ACPICA: Avoid sequence overread in call to strncmp()
     - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
     - ACPI: bus: Bail out if acpi_kobj registration fails
     - ACPICA: fix acpi parse and parseext cache leaks
     - power: supply: bq27xxx: Retrieve again when busy
     - ACPICA: utilities: Fix overflow check in vsnprintf()
     - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
     - ACPI: battery: negate current when discharging
     - net: macb: Check return value of dma_set_mask_and_coherent()
     - net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
     - tipc: use kfree_sensitive() for aead cleanup
     - bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
     - i2c: designware: Invoke runtime suspend on quick slave re-registration
     - emulex/benet: correct command version selection in be_cmd_get_stats()
     - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
     - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
     - sctp: Do not wake readers in __sctp_write_space()
     - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
     - i2c: tegra: check msg length in SMBUS block read
     - i2c: npcm: Add clock toggle recovery
     - net: dlink: add synchronization for stats update
     - wifi: ath11k: Fix QMI memory reuse logic
     - tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
     - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
     - [x86] sgx: Prevent attempts to reclaim poisoned pages
     - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
     - net: atlantic: generate software timestamp just before the doorbell
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_set_by_name()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_gpio_get_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from
       armada_37xx_pmx_gpio_set_direction()
     - [arm64] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
     - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
     - net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
     - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
     - wifi: mac80211: do not offer a mesh path if forwarding is disabled
     - clk: rockchip: rk3036: mark ddrphy as critical
     - libbpf: Add identical pointer detection to btf_dedup_is_equiv()
     - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
     - [amd64] iommu/amd: Ensure GA log notifier callbacks finish running before
       module unload
     - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
     - net: bridge: mcast: update multicast contex when vlan state is changed
     - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
       functions
     - vxlan: Do not treat dst cache initialization errors as fatal
     - software node: Correct a OOB check in software_node_get_reference_args()
     - pinctrl: mcp23s08: Reset all pins to input at probe
     - scsi: lpfc: Use memcpy() for BIOS version
     - sock: Correct error checking condition for (assign|release)_proto_idx()
     - i40e: fix MMIO write access to an invalid page in i40e_clear_hw
     - ice: fix check for existing switch rule
     - bpf, sockmap: Fix data lost during EAGAIN retries
     - net: ethernet: cortina: Use TOE/TSO on all TCP
     - fbcon: Make sure modelist not set on unregistered console
     - watchdog: da9052_wdt: respect TWDMIN
     - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
     - [armhf] OMAP2+: Fix l4ls clk domain handling in STANDBY
     - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
       first"
     - [x86] platform/x86: dell_rbu: Fix list usage
     - [x86] platform/x86: dell_rbu: Stop overwriting data buffer
     - [powerpc*] eeh: Fix missing PE bridge reconfiguration during VFIO EEH
       recovery
     - Revert "x86/bugs: Make spectre user default depend on
       MITIGATION_SPECTRE_V2" on v6.6 and older
     - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (CVE-2025-38090)
     - jffs2: check that raw node were preallocated before writing summary
     - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
     - smb: improve directory cache reuse for readdir operations
     - scsi: storvsc: Increase the timeouts to storvsc_timeout
     - scsi: s390: zfcp: Ensure synchronous unit_add
     - net_sched: sch_sfq: reject invalid perturb period
     - udmabuf: use sgtable-based scatterlist wrappers
     - ksmbd: fix null pointer dereference in destroy_previous_session
     - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
     - atm: Revert atm_account_tx() if copy_from_iter_full() fails.
     - Input: sparcspkr - avoid unannotated fall-through
     - wifi: cfg80211: init wiphy_work before allocating rfkill fails
       (CVE-2025-22119)
     - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
       card
     - ALSA: hda/intel: Add Thinkpad E15 to PM deny list
     - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
     - mm/hugetlb: unshare page tables during VMA split, not before
       (CVE-2025-38084)
     - mm: hugetlb: independent PMD page table shared count (CVE-2024-57883)
     - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
     - mm/huge_memory: fix dereferencing invalid pmd migration entry
       (CVE-2025-37958)
     - net: Fix checksum update for ILA adj-transport
     - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
     - erofs: remove unused trace event erofs_destroy_inode
     - [arm64] drm/msm/disp: Correct porch timing for SDM845
     - [arm64] drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
     - ionic: Prevent driver/fw getting out of sync on devcmd(s)
     - drm/nouveau/bl: increase buffer size to avoid truncate warning
     - hwmon: (occ) Rework attribute registration for stack usage
     - hwmon: (occ) fix unaligned accesses
     - pldmfw: Select CRC32 when PLDMFW is selected
     - aoe: clean device rq_list in aoedev_downdev()
     - net: ice: Perform accurate aRFS flow match
     - ptp: fix breakage after ptp_vclock_in_use() rework
     - ptp: allow reading of currently dialed frequency to succeed on
       free-running clocks
     - wifi: carl9170: do not ping device which has failed to load firmware
     - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
     - atm: atmtcp: Free invalid length skb in atmtcp_c_send().
     - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
       behavior
     - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
     - tcp: fix passive TFO socket having invalid NAPI ID
     - net: microchip: lan743x: Reduce PTP timeout on HW failure
     - net: lan743x: fix potential out-of-bounds write in
       lan743x_ptp_io_event_clock_get()
     - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
     - net: atm: add lec_mutex
     - net: atm: fix /proc/net/atm/lec handling
     - dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
     - [x86] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
     - [arm64] dts: ti: k3-j721e-sk: Add DT nodes for power regulators
     - serial: sh-sci: Increment the runtime usage counter for the earlycon
       device
     - Revert "cpufreq: tegra186: Share policy per cluster"
     - smb: client: fix first command failure during re-negotiation
     - [s390x] pci: Fix __pcilg_mio_inuser() inline assembly
     - perf: Fix sample vs do_exit()
     - [arm64] ptrace: Fix stack-out-of-bounds read in
       regs_get_kernel_stack_nth()
     - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.143
     - cifs: Correctly set SMB1 SessionKey field in Session Setup Request
     - cifs: Fix cifs_query_path_info() for Windows NT servers
     - NFSv4: Always set NLINK even if the server doesn't support it
     - NFSv4.2: fix listxattr to return selinux security label
     - [arm*] mailbox: Not protect module_put with spin_lock_irqsave
     - leds: multicolor: Fix intensity setting while SW blinking
     - NFSv4: xattr handlers should check for absent nfs filehandles
     - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
       extension
     - md/md-bitmap: fix dm-raid max_write_behind setting
     - amd/amdkfd: fix a kfd_process ref leak
     - bcache: fix NULL pointer in cache_set_flush()
     - iio: pressure: zpa2326: Use aligned_s64 for the timestamp
     - [arm64] coresight: Only check bottom two claim bits
     - [arm64,armhf] usb: dwc2: also exit clock_gating when stopping udc while
       suspended
     - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
     - usb: potential integer overflow in usbg_make_tpg()
     - usb: common: usb-conn-gpio: use a unique name for usb connector device
     - usb: Add checks for snprintf() calls in usb_alloc_dev()
     - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
     - usb: typec: displayport: Receive DP Status Update NAK request exit dp
       altmode
     - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
     - ALSA: hda: Ignore unsol events for cards being shut down
     - ALSA: hda: Add new pci id for AMD GPU display HD audio controller
     - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
     - ceph: fix possible integer overflow in ceph_zero_objects()
     - ovl: Check for NULL d_inode() in ovl_dentry_upper()
     - btrfs: handle csum tree error with rescue=ibadroots correctly
     - [x86] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
     - [x86] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on
       DG1"
     - fs/jfs: consolidate sanity checking in dbMount
     - jfs: validate AG parameters in dbMount() to prevent crashes
       (CVE-2025-38230)
     - media: imx-jpeg: Cleanup after an allocation error (CVE-2025-38225)
     - f2fs: don't over-report free space or inodes in statvfs
     - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in
       fb_videomode_to_var (CVE-2025-38215)
     - drivers: hv, hyperv_fb: Untangle and refactor Hyper-V panic notifiers
     - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
     - Drivers: hv: move panic report code from vmbus to hv early init code
     - Drivers: hv: Change hv_free_hyperv_page() to take void * argument
     - Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
       (CVE-2024-36913)
     - Drivers: hv: Allocate interrupt and monitor pages aligned to system page
       boundary
     - Drivers: hv: vmbus: Add utility function for querying ring size
     - uio_hv_generic: Query the ringbuffer size for device
     - uio_hv_generic: Align ring size to system page
     - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
     - vgacon: remove unneeded forward declarations
     - tty: vt: make init parameter of consw::con_init() a bool
     - tty: vt: sanitize arguments of consw::con_clear()
     - tty: vt: make consw::con_switch() return a bool
     - dummycon: Trigger redraw when switching consoles with deferred takeover
     - af_unix: Don't call skb_get() for OOB skb.
     - af_unix: Don't leave consecutive consumed OOB skbs.
     - i2c: tiny-usb: disable zero-length read messages
     - i2c: robotfuzz-osif: disable zero-length read messages
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
     - [s390x] pkey: Prevent overflow in size calculation for memdup_user()
     - atm: clip: prevent NULL deref in clip_push()
     - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
     - attach_recursive_mnt(): do not lock the covering tree when sliding
       something under it
     - libbpf: Fix null pointer dereference in btf_dump__free on allocation
       failure
     - wifi: mac80211: fix beacon interval calculation overflow
     - af_unix: Don't set -ECONNRESET for consumed OOB skb.
     - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
     - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
     - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
       (Closes: #1108069)
     - net: selftests: fix TCP packet checksum
     - [arm64] drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
     - [arm64] drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
     - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
     - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
     - serial: imx: Restore original RXTL for console to fix data loss
     - Bluetooth: L2CAP: Fix L2CAP MTU negotiation
     - dm-raid: fix variable in journal device check
     - btrfs: fix a race between renames and directory logging
     - btrfs: update superblock's device bytes_used when dropping chunk
     - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
     - HID: wacom: fix memory leak on kobject creation failure
     - HID: wacom: fix memory leak on sysfs attribute creation failure
     - HID: wacom: fix kobject reference count leak
     - scsi: megaraid_sas: Fix invalid node index
     - [arm64,armhf] drm/etnaviv: Protect the scheduler's pending list with its
       lock
     - [arm64,armhf] drm/tegra: Assign plane type before registration
     - [arm64,armhf] drm/tegra: Fix a possible null pointer dereference
     - drm/udl: Unregister device before cleaning up on disconnect
     - [arm64] drm/msm/gpu: Fix crash when throttling GPU immediately during boot
     - drm/amdkfd: Fix race in GWS queue scheduling
     - drm/amd/display: Add null pointer check for get_first_active_display()
     - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
     - drm/amdgpu: Add kicker device detection
     - ksmbd: Use unsafe_memcpy() for ntlm_negotiate
     - ksmbd: remove unsafe_memcpy use in session setup
     - fs: omfs: Use flexible-array member in struct omfs_extent
     - fbdev: hyperv_fb: Convert comma to semicolon
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - media: uvcvideo: Rollback non processed entities on error
     - [s390x] entry: Fix last breaking event handling in case of stack
       corruption
     - Kunit to check the longest symbol length
     - [x86] tools: Drop duplicate unlikely() definition in insn_decoder_test.c
     - Revert "ipv6: save dontfrag in cork"
     - nvme: always punt polled uring_cmd end_io work to task_work
     - io_uring/kbuf: account ring io_buffer_list memory
     - [arm64] firmware: arm_scmi: Add a common helper to check if a message is
       supported
     - [arm64] firmware: arm_scmi: Ensure that the message-id supports
       fastchannel
     - [arm64] Restrict pagetable teardown to avoid false warning
     - [arm*] 9354/1: ptrace: Use bitfield helpers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.144
     - rtc: cmos: use spin_lock_irqsave in cmos_interrupt
     - [s390x] pci: Do not try re-enabling load/store if device is disabled
     - vsock/vmci: Clear the vmci transport packet properly when initializing it
     - mmc: sdhci: Add a helper function for dump register in dynamic debug mode
     - Revert "mmc: sdhci: Disable SD card clock before changing parameters"
       (Closes: #1108065)
     - Bluetooth: hci_sync: revert some mesh modifications
     - Bluetooth: MGMT: set_mesh: update LE scan interval and window
     - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising
     - [arm64,armhf] regulator: gpio: Fix the out-of-bounds access to
       drvdata::gpiods
     - usb: typec: altmodes/displayport: do not index invalid pin_assignments
     - [arm64] dts: apple: t8103: Fix PCIe BCM4377 nodename
     - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
     - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
     - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
     - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
     - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
     - scsi: ufs: core: Fix spelling of a sysfs attribute name
     - RDMA/mlx5: Fix CC counters query for MPV
     - Bluetooth: Prevent unintended pause by checking if advertising is active
     - btrfs: fix missing error handling when searching for inode refs during log
       replay
     - btrfs: fix iteration of extrefs during log replay
     - ethernet: atl1: Add missing DMA mapping error checks and count errors
     - [armhf] drm/exynos: fimd: Guard display clock control with runtime PM
       calls
     - [arm64] spi: spi-fsl-dspi: Clear completion counter before initiating
       transfer
     - [x86] platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
       callbacks
     - [x86] drm/i915/gt: Fix timeline left held on VMA alloc error
     - [x86] drm/i915/gsc: mei interrupt top half should be in irq disabled
       context
     - igc: disable L1.2 PCI-E link substate to avoid performance issue
     - [amd64,arm64] amd-xgbe: align CL37 AN sequence as per databook
     - enic: fix incorrect MTU comparison in enic_change_mtu()
     - rose: fix dangling neighbour pointers in rose_rt_device_down()
     - nui: Fix dma_mapping_error() check
     - net/sched: Always pass notifications when child class becomes empty
     - smb: client: fix race condition in negotiate timeout by using more precise
       timing
     - [arm64] drm/msm: Fix a fence leak in submit error path
     - [arm64] drm/msm: Fix another leak in the submit error path
     - ALSA: sb: Don't allow changing the DMA mode during operations
     - ALSA: sb: Force to disable DMAs once when DMA mode is changed
     - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled
     - ata: pata_cs5536: fix build on 32-bit UML
     - [powerpc*] Fix struct termio related ioctl macros
     - [x86] ASoC: amd: yc: update quirk data for HP Victus
     - scsi: target: Fix NULL pointer dereference in
       core_scsi3_decode_spec_i_port()
     - aoe: defer rexmit timer downdev work to workqueue
     - wifi: mac80211: drop invalid source address OCB frames
     - wifi: ath6kl: remove WARN on bad firmware input
     - ACPICA: Refuse to evaluate a method if arguments are missing
     - mtd: spinand: fix memory leak of ECC engine conf
     - rcu: Return early if callback is not specified
     - virtio-net: ensure the received length does not exceed allocated size
     - [arm64] drm/v3d: Disable interrupts before resetting the GPU
     - NFSv4/flexfiles: Fix handling of NFS level errors in I/O
     - btrfs: use btrfs_record_snapshot_destroy() during rmdir
     - [arm64] dpaa2-eth: fix xdp_rxq_info leak
     - [x86] platform/x86: think-lmi: Fix class device unregistration
     - [x86] platform/x86: dell-wmi-sysman: Fix class device unregistration
     - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
     - xhci: dbctty: disable ECHO flag by default
     - xhci: dbc: Flush queued requests before stopping dbc
     - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
     - usb: cdnsp: do not disable slot for disabled slot
     - dma-buf: fix timeout handling in dma_resv_wait_timeout v2
     - i2c/designware: Fix an initialization issue
     - Logitech C-270 even more broken
     - [x86] platform/x86: think-lmi: Create ksets consecutively
     - [x86] platform/x86: think-lmi: Fix kobject cleanup
     - usb: typec: displayport: Fix potential deadlock
     - [amd64] Mitigations Transitive Scheduler Attacks (TSA) (CVE-2024-36350,
       CVE-2024-36357)
       + x86/bugs: Rename MDS machinery to something more generic
       + x86/bugs: Add a Transient Scheduler Attacks mitigation
       + KVM: SVM: Advertise TSA CPUID bits to guests
       + x86/process: Move the buffer clearing before MONITOR
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.145
     - [amd64] x86/CPU/AMD: Properly check the TSA microcode
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.146
     - [x86] platform/x86: ideapad-laptop: use usleep_range() for EC polling
     - perf: Revert to requiring CAP_SYS_ADMIN for uprobes
     - Bluetooth: hci_sync: Fix not disabling advertising instance
     - fix proc_sys_compare() handling of in-lookup dentries
     - netlink: Fix wraparounds of sk->sk_rmem_alloc.
     - tipc: Fix use-after-free in tipc_conn_close().
     - vsock: Fix transport_{g2h,h2g} TOCTOU
     - vsock: Fix transport_* TOCTOU
     - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local`
     - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
     - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
     - atm: clip: Fix potential null-ptr-deref in to_atmarpd().
     - atm: clip: Fix memory leak of struct clip_vcc.
     - atm: clip: Fix infinite recursive call of clip_push().
     - atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
     - net/sched: Abort __tc_modify_qdisc if parent class does not exist
     - maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
     - rxrpc: Fix oops due to non-existence of prealloc backlog struct
     - [x86] boot: Compile boot code with -std=gnu11 too
     - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
     - [x86] mce/amd: Fix threshold limit reset
     - [x86] mce: Don't remove sysfs if thresholding sysfs init fails
     - [x86] mce: Make sure CMCI banks are cleared during shutdown on Intel
     - [x86] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ
       routing table.
     - [x86] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is
       in-flight
     - gre: Fix IPv6 multicast route creation. (Closes: #1108430)
     - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734)
     - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts
     - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558)
     - drm/sched: Increment job count before swapping tail spsc queue
     - drm/ttm: fix error handling in ttm_buffer_object_transfer
     - drm/gem: Fix race in drm_gem_handle_create_tail()
     - usb: gadget: u_serial: Fix race condition in TTY wakeup
     - Revert "ACPI: battery: negate current when discharging"
     - kallsyms: fix build without execinfo
     - maple_tree: fix mt_destroy_walk() on root leaf node
     - pwm: mediatek: Ensure to disable clocks in error path
     - smb: server: make use of rdma_destroy_qp()
     - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
     - netlink: Fix rmem check in netlink_broadcast_deliver().
     - netlink: make sure we allow at least one dump skb
     - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
     - btrfs: propagate last_unlink_trans earlier when doing a rmdir
     - xhci: Allow RPM on the USB controller (1022:43f7) by default
     - usb: xhci: quirk for data loss in ISOC transfers
     - Input: xpad - support Acer NGR 200 Controller
     - [arm64,armhf] usb: dwc3: Abort suspend on soft disconnect failure
     - wifi: zd1211rw: Fix potential NULL pointer dereference in
       zd_mac_tx_to_dev()
     - [arm64,armhf] drm/tegra: nvdec: Fix dma_alloc_coherent error check
     - md/raid1: Fix stack memory use after return in raid1_reshape
     - raid10: cleanup memleak at raid10_make_request
     - nbd: fix uaf in nbd_genl_connect() error path
     - erofs: remove the member readahead from struct z_erofs_decompress_frontend
     - erofs: clean up z_erofs_pcluster_readmore()
     - erofs: allocate extra bvec pages directly instead of retrying
     - erofs: avoid on-stack pagepool directly passed by arguments
     - erofs: adapt folios for z_erofs_read_folio()
     - erofs: fix to add missing tracepoint in erofs_read_folio()
     - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
     - net: appletalk: Fix device refcount leak in atrtr_create()
     - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof
     - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
     - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
       debug level
     - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
     - bnxt_en: Fix DCB ETS validation
     - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
     - atm: idt77252: Add missing `dma_map_error()`
     - [x86] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic
     - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100
     - net: usb: qmi_wwan: add SIMCom 8230C composition
     - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
     - btrfs: fix assertion when building free space tree
     - vt: add missing notification when switching back to text mode
     - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
     - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
     - Input: atkbd - do not skip atkbd_deactivate() when skipping
       ATKBD_CMD_GETID
     - vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074)
     - [x86] mm: Disable hugetlb page table sharing on 32-bit
     - [x86] Fix X86_FEATURE_VERW_CLEAR definition
     - ksmbd: fix potential use-after-free in oplock/lease break ack
     - rseq: Fix segfault on registration when rseq_cs is non-zero
       (CVE-2025-38067)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.147
     - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
     - USB: serial: option: add Foxconn T99W640
     - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
     - usb: gadget: configfs: Fix OOB read on empty string write
     - [armhf] i2c: stm32: fix the device used for the DMA map
     - [x86] thunderbolt: Fix bit masking in tb_dp_port_set_hops()
     - Input: xpad - set correct controller type for Acer NGR200
     - pch_uart: Fix dma_sync_sg_for_device() nents value
     - HID: core: ensure the allocated report buffer can contain the reserved
       report ID
     - HID: core: ensure __hid_request reserves the report ID as the first byte
     - HID: core: do not bypass hid_hw_raw_request
     - tracing: Add down_write(trace_event_sem) when adding trace event
     - io_uring/poll: fix POLLERR handling
     - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
       pep_sock_accept()
     - net/mlx5: Update the list of the PCI supported devices
     - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
     - af_packet: fix soft lockup issue caused by tpacket_snd()
     - isofs: Verify inode mode when loading from disk
     - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
     - [arm64,armhf] mmc: bcm2835: Fix dma_unmap_sg() nents value
     - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
       Positivo models
     - [arm64] mmc: sdhci_am654: Workaround for Errata i2312
     - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
     - smb: client: fix use-after-free in crypt_message when using async crypto
     - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order
     - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
     - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
     - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
     - iio: adc: max1363: Reorder mode_list[] entries
     - iio: adc: stm32-adc: Fix race in installing chained IRQ handler
     - [i386] comedi: pcl812: Fix bit shift out of bounds
     - [i386] comedi: aio_iiro_16: Fix bit shift out of bounds
     - [i386] comedi: das16m1: Fix bit shift out of bounds
     - [i386] comedi: das6402: Fix bit shift out of bounds
     - [i386] comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
     - [i386] comedi: Fix some signed shift left operations
     - [i386] comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
     - [i386] comedi: Fix initialization of data for instructions that write to
       subdevice
     - bpf: Reject %p% format string in bprintf-like helpers
     - cachefiles: Fix the incorrect return value in __cachefiles_write()
     - net/sched: sch_qfq: Fix race condition on qfq_aggregate
     - rpl: Fix use-after-free in rpl_do_srh_inline().
     - smb: client: fix use-after-free in cifs_oplock_break
     - nvme: fix misaccounting of nvme-mpath inflight I/O
     - [x86] hwmon: (corsair-cpro) Validate the size of the received input buffer
     - usb: net: sierra: check for no status endpoint
     - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
     - Bluetooth: hci_sync: fix connectable extended advertising when using
       static random address
     - Bluetooth: SMP: If an unallowed command is received consider it a failure
     - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
     - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant
       without board ID
     - net/mlx5: Correctly set gso_size when LRO is used
     - ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
     - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
     - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
     - tls: always refresh the queue when reading sock
     - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
       runtime
     - net: bridge: Do not offload IGMP/MLD messages
     - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
     - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"
     - sched: Change nr_uninterruptible type to unsigned long
     - HID: mcp2221: Set driver data before I2C adapter add
     - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right
       userns
     - usb: hub: fix detection of high tier USB3 devices behind suspended hubs
     - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
       pm
     - usb: hub: Fix flushing of delayed work used for post resume purposes
     - usb: hub: Don't try to recover devices lost during warm reset.
     - usb: musb: Add and use inline functions musb_{get,set}_state
     - usb: musb: fix gadget state on disconnect
     - [arm64] usb: dwc3: qcom: Don't leave BCR asserted
     - [arm64] ASoC: fsl_sai: Force a software reset when starting in consumer
       mode
     - Bluetooth: HCI: Set extended advertising data synchronously
     - mm/vmalloc: leave lazy MMU mode on PTE mapping error
     - nvmem: layouts: u-boot-env: remove crc32 endianness conversion
 .
   [ Uwe Kleine-König ]
   * Disable CONFIG_CDROM_PKTCDVD for all archs as this driver is
     orphaned, buggy and not needed. (Closes: #1107479)
 .
   [ Salvatore Bonaccorso ]
   * [amd64] drivers/acpi: Make ACPI_HED built-in
   * Bump ABI to 38
   * [rt] Update to 6.1.141-rt52
   * net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
     qfq_delete_class
   * [amd64] x86/bugs: Fix use of possibly uninit value in
     amd_check_tsa_microcode()
 .
   [ Kevin P. Fleming ]
   * test-patches: Add defaults for DEBEMAIL and DEBFULLNAME
linux-signed-i386 (6.1.140+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.140-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.140
     - binfmt: Fix whitespace issues
     - binfmt_elf: Support segments with 0 filesz and misaligned starts
     - binfmt_elf: elf_bss no longer used by load_elf_binary()
     - binfmt_elf: Leave a gap between .bss and brk
     - binfmt_elf: Calculate total_size earlier
     - binfmt_elf: Honor PT_LOAD alignment for static PIE
     - binfmt_elf: Move brk for static PIE even if ASLR disabled
     - [x86] platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - tpm: tis: Double the timeout B to 4s
     - iio: adc: ad7266: Fix potential timestamp alignment issue.
     - drm/amd: Stop evicting resources on APUs in suspend
     - drm/amdgpu: Fix the runtime resume failure issue
     - drm/amdgpu: trigger flr_work if reading pf2vf data failed
     - drm/amd: Add Suspend/Hibernate notification callback support
     - Revert "drm/amd: Stop evicting resources on APUs in suspend"
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
     - HID: uclogic: Add NULL check in uclogic_input_configured()
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - net_sched: Flush gso_skb list too during ->change()
     - net: mctp: Ensure keys maintain only one ref to corresponding dev
     - [arm64] net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - nvme-pci: make nvme_pci_npages_prp() __always_inline
     - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - net/mlx5e: Disable MACsec offload for uplink representor profile
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - net/tls: fix kernel panic when alloc_page failed
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - drm/amd/display: Correct the reply value when AUX write incomplete
     - drm/amd/display: Avoid flooding unnecessary info messages
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - dma-buf: insert memory barrier before updating num_fences
     - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
     - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
     - hv_netvsc: Remove rmsg_pgcnt
     - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
     - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - [arm64,armhf] phy: Fix error handling in tegra_xusb_port_init
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
     - [arm64] phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
     - smb: client: fix memory leak during error handling for POSIX mkdir
     - wifi: mt76: disable napi on driver removal
     - net: qede: Initialize qede_ll_ops with designated initializer
     - [arm64] dmaengine: ti: k3-udma: Add missing locking
     - [arm64] dmaengine: ti: k3-udma: Use cap_mask directly from dma_device
       structure instead of a local copy
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_wqs
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - [amd64] dmaengine: idxd: Add missing cleanup for early error out in
       idxd_setup_internals
     - [amd64] dmaengine: idxd: Add missing cleanups in cleanup internals
     - [amd64] dmaengine: idxd: Add missing idxd cleanup to fix memory leak in
       remove call
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_alloc
     - [amd64] dmaengine: idxd: fix memory leak in error handling path of
       idxd_pci_probe
     - usb: typec: ucsi: displayport: Fix deadlock (CVE-2025-37967)
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group (CVE-2024-35790)
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
       (CVE-2024-53203)
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
     - [arm64] bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
       (CVE-2024-43840)
     - [arm64] bpf, arm64: Fix address emission with tag-based KASAN enabled
     - hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
       (CVE-2025-21931)
     - sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
     - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - [arm64] sme: Always exit sme_alloc() early with existing storage
     - [x86] platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually
       enabled it (CVE-2025-21645)
     - bnxt_en: Fix receive ring space parameters when XDP is active
       (CVE-2024-53209)
     - ipv6: Fix potential uninit-value access in __ip6_make_skb()
       (CVE-2024-36903)
     - ipv4: Fix uninit-value access in __ip_make_skb() (CVE-2024-36927)
     - spi: cadence-qspi: fix pointer reference in runtime PM hooks
       (CVE-2024-26807)
     - drm/amdgpu: fix pm notifier handling
     - [x86] modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 37
linux-signed-i386 (6.1.139+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.139-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.138
     - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
     - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
     - [arm64] i2c: imx-lpi2c: Fix clock count when probe defers
     - [arm64] errata: Add missing sentinels to Spectre-BHB MIDR arrays
     - [x86] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
       value.
     - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
       offload
     - [arm64] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
     - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
     - dm-integrity: fix a warning on invalid table line
     - dm: always update the array size in realloc_argv on success
     - [amd64] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
     - [amd64] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
     - [x86] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
       hotplug
     - ksmbd: fix use-after-free in kerberos authentication
     - cpufreq: Avoid using inconsistent policy->min and policy->max
     - cpufreq: Fix setting policy limits when frequency tables are used
     - tracing: Fix oob write in trace_seq_to_buffer()
     - xfs: fix error returns from xfs_bmapi_write
     - xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
     - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
     - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item
       recovery
     - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
     - xfs: validate recovered name buffers when recovering xattr items
     - xfs: revert commit 44af6c7e59b12
     - xfs: match lock mode in xfs_buffered_write_iomap_begin()
     - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
     - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
     - xfs: convert delayed extents to unwritten when zeroing post eof blocks
     - xfs: allow symlinks with short remote targets
     - xfs: make sure sb_fdblocks is non-negative
     - xfs: fix freeing speculative preallocations for preallocated files
     - xfs: allow unlinked symlinks and dirs with zero size
     - xfs: restrict when we try to align cow fork delalloc to cowextsz hints
     - [x86] KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
       loop (CVE-2025-21839)
     - dm-bufio: don't schedule in atomic context
     - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
     - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
     - vxlan: vnifilter: Fix unlocked deletion of default FDB entry
     - net/mlx5: E-Switch, Initialize MAC Address for Default GID
     - net/mlx5: E-switch, Fix error handling for enabling roce
     - [arm64] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged
     - [arm64] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
     - net_sched: drr: Fix double list add in class with netem as child qdisc
     - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
       qdisc
     - net_sched: ets: Fix double list add in class with netem as child qdisc
     - net_sched: qfq: Fix double list add in class with netem as child qdisc
     - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
     - net: dlink: Correct endianness handling of led_mode
     - [arm64] net: dsa: felix: fix broken taprio gate states after clock jump
     - net: ipv6: fix UDPv6 GSO segmentation with NAT
     - bnxt_en: Fix coredump logic to free allocated buffer
     - bnxt_en: Fix out-of-bound memcpy() during ethtool -w
     - bnxt_en: Fix ethtool -d byte order for 32-bit values
     - nvme-tcp: fix premature queue removal and I/O failover
     - net: lan743x: Fix memleak issue when GSO enabled
     - net: fec: ERR007885 Workaround for conventional TX
     - [arm64] net: hns3: store rx VLAN tag offload state for VF
     - [arm64] net: hns3: fix an interrupt residual problem
     - [arm64] net: hns3: fixed debugfs tm_qset size
     - [arm64] net: hns3: defer calling ptp_clock_register()
     - PCI: imx6: Skip controller_id generation logic for i.MX7D
     - sch_htb: make htb_qlen_notify() idempotent
     - sch_drr: make drr_qlen_notify() idempotent
     - sch_hfsc: make hfsc_qlen_notify() idempotent
     - sch_qfq: make qfq_qlen_notify() idempotent
     - sch_ets: make est_qlen_notify() idempotent
     - [x86] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables
       separately"
     - [arm64] firmware: arm_scmi: Balance device refcount when destroying
       devices
     - net: phy: microchip: force IRQ polling mode for lan88xx
     - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
     - [arm64,armhf] irqchip/gic-v2m: Mark a few functions __init
     - [arm64,armhf] irqchip/gic-v2m: Prevent use after free of
       gicv2m_get_fwnode() (CVE-2025-37819)
     - dm: fix copying after src array boundaries
     - [arm64] iommu/arm-smmu-v3: Use the new rb tree helpers
     - [arm64] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated
       stream ids
     - drm/amd/display: phase2 enable mst hdcp multiple displays
     - drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c
     - drm/amd/display: Change HDCP update sequence for DM
     - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
     - drm/amd/display: Fix slab-use-after-free in hdcp
     - ASoC: Use of_property_read_bool()
     - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
       properties
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.139
     - dm: add missing unlock on in dm_keyslot_evict()
     - [arm64] dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
     - [arm64] can: mcan: m_can_class_unregister(): fix order of unregistration
       calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - ksmbd: prevent out-of-bounds stream writes by validating *pos
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - ksmbd: fix memory leak in parse_lease_state()
     - sch_htb: make htb_deactivate() idempotent
     - gre: Fix again IPv6 link-local address generation.
     - can: mcp251xfd: fix TDC setting for low data bit rates
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - ipv4: Drop tos parameter from flowi4_update_output()
     - ipvs: fix uninit-value for saddr in do_output_route4
     - netfilter: ipset: fix region locking in hash types
     - bpf: Scrub packet on bpf_redirect_peer
     - [armhf] net: dsa: b53: allow leaky reserved multicast
     - [armhf] net: dsa: b53: fix clearing PVID of a port
     - [armhf] net: dsa: b53: fix flushing old pvid VLAN on pvid change
     - [armhf] net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
     - [armhf] net: dsa: b53: always rejoin default untagged VLAN on bridge leave
     - [armhf] net: dsa: b53: fix learning on VLAN unaware bridges
     - Input: synaptics - enable InterTouch on Dynabook Portege X30-D
     - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
     - Input: synaptics - enable InterTouch on Dell Precision M3800
     - Input: synaptics - enable SMBus for HP Elitebook 850 G1
     - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
     - [x86] mm: Eliminate window where TLB flushes may be inadvertently skipped
     - drm/amd/display: Shift DMUB AUX reply command if necessary
     - iio: adc: ad7606: fix serial register access
     - iio: adis16201: Correct inclinometer channel resolution
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
     - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
     - [arm64] drm/v3d: Add job to pending list if the reset was skipped
     - drm/amd/display: Fix the checking condition in dmub aux handling
     - drm/amd/display: Remove incorrect checking in dmub aux handler
     - drm/amd/display: Fix wrong handling for AUX_DEFER case
     - drm/amd/display: Copy AUX read reply data whenever length > 0
     - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
     - usb: uhci-platform: Make the clock really optional
     - xenbus: Use kref to track req lifetime
     - module: ensure that kobject_put() is safe for module type kobjects
     - ocfs2: switch osb->disable_recovery to enum
     - ocfs2: implement handshaking with ocfs2 recovery thread
     - ocfs2: stop quota recovery before disabling quotas
     - [arm64,armhf] usb: host: tegra: Prevent host controller crash when OTG
       port is used
     - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
     - usb: typec: ucsi: displayport: Fix NULL pointer access
     - USB: usbtmc: use interruptible sleep in usbtmc_read
     - usb: usbtmc: Fix erroneous get_stb ioctl error returns
     - usb: usbtmc: Fix erroneous wait_srq ioctl return
     - usb: usbtmc: Fix erroneous generic_read ioctl return
     - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
     - types: Complement the aligned types with signed 64-bit one
     - [mips*] Fix MAX_REG_OFFSET
     - drm/panel: simple: Update timings for AUO G101EVN010
     - nvme: unblock ctrl state transition for firmware update
     - do_umount(): add missing barrier before refcount checks in sync case
     - io_uring: always arm linked timeouts prior to issue
     - io_uring: ensure deferred completions are posted for multishot
     - Revert "net: phy: microchip: force IRQ polling mode for lan88xx"
     - [arm64] insn: Add support for encoding DSB
     - [arm64] proton-pack: Expose whether the platform is mitigated by firmware
     - [arm64] proton-pack: Expose whether the branchy loop k value
     - [arm64] bpf: Add BHB mitigation to the epilogue for cBPF programs
     - [arm64] bpf: Only mitigate cBPF programs loaded by unprivileged users
     - [arm64] proton-pack: Add new CPUs 'k' values for branch mitigation
     - [x86] bpf: Call branch history clearing sequence on exit
     - [x86] bpf: Add IBHF call at end of classic BPF
     - [x86] bhi: Do not set BHI_DIS_S in 32-bit mode
     - [x86] speculation: Simplify and make CALL_NOSPEC consistent
     - [x86] speculation: Add a conditional CS prefix to CALL_NOSPEC
     - [x86] speculation: Remove the extra #ifdef around CALL_NOSPEC
     - [amd64] Mitigations Indirect Target Selection (ITS) (CVE-2024-28956)
       + Documentation: x86/bugs/its: Add ITS documentation
       + x86/its: Enumerate Indirect Target Selection (ITS) bug
       + x86/its: Add support for ITS-safe indirect thunk
       + x86/its: Add support for ITS-safe return thunk
       + x86/its: Enable Indirect Target Selection mitigation
       + x86/its: Add "vmexit" option to skip mitigation on some CPUs
       + x86/its: Align RETs in BHB clear sequence to avoid thunking
       + x86/ibt: Keep IBT disabled during alternative patching
       + x86/its: Use dynamic thunks for indirect branches
       + x86/its: Fix build errors when CONFIG_MODULES=n
       + x86/alternative: Optimize returns patching
       + x86/alternatives: Remove faulty optimization
       + x86/its: FineIBT-paranoid vs ITS
 .
   [ Uwe Kleine-König ]
   * d/b/test-patches: Handle kernel release strings without ABI number.
     This is a backport from 6.10.1-1_exp1 to enable building bookworm kernels
     on trixie and newer.
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 36

llvm-toolchain-19 (1:19.1.7-3~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
   * Change build-dep from sid's llvm-spirv-19 to bookworm's llvm-spirv-14.
   * Add python3-myst-parser build-dep.
 .
 llvm-toolchain-19 (1:19.1.7-3) unstable; urgency=medium
 .
   * conditionalize the binutils-gold build-dep
 .
 llvm-toolchain-19 (1:19.1.7-2) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * Skip some autopkgtests on non intel cpu. Closes: #1094233.
   * clang-19 recommends clang-tools-19
     https://github.com/llvm/llvm-project/issues/117333
   * Also add binutils-gold in the integration-test-suite-test testsuite
   * Add binutils-gold as build dep
   * Install hwasan_symbolize on x32 (Closes: #1100161)
     Thanks to Jing Luo for the patch
 .
   [ Matthias Klose ]
   * d/t/control.in: Add binutils-gold as explicit test dependency.
     Don't add binutils-gold as a build dependency, just build with the
     default linker.
   * Do changes from last upload in d/t/control.in, not in d/t/control.
   * d/rules: Simplify permission settings for generated debhelper files.
 .
 llvm-toolchain-19 (1:19.1.7-1) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Update libclang1 symbols file.
 .
   [ Sylvestre Ledru ]
   * New upstream release
   * Rewrite qualify-clang.sh with bats
     Might fail on some archs
   * Tests: integration-test-suite-test
     Remove explicit dep libstdc++-14
 .
 llvm-toolchain-19 (1:19.1.6-1) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * New upstream release. Should be the last of 19
     And the one in the next Debian release
   * Remove the capability to be able to disable C++ Exceptions in libc++
   * Bring back C++ exceptions on s390x for libc++ (LP: #2086782)
   * Disable -Bsymbolic-function on Ubuntu for causing:
     https://github.com/llvm/llvm-project/issues/59432#issuecomment-2500694332
 .
   [ Matthias Klose ]
   * bolt: Disable the check for /proc/self/map_files. Might not be available
     on build machines. LP: #2084316.
   * Fix compatibility with Python 3.13. Closes: #1084638.
 .
 llvm-toolchain-19 (1:19.1.5-1) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Better correct than less cryptic. Fix BD_ALT_HELLO substitutions.
 .
   [ John Paul Adrian Glaubitz ]
   * Install liborc_rt-powerpc64.a on powerpc
 .
   [ Sylvestre Ledru ]
   * New upstream release
llvm-toolchain-19 (1:19.1.7-2) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * Skip some autopkgtests on non intel cpu. Closes: #1094233.
   * clang-19 recommends clang-tools-19
     https://github.com/llvm/llvm-project/issues/117333
   * Also add binutils-gold in the integration-test-suite-test testsuite
   * Add binutils-gold as build dep
   * Install hwasan_symbolize on x32 (Closes: #1100161)
     Thanks to Jing Luo for the patch
 .
   [ Matthias Klose ]
   * d/t/control.in: Add binutils-gold as explicit test dependency.
     Don't add binutils-gold as a build dependency, just build with the
     default linker.
   * Do changes from last upload in d/t/control.in, not in d/t/control.
   * d/rules: Simplify permission settings for generated debhelper files.
llvm-toolchain-19 (1:19.1.7-1) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Update libclang1 symbols file.
 .
   [ Sylvestre Ledru ]
   * New upstream release
   * Rewrite qualify-clang.sh with bats
     Might fail on some archs
   * Tests: integration-test-suite-test
     Remove explicit dep libstdc++-14
llvm-toolchain-19 (1:19.1.6-1) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * New upstream release. Should be the last of 19
     And the one in the next Debian release
   * Remove the capability to be able to disable C++ Exceptions in libc++
   * Bring back C++ exceptions on s390x for libc++ (LP: #2086782)
   * Disable -Bsymbolic-function on Ubuntu for causing:
     https://github.com/llvm/llvm-project/issues/59432#issuecomment-2500694332
 .
   [ Matthias Klose ]
   * bolt: Disable the check for /proc/self/map_files. Might not be available
     on build machines. LP: #2084316.
   * Fix compatibility with Python 3.13. Closes: #1084638.
llvm-toolchain-19 (1:19.1.5-1) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Better correct than less cryptic. Fix BD_ALT_HELLO substitutions.
 .
   [ John Paul Adrian Glaubitz ]
   * Install liborc_rt-powerpc64.a on powerpc
 .
   [ Sylvestre Ledru ]
   * New upstream release
llvm-toolchain-19 (1:19.1.4-1) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * New upstream release
   * Decrease the risk of getting "hello" as package (instead of installing
     wasi-libc)
     (Closes: #1086702)
 .
   [ Matthias Klose ]
   * d/rules: Add a BD_ALT_HELLO macro. Set it to anything else than "yes" to avoid
     generating alternative build dependencies on hello in the control file.

luajit (2.1.0~beta3+git20220320+dfsg-4.1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-25176: Stack-buffer-overflow in lj_strfmt_wfnum() in
     lj_strfmt_num.c.
   * Fix CVE-2024-25177: Unsinking of IR_FSTORE for NULL metatable, which leads
     to Denial of Service.
   * Fix CVE-2024-25178: Out-of-bounds read in the stack-overflow handler in
     lj_state.c.

mailgraph (1.14-20+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
 .
   [ Jörg Frings-Fürst ]
   * Upgrade Parse::Syslog to version 1.11 to support RFC3339 or
     syslog-ng ISO dates (Closes: #1051496, #1089039).

mariadb (1:10.11.14-0+deb12u2) bookworm; urgency=medium
 .
   * Fix "MARIADB: unbound variable" warning which was a regression from the
     preivous version that that the illegal mix of collations fix applied with
     wrong variable name (Closes: #1112499)
mariadb (1:10.11.14-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 10.11.14. Includes fixes for several regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-14-release-notes/
   * Update configuration traces to include new upstream system variables:
     - analyze-max-length (default: 4294967295)
     - innodb-linux-aio (default: auto)
   * Suppress new native AIO warning introduced in upstream a87bb96 to avoid
     mariadb-test-run failing on something that isn't a real issue
   * New upstream release includes fix for MDEV-36815 that yielded "ERROR 1267
     (HY000): Illegal mix of collations" on some systems when restarting the
     MariaDB service in Debian (Closes: #1104533)
   * Update Lintian overrides for new files in latest upstream version
   * Salsa CI: Remove Buster, Bullseye-backports and ignore key errors
mariadb (1:10.11.13-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 10.11.13. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-13-release-notes/, which
     were discovered soon after the 10.11.12 release, which was skipped in Debian
     intentionally.
   * This release includes upstream version 10.11.12, with fixes for regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-12-release-notes/
     well as security issues (Closes: #1100437, #1105976):
     - CVE-2023-52969
     - CVE-2023-52970
     - CVE-2023-52971
     - CVE-2025-30693
     - CVE-2025-30722
   * Drop all RocksDB patches now upstream due to update to version 6.29fb
   * New upstream version has now CEST as allowed in main.timezone test
     (Closes: #1084293)
   * New upstream includes systemd service fix for restarts on crashes
     (Closes: #1073847)
   * New upstream also fixes regression in INSERT SELECT on NOT NULL columns
     while having BEFORE UPDATE trigger (Closes: #1099515)
   * Revert "Set CAP_IPC_LOCK capability if possible" because of MDEV-36229
     (Closes: #1100575)
   * Update configuration traces to have --ssl-verify-server-cert from MDEV-28908
   * Update configuration traces to include new upstream system variables:
     - innodb-buffer-pool-size-auto-min (default: 0)
     - innodb-buffer-pool-size-max (default: 0)
     - innodb-log-checkpoint-now (default: FALSE)
   * Also update configuration traces to match that in 10.11.12 the variables
     innodb-buffer-pool-chunk-size and innodb-log-spin-wait-delay are advertised
     as deprecated.
   * Fix changelog entry formatting in 1:10.11.11-0+deb12u1
   * Salsa CI: Adapt piuparts helper script to new source format in Bookworm

mediawiki (1:1.39.13-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 1.39.13, fixing CVE-2025-6590, CVE-2025-6591,
     CVE-2025-6593, CVE-2025-6594, CVE-2025-6597, CVE-2025-32072.

mkchromecast (0.3.9~git20200902+db2964a-2.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 mkchromecast (0.3.9~git20200902+db2964a-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Replace youtube-dl with yt-dlp (Closes: #1024216).

mlt (7.12.0-1+deb12u1) bookworm; urgency=medium
 .
   * Add patch 01-wrong-python-function to fix not migrated python3-mlt function
     calls.
     Closes: #1104027

modsecurity-apache (2.9.7-1+deb12u1) bookworm-security; urgency=medium
 .
   * Fix CVE-2025-47947: Added d/patches/cve-2025-47947.patch
     (Closes: #1106286)
   * Fix CVE-2025-48866: Added d/patches/cve-2025-48866.patch
     (Closes: #1107196)

mono (6.8.0.105+dfsg-3.3+deb12u1) bookworm; urgency=medium
 .
   * Drop the generation of mono-source.
     (Closes: #961942, #1106296, #1106348)

mosquitto (2.0.11-1.2+deb12u2) bookworm; urgency=medium
 .
   [ Philippe Coval ]
   * debian/gbp.conf: Build on tag
   * debian/gbp.conf: Use debian orig import as upstream
   * debian/gbp.conf: Adjust path for stable
   * Rediff patches
   * d/p/series: Add patches for CVE-2024-8376
 .
   [ Andreas Henriksson ]
   * d/p/0015-Fix-QoS-1-QoS-2-publish-incorrectly-returning-no-sub.patch
     - cherry-pick upstream commit fixing regression in CVE-2024-8376 fix
   * d/p/0016-Fix-crash-on-bridge-using-remapped-topic-being-sent-.patch
     - cherry-pick upstream fix for CVE-2024-3935
   * debian/patches/0017-Don-t-allow-SUBACK-with-missing-reason-codes.patch
     - cherry-pick upstream fix for CVE-2024-10525
 .
   [ Philippe Coval ]
   * d/patches: Further fix for CVE-2023-28366.
   * d/patches: Fixed issue in CA cert. creation
   * d/patches: t/Makefile: Generate test certs if not present in sources
   * debian/tests: Check ssl certs before running tests
   * d/patches: Remove generated ssl certs

multipath-tools (0.9.4-3+deb12u2) bookworm; urgency=medium
 .
   * [571eae5] Fix Makefile to enable ANA prioritizer.
     Apply upstream fix to correctly enable the ANA prioritizer.
     Thanks to Lasse Bang Mikkelsen (Closes: #1101332)

net-tools (2.10-0.1+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * ipmaddr.c: Stack-based buffer Overflow in parse_hex()
   * Fix interface statistic regression.
     Thanks to Christian Herzog for the report (Closes: #1106147)
   * proc.c: Stack-based Buffer Overflow in net-tools (proc_gen_fmt)
net-tools (2.10-0.1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2025-46836: interface.c: Stack-based Buffer Overflow in get_name()
     (Closes: #1105806)

nextcloud-desktop (3.7.3-1+deb12u2) bookworm; urgency=medium
 .
   * Backport patch to fix "Share options not working" (Closes: #1108184)
     - Backport upstream merge-request #5446 (2 patches).
     - Backport upstream merge-request #5489 (3 patches).

nginx (1.22.1-9+deb12u3) bookworm; urgency=medium
 .
   * d/p/CVE-2025-53859.patch add, fix potential information leak
     in ngx_mail_smtp_module (CVE-2025-53859).

node-addon-api (5.0.0-6+deb12u1) bookworm; urgency=medium
 .
   * patch: support both NAPI_VERSION below or equal to 9.
     Closes: #1112345.

node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium
 .
   * Team upload
   * Add patch to return valid values on multi-byte-wide TypedArray input
     (Closes: #1111772: node-cipher-base: CVE-2025-9287)

node-csstype (3.1.1-1+deb12u1) bookworm; urgency=medium
 .
   * patch: fix timeout type. Closes: #1078884.

node-form-data (4.0.0-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix "Insufficiently Random Values vulnerability"
     (Closes: #1109551, CVE-2025-7783)
   * Launch more tests

node-minipass (3.3.6+~cs9.4.19-1+deb12u1) bookworm; urgency=medium
 .
   * Fix tap reporter in auto test and autopkgtest.
     Closes: #1098224.

node-nodeunit (0.11.3+ds-5~deb12u1) bookworm; urgency=medium
 .
   * Patch: fix test flakyness. Closes: #1112339.

node-tar-fs (2.1.3-0+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2024-12905: symlink path traversal (Closes: #1101501)
     - CVE-2025-48387: hardlink path traversal

node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-54798: Arbitrary file write (Closes: #1110532)

nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
nodejs (18.20.1+dfsg-4) unstable; urgency=medium
 .
   * openssl 3.2 compatibility:
     test/sequential/test-tls-session-timeout fails on some archs.
nodejs (18.20.1+dfsg-3) unstable; urgency=medium
 .
   * Fix another test in openssl_32 patch
nodejs (18.20.1+dfsg-2) unstable; urgency=medium
 .
   * openssl 3.2 compatibility patch (Closes: #1067636)
     TLS server no longer closes client connection when client
     writes junk.
nodejs (18.20.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 18.20.1+dfsg
     + CVE-2024-27983: HTTP/2 server crash (High)
     + CVE-2024-27982: HTTP Request Smuggling (Medium)
   * Breaks libnode108, not 109
   * copyright: remove file
   * Drop build/test_dns_resolveany_bad_ancount.patch, applied
nodejs (18.19.1+dfsg-6) unstable; urgency=medium
 .
   * Source-only upload
nodejs (18.19.1+dfsg-5) unstable; urgency=medium
 .
   * Drop distutils dep. Closes: #1065909
   * Facilitate t64 transition by just bumping
     NODE_MODULE ABI to 109. Closes: #1066399
   * test_ci.patch: skip hanging or EAI_AGAIN failing tests
nodejs (18.19.1+dfsg-4) unstable; urgency=medium
 .
   * ABIt64: drop libnode108t64.install. Closes: #1065510.
nodejs (18.19.1+dfsg-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.  Closes: #1064251
nodejs (18.19.1+dfsg-3) unstable; urgency=medium
 .
   * mips64el: skip failing test
     Some unusual v8 options make mips64el crash
nodejs (18.19.1+dfsg-2) unstable; urgency=medium
 .
   [ Bo YU ]
   * Allow more risc64 tests to fail. Closes: #1064331
 .
   [ Jérémy Lal ]
   * Allow more mips64el tests to fail. Closes: #1064306
     Upstream still supports those architectures but they
     take more time to fix corner cases.
nodejs (18.19.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 18.19.1. Closes: 1064055.
     + CVE-2024-21892 (High)
       Code injection and privilege escalation through Linux capabilities
     + CVE-2024-22019 (High)
       Reading unprocessed HTTP request with unbounded chunk
       extension allows DoS attacks
     + CVE-2023-46809 (Medium)
       Marvin Attack vulnerability against PKCS#1 v1.5 padding
   * new architecture: loong64, thanks to Shi Pujin
   * patch:
     + let loong64 have some failing tests
     + more doc for localhost-no-addrconfig
     + allow test-debugger-heap-profiler to fail. Closes: #1059168
     + disable zlib embedding in v8, disable snapshot compression
   * override lintian source warning for zlib brotli test string
   * fix boostrapping of nodejs package:
     + update README.source
     + nodoc: disable bash completion output
     + patch: disable shared builtins when flag
       node-builtin-modules-path is used
   * include permission headers in libnode-dev
   * B-D pkg-config becomes pkgconf
nodejs (18.19.0+dfsg-6) unstable; urgency=medium
 .
   * patch: remove useless and badly done icu_74 patch

nvda2speechd (0.1-6+deb12u1) bookworm; urgency=medium
 .
   * debian/patches/upgrade: Bump rmp-serde version (Closes: Bug#1078901)

open-vm-tools (2:12.2.0-1+deb12u3) bookworm-security; urgency=medium
 .
   * [df2a118] Fixing an insecure file handling vulnerability.
     It allowed a malicious actor with non-administrative privileges
     on a guest VM to tamper the local files to trigger insecure file
     operations within that VM.
     VMSA-2025-0007
     CVE-2025-22247 (Closes: #1105159)

openjdk-17 (17.0.16+8-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for Bookworm
openjdk-17 (17.0.16~5ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.16 early access, build 5.
openjdk-17 (17.0.15+6-1) unstable; urgency=high
 .
   * OpenJDK 17.0.15 release, build 6.
     - Addresses CVE-2025-30698, CVE-2025-30691, CVE-2025-21587.
 .
   * Honour DEB_BUILD_OPTIONS=parallel=N while running jtreg tests (Helmut
     Grohne). Addresses: #1095920.

openjpeg2 (2.5.0-2+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-50952: Avoid potential undefined behaviour
     in opj_dwt_decode_tile()

openssh (1:9.2p1-2+deb12u7) bookworm; urgency=medium
 .
   * Handle OpenSSL >=3 ABI compatibility; this helps to avoid new ssh
     connections failing during upgrades to trixie (closes: #1110030).

openssl (3.0.17-1~deb12u2) bookworm; urgency=medium
 .
   * Revert the following upstream changes to avoid crashes in downstream
     software:
     - 7141330fb98ce ("Drop "by store"'s by_store_subject_ex()")
     - 340383f5f49f8 ("Rework the "by store" X509_LOOKUP method to open the given URI early")
     - a468bdb02531e ("Add test_verify tests")
     Closes: #1110254
openssl (3.0.17-1~deb12u1) bookworm; urgency=medium
 .
   * Import 3.0.17

perl (5.36.0-7+deb12u3) bookworm; urgency=medium
 .
   * [SECURITY] CVE-2023-31484: CPAN.pm now verifies TLS certificates.
                                (Closes: #1035109)
   * [SECURITY] CVE-2025-40909: Clone dirhandles without fchdir
                                (Closes: #1098226)

pgpool2 (4.3.5-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2024-45624: incompatible policies may allow an unauthorized user to
     retrieve table data from query cache (Closes: #1081659)
   * CVE-2025-46801: authentication bypass by primary weakness vulnerability
     (Closes: #1106119)

php8.2 (8.2.29-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.29
    - [CVE-2025-1735]: pgsql extension does not check for errors during
      escaping.
    - [CVE-2025-6491]: NULL Pointer Dereference in PHP SOAP Extension
      via Large XML Namespace Prefix.
    - [CVE-2025-6491]: Null byte termination in hostnames.

postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.14.
 .
     + Tighten security checks in planner estimation functions (Dean Rasheed)
 .
       The fix for CVE-2017-7484, plus followup fixes, intended to prevent
       leaky functions from being applied to statistics data for columns that
       the calling user does not have permission to read.  Two gaps in that
       protection have been found.  One gap applies to partitioning and
       inheritance hierarchies where RLS policies on the tables should restrict
       access to statistics data, but did not.
 .
       The other gap applies to cases where the query accesses a table via a
       view, and the view owner has permissions to read the underlying table
       but the calling user does not have permissions on the view. The view
       owner's permissions satisfied the security checks, and the leaky
       function would get applied to the underlying table's statistics before
       we check the calling user's permissions on the view.  This has been
       fixed by making security checks on views occur at the start of planning.
       That might cause permissions failures to occur earlier than before.
 .
       The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
       (CVE-2025-8713)
 .
     + Prevent pg_dump scripts from being used to attack the user running the
       restore (Nathan Bossart)
 .
       Since dump/restore operations typically involve running SQL commands as
       superuser, the target database installation must trust the source
       server.  However, it does not follow that the operating system user who
       executes psql to perform the restore should have to trust the source
       server.  The risk here is that an attacker who has gained
       superuser-level control over the source server might be able to cause it
       to emit text that would be interpreted as psql meta-commands. That would
       provide shell-level access to the restoring user's own account,
       independently of access to the target database.
 .
       To provide a positive guarantee that this can't happen, extend psql with
       a \restrict command that prevents execution of further meta-commands,
       and teach pg_dump to issue that before any data coming from the source
       server.
 .
       The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
       RyotaK for reporting this problem. (CVE-2025-8714)
 .
     + Convert newlines to spaces in names included in comments in pg_dump
       output (Noah Misch)
 .
       Object names containing newlines offered the ability to inject arbitrary
       SQL commands into the output script.  (Without the preceding fix,
       injection of psql meta-commands would also be possible this way.)
       CVE-2012-0868 fixed this class of problem at the time, but later work
       reintroduced several cases.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2025-8715)

postgresql-common (248+deb12u1) bookworm; urgency=medium
 .
   * PgCommon.pm: Set defined path in prepare_exec. Fixes compatibility with
     trixie's perl version, and also a mild security issue. Thanks Niko Tyni!
     (Closes: #1107154)

prody (2.3.1+dfsg-3+deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * Add tolerance to some tests which now fail on i386.
prody (2.3.1+dfsg-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Skip test with equals on a vector. Closes: #1028722.

python-flask-cors (3.0.10-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2024-1681.patch: Add to fix CVE-2024-1681 (closes: #1069764).
     - An attacker can inject fake log entries into the log file by sending a
       specially crafted GET request containing a CRLF sequence in the request
       path, allowing them to corrupt log files, potentially covering tracks of
       other attacks, confusing log post-processing tools, and forging log
       entries.
   * d/patches/CVE-2024-6866.patch: Add to fix CVE-2024-6866 (closes: #1100988).
     - The request path matching is case-insensitive. This results in a mismatch
       because paths in URLs are case-sensitive, but the regex matching treats
       them as case-insensitive. This misconfiguration can lead to significant
       security vulnerabilities, allowing unauthorized origins to access paths
       meant to be restricted, resulting in data exposure and potential leaks.
   * d/patches/CVE-2024-6839-1.patch, d/patches/CVE-2024-6839-2.patch: Add to
     fix CVE-2024-6839 (closes: #1100988).
     - There is an improper regex path matching vulnerability. The plugin
       prioritizes longer regex patterns over more specific ones when matching
       paths, which can lead to less restrictive CORS policies being applied to
       sensitive endpoints. This mismatch in regex pattern priority allows
       unauthorized cross-origin access to sensitive data or functionality,
       potentially exposing confidential information and increasing the risk of
       unauthorized actions by malicious actors.
    d/patches/CVE-2024-6844.patch: Add to fix CVE-2024-6844 (closes: #1100988).
    - The request.path is passed through the unquote_plus function, which
      converts the '+' character to a space ' '. This behavior leads to
      incorrect path normalization, causing potential mismatches in CORS
      configuration. As a result, endpoints may not be matched correctly to
      their CORS settings, leading to unexpected CORS policy application. This
      can cause unauthorized cross-origin access or block valid requests,
      creating security vulnerabilities and usability issues.

python-mitogen (0.3.3-9+deb12u1) bookworm; urgency=medium
 .
   * Patch: Support targets with Python >= 3.12. (Closes: #1111363)
   * Patch test module paths in testlib.py in the ansible-tests autopkgtest.

python-tornado (6.2.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2025-47287.patch: Add patch to fix CVE-2025-47287.
     - When Tornado's 'multipart/form-data' parser encounters certain errors,
       it logs a warning but continues trying to parse the remainder of the
       data. This allows remote attackers to generate an extremely high volume
       of logs, constituting a DoS attack. This DoS is compounded by the fact
       that the logging subsystem is synchronous (closes: #1105886).

python-zipp (1.0.0-6+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-5569

qemu (1:7.2+dfsg-7+deb12u16) bookworm; urgency=medium
 .
   * v7.2.19:
    - Update version for 7.2.19 release
    - ui/vnc: Do not copy z_stream
    - amd_iommu: Fix truncation of oldval in amdvi_writeq
    - amd_iommu: Remove duplicated definitions
    - amd_iommu: Fix the calculation for Device Table size
    - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE
    - amd_iommu: Fix masks for various IOMMU MMIO Registers
    - amd_iommu: Update bitmasks representing DTE reserved fields
    - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command
    - amd_iommu: Fix Miscellaneous Information Register 0 encoding
    - migration: Don't sync volatile memory after migration completes
    - linux-user: Hold the fd-trans lock across fork
      https://gitlab.com/qemu-project/qemu/-/issues/2846
      https://github.com/astral-sh/uv/issues/6105
    - target/arm: Fix f16_dotadd vs nan selection
    - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands
    - target/arm: Fix 128-bit element ZIP, UZP, TRN
    - target/arm: Fix sve_access_check for SME
    - target/arm: Fix SME vs AdvSIMD exception priority
    - target/arm: Correct KVM & HVF dtb_compatible value
    - tcg: Fix constant propagation in tcg_reg_alloc_dup
      https://gitlab.com/qemu-project/qemu/-/issues/3002
    - linux-user/arm: Fix return value of SYS_cacheflush
    - qemu-options.hx: Fix reversed description of icount sleep behavior
    - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property
    - hw/loongarch/virt: Fix big endian support with MCFG table
    - hw/core/qdev-properties-system: Add missing return in set_drive_helper()
    - audio: fix SIGSEGV in AUD_get_buffer_size_out()
    - vhost: Don't set vring call if guest notifier is unused
    - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang
qemu (1:7.2+dfsg-7+deb12u15) bookworm-security; urgency=medium
 .
   * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc
     registration.  qemu-user binaries were never meant to be used in
     suid/sgid scenarios, but was used in debian since late 2009.  Any
     foreign suid/sgid binary accessible to the users, in presence of
     qemu-user binfmt, is trivially exploitable to gain elevated privileges.
     This change might break existing setups since for many years people
     relied on qemu-user binfmt working with suid binaries, but this is
     a situation where it is definitely better be safe than sorry.
qemu (1:7.2+dfsg-7+deb12u14) bookworm; urgency=medium
 .
   * v7.2.18:
    -  Update version for 7.2.18 release
    -  qapi/misc-target: Fix the doc to distinguish
       query-sgx and query-sgx-capabilities
    -  common-user/host/riscv: use tail pseudoinstruction for calling tail
    -  virtio: Call set_features during reset
    -  9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd()
    -  9pfs: fix concurrent v9fs_reclaim_fd() calls
    -  hw/i2c/imx: Always set interrupt status bit if interrupt condition occurs
    -  hw/gpio/imx_gpio: Fix interpretation of GDIR polarity
    -  target/arm: Don't assert() for ISB/SB inside IT block
    -  target/avr: Improve decode of LDS, STS
    -  target/i386/hvf: fix lflags_to_rflags
    -  plugins/loader: fix deadlock when resetting/uninstalling a plugin
    -  smbios: Fix buffer overrun when using path= option
    -  virtio-net: Fix num_buffers for version 1
    -  migration: fix SEEK_CUR offset calculation in qio_channel_block_seek
    -  target/mips: Simplify and fix update_pagemask
    -  target/mips: Require even maskbits in update_pagemask
    -  target/mips: Revert TARGET_PAGE_BITS_VARY
    -  target/avr: Fix buffer read in avr_print_insn
    -  hw/pci-host/designware: Fix ATU_UPPER_TARGET register access
    -  hw/rtc/goldfish: keep time offset when resetting
    -  Makefile: "make dist" generates a .xz, not .bz2

raptor2 (2.0.15-4+deb12u1) bookworm; urgency=medium
 .
   * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
     (Closes: #1067896)
   * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
     (Closes: #1067896)
   * Tests for Github issue 70

rar (2:7.01-1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
     - CVE-2024-33899: ANSI Escape Injection
 .
 rar (2:7.01-1) unstable; urgency=medium
 .
   * New upstream version
 .
 rar (2:7.00-1) unstable; urgency=medium
 .
   * New upstream version
   * d/watch: Insert missing dot in upstream version
rar (2:7.00-1) unstable; urgency=medium
 .
   * New upstream version
   * d/watch: Insert missing dot in upstream version
rar (2:6.23-1) unstable; urgency=medium
 .
   * New upstream version (Closes: #1049870)
   * Add myself to Uploaders (Closes: #1049871)

redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high
 .
   * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
     caused by the use of memcpy with strlen(filepath) when copying a
     user-supplied file path into a fixed-size stack buffer. This allowed an
     attacker to overflow the stack and potentially achieve arbitrary code
     execution. (Closes: #1106822)
   * CVE-2025-32023: An authenticated user may have used a specially-crafted
     string to trigger a stack/heap out-of-bounds write during hyperloglog
     operations, potentially leading to remote code execution. Installations
     that used Redis' ACL system to restrict hyperloglog "HLL" commands are
     unaffected by this issue. (Closes: #1108975)
   * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
     protocol errors, leading to client starvation and ultimately become a
     Denial of Service (DoS) attack. (Closes: #1108981)

ring (20230206.0~ds2-1.1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-27585: Embedded copy of PJSIP library has a buffer overflow in
     the DNS implementation.

roundcube (1.6.5+dfsg-1+deb12u5) bookworm-security; urgency=high
 .
   * Fix CVE-2025-49113: Post-Auth RCE via PHP Object Deserialization.
     (Closes: #1107073)
   * Regression fix: CVE-2024-42009.patch from 1.6.5+dfsg-1+deb12u3 and
     1.6.5+dfsg-1+deb12u4 caused some HTML messages to be displayed unstyled.

rubygems (3.3.15-2+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2025-27221.
     The URI handling methods (URI.join, URI#merge, URI#+) have an
     inadvertent leakage of authentication credentials because userinfo is
     retained even after changing the host.
      - d/p/CVE-2025-27221_*.patch
   * Fix CVE-2023-28755.
     A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby
     through 3.2.1. The URI parser mishandles invalid URLs that have specific
     characters. It causes an increase in execution time for parsing strings
     to URI objects.
      - d/p/CVE-2023-28755.patch

rustc-web (1.85.0+dfsg3-1~deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Remove hardcoded x86_64 string in debian/not-installed to fix non-amd64
     builds.
rustc-web (1.85.0+dfsg3-1~deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix rustfmt-web to properly depend on libstd-rust-web-*.
rustc-web (1.85.0+dfsg3-1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport to bookworm, as required by newer firefox & chromium.
   * Rename rustc & friends to rustc-web or similar.
   * Generate & include bootstrap compilers via orig-stage0.tar.xz.
   * Disable wasm, -all, and -llvm packages.
   * Vendor libgit2 dependency, switching from llhttp/builtin to the
     (debian package) http-parser.
   * Increase allowed test failures up to 15 to work around random fails.
   * Add 'Provides: cargo' for cargo-web (closes: #1084926).
 .
 rustc (1.85.0+dfsg3-1) unstable; urgency=medium
 .
   * backport fix for gix-features CVE-2025-31130
   * rust-lldb: fix lldb version (Closes: #1100950)
   * cherry-pick fix for crossbeam-channel RUSTSEC-2025-0024
 .
 rustc (1.85.0+dfsg2-3) unstable; urgency=medium
 .
   * baseline: enable SSE2 for i386 build (Closes: #1095862)
 .
 rustc (1.85.0+dfsg2-2) unstable; urgency=medium
 .
   * Upload to unstable
 .
 rustc (1.85.0+dfsg2-1) experimental; urgency=medium
 .
   * d/control: bump libgit2-dev version
   * vendor git2, git2-curl and libgit2-sys bindings for libgit2 1.9
   * cargo: bump git2* dependencies
 .
 rustc (1.85.0+dfsg1-1) unstable; urgency=medium
 .
   * New (stable) upstream release.
 .
 rustc (1.85.0~beta.9+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release 1.85.0~beta999
   * build docs with -j1 to make them reproducible
   * build: make windows libstd build opt-in
 .
 rustc (1.84.0+dfsg1-2) unstable; urgency=medium
 .
   * revert upstream commit breaking cross builds
   * rust-llvm: ship symlink to llvm-objcopy instead of copy of binary
 .
 rustc (1.84.0+dfsg1-1) unstable; urgency=medium
 .
   * rust-analyzer: fix build on mips64el
   * fix hurd build (Closes: #1093125)
   * d/control: add Conflicts with rustup (Closes: #1093031)
 .
 rustc (1.84.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release.
   * Stop building wasm32-wasi target
   * Build rust-analyzer (Closes: #1052319)
   * rust-llvm: ship rust-objcopy helper
   * rust-all: add rust-llvm and rust-analyzer packages
 .
 rustc (1.83.0+dfsg1-1) unstable; urgency=medium
 .
   * upload to unstable
   * fix/ignore some test failures
 .
 rustc (1.83.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release
   * config: disable downloading LLVM from CI
   * blake3: adapt build.rs to skip bundled C code
   * remove libstd shared library
 .
 rustc (1.82.0+dfsg1-2) unstable; urgency=medium
 .
   * build: re-enable clang-rt on armel/armhf
   * build: drop workaround for riscv64/loong64
 .
 rustc (1.82.0+dfsg1-1) unstable; urgency=medium
 .
   * rust-src: ship original Cargo.lock file to fix rust-analyzer for libstd,
     and allow `-Z build-std`
   * build: disable profiler support on armel/armhf
   * build: extend riscv64 workaround to loong64
   * cargo wrapper: fix LTO position in argument lists (Closes: #1086025)
 .
 rustc (1.82.0+dfsg1-1~exp3) experimental; urgency=medium
 .
   * conditonalize riscv64 workaround
   * fix or disable more broken tests
 .
 rustc (1.82.0+dfsg1-1~exp2) experimental; urgency=medium
 .
   * fix some test breakage
   * riscv64: unbreak compiler_builtin build
 .
 rustc (1.82.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release
   * New wasi-libc version 0.0~git20240708.3f43ea9
   * switch to LLVM 19
   * set LLVM profiler RT path via config
   * update bootstrap git commit info patch
   * re-instate bootstrap test config patch
   * make rust-src cleanup more robust
 .
 rustc (1.81.0+dfsg1-2) unstable; urgency=medium
 .
   * use system libz-sys even when cross-building (Closes: #1084754)
   * drop no longer needed loongarch64 patch
   * add temporary Breaks to force migration of libgit2
 .
 rustc (1.81.0+dfsg1-1) unstable; urgency=medium
 .
   * Upload to unstable
 .
 rustc (1.81.0+dfsg1-1~exp2) experimental; urgency=medium
 .
   * source: duplicate lintian overrides to make ftp-masters happy
   * cargo wrapper: fix LTO handling (Closes: #1079071)
 .
 rustc (1.81.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   [ Fabian Grünbichler ]
   * New upstream release
   * switch to LLVM 18
   * bump libgit2 to 1.8.1
   * build and install wasm-component-ld for wasm-wasip2
   * make rust-llvm arch:any
 .
   [ Samuel Thibault ]
   * add hurd-amd64 support
 .
 rustc (1.80.1+dfsg1-1) unstable; urgency=medium
 .
   * upload to unstable
 .
 rustc (1.80.1+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream point release
 .
 rustc (1.80.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release
   * Build wasi-p2 target
   * Use packaged libonig
   * Update lintian overrides
   * d/control: drop Build-Conflicts on gdb-minimal
 .
 rustc (1.79.0+dfsg1-2) unstable; urgency=medium
 .
   [ Fabian Grünbichler ]
   * build: remove more cache files (Closes: #1074373)
   * d/control: update Standards-Version to 4.7.0
 .
   [ Samuel Thibault ]
   * Avoid hurd-stuck test
 .
 rustc (1.79.0+dfsg1-1) unstable; urgency=medium
 .
   * cargo wrapper: switch to config.toml
   * cargo wrapper: ensure debug symbols are not stripped
   * add missing rustfmt dependency (Closes: #1074290)
 .
 rustc (1.79.0+dfsg1-1~exp1) experimental; urgency=medium
 .
   * New upstream release
   * New wasi-libc version (SDK 22)
   * config: adapt to new change tracking mechanism

samba (2:4.17.12+dfsg-0+deb12u2) bookworm; urgency=medium
 .
   [ Salvatore Bonaccorso ]
   * several patches from upstream:
    - s3-libsmb-dsgetdcname-use-NETLOGON_NT_VERSION_AVOID_.patch:
      s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
    - s3-libsmb-allow-store_cldap_reply-to-work-with-a-ipv.patch:
      s3:libsmb: allow store_cldap_reply() to work with a ipv6 response
    - s3-libsmb-let-discover_dc_netbios-return-DOMAIN_CONT.patch:
      s3:libsmb: let discover_dc_netbios() return DOMAIN_CONTROLLER_NOT_FOUND
    - s3-winbindd-use-better-debug-messages-than-talloc_st.patch:
      s3:winbindd: use better debug messages than 'talloc_strdup failed'
    - s3-winbindd-avoid-using-any-netlogon-call-to-get-a-d.patch:
      s3:winbindd: avoid using any netlogon call to get a dc name
      s3-winbindd-Fix-internal-winbind-dsgetdcname-calls-w.patch:
      s3-winbindd: Fix internal winbind dsgetdcname calls w.r.t. domain name
      (Closes: #1108904)
 .
   [ Michael Tokarev ]
   * d/control: fix versioned dependency on samba for samba-ad-dc
     samba-ad-dc is arch-all package.  We need samba >= ${source:Version}~
     (note the tilde at the end), not ${binary:Version} (without tilde)

setuptools (66.1.1-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * Fix CVE-2025-47273:
     - Path traversal in PackageIndex.download leads to Arbitrary File Write

shaarli (0.12.1+dfsg-8+deb12u1) bookworm; urgency=medium
 .
   * Add patch to fix CVE-2025-55291 (Closes: #1111589)

simplesamlphp (1.19.7-1+deb12u2) bookworm; urgency=medium
 .
   * Team upload for stable proposed updates.
   * Fix CVE-2025-27773 (Closes: #1100595)

slurm-wlm (22.05.8-4+deb12u3) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Add patch to fix CVE-2025-43904 (Closes: #1104929).

sope (5.8.0-1+deb12u1) bookworm-security; urgency=medium
 .
   * [CVE-2025-53603] Add proposed patch to fix DoS-enabling segfault.
   * Switch debian-branch to bookworm

sqlite3 (3.40.1-2+deb12u2) bookworm; urgency=medium
 .
   [ Shani Yosef <shani.yosef@echohq.com> ]
   * Backport upstream security fix for CVE-2025-6965: the number of aggregate
     terms could exceed the number of columns available (closes: #1109379).
 .
   [ Laszlo Boszormenyi (GCS) ]
   * Fix a bug in the NOT NULL/IS NULL optimization that can cause invalid
     data.

squid (5.7-2+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2023-5824 / CVE-2025-54574, based on backports done by Marc
     Deslauriers for Ubuntu (Closes: #1055249)

sudo (1.9.13p3-1+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Local Privilege Escalation via host option (CVE-2025-32462)

systemd (252.39-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.39
systemd (252.38-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 252.38 (fixes CVE-2025-4598)
   * Refresh patch to remove fuzz from 252.38

tcpdf (6.6.2+dfsg1-1+deb12u1) bookworm-security; urgency=medium
 .
   * Exclude quilt managed directory .pc/ from phpab in debian/rules
   * Explicitly specify RELEASE: bookworm in d/gitlab-ci.yml
   * Fix CVE-2024-22640: ReDoS (Regular Expression Denial of Service) if
     parsing an untrusted HTML page with a crafted color
   * Fix CVE-2024-22641: ReDoS (Regular Expression Denial of Service) if
     parsing an untrusted SVG file
   * Fix CVE-2024-32489: tcpdf mishandles calls that use HTML syntax
   * Fix CVE-2024-51058: Local File Inclusion (LFI) vulnerability through <img>
     src tag
   * Fix CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family
     attribute
   * Fix CVE-2024-56520: tcpdf, through its use of tc-lib-pdf-font, mishandles
     fonts like FontBBox for Type 1 and incorrectly parses TrueType fonts
   * Fix CVE-2024-56522: unserializeTCPDFtag doesn't make use of constant-time
     function to compare TCPDF tag hashes
   * Fix CVE-2024-56527: the Error function lacks an htmlspecialchars call for
     the error message
   * Update git branch in the VCS-Git d/control field

thunderbird (1:128.14.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.13.0esr-1) unstable; urgency=medium
 .
   * [a05512b] New upstream version 128.13.0esr
     Fixed CVE issues in upstream version 128.13 (MFSA 2025-62):
     CVE-2025-8027: JavaScript engine only wrote partial return value to stack
     CVE-2025-8028: Large branch table could lead to truncated instruction
     CVE-2025-8029: javascript: URLs executed on object and embed tags
     CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL"
                    command
     CVE-2025-8031: Incorrect URL stripping in CSP reports
     CVE-2025-8032: XSLT documents could bypass CSP
     CVE-2025-8033: Incorrect JavaScript state machine for generators
     CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
                    128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
                    Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
     CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
                    ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1,
                    Firefox 141 and Thunderbird 141
thunderbird (1:128.13.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.12.0esr-1) unstable; urgency=medium
 .
   * [c48cfec] New upstream version 128.12.0esr
     Fixed CVE issues in upstream version 128.12 (MFSA 2025-55):
     CVE-2025-6424: Use-after-free in FontFaceSet
     CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent
                    UUID
     CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of
                    youtube.com
     CVE-2025-6430: Content-Disposition header ignored when a file is included
                    in an embed or object tag
     Fixed CVE issues in upstream version 128.11.1 (MFSA 2025-49):
     CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and
                    Credential Leakage via mailbox:/// Links
thunderbird (1:128.12.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.11.0esr-1) unstable; urgency=medium
 .
   * [03941e7] New upstream version 128.11.0esr
     Fixed CVE issues in upstream version 128.11 (MFSA 2025-46):
     CVE-2025-5283: Use after free in libvpx in Google Chrome prior to
                    137.0.7151.55 allowed a remote attacker to potentially
                    exploit heap corruption via a crafted HTML page.
     CVE-2025-5263: Error handling for script execution was incorrectly
                    isolated from web content
     CVE-2025-5264: Potential local code execution in “Copy as cURL” command
     CVE-2025-5266: Script element events leaked cross-origin resource status
     CVE-2025-5267: Clickjacking vulnerability could have led to leaking
                    saved payment card details
     CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139,
                    Firefox ESR 128.11, and Thunderbird 128.11
     CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and
                    Thunderbird 128.11
     Fixed CVE issues in upstream version 128.10.2 (MFSA 2025-46):
     CVE-2025-4918: Out-of-bounds access when resolving Promise objects
     CVE-2025-4919: Out-of-bounds access when optimizing linear sums
thunderbird (1:128.11.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.10.1esr-1) unstable; urgency=medium
 .
   * [b31c095] New upstream version 128.10.1esr
     Fixed CVE issues in upstream version 128.10.1 (MFSA 2025-34):
     CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird
     CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and
                    Credential Leakage via mailbox:/// Links
     CVE-2025-3909: JavaScript Execution via Spoofed PDF Attachment and
                    file:/// Link
     CVE-2025-3932: Tracking Links in Attachments Bypassed Remote Content
                    Blocking
thunderbird (1:128.10.1esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.10.0esr-1) unstable; urgency=medium
 .
   * [2d646cb] New upstream version 128.10.0esr
     Fixed CVE issues in upstream version 128.10 (MFSA 2025-32):
     CVE-2025-2817: Privilege escalation in Thunderbird Updater
     CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for
                    macOS
     CVE-2025-4083: Process isolation bypass using "javascript:" URI links in
                    cross-origin frames
     CVE-2025-4084: Potential local code execution in "copy as cURL" command
     CVE-2025-4087: Unsafe attribute access during XPath parsing
     CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138,
                    Firefox ESR 128.10, and Thunderbird 128.10
     CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and
                    Thunderbird 128.10

trafficserver (9.2.5+ds-0+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2024-53868 (Closes: #1101996)
   * CVE-2025-31698, CVE-2025-49763 (Closes: #1108044)

tzdata (2025b-0+deb12u2) bookworm; urgency=medium
 .
   * Backport leap second update from upstream

udisks2 (2.9.4-4+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067)
udisks2 (2.9.4-4+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * udiskslinuxfilesystemhelpers: Mount private mounts with 'nodev,nosuid'

unbound (1.17.1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2024-8508: Denial of service vulnerability when processing
     malicious upstreams responses with very large RRsets. (Closes: #1083282)
   * Fix CVE-2024-33655: The DNSBomb attack, via specially timed DNS queries
     and answers, can cause a Denial of Service on resolvers and spoofed
     targets.  Unbound itself is not vulnerable for DoS, but it can be used to
     take part in a pulsing DoS amplification attack.
   * Fix CVE-2025-5994: Resolvers supporting ECS need to segregate outgoing
     queries to accommodate for different outgoing ECS information.  This
     re-opens up resolvers to a birthday paradox attack (Rebirthday Attack)
     that tries to match the DNS transaction ID in order to cache non-ECS
     poisonous replies. (Closes: #1109427)
   * Fix CVE-2024-43167: NULL pointer dereference flaw was found in the
     ub_ctx_set_fwd(). (Closes: #1078647)
   * Fix CVE-2024-43168: Heap-buffer overflow in the cfg_mark_ports().
   * Add upstream patch to update IP addresses for b.root-servers.net in root
     hints.

usb.ids (2025.07.26-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version.
usb.ids (2025.04.01-1) unstable; urgency=medium
 .
   * New upstream version.
   * Bump Standards-Version to 4.7.2 (no changes).
   * Remove Breaks/Replace against package versions from Stretch.
   * Rewrite debian/copyright in Machine-readable format.
usb.ids (2025.01.14-1) unstable; urgency=medium
 .
   * New upstream version.
usb.ids (2024.12.04-1) unstable; urgency=medium
 .
   * New upstream version.
usb.ids (2024.07.04-1) unstable; urgency=medium
 .
   * New upstream version.
   * Bump Standards-Version to 4.7.0 (no changes).

varnish (7.1.1-2+deb12u1) bookworm-security; urgency=medium
 .
   * Fix the VSV00016 request smuggling vulnerability.
varnish (7.1.1-1.2) unstable; urgency=medium
 .
   [ Marco d'Itri ]
   * Non-maintainer upload.
   * Import the precedent non-maintainer upload.
 .
   [ Helmut Grohne ]
   * Install the systemd units using dh_installsystemd only.
     (Closes: #1054484)

waitress (2.1.2-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-49768: race condition in HTTP pipelining
     (Closes: #1086467)
   * CVE-2024-49769: DoS due to resource exhaustion
     (Closes: #1086468)

webkit2gtk (2.48.5-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
webkit2gtk (2.48.3-1) unstable; urgency=high
 .
   * New upstream release (Closes: #1106164).
   * debian/patches/disable-nvidia-dmabuf.patch:
     - Check that GL_VENDOR is set (Closes: #1106454).
webkit2gtk (2.48.3-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
webkit2gtk (2.48.2-1) unstable; urgency=high
 .
   * New upstream release.
   * The WebKitGTK security advisory WSA-2025-0004 lists the following
     security fixes in the latest versions of WebKitGTK:
     - CVE-2023-42875, CVE-2023-42970 (fixed in 2.42.0).
     - CVE-2025-24223, CVE-2025-31204, CVE-2025-31205, CVE-2025-31206,
       CVE-2025-31215, CVE-2025-31257 (fixed in 2.48.2).
   * Drop fix-typo-denormaldisabler.patch.
   * debian/rules:
     - Stop building with HAVE_DENORMAL=0 on armel, WebKit bug #290994 has
       been fixed in this release.
   * debian/copyright:
     - Update copyright information of all files.
webkit2gtk (2.48.1-3) unstable; urgency=high
 .
   * debian/rules:
     - Build with -mbranch-protection=pac-ret on arm64 (Closes: #1104703).
webkit2gtk (2.48.1-2) unstable; urgency=high
 .
   * debian/rules:
     - Build with HAVE_DENORMAL=0 on armel (WebKit bug #290994).

webpy (1:0.62-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-3818: PostgreSQL SQL Injection (Closes: #1103780)

wireless-regdb (2025.07.10-1~deb12u1) bookworm; urgency=medium
 .
   * Backport to bookworm:
     - d/salsa-ci.yml: Suppress false bad-distribution-in-changes-file error
 .
 wireless-regdb (2025.07.10-1) unstable; urgency=medium
 .
   * New upstream version:
     - Update regulatory info for Indonesia (ID) for 2025
     - Permit 320 MHz bandwidth in 6 GHz band for GB
     - Update regulatory info for Egypt (EG) for 2024
     - Update regulatory rules for Brazil (BR) on 6GHz
     - Update regulatory info for Vietnam (VN) for 2025
     - Update regulatory info for Estonia (EE) for 2024
     - update regulatory rules for Paraguay (PY) on 6 GHz for 2025
     - Update regulatory info for CEPT countries for 6GHz listed by WiFi
       Alliance
     - update regulatory rules for Bosnia and Herzegovina (BA) for 6 GHz
   * d/upstream/signing-key.asc: Update for later expiry date and new uids
wireless-regdb (2025.02.20-1) unstable; urgency=medium
 .
   * New upstream version:
     - assert and correct maximum bandwidth within frequency difference
     - Update regulatory info for Syria (SY) for 2020
     - Update regulatory info for Moldova (MD) on 6GHz for 2022
     - Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
     - Update regulatory info for Oman (OM)
     - Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
     - Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
     - Update regulatory rules for Austria (AT)
     - Update regulatory info for Cayman Islands (KY) for 2024
     - allow NO-INDOOR flag in db.txt
     - Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
     - Update frequency range with NO-INDOOR for Oman (OM)
     - update regulatory database based on preceding changes

wolfssl (5.5.4-2+deb12u2) bookworm; urgency=medium
 .
   * Stable update to address the following vulnerabilities:
     - Fix CVE-2025-7394. (Closes: #1109549)

wpa (2:2.10-12+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code()
     and wpas_dpp_pkex_clear_code(), and clear code reusage in
     ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c
   * Fix CVE-2022-37660: the PKEX code remains active even after
     a successful PKEX association. An attacker that successfully
     bootstrapped public keys with another entity using PKEX in
     the past, will be able to subvert a future bootstrapping by
     passively observing public keys, re-using the encrypting
     element Qi and subtracting it from the captured message
     M (X = M - Qi). This will result in the public ephemeral
     key X; the only element required to subvert the PKEX association

xfce4-weather-plugin (0.11.3-1~deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Rebuild for bookworm s-p-u
xfce4-weather-plugin (0.11.3-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
 .
 xfce4-weather-plugin (0.11.3-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 0.11.3.
     - Use subdomain for api.met.no (Closes: #1100545)
   * d/control: Bump Standards-Version to 4.7.0.
 .
 xfce4-weather-plugin (0.11.2-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 0.11.2.
     - Migration to Sunrise API 3.0 (Closes: #1041048)
   * d/control: Add libjson-c-dev to Build-Depends.
 .
 xfce4-weather-plugin (0.11.1-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Akbarkhon Variskhanov ]
   * d/rules: Drop autoreconf override
   * d/control: Bump Standards-Version to 4.6.1
   * d/control: Bump dh-compat to 13
   * Fix links in upstream metadata
   * d/rules: Drop --as-needed from LDFLAGS
   * d/rules: Use execute_after_dh_auto_install
 .
   [ Unit 193 ]
   * New upstream version 0.11.1.
   * d/rules: Opt-out of trimmed changelogs, install NEWS as changelog.
   * Update Standards-Version to 4.6.2.
xfce4-weather-plugin (0.11.2-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 0.11.2.
     - Migration to Sunrise API 3.0 (Closes: #1041048)
   * d/control: Add libjson-c-dev to Build-Depends.
xfce4-weather-plugin (0.11.1-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Akbarkhon Variskhanov ]
   * d/rules: Drop autoreconf override
   * d/control: Bump Standards-Version to 4.6.1
   * d/control: Bump dh-compat to 13
   * Fix links in upstream metadata
   * d/rules: Drop --as-needed from LDFLAGS
   * d/rules: Use execute_after_dh_auto_install
 .
   [ Unit 193 ]
   * New upstream version 0.11.1.
   * d/rules: Opt-out of trimmed changelogs, install NEWS as changelog.
   * Update Standards-Version to 4.6.2.

xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * render: Avoid 0 or less animated cursors (CVE-2025-49175)
   * os: Do not overflow the integer size with BigRequest (CVE-2025-49176)
   * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177)
   * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178)
   * record: Check for overflow in RecordSanityCheckRegisterClients()
     (CVE-2025-49179)
   * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180)
   * xfree86: Check for RandR provider functions (CVE-2025-49180)
   * os: Check for integer overflow on BigRequest length (CVE-2025-49176)

xrdp (0.9.21.1-1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload
   * Fix CVE-2023-40184: Improper handling of session establishment
     errors allows bypassing OS-level session restrictions. The
     `auth_start_session` function can return non-zero. PAM error
     which may result in session restrictions such as max concurrent
     sessions per user by PAM (ex ./etc/security/limits.conf) to be
     bypassed (Closes: #1051061)
   * Fix CVE-2023-42822: Access to the font glyphs in xrdp_painter.c
     is not bounds-checked. (Closes: #1053284)
   * Fix CVE-2024-39917:  vulnerability that allows attackers to make
     an infinite number of login attempts. (Closes: #1076769)

yelp (42.2-1+deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2025-3155.
     The Gnome user help application allows the help document to execute
     arbitrary scripts. This vulnerability allows malicious users to input
     help documents, which may exfiltrate user files to an external
     environment.
     - d/p/CVE-2025-3155.patch

yelp-xsl (42.1-2+deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2025-3155.
     The Gnome user help application allows the help document to execute
     arbitrary scripts. This vulnerability allows malicious users to input
     help documents, which may exfiltrate user files to an external
     environment.
     - d/p/CVE-2025-3155.patch
========================================
Sat, 17 May 2025 - Debian 12.11 released
========================================
=========================================================================
[Date: Sat, 17 May 2025 08:33:59 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
btrfs-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
btrfs-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
cdrom-core-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
cdrom-core-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
cdrom-core-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
crc-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
crc-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
crc-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
crypto-dm-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
crypto-dm-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
crypto-dm-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
crypto-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
crypto-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
crypto-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
dasd-extra-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
dasd-extra-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
dasd-extra-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
dasd-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
dasd-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
dasd-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
ext4-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
ext4-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
ext4-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
f2fs-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
f2fs-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
f2fs-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
fat-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
fat-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
fat-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
fuse-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
fuse-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
fuse-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
isofs-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
isofs-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
isofs-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
kernel-image-6.1.0-29-s390x-di |  6.1.123-1 | s390x
kernel-image-6.1.0-33-s390x-di |  6.1.133-1 | s390x
kernel-image-6.1.0-34-s390x-di |  6.1.135-1 | s390x
linux-headers-6.1.0-29-s390x |  6.1.123-1 | s390x
linux-headers-6.1.0-33-s390x |  6.1.133-1 | s390x
linux-headers-6.1.0-34-s390x |  6.1.135-1 | s390x
linux-image-6.1.0-29-s390x |  6.1.123-1 | s390x
linux-image-6.1.0-29-s390x-dbg |  6.1.123-1 | s390x
linux-image-6.1.0-33-s390x |  6.1.133-1 | s390x
linux-image-6.1.0-33-s390x-dbg |  6.1.133-1 | s390x
linux-image-6.1.0-34-s390x |  6.1.135-1 | s390x
linux-image-6.1.0-34-s390x-dbg |  6.1.135-1 | s390x
loop-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
loop-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
loop-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
md-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
md-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
md-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
mtd-core-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
mtd-core-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
mtd-core-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
multipath-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
multipath-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
multipath-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
nbd-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
nbd-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
nbd-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
nic-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
nic-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
nic-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
scsi-core-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
scsi-core-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
scsi-core-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
scsi-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
scsi-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
scsi-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
udf-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
udf-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
udf-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x
xfs-modules-6.1.0-29-s390x-di |  6.1.123-1 | s390x
xfs-modules-6.1.0-33-s390x-di |  6.1.133-1 | s390x
xfs-modules-6.1.0-34-s390x-di |  6.1.135-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:34:10 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
affs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
affs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
affs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
affs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
affs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
ata-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
ata-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
ata-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
ata-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
ata-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
ata-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
btrfs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
btrfs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
btrfs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
btrfs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
btrfs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
btrfs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
cdrom-core-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
cdrom-core-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
cdrom-core-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
cdrom-core-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
cdrom-core-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
cdrom-core-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
crc-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
crc-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
crc-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
crc-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
crc-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
crc-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
crypto-dm-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
crypto-dm-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
crypto-dm-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
crypto-dm-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
crypto-dm-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
crypto-dm-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
crypto-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
crypto-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
crypto-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
crypto-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
crypto-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
crypto-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
event-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
event-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
event-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
event-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
event-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
event-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
ext4-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
ext4-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
ext4-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
ext4-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
ext4-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
ext4-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
f2fs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
f2fs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
f2fs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
f2fs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
f2fs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
f2fs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
fat-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
fat-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
fat-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
fat-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
fat-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
fat-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
fb-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
fb-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
fb-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
fb-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
fb-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
fb-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
firewire-core-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
firewire-core-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
firewire-core-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
firewire-core-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
firewire-core-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
firewire-core-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
fuse-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
fuse-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
fuse-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
fuse-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
fuse-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
fuse-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
input-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
input-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
input-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
input-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
input-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
input-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
isofs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
isofs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
isofs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
isofs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
isofs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
isofs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
jfs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
jfs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
jfs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
jfs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
jfs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
jfs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
kernel-image-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
kernel-image-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
kernel-image-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
kernel-image-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
kernel-image-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
kernel-image-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
linux-headers-6.1.0-29-4kc-malta |  6.1.123-1 | mipsel
linux-headers-6.1.0-29-mips32r2el |  6.1.123-1 | mipsel
linux-headers-6.1.0-33-4kc-malta |  6.1.133-1 | mipsel
linux-headers-6.1.0-33-mips32r2el |  6.1.133-1 | mipsel
linux-headers-6.1.0-34-4kc-malta |  6.1.135-1 | mipsel
linux-headers-6.1.0-34-mips32r2el |  6.1.135-1 | mipsel
linux-image-6.1.0-29-4kc-malta |  6.1.123-1 | mipsel
linux-image-6.1.0-29-4kc-malta-dbg |  6.1.123-1 | mipsel
linux-image-6.1.0-29-mips32r2el |  6.1.123-1 | mipsel
linux-image-6.1.0-29-mips32r2el-dbg |  6.1.123-1 | mipsel
linux-image-6.1.0-33-4kc-malta |  6.1.133-1 | mipsel
linux-image-6.1.0-33-4kc-malta-dbg |  6.1.133-1 | mipsel
linux-image-6.1.0-33-mips32r2el |  6.1.133-1 | mipsel
linux-image-6.1.0-33-mips32r2el-dbg |  6.1.133-1 | mipsel
linux-image-6.1.0-34-4kc-malta |  6.1.135-1 | mipsel
linux-image-6.1.0-34-4kc-malta-dbg |  6.1.135-1 | mipsel
linux-image-6.1.0-34-mips32r2el |  6.1.135-1 | mipsel
linux-image-6.1.0-34-mips32r2el-dbg |  6.1.135-1 | mipsel
loop-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
loop-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
loop-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
loop-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
loop-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
loop-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
md-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
md-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
md-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
md-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
md-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
md-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
minix-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
minix-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
minix-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
minix-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
minix-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
minix-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
mmc-core-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
mmc-core-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
mmc-core-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
mmc-core-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
mmc-core-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
mmc-core-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
mmc-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
mmc-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
mmc-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
mmc-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
mmc-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
mmc-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
mouse-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
mouse-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
mouse-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
mouse-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
mouse-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
mouse-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
multipath-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
multipath-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
multipath-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
multipath-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
multipath-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
multipath-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nbd-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nbd-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nbd-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nbd-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nbd-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nbd-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nfs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nfs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nfs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nfs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nfs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nfs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nic-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nic-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nic-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nic-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nic-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nic-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nic-shared-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nic-shared-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nic-shared-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nic-shared-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nic-shared-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nic-shared-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nic-usb-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nic-usb-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nic-usb-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nic-usb-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nic-usb-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nic-usb-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
nic-wireless-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
nic-wireless-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
nic-wireless-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
nic-wireless-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
nic-wireless-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
nic-wireless-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
pata-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
pata-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
pata-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
pata-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
pata-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
pata-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
ppp-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
ppp-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
ppp-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
ppp-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
ppp-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
ppp-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
sata-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
sata-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
sata-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
sata-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
sata-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
sata-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
scsi-core-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
scsi-core-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
scsi-core-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
scsi-core-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
scsi-core-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
scsi-core-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
scsi-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
scsi-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
scsi-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
scsi-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
scsi-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
scsi-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
scsi-nic-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
scsi-nic-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
scsi-nic-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
scsi-nic-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
scsi-nic-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
scsi-nic-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
sound-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
sound-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
sound-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
sound-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
sound-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
sound-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
speakup-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
speakup-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
speakup-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
speakup-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
speakup-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
speakup-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
squashfs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
squashfs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
squashfs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
squashfs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
squashfs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
squashfs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
udf-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
udf-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
udf-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
udf-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
udf-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
udf-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
usb-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
usb-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
usb-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
usb-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
usb-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
usb-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
usb-serial-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
usb-serial-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
usb-serial-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
usb-serial-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
usb-serial-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
usb-serial-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
usb-storage-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
usb-storage-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
usb-storage-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
usb-storage-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
usb-storage-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
usb-storage-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel
xfs-modules-6.1.0-29-4kc-malta-di |  6.1.123-1 | mipsel
xfs-modules-6.1.0-29-mips32r2el-di |  6.1.123-1 | mipsel
xfs-modules-6.1.0-33-4kc-malta-di |  6.1.133-1 | mipsel
xfs-modules-6.1.0-33-mips32r2el-di |  6.1.133-1 | mipsel
xfs-modules-6.1.0-34-4kc-malta-di |  6.1.135-1 | mipsel
xfs-modules-6.1.0-34-mips32r2el-di |  6.1.135-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:34:24 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
ata-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
ata-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
btrfs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
btrfs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
btrfs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
cdrom-core-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
cdrom-core-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
cdrom-core-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
crc-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
crc-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
crc-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
crypto-dm-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
crypto-dm-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
crypto-dm-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
crypto-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
crypto-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
crypto-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
event-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
event-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
event-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
ext4-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
ext4-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
ext4-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
f2fs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
f2fs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
f2fs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
fancontrol-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
fancontrol-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
fancontrol-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
fat-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
fat-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
fat-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
fb-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
fb-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
fb-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
firewire-core-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
firewire-core-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
firewire-core-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
fuse-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
fuse-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
fuse-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
hypervisor-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
hypervisor-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
hypervisor-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
i2c-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
i2c-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
i2c-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
input-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
input-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
input-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
isofs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
isofs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
isofs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
jfs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
jfs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
jfs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
kernel-image-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
kernel-image-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
kernel-image-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
linux-headers-6.1.0-29-powerpc64le |  6.1.123-1 | ppc64el
linux-headers-6.1.0-33-powerpc64le |  6.1.133-1 | ppc64el
linux-headers-6.1.0-34-powerpc64le |  6.1.135-1 | ppc64el
linux-image-6.1.0-29-powerpc64le |  6.1.123-1 | ppc64el
linux-image-6.1.0-29-powerpc64le-dbg |  6.1.123-1 | ppc64el
linux-image-6.1.0-33-powerpc64le |  6.1.133-1 | ppc64el
linux-image-6.1.0-33-powerpc64le-dbg |  6.1.133-1 | ppc64el
linux-image-6.1.0-34-powerpc64le |  6.1.135-1 | ppc64el
linux-image-6.1.0-34-powerpc64le-dbg |  6.1.135-1 | ppc64el
loop-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
loop-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
loop-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
md-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
md-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
md-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
mouse-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
mouse-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
mouse-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
mtd-core-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
mtd-core-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
mtd-core-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
multipath-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
multipath-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
multipath-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
nbd-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
nbd-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
nbd-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
nic-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
nic-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
nic-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
nic-shared-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
nic-shared-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
nic-shared-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
nic-usb-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
nic-usb-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
nic-usb-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
nic-wireless-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
nic-wireless-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
nic-wireless-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
ppp-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
ppp-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
ppp-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
sata-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
sata-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
sata-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
scsi-core-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
scsi-core-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
scsi-core-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
scsi-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
scsi-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
scsi-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
scsi-nic-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
scsi-nic-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
scsi-nic-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
serial-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
serial-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
serial-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
squashfs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
squashfs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
squashfs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
udf-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
udf-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
udf-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
uinput-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
uinput-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
uinput-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
usb-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
usb-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
usb-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
usb-serial-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
usb-serial-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
usb-serial-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
usb-storage-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
usb-storage-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
usb-storage-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el
xfs-modules-6.1.0-29-powerpc64le-di |  6.1.123-1 | ppc64el
xfs-modules-6.1.0-33-powerpc64le-di |  6.1.133-1 | ppc64el
xfs-modules-6.1.0-34-powerpc64le-di |  6.1.135-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:34:37 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-29-amd64 |  6.1.123-1 | amd64
linux-headers-6.1.0-29-cloud-amd64 |  6.1.123-1 | amd64
linux-headers-6.1.0-29-rt-amd64 |  6.1.123-1 | amd64
linux-headers-6.1.0-33-amd64 |  6.1.133-1 | amd64
linux-headers-6.1.0-33-cloud-amd64 |  6.1.133-1 | amd64
linux-headers-6.1.0-33-rt-amd64 |  6.1.133-1 | amd64
linux-headers-6.1.0-34-amd64 |  6.1.135-1 | amd64
linux-headers-6.1.0-34-cloud-amd64 |  6.1.135-1 | amd64
linux-headers-6.1.0-34-rt-amd64 |  6.1.135-1 | amd64
linux-image-6.1.0-29-amd64-dbg |  6.1.123-1 | amd64
linux-image-6.1.0-29-amd64-unsigned |  6.1.123-1 | amd64
linux-image-6.1.0-29-cloud-amd64-dbg |  6.1.123-1 | amd64
linux-image-6.1.0-29-cloud-amd64-unsigned |  6.1.123-1 | amd64
linux-image-6.1.0-29-rt-amd64-dbg |  6.1.123-1 | amd64
linux-image-6.1.0-29-rt-amd64-unsigned |  6.1.123-1 | amd64
linux-image-6.1.0-33-amd64-dbg |  6.1.133-1 | amd64
linux-image-6.1.0-33-amd64-unsigned |  6.1.133-1 | amd64
linux-image-6.1.0-33-cloud-amd64-dbg |  6.1.133-1 | amd64
linux-image-6.1.0-33-cloud-amd64-unsigned |  6.1.133-1 | amd64
linux-image-6.1.0-33-rt-amd64-dbg |  6.1.133-1 | amd64
linux-image-6.1.0-33-rt-amd64-unsigned |  6.1.133-1 | amd64
linux-image-6.1.0-34-amd64-dbg |  6.1.135-1 | amd64
linux-image-6.1.0-34-amd64-unsigned |  6.1.135-1 | amd64
linux-image-6.1.0-34-cloud-amd64-dbg |  6.1.135-1 | amd64
linux-image-6.1.0-34-cloud-amd64-unsigned |  6.1.135-1 | amd64
linux-image-6.1.0-34-rt-amd64-dbg |  6.1.135-1 | amd64
linux-image-6.1.0-34-rt-amd64-unsigned |  6.1.135-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:34:50 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-29-arm64 |  6.1.123-1 | arm64
linux-headers-6.1.0-29-cloud-arm64 |  6.1.123-1 | arm64
linux-headers-6.1.0-29-rt-arm64 |  6.1.123-1 | arm64
linux-headers-6.1.0-33-arm64 |  6.1.133-1 | arm64
linux-headers-6.1.0-33-cloud-arm64 |  6.1.133-1 | arm64
linux-headers-6.1.0-33-rt-arm64 |  6.1.133-1 | arm64
linux-headers-6.1.0-34-arm64 |  6.1.135-1 | arm64
linux-headers-6.1.0-34-cloud-arm64 |  6.1.135-1 | arm64
linux-headers-6.1.0-34-rt-arm64 |  6.1.135-1 | arm64
linux-image-6.1.0-29-arm64-dbg |  6.1.123-1 | arm64
linux-image-6.1.0-29-arm64-unsigned |  6.1.123-1 | arm64
linux-image-6.1.0-29-cloud-arm64-dbg |  6.1.123-1 | arm64
linux-image-6.1.0-29-cloud-arm64-unsigned |  6.1.123-1 | arm64
linux-image-6.1.0-29-rt-arm64-dbg |  6.1.123-1 | arm64
linux-image-6.1.0-29-rt-arm64-unsigned |  6.1.123-1 | arm64
linux-image-6.1.0-33-arm64-dbg |  6.1.133-1 | arm64
linux-image-6.1.0-33-arm64-unsigned |  6.1.133-1 | arm64
linux-image-6.1.0-33-cloud-arm64-dbg |  6.1.133-1 | arm64
linux-image-6.1.0-33-cloud-arm64-unsigned |  6.1.133-1 | arm64
linux-image-6.1.0-33-rt-arm64-dbg |  6.1.133-1 | arm64
linux-image-6.1.0-33-rt-arm64-unsigned |  6.1.133-1 | arm64
linux-image-6.1.0-34-arm64-dbg |  6.1.135-1 | arm64
linux-image-6.1.0-34-arm64-unsigned |  6.1.135-1 | arm64
linux-image-6.1.0-34-cloud-arm64-dbg |  6.1.135-1 | arm64
linux-image-6.1.0-34-cloud-arm64-unsigned |  6.1.135-1 | arm64
linux-image-6.1.0-34-rt-arm64-dbg |  6.1.135-1 | arm64
linux-image-6.1.0-34-rt-arm64-unsigned |  6.1.135-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:35:19 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
btrfs-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
btrfs-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
cdrom-core-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
cdrom-core-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
cdrom-core-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
crc-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
crc-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
crc-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
crypto-dm-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
crypto-dm-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
crypto-dm-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
crypto-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
crypto-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
crypto-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
event-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
event-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
event-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
ext4-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
ext4-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
ext4-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
f2fs-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
f2fs-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
f2fs-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
fat-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
fat-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
fat-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
fb-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
fb-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
fb-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
fuse-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
fuse-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
fuse-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
input-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
input-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
input-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
ipv6-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
ipv6-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
ipv6-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
isofs-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
isofs-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
isofs-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
jffs2-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
jffs2-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
jffs2-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
jfs-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
jfs-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
jfs-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
kernel-image-6.1.0-29-marvell-di |  6.1.123-1 | armel
kernel-image-6.1.0-33-marvell-di |  6.1.133-1 | armel
kernel-image-6.1.0-34-marvell-di |  6.1.135-1 | armel
leds-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
leds-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
leds-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
linux-headers-6.1.0-29-marvell |  6.1.123-1 | armel
linux-headers-6.1.0-29-rpi |  6.1.123-1 | armel
linux-headers-6.1.0-33-marvell |  6.1.133-1 | armel
linux-headers-6.1.0-33-rpi |  6.1.133-1 | armel
linux-headers-6.1.0-34-marvell |  6.1.135-1 | armel
linux-headers-6.1.0-34-rpi |  6.1.135-1 | armel
linux-image-6.1.0-29-marvell |  6.1.123-1 | armel
linux-image-6.1.0-29-marvell-dbg |  6.1.123-1 | armel
linux-image-6.1.0-29-rpi |  6.1.123-1 | armel
linux-image-6.1.0-29-rpi-dbg |  6.1.123-1 | armel
linux-image-6.1.0-33-marvell |  6.1.133-1 | armel
linux-image-6.1.0-33-marvell-dbg |  6.1.133-1 | armel
linux-image-6.1.0-33-rpi |  6.1.133-1 | armel
linux-image-6.1.0-33-rpi-dbg |  6.1.133-1 | armel
linux-image-6.1.0-34-marvell |  6.1.135-1 | armel
linux-image-6.1.0-34-marvell-dbg |  6.1.135-1 | armel
linux-image-6.1.0-34-rpi |  6.1.135-1 | armel
linux-image-6.1.0-34-rpi-dbg |  6.1.135-1 | armel
loop-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
loop-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
loop-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
md-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
md-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
md-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
minix-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
minix-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
minix-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
mmc-core-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
mmc-core-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
mmc-core-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
mmc-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
mmc-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
mmc-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
mouse-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
mouse-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
mouse-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
mtd-core-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
mtd-core-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
mtd-core-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
mtd-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
mtd-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
mtd-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
multipath-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
multipath-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
multipath-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
nbd-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
nbd-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
nbd-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
nic-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
nic-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
nic-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
nic-shared-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
nic-shared-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
nic-shared-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
nic-usb-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
nic-usb-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
nic-usb-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
ppp-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
ppp-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
ppp-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
sata-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
sata-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
sata-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
scsi-core-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
scsi-core-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
scsi-core-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
squashfs-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
squashfs-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
squashfs-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
udf-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
udf-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
udf-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
uinput-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
uinput-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
uinput-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
usb-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
usb-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
usb-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
usb-serial-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
usb-serial-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
usb-serial-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel
usb-storage-modules-6.1.0-29-marvell-di |  6.1.123-1 | armel
usb-storage-modules-6.1.0-33-marvell-di |  6.1.133-1 | armel
usb-storage-modules-6.1.0-34-marvell-di |  6.1.135-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:35:39 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
ata-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
ata-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
btrfs-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
btrfs-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
btrfs-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
cdrom-core-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
cdrom-core-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
cdrom-core-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
crc-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
crc-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
crc-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
crypto-dm-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
crypto-dm-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
crypto-dm-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
crypto-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
crypto-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
crypto-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
efi-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
efi-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
efi-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
event-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
event-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
event-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
ext4-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
ext4-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
ext4-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
f2fs-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
f2fs-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
f2fs-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
fat-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
fat-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
fat-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
fb-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
fb-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
fb-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
fuse-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
fuse-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
fuse-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
i2c-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
i2c-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
i2c-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
input-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
input-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
input-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
isofs-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
isofs-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
isofs-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
jfs-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
jfs-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
jfs-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
kernel-image-6.1.0-29-armmp-di |  6.1.123-1 | armhf
kernel-image-6.1.0-33-armmp-di |  6.1.133-1 | armhf
kernel-image-6.1.0-34-armmp-di |  6.1.135-1 | armhf
leds-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
leds-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
leds-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
linux-headers-6.1.0-29-armmp |  6.1.123-1 | armhf
linux-headers-6.1.0-29-armmp-lpae |  6.1.123-1 | armhf
linux-headers-6.1.0-29-rt-armmp |  6.1.123-1 | armhf
linux-headers-6.1.0-33-armmp |  6.1.133-1 | armhf
linux-headers-6.1.0-33-armmp-lpae |  6.1.133-1 | armhf
linux-headers-6.1.0-33-rt-armmp |  6.1.133-1 | armhf
linux-headers-6.1.0-34-armmp |  6.1.135-1 | armhf
linux-headers-6.1.0-34-armmp-lpae |  6.1.135-1 | armhf
linux-headers-6.1.0-34-rt-armmp |  6.1.135-1 | armhf
linux-image-6.1.0-29-armmp |  6.1.123-1 | armhf
linux-image-6.1.0-29-armmp-dbg |  6.1.123-1 | armhf
linux-image-6.1.0-29-armmp-lpae |  6.1.123-1 | armhf
linux-image-6.1.0-29-armmp-lpae-dbg |  6.1.123-1 | armhf
linux-image-6.1.0-29-rt-armmp |  6.1.123-1 | armhf
linux-image-6.1.0-29-rt-armmp-dbg |  6.1.123-1 | armhf
linux-image-6.1.0-33-armmp |  6.1.133-1 | armhf
linux-image-6.1.0-33-armmp-dbg |  6.1.133-1 | armhf
linux-image-6.1.0-33-armmp-lpae |  6.1.133-1 | armhf
linux-image-6.1.0-33-armmp-lpae-dbg |  6.1.133-1 | armhf
linux-image-6.1.0-33-rt-armmp |  6.1.133-1 | armhf
linux-image-6.1.0-33-rt-armmp-dbg |  6.1.133-1 | armhf
linux-image-6.1.0-34-armmp |  6.1.135-1 | armhf
linux-image-6.1.0-34-armmp-dbg |  6.1.135-1 | armhf
linux-image-6.1.0-34-armmp-lpae |  6.1.135-1 | armhf
linux-image-6.1.0-34-armmp-lpae-dbg |  6.1.135-1 | armhf
linux-image-6.1.0-34-rt-armmp |  6.1.135-1 | armhf
linux-image-6.1.0-34-rt-armmp-dbg |  6.1.135-1 | armhf
loop-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
loop-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
loop-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
md-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
md-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
md-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
mmc-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
mmc-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
mmc-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
mtd-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
mtd-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
mtd-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
multipath-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
multipath-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
multipath-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
nbd-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
nbd-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
nbd-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
nic-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
nic-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
nic-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
nic-shared-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
nic-shared-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
nic-shared-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
nic-usb-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
nic-usb-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
nic-usb-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
nic-wireless-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
nic-wireless-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
nic-wireless-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
pata-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
pata-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
pata-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
ppp-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
ppp-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
ppp-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
sata-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
sata-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
sata-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
scsi-core-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
scsi-core-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
scsi-core-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
scsi-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
scsi-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
scsi-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
scsi-nic-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
scsi-nic-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
scsi-nic-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
sound-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
sound-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
sound-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
speakup-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
speakup-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
speakup-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
squashfs-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
squashfs-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
squashfs-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
udf-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
udf-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
udf-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
uinput-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
uinput-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
uinput-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
usb-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
usb-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
usb-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
usb-serial-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
usb-serial-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
usb-serial-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf
usb-storage-modules-6.1.0-29-armmp-di |  6.1.123-1 | armhf
usb-storage-modules-6.1.0-33-armmp-di |  6.1.133-1 | armhf
usb-storage-modules-6.1.0-34-armmp-di |  6.1.135-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:36:11 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-29-686 |  6.1.123-1 | i386
linux-headers-6.1.0-29-686-pae |  6.1.123-1 | i386
linux-headers-6.1.0-29-rt-686-pae |  6.1.123-1 | i386
linux-headers-6.1.0-33-686 |  6.1.133-1 | i386
linux-headers-6.1.0-33-686-pae |  6.1.133-1 | i386
linux-headers-6.1.0-33-rt-686-pae |  6.1.133-1 | i386
linux-headers-6.1.0-34-686 |  6.1.135-1 | i386
linux-headers-6.1.0-34-686-pae |  6.1.135-1 | i386
linux-headers-6.1.0-34-rt-686-pae |  6.1.135-1 | i386
linux-image-6.1.0-29-686-dbg |  6.1.123-1 | i386
linux-image-6.1.0-29-686-pae-dbg |  6.1.123-1 | i386
linux-image-6.1.0-29-686-pae-unsigned |  6.1.123-1 | i386
linux-image-6.1.0-29-686-unsigned |  6.1.123-1 | i386
linux-image-6.1.0-29-rt-686-pae-dbg |  6.1.123-1 | i386
linux-image-6.1.0-29-rt-686-pae-unsigned |  6.1.123-1 | i386
linux-image-6.1.0-33-686-dbg |  6.1.133-1 | i386
linux-image-6.1.0-33-686-pae-dbg |  6.1.133-1 | i386
linux-image-6.1.0-33-686-pae-unsigned |  6.1.133-1 | i386
linux-image-6.1.0-33-686-unsigned |  6.1.133-1 | i386
linux-image-6.1.0-33-rt-686-pae-dbg |  6.1.133-1 | i386
linux-image-6.1.0-33-rt-686-pae-unsigned |  6.1.133-1 | i386
linux-image-6.1.0-34-686-dbg |  6.1.135-1 | i386
linux-image-6.1.0-34-686-pae-dbg |  6.1.135-1 | i386
linux-image-6.1.0-34-686-pae-unsigned |  6.1.135-1 | i386
linux-image-6.1.0-34-686-unsigned |  6.1.135-1 | i386
linux-image-6.1.0-34-rt-686-pae-dbg |  6.1.135-1 | i386
linux-image-6.1.0-34-rt-686-pae-unsigned |  6.1.135-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:36:30 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
affs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
affs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
affs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
affs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
affs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
ata-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
ata-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
ata-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
ata-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
ata-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
ata-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
btrfs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
btrfs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
btrfs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
btrfs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
btrfs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
btrfs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
cdrom-core-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
cdrom-core-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
cdrom-core-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
cdrom-core-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
cdrom-core-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
cdrom-core-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
crc-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
crc-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
crc-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
crc-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
crc-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
crc-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
crypto-dm-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
crypto-dm-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
crypto-dm-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
crypto-dm-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
crypto-dm-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
crypto-dm-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
crypto-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
crypto-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
crypto-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
crypto-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
crypto-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
crypto-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
event-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
event-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
event-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
event-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
event-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
event-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
ext4-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
ext4-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
ext4-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
ext4-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
ext4-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
ext4-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
f2fs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
f2fs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
f2fs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
f2fs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
f2fs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
f2fs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
fat-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
fat-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
fat-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
fat-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
fat-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
fat-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
fb-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
fb-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
fb-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
fb-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
fb-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
fb-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
firewire-core-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
firewire-core-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
firewire-core-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
firewire-core-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
firewire-core-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
firewire-core-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
fuse-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
fuse-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
fuse-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
fuse-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
fuse-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
fuse-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
input-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
input-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
input-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
input-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
input-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
input-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
isofs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
isofs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
isofs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
isofs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
isofs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
isofs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
jfs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
jfs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
jfs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
jfs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
jfs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
jfs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
kernel-image-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
kernel-image-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
kernel-image-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
kernel-image-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
kernel-image-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
kernel-image-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
linux-headers-6.1.0-29-5kc-malta |  6.1.123-1 | mips64el
linux-headers-6.1.0-29-mips64r2el |  6.1.123-1 | mips64el
linux-headers-6.1.0-33-5kc-malta |  6.1.133-1 | mips64el
linux-headers-6.1.0-33-mips64r2el |  6.1.133-1 | mips64el
linux-headers-6.1.0-34-5kc-malta |  6.1.135-1 | mips64el
linux-headers-6.1.0-34-mips64r2el |  6.1.135-1 | mips64el
linux-image-6.1.0-29-5kc-malta |  6.1.123-1 | mips64el
linux-image-6.1.0-29-5kc-malta-dbg |  6.1.123-1 | mips64el
linux-image-6.1.0-29-mips64r2el |  6.1.123-1 | mips64el
linux-image-6.1.0-29-mips64r2el-dbg |  6.1.123-1 | mips64el
linux-image-6.1.0-33-5kc-malta |  6.1.133-1 | mips64el
linux-image-6.1.0-33-5kc-malta-dbg |  6.1.133-1 | mips64el
linux-image-6.1.0-33-mips64r2el |  6.1.133-1 | mips64el
linux-image-6.1.0-33-mips64r2el-dbg |  6.1.133-1 | mips64el
linux-image-6.1.0-34-5kc-malta |  6.1.135-1 | mips64el
linux-image-6.1.0-34-5kc-malta-dbg |  6.1.135-1 | mips64el
linux-image-6.1.0-34-mips64r2el |  6.1.135-1 | mips64el
linux-image-6.1.0-34-mips64r2el-dbg |  6.1.135-1 | mips64el
loop-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
loop-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
loop-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
loop-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
loop-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
loop-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
md-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
md-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
md-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
md-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
md-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
md-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
minix-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
minix-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
minix-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
minix-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
minix-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
minix-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
mmc-core-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
mmc-core-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
mmc-core-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
mmc-core-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
mmc-core-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
mmc-core-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
mmc-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
mmc-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
mmc-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
mmc-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
mmc-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
mmc-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
mouse-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
mouse-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
mouse-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
mouse-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
mouse-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
mouse-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
multipath-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
multipath-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
multipath-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
multipath-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
multipath-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
multipath-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nbd-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nbd-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nbd-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nbd-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nbd-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nbd-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nfs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nfs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nfs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nfs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nfs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nfs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nic-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nic-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nic-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nic-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nic-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nic-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nic-shared-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nic-shared-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nic-shared-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nic-shared-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nic-shared-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nic-shared-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nic-usb-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nic-usb-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nic-usb-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nic-usb-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nic-usb-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nic-usb-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
nic-wireless-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
nic-wireless-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
nic-wireless-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
nic-wireless-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
nic-wireless-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
nic-wireless-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
pata-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
pata-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
pata-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
pata-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
pata-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
pata-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
ppp-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
ppp-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
ppp-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
ppp-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
ppp-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
ppp-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
sata-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
sata-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
sata-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
sata-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
sata-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
sata-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
scsi-core-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
scsi-core-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
scsi-core-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
scsi-core-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
scsi-core-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
scsi-core-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
scsi-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
scsi-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
scsi-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
scsi-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
scsi-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
scsi-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
scsi-nic-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
scsi-nic-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
scsi-nic-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
scsi-nic-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
scsi-nic-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
scsi-nic-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
sound-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
sound-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
sound-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
sound-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
sound-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
sound-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
speakup-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
speakup-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
speakup-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
speakup-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
speakup-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
speakup-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
squashfs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
squashfs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
squashfs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
squashfs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
squashfs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
squashfs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
udf-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
udf-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
udf-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
udf-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
udf-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
udf-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
usb-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
usb-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
usb-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
usb-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
usb-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
usb-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
usb-serial-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
usb-serial-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
usb-serial-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
usb-serial-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
usb-serial-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
usb-serial-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
usb-storage-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
usb-storage-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
usb-storage-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
usb-storage-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
usb-storage-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
usb-storage-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el
xfs-modules-6.1.0-29-5kc-malta-di |  6.1.123-1 | mips64el
xfs-modules-6.1.0-29-mips64r2el-di |  6.1.123-1 | mips64el
xfs-modules-6.1.0-33-5kc-malta-di |  6.1.133-1 | mips64el
xfs-modules-6.1.0-33-mips64r2el-di |  6.1.133-1 | mips64el
xfs-modules-6.1.0-34-5kc-malta-di |  6.1.135-1 | mips64el
xfs-modules-6.1.0-34-mips64r2el-di |  6.1.135-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:36:45 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
affs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
affs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
affs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
affs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
affs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
ata-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
ata-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
ata-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
ata-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
ata-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
ata-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
btrfs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
btrfs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
btrfs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
btrfs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
btrfs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
btrfs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
crc-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
crc-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
crc-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
crc-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
crc-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
crc-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
crypto-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
crypto-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
crypto-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
crypto-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
crypto-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
crypto-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
event-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
event-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
event-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
event-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
event-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
event-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
ext4-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
ext4-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
ext4-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
ext4-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
ext4-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
ext4-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
f2fs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
f2fs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
f2fs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
f2fs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
f2fs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
f2fs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
fat-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
fat-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
fat-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
fat-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
fat-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
fat-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
fb-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
fb-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
fb-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
fb-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
fb-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
fb-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
firewire-core-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
firewire-core-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
firewire-core-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
firewire-core-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
firewire-core-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
firewire-core-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
fuse-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
fuse-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
fuse-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
fuse-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
fuse-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
fuse-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
input-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
input-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
input-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
input-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
input-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
input-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
isofs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
isofs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
isofs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
isofs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
isofs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
isofs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
jfs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
jfs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
jfs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
jfs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
jfs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
jfs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
kernel-image-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
kernel-image-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
kernel-image-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
kernel-image-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
kernel-image-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
kernel-image-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
linux-headers-6.1.0-29-loongson-3 |  6.1.123-1 | mips64el, mipsel
linux-headers-6.1.0-29-octeon |  6.1.123-1 | mips64el, mipsel
linux-headers-6.1.0-33-loongson-3 |  6.1.133-1 | mips64el, mipsel
linux-headers-6.1.0-33-octeon |  6.1.133-1 | mips64el, mipsel
linux-headers-6.1.0-34-loongson-3 |  6.1.135-1 | mips64el, mipsel
linux-headers-6.1.0-34-octeon |  6.1.135-1 | mips64el, mipsel
linux-image-6.1.0-29-loongson-3 |  6.1.123-1 | mips64el, mipsel
linux-image-6.1.0-29-loongson-3-dbg |  6.1.123-1 | mips64el, mipsel
linux-image-6.1.0-29-octeon |  6.1.123-1 | mips64el, mipsel
linux-image-6.1.0-29-octeon-dbg |  6.1.123-1 | mips64el, mipsel
linux-image-6.1.0-33-loongson-3 |  6.1.133-1 | mips64el, mipsel
linux-image-6.1.0-33-loongson-3-dbg |  6.1.133-1 | mips64el, mipsel
linux-image-6.1.0-33-octeon |  6.1.133-1 | mips64el, mipsel
linux-image-6.1.0-33-octeon-dbg |  6.1.133-1 | mips64el, mipsel
linux-image-6.1.0-34-loongson-3 |  6.1.135-1 | mips64el, mipsel
linux-image-6.1.0-34-loongson-3-dbg |  6.1.135-1 | mips64el, mipsel
linux-image-6.1.0-34-octeon |  6.1.135-1 | mips64el, mipsel
linux-image-6.1.0-34-octeon-dbg |  6.1.135-1 | mips64el, mipsel
loop-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
loop-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
loop-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
loop-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
loop-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
loop-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
md-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
md-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
md-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
md-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
md-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
md-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
minix-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
minix-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
minix-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
minix-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
minix-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
minix-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
mmc-core-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
mmc-core-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
mmc-core-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
mmc-core-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
mmc-core-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
mmc-core-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
mmc-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
mmc-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
mmc-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
mmc-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
mmc-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
mmc-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
mouse-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
mouse-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
mouse-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
mouse-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
mouse-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
mouse-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
multipath-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
multipath-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
multipath-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
multipath-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
multipath-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
multipath-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nbd-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nbd-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nbd-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nbd-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nbd-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nbd-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nfs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nfs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nfs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nfs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nfs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nfs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nic-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nic-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nic-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nic-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nic-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nic-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nic-shared-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nic-shared-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nic-shared-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nic-shared-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nic-shared-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nic-shared-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nic-usb-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nic-usb-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nic-usb-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nic-usb-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nic-usb-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nic-usb-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
pata-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
pata-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
pata-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
pata-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
pata-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
pata-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
ppp-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
ppp-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
ppp-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
ppp-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
ppp-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
ppp-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
sata-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
sata-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
sata-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
sata-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
sata-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
sata-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
scsi-core-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
scsi-core-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
scsi-core-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
scsi-core-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
scsi-core-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
scsi-core-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
scsi-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
scsi-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
scsi-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
scsi-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
scsi-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
scsi-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
sound-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
sound-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
sound-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
sound-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
sound-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
sound-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
speakup-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
speakup-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
speakup-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
speakup-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
speakup-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
speakup-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
squashfs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
squashfs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
squashfs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
squashfs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
squashfs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
squashfs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
udf-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
udf-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
udf-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
udf-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
udf-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
udf-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
usb-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
usb-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
usb-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
usb-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
usb-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
usb-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
usb-serial-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
usb-serial-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
usb-serial-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
usb-serial-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
usb-serial-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
usb-serial-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
usb-storage-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
usb-storage-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
usb-storage-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
usb-storage-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
usb-storage-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
usb-storage-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel
xfs-modules-6.1.0-29-loongson-3-di |  6.1.123-1 | mips64el, mipsel
xfs-modules-6.1.0-29-octeon-di |  6.1.123-1 | mips64el, mipsel
xfs-modules-6.1.0-33-loongson-3-di |  6.1.133-1 | mips64el, mipsel
xfs-modules-6.1.0-33-octeon-di |  6.1.133-1 | mips64el, mipsel
xfs-modules-6.1.0-34-loongson-3-di |  6.1.135-1 | mips64el, mipsel
xfs-modules-6.1.0-34-octeon-di |  6.1.135-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:36:57 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
acpi-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
acpi-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
ata-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
ata-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
ata-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
btrfs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
btrfs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
btrfs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
cdrom-core-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
cdrom-core-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
cdrom-core-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
crc-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
crc-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
crc-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
crypto-dm-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
crypto-dm-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
crypto-dm-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
crypto-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
crypto-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
crypto-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
efi-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
efi-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
efi-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
event-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
event-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
event-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
ext4-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
ext4-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
ext4-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
f2fs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
f2fs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
f2fs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
fat-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
fat-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
fat-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
fb-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
fb-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
fb-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
firewire-core-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
firewire-core-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
firewire-core-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
fuse-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
fuse-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
fuse-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
i2c-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
i2c-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
i2c-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
input-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
input-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
input-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
isofs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
isofs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
isofs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
jfs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
jfs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
jfs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
kernel-image-6.1.0-29-amd64-di |  6.1.123-1 | amd64
kernel-image-6.1.0-33-amd64-di |  6.1.133-1 | amd64
kernel-image-6.1.0-34-amd64-di |  6.1.135-1 | amd64
linux-image-6.1.0-29-amd64 |  6.1.123-1 | amd64
linux-image-6.1.0-29-cloud-amd64 |  6.1.123-1 | amd64
linux-image-6.1.0-29-rt-amd64 |  6.1.123-1 | amd64
linux-image-6.1.0-33-amd64 |  6.1.133-1 | amd64
linux-image-6.1.0-33-cloud-amd64 |  6.1.133-1 | amd64
linux-image-6.1.0-33-rt-amd64 |  6.1.133-1 | amd64
linux-image-6.1.0-34-amd64 |  6.1.135-1 | amd64
linux-image-6.1.0-34-cloud-amd64 |  6.1.135-1 | amd64
linux-image-6.1.0-34-rt-amd64 |  6.1.135-1 | amd64
loop-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
loop-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
loop-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
md-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
md-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
md-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
mmc-core-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
mmc-core-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
mmc-core-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
mmc-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
mmc-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
mmc-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
mouse-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
mouse-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
mouse-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
mtd-core-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
mtd-core-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
mtd-core-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
multipath-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
multipath-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
multipath-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nbd-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nbd-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nbd-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nic-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nic-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nic-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nic-pcmcia-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nic-pcmcia-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nic-pcmcia-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nic-shared-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nic-shared-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nic-shared-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nic-usb-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nic-usb-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nic-usb-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
nic-wireless-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
nic-wireless-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
nic-wireless-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
pata-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
pata-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
pata-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
pcmcia-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
pcmcia-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
pcmcia-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
pcmcia-storage-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
pcmcia-storage-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
pcmcia-storage-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
ppp-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
ppp-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
ppp-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
rfkill-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
rfkill-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
rfkill-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
sata-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
sata-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
sata-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
scsi-core-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
scsi-core-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
scsi-core-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
scsi-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
scsi-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
scsi-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
scsi-nic-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
scsi-nic-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
scsi-nic-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
serial-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
serial-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
serial-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
sound-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
sound-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
sound-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
speakup-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
speakup-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
speakup-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
squashfs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
squashfs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
squashfs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
udf-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
udf-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
udf-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
uinput-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
uinput-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
uinput-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
usb-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
usb-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
usb-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
usb-serial-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
usb-serial-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
usb-serial-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
usb-storage-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
usb-storage-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
usb-storage-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64
xfs-modules-6.1.0-29-amd64-di |  6.1.123-1 | amd64
xfs-modules-6.1.0-33-amd64-di |  6.1.133-1 | amd64
xfs-modules-6.1.0-34-amd64-di |  6.1.135-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:37:08 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
ata-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
ata-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
btrfs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
btrfs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
btrfs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
cdrom-core-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
cdrom-core-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
cdrom-core-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
crc-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
crc-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
crc-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
crypto-dm-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
crypto-dm-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
crypto-dm-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
crypto-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
crypto-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
crypto-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
efi-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
efi-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
efi-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
event-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
event-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
event-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
ext4-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
ext4-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
ext4-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
f2fs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
f2fs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
f2fs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
fat-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
fat-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
fat-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
fb-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
fb-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
fb-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
fuse-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
fuse-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
fuse-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
i2c-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
i2c-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
i2c-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
input-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
input-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
input-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
isofs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
isofs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
isofs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
jfs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
jfs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
jfs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
kernel-image-6.1.0-29-arm64-di |  6.1.123-1 | arm64
kernel-image-6.1.0-33-arm64-di |  6.1.133-1 | arm64
kernel-image-6.1.0-34-arm64-di |  6.1.135-1 | arm64
leds-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
leds-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
leds-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
linux-image-6.1.0-29-arm64 |  6.1.123-1 | arm64
linux-image-6.1.0-29-cloud-arm64 |  6.1.123-1 | arm64
linux-image-6.1.0-29-rt-arm64 |  6.1.123-1 | arm64
linux-image-6.1.0-33-arm64 |  6.1.133-1 | arm64
linux-image-6.1.0-33-cloud-arm64 |  6.1.133-1 | arm64
linux-image-6.1.0-33-rt-arm64 |  6.1.133-1 | arm64
linux-image-6.1.0-34-arm64 |  6.1.135-1 | arm64
linux-image-6.1.0-34-cloud-arm64 |  6.1.135-1 | arm64
linux-image-6.1.0-34-rt-arm64 |  6.1.135-1 | arm64
loop-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
loop-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
loop-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
md-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
md-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
md-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
mmc-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
mmc-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
mmc-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
mtd-core-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
mtd-core-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
mtd-core-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
multipath-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
multipath-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
multipath-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
nbd-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
nbd-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
nbd-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
nic-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
nic-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
nic-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
nic-shared-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
nic-shared-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
nic-shared-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
nic-usb-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
nic-usb-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
nic-usb-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
nic-wireless-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
nic-wireless-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
nic-wireless-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
ppp-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
ppp-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
ppp-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
sata-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
sata-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
sata-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
scsi-core-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
scsi-core-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
scsi-core-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
scsi-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
scsi-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
scsi-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
scsi-nic-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
scsi-nic-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
scsi-nic-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
sound-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
sound-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
sound-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
speakup-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
speakup-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
speakup-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
squashfs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
squashfs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
squashfs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
udf-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
udf-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
udf-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
uinput-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
uinput-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
uinput-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
usb-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
usb-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
usb-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
usb-serial-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
usb-serial-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
usb-serial-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
usb-storage-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
usb-storage-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
usb-storage-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64
xfs-modules-6.1.0-29-arm64-di |  6.1.123-1 | arm64
xfs-modules-6.1.0-33-arm64-di |  6.1.133-1 | arm64
xfs-modules-6.1.0-34-arm64-di |  6.1.135-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:37:22 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-29-686-di |  6.1.123-1 | i386
acpi-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
acpi-modules-6.1.0-33-686-di |  6.1.133-1 | i386
acpi-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
acpi-modules-6.1.0-34-686-di |  6.1.135-1 | i386
acpi-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
ata-modules-6.1.0-29-686-di |  6.1.123-1 | i386
ata-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
ata-modules-6.1.0-33-686-di |  6.1.133-1 | i386
ata-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
ata-modules-6.1.0-34-686-di |  6.1.135-1 | i386
ata-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
btrfs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
btrfs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
btrfs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
btrfs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
btrfs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
btrfs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
cdrom-core-modules-6.1.0-29-686-di |  6.1.123-1 | i386
cdrom-core-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
cdrom-core-modules-6.1.0-33-686-di |  6.1.133-1 | i386
cdrom-core-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
cdrom-core-modules-6.1.0-34-686-di |  6.1.135-1 | i386
cdrom-core-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
crc-modules-6.1.0-29-686-di |  6.1.123-1 | i386
crc-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
crc-modules-6.1.0-33-686-di |  6.1.133-1 | i386
crc-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
crc-modules-6.1.0-34-686-di |  6.1.135-1 | i386
crc-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
crypto-dm-modules-6.1.0-29-686-di |  6.1.123-1 | i386
crypto-dm-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
crypto-dm-modules-6.1.0-33-686-di |  6.1.133-1 | i386
crypto-dm-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
crypto-dm-modules-6.1.0-34-686-di |  6.1.135-1 | i386
crypto-dm-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
crypto-modules-6.1.0-29-686-di |  6.1.123-1 | i386
crypto-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
crypto-modules-6.1.0-33-686-di |  6.1.133-1 | i386
crypto-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
crypto-modules-6.1.0-34-686-di |  6.1.135-1 | i386
crypto-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
efi-modules-6.1.0-29-686-di |  6.1.123-1 | i386
efi-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
efi-modules-6.1.0-33-686-di |  6.1.133-1 | i386
efi-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
efi-modules-6.1.0-34-686-di |  6.1.135-1 | i386
efi-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
event-modules-6.1.0-29-686-di |  6.1.123-1 | i386
event-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
event-modules-6.1.0-33-686-di |  6.1.133-1 | i386
event-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
event-modules-6.1.0-34-686-di |  6.1.135-1 | i386
event-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
ext4-modules-6.1.0-29-686-di |  6.1.123-1 | i386
ext4-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
ext4-modules-6.1.0-33-686-di |  6.1.133-1 | i386
ext4-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
ext4-modules-6.1.0-34-686-di |  6.1.135-1 | i386
ext4-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
f2fs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
f2fs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
f2fs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
f2fs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
f2fs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
f2fs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
fat-modules-6.1.0-29-686-di |  6.1.123-1 | i386
fat-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
fat-modules-6.1.0-33-686-di |  6.1.133-1 | i386
fat-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
fat-modules-6.1.0-34-686-di |  6.1.135-1 | i386
fat-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
fb-modules-6.1.0-29-686-di |  6.1.123-1 | i386
fb-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
fb-modules-6.1.0-33-686-di |  6.1.133-1 | i386
fb-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
fb-modules-6.1.0-34-686-di |  6.1.135-1 | i386
fb-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
firewire-core-modules-6.1.0-29-686-di |  6.1.123-1 | i386
firewire-core-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
firewire-core-modules-6.1.0-33-686-di |  6.1.133-1 | i386
firewire-core-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
firewire-core-modules-6.1.0-34-686-di |  6.1.135-1 | i386
firewire-core-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
fuse-modules-6.1.0-29-686-di |  6.1.123-1 | i386
fuse-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
fuse-modules-6.1.0-33-686-di |  6.1.133-1 | i386
fuse-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
fuse-modules-6.1.0-34-686-di |  6.1.135-1 | i386
fuse-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
i2c-modules-6.1.0-29-686-di |  6.1.123-1 | i386
i2c-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
i2c-modules-6.1.0-33-686-di |  6.1.133-1 | i386
i2c-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
i2c-modules-6.1.0-34-686-di |  6.1.135-1 | i386
i2c-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
input-modules-6.1.0-29-686-di |  6.1.123-1 | i386
input-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
input-modules-6.1.0-33-686-di |  6.1.133-1 | i386
input-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
input-modules-6.1.0-34-686-di |  6.1.135-1 | i386
input-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
isofs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
isofs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
isofs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
isofs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
isofs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
isofs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
jfs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
jfs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
jfs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
jfs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
jfs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
jfs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
kernel-image-6.1.0-29-686-di |  6.1.123-1 | i386
kernel-image-6.1.0-29-686-pae-di |  6.1.123-1 | i386
kernel-image-6.1.0-33-686-di |  6.1.133-1 | i386
kernel-image-6.1.0-33-686-pae-di |  6.1.133-1 | i386
kernel-image-6.1.0-34-686-di |  6.1.135-1 | i386
kernel-image-6.1.0-34-686-pae-di |  6.1.135-1 | i386
linux-image-6.1.0-29-686 |  6.1.123-1 | i386
linux-image-6.1.0-29-686-pae |  6.1.123-1 | i386
linux-image-6.1.0-29-rt-686-pae |  6.1.123-1 | i386
linux-image-6.1.0-33-686 |  6.1.133-1 | i386
linux-image-6.1.0-33-686-pae |  6.1.133-1 | i386
linux-image-6.1.0-33-rt-686-pae |  6.1.133-1 | i386
linux-image-6.1.0-34-686 |  6.1.135-1 | i386
linux-image-6.1.0-34-686-pae |  6.1.135-1 | i386
linux-image-6.1.0-34-rt-686-pae |  6.1.135-1 | i386
loop-modules-6.1.0-29-686-di |  6.1.123-1 | i386
loop-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
loop-modules-6.1.0-33-686-di |  6.1.133-1 | i386
loop-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
loop-modules-6.1.0-34-686-di |  6.1.135-1 | i386
loop-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
md-modules-6.1.0-29-686-di |  6.1.123-1 | i386
md-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
md-modules-6.1.0-33-686-di |  6.1.133-1 | i386
md-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
md-modules-6.1.0-34-686-di |  6.1.135-1 | i386
md-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
mmc-core-modules-6.1.0-29-686-di |  6.1.123-1 | i386
mmc-core-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
mmc-core-modules-6.1.0-33-686-di |  6.1.133-1 | i386
mmc-core-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
mmc-core-modules-6.1.0-34-686-di |  6.1.135-1 | i386
mmc-core-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
mmc-modules-6.1.0-29-686-di |  6.1.123-1 | i386
mmc-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
mmc-modules-6.1.0-33-686-di |  6.1.133-1 | i386
mmc-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
mmc-modules-6.1.0-34-686-di |  6.1.135-1 | i386
mmc-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
mouse-modules-6.1.0-29-686-di |  6.1.123-1 | i386
mouse-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
mouse-modules-6.1.0-33-686-di |  6.1.133-1 | i386
mouse-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
mouse-modules-6.1.0-34-686-di |  6.1.135-1 | i386
mouse-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
mtd-core-modules-6.1.0-29-686-di |  6.1.123-1 | i386
mtd-core-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
mtd-core-modules-6.1.0-33-686-di |  6.1.133-1 | i386
mtd-core-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
mtd-core-modules-6.1.0-34-686-di |  6.1.135-1 | i386
mtd-core-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
multipath-modules-6.1.0-29-686-di |  6.1.123-1 | i386
multipath-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
multipath-modules-6.1.0-33-686-di |  6.1.133-1 | i386
multipath-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
multipath-modules-6.1.0-34-686-di |  6.1.135-1 | i386
multipath-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nbd-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nbd-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nbd-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nbd-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nbd-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nbd-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nic-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nic-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nic-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nic-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nic-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nic-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nic-pcmcia-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nic-pcmcia-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nic-pcmcia-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nic-pcmcia-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nic-pcmcia-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nic-pcmcia-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nic-shared-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nic-shared-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nic-shared-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nic-shared-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nic-shared-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nic-shared-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nic-usb-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nic-usb-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nic-usb-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nic-usb-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nic-usb-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nic-usb-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
nic-wireless-modules-6.1.0-29-686-di |  6.1.123-1 | i386
nic-wireless-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
nic-wireless-modules-6.1.0-33-686-di |  6.1.133-1 | i386
nic-wireless-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
nic-wireless-modules-6.1.0-34-686-di |  6.1.135-1 | i386
nic-wireless-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
pata-modules-6.1.0-29-686-di |  6.1.123-1 | i386
pata-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
pata-modules-6.1.0-33-686-di |  6.1.133-1 | i386
pata-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
pata-modules-6.1.0-34-686-di |  6.1.135-1 | i386
pata-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
pcmcia-modules-6.1.0-29-686-di |  6.1.123-1 | i386
pcmcia-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
pcmcia-modules-6.1.0-33-686-di |  6.1.133-1 | i386
pcmcia-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
pcmcia-modules-6.1.0-34-686-di |  6.1.135-1 | i386
pcmcia-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
pcmcia-storage-modules-6.1.0-29-686-di |  6.1.123-1 | i386
pcmcia-storage-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
pcmcia-storage-modules-6.1.0-33-686-di |  6.1.133-1 | i386
pcmcia-storage-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
pcmcia-storage-modules-6.1.0-34-686-di |  6.1.135-1 | i386
pcmcia-storage-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
ppp-modules-6.1.0-29-686-di |  6.1.123-1 | i386
ppp-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
ppp-modules-6.1.0-33-686-di |  6.1.133-1 | i386
ppp-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
ppp-modules-6.1.0-34-686-di |  6.1.135-1 | i386
ppp-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
rfkill-modules-6.1.0-29-686-di |  6.1.123-1 | i386
rfkill-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
rfkill-modules-6.1.0-33-686-di |  6.1.133-1 | i386
rfkill-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
rfkill-modules-6.1.0-34-686-di |  6.1.135-1 | i386
rfkill-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
sata-modules-6.1.0-29-686-di |  6.1.123-1 | i386
sata-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
sata-modules-6.1.0-33-686-di |  6.1.133-1 | i386
sata-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
sata-modules-6.1.0-34-686-di |  6.1.135-1 | i386
sata-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
scsi-core-modules-6.1.0-29-686-di |  6.1.123-1 | i386
scsi-core-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
scsi-core-modules-6.1.0-33-686-di |  6.1.133-1 | i386
scsi-core-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
scsi-core-modules-6.1.0-34-686-di |  6.1.135-1 | i386
scsi-core-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
scsi-modules-6.1.0-29-686-di |  6.1.123-1 | i386
scsi-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
scsi-modules-6.1.0-33-686-di |  6.1.133-1 | i386
scsi-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
scsi-modules-6.1.0-34-686-di |  6.1.135-1 | i386
scsi-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
scsi-nic-modules-6.1.0-29-686-di |  6.1.123-1 | i386
scsi-nic-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
scsi-nic-modules-6.1.0-33-686-di |  6.1.133-1 | i386
scsi-nic-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
scsi-nic-modules-6.1.0-34-686-di |  6.1.135-1 | i386
scsi-nic-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
serial-modules-6.1.0-29-686-di |  6.1.123-1 | i386
serial-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
serial-modules-6.1.0-33-686-di |  6.1.133-1 | i386
serial-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
serial-modules-6.1.0-34-686-di |  6.1.135-1 | i386
serial-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
sound-modules-6.1.0-29-686-di |  6.1.123-1 | i386
sound-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
sound-modules-6.1.0-33-686-di |  6.1.133-1 | i386
sound-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
sound-modules-6.1.0-34-686-di |  6.1.135-1 | i386
sound-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
speakup-modules-6.1.0-29-686-di |  6.1.123-1 | i386
speakup-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
speakup-modules-6.1.0-33-686-di |  6.1.133-1 | i386
speakup-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
speakup-modules-6.1.0-34-686-di |  6.1.135-1 | i386
speakup-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
squashfs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
squashfs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
squashfs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
squashfs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
squashfs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
squashfs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
udf-modules-6.1.0-29-686-di |  6.1.123-1 | i386
udf-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
udf-modules-6.1.0-33-686-di |  6.1.133-1 | i386
udf-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
udf-modules-6.1.0-34-686-di |  6.1.135-1 | i386
udf-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
uinput-modules-6.1.0-29-686-di |  6.1.123-1 | i386
uinput-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
uinput-modules-6.1.0-33-686-di |  6.1.133-1 | i386
uinput-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
uinput-modules-6.1.0-34-686-di |  6.1.135-1 | i386
uinput-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
usb-modules-6.1.0-29-686-di |  6.1.123-1 | i386
usb-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
usb-modules-6.1.0-33-686-di |  6.1.133-1 | i386
usb-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
usb-modules-6.1.0-34-686-di |  6.1.135-1 | i386
usb-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
usb-serial-modules-6.1.0-29-686-di |  6.1.123-1 | i386
usb-serial-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
usb-serial-modules-6.1.0-33-686-di |  6.1.133-1 | i386
usb-serial-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
usb-serial-modules-6.1.0-34-686-di |  6.1.135-1 | i386
usb-serial-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
usb-storage-modules-6.1.0-29-686-di |  6.1.123-1 | i386
usb-storage-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
usb-storage-modules-6.1.0-33-686-di |  6.1.133-1 | i386
usb-storage-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
usb-storage-modules-6.1.0-34-686-di |  6.1.135-1 | i386
usb-storage-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386
xfs-modules-6.1.0-29-686-di |  6.1.123-1 | i386
xfs-modules-6.1.0-29-686-pae-di |  6.1.123-1 | i386
xfs-modules-6.1.0-33-686-di |  6.1.133-1 | i386
xfs-modules-6.1.0-33-686-pae-di |  6.1.133-1 | i386
xfs-modules-6.1.0-34-686-di |  6.1.135-1 | i386
xfs-modules-6.1.0-34-686-pae-di |  6.1.135-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:37:50 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-29-common |  6.1.123-1 | all
linux-headers-6.1.0-29-common-rt |  6.1.123-1 | all
linux-headers-6.1.0-33-common |  6.1.133-1 | all
linux-headers-6.1.0-33-common-rt |  6.1.133-1 | all
linux-headers-6.1.0-34-common |  6.1.135-1 | all
linux-headers-6.1.0-34-common-rt |  6.1.135-1 | all
linux-support-6.1.0-29 |  6.1.123-1 | all
linux-support-6.1.0-33 |  6.1.133-1 | all
linux-support-6.1.0-34 |  6.1.135-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:40:12 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

  libcuda1 | 535.216.01-1~deb12u1 | ppc64el
libcudadebugger1 | 535.216.01-1~deb12u1 | ppc64el
libegl-nvidia0 | 535.216.01-1~deb12u1 | ppc64el
libgl1-nvidia-glvnd-glx | 535.216.01-1~deb12u1 | ppc64el
libgles-nvidia1 | 535.216.01-1~deb12u1 | ppc64el
libgles-nvidia2 | 535.216.01-1~deb12u1 | ppc64el
libglx-nvidia0 | 535.216.01-1~deb12u1 | ppc64el
libnvcuvid1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-allocator1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-api1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-cfg1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-eglcore | 535.216.01-1~deb12u1 | ppc64el
libnvidia-encode1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-glcore | 535.216.01-1~deb12u1 | ppc64el
libnvidia-glvkspirv | 535.216.01-1~deb12u1 | ppc64el
libnvidia-ml1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-nvvm4 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-opticalflow1 | 535.216.01-1~deb12u1 | ppc64el
libnvidia-ptxjitcompiler1 | 535.216.01-1~deb12u1 | ppc64el
nvidia-alternative | 535.216.01-1~deb12u1 | ppc64el
nvidia-cuda-mps | 535.216.01-1~deb12u1 | ppc64el
nvidia-detect | 535.216.01-1~deb12u1 | ppc64el
nvidia-driver | 535.216.01-1~deb12u1 | ppc64el
nvidia-driver-bin | 535.216.01-1~deb12u1 | ppc64el
nvidia-driver-full | 535.216.01-1~deb12u1 | ppc64el
nvidia-driver-libs | 535.216.01-1~deb12u1 | ppc64el
nvidia-egl-icd | 535.216.01-1~deb12u1 | ppc64el
nvidia-kernel-dkms | 535.216.01-1~deb12u1 | ppc64el
nvidia-kernel-source | 535.216.01-1~deb12u1 | ppc64el
nvidia-kernel-support | 535.216.01-1~deb12u1 | ppc64el
nvidia-legacy-check | 535.216.01-1~deb12u1 | ppc64el
nvidia-libopencl1 | 535.216.01-1~deb12u1 | ppc64el
nvidia-opencl-icd | 535.216.01-1~deb12u1 | ppc64el
nvidia-smi | 535.216.01-1~deb12u1 | ppc64el
nvidia-vdpau-driver | 535.216.01-1~deb12u1 | ppc64el
nvidia-vulkan-icd | 535.216.01-1~deb12u1 | ppc64el
xserver-xorg-video-nvidia | 535.216.01-1~deb12u1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by nvidia-graphics-drivers - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:26:42 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

gnome-gmail |      3.6-1 | all
    viagee |      3.6-1 | source, all
Closed bugs: 1101971

------------------- Reason -------------------
RoQA; no longer able to connect to gmail
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 17 May 2025 08:27:35 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

empathy-skype | 20140930+svn665+dfsg-2 | amd64, i386
pidgin-skype | 20140930+svn665+dfsg-2 | source, amd64, i386
pidgin-skype-common | 20140930+svn665+dfsg-2 | amd64, i386
pidgin-skype-dbg | 20140930+svn665+dfsg-2 | amd64, i386
Closed bugs: 1105184

------------------- Reason -------------------
RoM; useless as service discontinued
----------------------------------------------
=========================================================================

abseil (20220623.1-1+deb12u2) bookworm; urgency=medium
 .
   * Skip absl_failure_signal_handler_test on ppc64el, it's known to fail.
abseil (20220623.1-1+deb12u1) bookworm; urgency=medium
 .
   * Non maintainer upload by the LTS Team.
   * Backport fix for CVE-2025-0838 - Heap buffer overflow vulnerablity
     (Closes: #1098903)

adonthell (0.3.8-2.1+deb12u1) bookworm; urgency=low
 .
   * Team upload.
   * Fix compatibility with SWIG 4.1 (Closes: #1029043)

atop (2.8.1-1+deb12u1) bookworm-security; urgency=high
 .
   * add upstream patch fixing CVE-2025-31160

base-files (12.4+deb12u11) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.11, for Debian 12.11 point release.

chromium (135.0.7049.95-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl.
     - CVE-2025-3620: Use after free in USB. Reported by @retsew0x01.
 .
   [ Daniel Richard G. ]
   * d/copyright, d/patches/system/rapidjson.patch: Slightly narrow the scope
     of the bundled RapidJSON deletion, and rework this patch so that it does
     not require the deletion in order to apply. This allows applying the
     debianization directly to the unrepackaged upstream tarball source.
   * d/patches/system/gperf.patch: Import (self-authored) upstream patch to
     prevent build breakage due to changes in gperf 3.2 generated code
     (closes: #1103226).
   * d/rules: Add new check-version rule to validate the package version.
     Also squelch error messages due to absent clang and rustc executables.
   * d/rules: Download Gentoo's upstream source tarball straight from GitHub.
chromium (135.0.7049.84-1) unstable; urgency=high
 .
   * New upstream security release (closes: #1101978).
     - CVE-2025-3066: Use after free in Site Isolation.
       Reported by Sven Dysthe (@svn-dys).
   * d/patches/fixes/rust-clanglib.patch: refresh.
chromium (135.0.7049.84-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release (closes: #1101978).
     - CVE-2025-3066: Use after free in Site Isolation.
       Reported by Sven Dysthe (@svn-dys).
   * d/patches/fixes/rust-clanglib.patch: refresh.
chromium (135.0.7049.52-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-3066: Use after free in Navigations.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2025-3067: Inappropriate implementation in Custom Tabs.
       Reported by Philipp Beer (TU Wien).
     - CVE-2025-3068: Inappropriate implementation in Intents.
       Reported by Simon Rawet.
     - CVE-2025-3069: Inappropriate implementation in Extensions.
       Reported by NDevTK.
     - CVE-2025-3070: Insufficient validation of untrusted input in
       Extensions.
     - CVE-2025-3071: Inappropriate implementation in Navigations.
       Reported by David Erceg.
     - CVE-2025-3072: Inappropriate implementation in Custom Tabs.
       Reported by Om Apip.
     - CVE-2025-3073: Inappropriate implementation in Autofill.
       Reported by Hafiizh.
     - CVE-2025-3074: Inappropriate implementation in Downloads.
       Reported by Farras Givari.
   * d/patches:
     - upstream/optional.patch: drop, merged upstream.
     - upstream/qualifications.patch: drop, merged upstream.
     - fixes/lens-optional.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/swiftshader-llvm.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - bookworm/clang19.patch: refresh.
     - bookworm/gn-revert-path-exists.patch: add build fix to work around
       older gn.
     - ungoogled/disable-privacy-sandbox.patch: refresh from ungoogled.
     - fixes/make-pair.patch: add a gcc-specific build fix.
     - disable/buildtools-libc.patch: add patch to remove libc build stuff.
 .
   [ Timothy Pearson ]
   * Enable pointer compression on ppc64le
     This fixes V8 OOM conditions noted on e.g. https://trac.ffmpeg.org
   * d/patches/ppc64le:
     - v8/0001-Enable-ppc64-pointer-compression.patch
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/rules: Add switch to allow downloading either Google's upstream tarball,
     or an independently-created one from Gentoo. Default to the latter.
chromium (135.0.7049.52-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-3066: Use after free in Navigations.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2025-3067: Inappropriate implementation in Custom Tabs.
       Reported by Philipp Beer (TU Wien).
     - CVE-2025-3068: Inappropriate implementation in Intents.
       Reported by Simon Rawet.
     - CVE-2025-3069: Inappropriate implementation in Extensions.
       Reported by NDevTK.
     - CVE-2025-3070: Insufficient validation of untrusted input in
       Extensions.
     - CVE-2025-3071: Inappropriate implementation in Navigations.
       Reported by David Erceg.
     - CVE-2025-3072: Inappropriate implementation in Custom Tabs.
       Reported by Om Apip.
     - CVE-2025-3073: Inappropriate implementation in Autofill.
       Reported by Hafiizh.
     - CVE-2025-3074: Inappropriate implementation in Downloads.
       Reported by Farras Givari.
   * d/patches:
     - upstream/optional.patch: drop, merged upstream.
     - upstream/qualifications.patch: drop, merged upstream.
     - fixes/lens-optional.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/swiftshader-llvm.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - bookworm/clang19.patch: refresh.
     - bookworm/gn-revert-path-exists.patch: add build fix to work around
       older gn.
     - ungoogled/disable-privacy-sandbox.patch: refresh from ungoogled.
     - fixes/make-pair.patch: add a gcc-specific build fix.
     - disable/buildtools-libc.patch: add patch to remove libc build stuff.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/constexpr.patch: refresh.
     - bookworm/stdarch-arm.patch: refresh.
     - bookworm/eslint.patch: add bookworm-specific build fix; thanks
       Daniel Richard G. <skunk@iSKUNK.ORG>!
     - bookworm/crabbyav1f.patch: add rustc 1.78 build fix workaround.
 .
   [ Timothy Pearson ]
   * Enable pointer compression on ppc64le
     This fixes V8 OOM conditions noted on e.g. https://trac.ffmpeg.org
   * d/patches/ppc64le:
     - v8/0001-Enable-ppc64-pointer-compression.patch
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/rules: Add switch to allow downloading either Google's upstream tarball,
     or an independently-created one from Gentoo. Default to the latter.
chromium (134.0.6998.117-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-2476: Use after free in Lens.
       Reported by SungKwon Lee of Enki Whitehat.
chromium (134.0.6998.117-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-2476: Use after free in Lens.
       Reported by SungKwon Lee of Enki Whitehat.
chromium (134.0.6998.88-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o.
     - CVE-2025-2135: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2025-24201: Out of bounds write in GPU on Mac. Reported by
       Apple Security Engineering and Architecture (SEAR).
     - CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S.
     - CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@.
chromium (134.0.6998.88-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o.
     - CVE-2025-2135: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2025-24201: Out of bounds write in GPU on Mac. Reported by
       Apple Security Engineering and Architecture (SEAR).
     - CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S.
     - CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@.
 .
 chromium (134.0.6998.35-3) unstable; urgency=high
 .
   * Fix FTBFS with pipewire 1.4.0.
 .
 chromium (134.0.6998.35-2) unstable; urgency=high
 .
   * Revert "Have chromium-driver depend upon chromium-common instead of
     chromium" to make autopkgtests of various packages happy.
chromium (134.0.6998.35-3) unstable; urgency=high
 .
   * Fix FTBFS with pipewire 1.4.0.
chromium (134.0.6998.35-2) unstable; urgency=high
 .
   * Revert "Have chromium-driver depend upon chromium-common instead of
     chromium" to make autopkgtests of various packages happy.
chromium (134.0.6998.35-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-1914: Out of bounds read in V8. Reported by
       Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13).
     - CVE-2025-1915: Improper Limitation of a Pathname to a Restricted
       Directory in DevTools. Reported by Topi Lassila.
     - CVE-2025-1916: Use after free in Profiles.
       Reported by parkminchan, SSD Labs Korea.
     - CVE-2025-1917: Inappropriate Implementation in Browser UI.
       Reported by Khalil Zhani.
     - CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine.
     - CVE-2025-1919: Out of bounds read in Media.
       Reported by @Bl1nnnk and @Pisanbao.
     - CVE-2025-1921: Inappropriate Implementation in Media Stream.
       Reported by Kaiido.
     - CVE-2025-1922: Inappropriate Implementation in Selection.
       Reported by Alesandro Ortiz.
     - CVE-2025-1923: Inappropriate Implementation in Permission Prompts.
       Reported by Khalil Zhani.
   * d/patches:
     - fixes/widevine-revision.patch: drop. Upstream says "with CDMs using
       manifest-based registration, no need to" hardcode version string.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh from ungoogled.
     - bookworm/gn-allowlist.patch: add workaround for older gn.
     - bookworm/adler1.patch: add workaround for older rust.
     - fixes/stdatomic.patch: add build fix to ensure <stdatomic.h> isn't
       used.
     - fixes/variant.patch: add missing header include.
     - upstream/qualifications.patch: add fix to silence annoying warnings.
     - upstream/optional.patch: add more missing header includes.
   * d/rules: update to ensure both qt5 AND qt6 are disabled.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/swiftshader-llvm.patch: Add LLVM patches from upstream LLVM
       project to fix integrated SwiftShader LLVM FTBFS
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes

debian-archive-keyring (2023.3+deb12u2) bookworm; urgency=medium
 .
   * Get rid of team-members/ and signature verification (Closes: #1099223)
   * Remove buster keys
   * Add automatic signing keys for trixie (Closes: #1100828)
   * Add Debian Stable Release Key (13/trixie) (ID: 762F67A0B2C39DE4)
     (Closes: #1100829)

debian-installer (20230607+deb12u11) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-35.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u11) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u11, from bookworm-proposed-updates.

debian-security-support (1:12+2025.05.10) bookworm; urgency=medium
 .
   [ Salvatore Bonaccorso ]
   * Mark libnet-easytcp-perl as unuspported for bookworm, see #1093386.
 .
   [ Sylvain Beucler ]
   * Add php-horde ecosystem to security-support-ended.12.
   * Add ckeditor3 to security-support-ended.12.
 .
   [ Holger Levsen ]
   * Add gobgp to security-support-limited, thanks to Bastien Roucariès.
   * Add musescore(2|3) to security-support-limited, thanks to Sylvain Beucler.
   * Drop python2.7 and python-stdlib-extensions from security-support-limited,
     as they were not part of bookworm. Thanks to Chris Hofstaedtler.
   * Add debian/salsa-ci.yml to configure+use that pipeline.

distro-info-data (0.58+deb12u4) bookworm; urgency=medium
 .
   * Update data to 0.64:
     * Add Debian 15 "Duke".
     * Add Ubuntu 25.10 "Questing Quokka".

dpdk (22.11.8-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream release 22.11.8; for a full list of changes see:
     http://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html

erlang (1:25.2.3+dfsg-1+deb12u1) bookworm-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * ssh: implement strict KEX (CVE-2023-48795) (Closes: #1059002)
   * ssh: reject SFTP packets exceeding max allowed size (CVE-2025-26618)
   * ssh: fix denial of service due to erroneous processing of large KEX
     init packages (CVE-2025-30211) (Closes: #1101713):
     - reduce log processing for plain connections
     - ignore too long algorithm names
     - limit the length of error messages in reply to invalid packets
     - add the custom_kexinit test to test large KEX init packages processing
   * ssh: fix remote code execution (RCE) by an unauthenticated user
     (CVE-2025-32433) (Closes: #1103442)
 .
   [ Sergei Golovan ]
   * Cleanup the patches.

exim4 (4.96-15+deb12u7) bookworm-security; urgency=high
 .
   * Fix use-after-free (requiring local command-line access) notified by
     Trend Micro (ref: ZDI-CAN-26250). CVE-2025-30232

fig2dev (1:3.2.8b-3+deb12u1) bookworm; urgency=medium
 .
   * 38_CVE-2025-31162: Reject huge pattern lengths.
   * 39_CVE-2025-31163: Reject arcs with co-incident points.
   * 40_CVE-2025-31164: Allow an arc-box with zero radius.

firefox-esr (128.10.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-29, also known as:
     CVE-2025-4083, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093.
firefox-esr (128.9.0esr-2) unstable; urgency=medium
 .
   * debian/rules: Fix application icon names.
firefox-esr (128.9.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-22, also known as:
     CVE-2025-3028, CVE-2025-3029, CVE-2025-3030.
 .
   * debian/browser.dirs.in, debian/browser.links.in, debian/rules: Move
     desktop icons to /usr/share/icons/hicolor/* and symlink them from
     /usr/lib/$browser/browser/chrome/icons/default. Closes: #1091523.
firefox-esr (128.9.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-22, also known as:
     CVE-2025-3028, CVE-2025-3029, CVE-2025-3030.
firefox-esr (128.8.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-16, also known as:
     CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933,
     CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937,
     CVE-2025-1938.

fossil (1:2.21-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix issue in the fossil HTTP client, related to the fix for
     CVE-2024-24795/apache2, preventing it from cloning from a fixed
     Apache2 server (which now strips the Content-Length response header
     issued by the fossil CGI server). (Closes: #1070069)

freetype (2.12.1+dfsg-5+deb12u4) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Minimal stop-gap fix for CVE-2025-27363

gcc-12 (12.2.0-14+deb12u1) bookworm; urgency=medium
 .
   * Fix -fstack-protector handling of overflows on AArch64 (CVE-2023-4039).

ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix confusion between bytes and shorts (CVE-2025-27835)
   * Avoid integer overflow leading to buffer overflow (CVE-2025-27832)
   * PCL interpreter - fix decode_glyph for Unicode
   * Prevent Unicode decoding overrun (CVE-2025-27831)
   * Fix potential print buffer overflow (CVE-2025-27836)
   * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830)
   * Cope with double byte chars in TTF scanning code
   * Check TTF name size before copying to buffer. (CVE-2025-27833)
   * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834)
   * Fix Coverity IDs 457699 and 457700

glib2.0 (2.74.6-2+deb12u6) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-3360: Integer overflow in g_date_time_new_from_iso8601()

graphicsmagick (1.4+really1.3.40-4+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Carlos Henrique Lima Melara ]
   * d/p/CVE-2025-27795.patch: fix CVE-2025-27795 by adding image dimension
     resource limits. (Closes: #1099955)
 .
   [ Salvatore Bonaccorso ]
   * ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale
     matte (CVE-2025-32460)

haproxy (2.6.12-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-32464: heap buffer overflow in sample_conv_regsub()
     (Closes: #1102673)

igtf-policy-bundle (1.133-1~deb12u1) bookworm; urgency=medium
 .
   * Backport current policy bundle to bookworm
 .
 igtf-policy-bundle (1.133-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated re-issued GridCanada root with extended validity period (CA)
   * Added GEANT TCS Generation 5 TLS and Auth ICAs and corresponding HARICA
     and private trust roots (EU)
   * updated SHA-256 root CA for RDIG mitigating EL9/FedoraCore deprication
   * MARGI put on hold due to domainname resolution issues (MK)
 .
 igtf-policy-bundle (1.132-1) unstable; urgency=medium
 .
   * New upstream release:
   * added new trust anchor for TRGRID transition (TR)
 .
 igtf-policy-bundle (1.131-2) unstable; urgency=medium
 .
   * Rebuild for source-only upload
 .
 igtf-policy-bundle (1.131-1) unstable; urgency=medium
 .
   * New upstream release:
   * removed discontinued HKU-CA-2 authority (HK)
   * removed obsolete 3rd generation TCS intermediates (EU)
 .
 igtf-policy-bundle (1.130-1) unstable; urgency=medium
 .
   * New upstream release:
   * resolve subjnectDN nameformat compatibility issues trust anchor metadata
 .
 igtf-policy-bundle (1.129-1) unstable; urgency=medium
 .
   * New upstream release:
   * updated CRL URL location for MREN CA (ME)
   * removed discontinued TSU-GE GRENA CA (GE)
   * removed suspended BYGCA (BY)
   * removed discontinued LIP CA (PT)
   * removed obsolete DT transitional CAs (AE)
igtf-policy-bundle (1.133-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Backport for bookworm
 .
 igtf-policy-bundle (1.133-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated re-issued GridCanada root with extended validity period (CA)
   * Added GEANT TCS Generation 5 TLS and Auth ICAs and corresponding HARICA
     and private trust roots (EU)
   * updated SHA-256 root CA for RDIG mitigating EL9/FedoraCore deprication
   * MARGI put on hold due to domainname resolution issues (MK)
 .
 igtf-policy-bundle (1.132-1) unstable; urgency=medium
 .
   * New upstream release:
   * added new trust anchor for TRGRID transition (TR)
 .
 igtf-policy-bundle (1.131-2) unstable; urgency=medium
 .
   * Rebuild for source-only upload
 .
 igtf-policy-bundle (1.131-1) unstable; urgency=medium
 .
   * New upstream release:
   * removed discontinued HKU-CA-2 authority (HK)
   * removed obsolete 3rd generation TCS intermediates (EU)
 .
 igtf-policy-bundle (1.130-1) unstable; urgency=medium
 .
   * New upstream release:
   * resolve subjnectDN nameformat compatibility issues trust anchor metadata
 .
 igtf-policy-bundle (1.129-1) unstable; urgency=medium
 .
   * New upstream release:
   * updated CRL URL location for MREN CA (ME)
   * removed discontinued TSU-GE GRENA CA (GE)
   * removed suspended BYGCA (BY)
   * removed discontinued LIP CA (PT)
   * removed obsolete DT transitional CAs (AE)
igtf-policy-bundle (1.132-1) unstable; urgency=medium
 .
   * New upstream release:
   * added new trust anchor for TRGRID transition (TR)
igtf-policy-bundle (1.131-2) unstable; urgency=medium
 .
   * Rebuild for source-only upload
igtf-policy-bundle (1.131-1) unstable; urgency=medium
 .
   * New upstream release:
   * removed discontinued HKU-CA-2 authority (HK)
   * removed obsolete 3rd generation TCS intermediates (EU)
igtf-policy-bundle (1.130-1) unstable; urgency=medium
 .
   * New upstream release:
   * resolve subjnectDN nameformat compatibility issues trust anchor metadata
igtf-policy-bundle (1.129-1) unstable; urgency=medium
 .
   * New upstream release:
   * updated CRL URL location for MREN CA (ME)
   * removed discontinued TSU-GE GRENA CA (GE)
   * removed suspended BYGCA (BY)
   * removed discontinued LIP CA (PT)
   * removed obsolete DT transitional CAs (AE)
igtf-policy-bundle (1.128-1) unstable; urgency=medium
 .
   * updated CRL download URL for ArmeSFo (AM)

imagemagick (8:6.9.11.60+dfsg-1.6+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat

initramfs-tools (0.142+deb12u3) bookworm; urgency=medium
 .
   * Re-upload with clean debian directory
initramfs-tools (0.142+deb12u2) bookworm; urgency=medium
 .
   * [37a6e9e] hook-functions: Expand documentation of copy_exec and copy_file
   * [31c50bc] hook-functions: Restore copy_file's handling of target ending in
     slash (Closes: #1082647)
   * [d6d1883] hook-functions: Exclude usr-merge symlinks in copy_file
     (Closes: #1088959)
   * [38cf275] autopkgtest: Add tests for copy_file function
   * [065a03f] hook-functions: Add reset drivers when MODULES=dep
     (Closes: #1027458)

jetty9 (9.4.57-0+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * New upstream release 9.4.57.
     - Fix CVE-2024-8184:
       There exists a security vulnerability in Jetty's
       ThreadLimitHandler.getRemote() which can be exploited by unauthorized
       users to cause remote denial-of-service (DoS) attack. By repeatedly
       sending crafted requests, attackers can trigger OutofMemory errors and
       exhaust the server's memory.
     - Fix CVE-2024-9823:
       There exists a security vulnerability in Jetty's DosFilter which can be
       exploited by unauthorized users to cause remote denial-of-service (DoS)
       attack on the server using DosFilter. By repeatedly sending crafted
       requests, attackers can trigger OutofMemory errors and exhaust the
       server's memory finally.
     - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
       PushCacheFilter.
jetty9 (9.4.56-1) unstable; urgency=medium
 .
   * New upstream release
jetty9 (9.4.55-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
   * Standards-Version updated to 4.7.0
jetty9 (9.4.54-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream version 9.4.54.
     - Fix CVE-2024-22201:
       It was discovered that remote attackers may leave many HTTP/2 connections
       in ESTABLISHED state (not closed), TCP congested and idle. Eventually the
       server will stop accepting new connections from valid clients which can
       cause a denial of service. (Closes: #1064923)
       Thanks to Salvatore Bonaccorso for the report.
jetty9 (9.4.53-1) unstable; urgency=medium
 .
   * New upstream release
jetty9 (9.4.52-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 9.4.52.
   * Refresh the patches.
jetty9 (9.4.51-2) experimental; urgency=medium
 .
   * Team upload.
   * Revert switch to libtomcat10-java. (Closes: #1036798)
jetty9 (9.4.51-1) experimental; urgency=medium
 .
   * Team upload.
   * New upstream release.
   * Replace dependency on lsb-base with sysvinit-utils.
     - Fix: lintian error depends-on-obsolete-package.
   * Add a systemd timer for debian/jetty9.service.
     - Fix: lintian warning missing-systemd-timer-for-cron-script.
   * Fix lintian warning skip-systemd-native-flag-missing-pre-depends.
   * Fix lintian warning mismatched-override.

krb5 (1.20.1-2+deb12u3) bookworm; urgency=medium
 .
   * Non Maintainer upload by LTS team
   * Fixes CVE-2024-26462 (Closes: #1064965)
     A memory leak vulnerability was found in /krb5/src/kdc/ndr.c.
   * Fixes CVE-2025-24528 (Closes: #1094730)
     Prevent overflow when calculating ulog block size
   * Add Salsa CI

lemonldap-ng (2.16.1+ds-deb12u6) bookworm-security; urgency=high
 .
   * Fix XSS vulnerability in Choice module (Closes: CVE-2025-31510)

libapache2-mod-auth-openidc (2.4.12.3-2+deb12u4) bookworm-security; urgency=high
 .
   * Add upstream patch to fix CVE-2025-3891
libapache2-mod-auth-openidc (2.4.12.3-2+deb12u3) bookworm-security; urgency=high
 .
   * Fix CVE-2025-31492
     "protected content leakage when using OIDCProviderAuthRequestMethod POST"
     Backported applicable portions from upstream fix in
     https://github.com/OpenIDC/mod_auth_openidc/commit/b59b8ad63411857090ba1088e23fe414c690c127
     (Closes: #1102413)

libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix security issues in embedded copy of libbson:
     + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c
       miscalculates a bson_utf8_validate length argument, which allows remote
       attackers to cause a denial of service (heap-based buffer over-read in the
       bson_utf8_validate function in bson-utf8.c), as demonstrated by
       bson-to-json.c.
     + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read
       via a crafted bson buffer.
     + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
       with an exit condition that cannot be reached may occur, i.e. an infinite
       loop.
     + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
       library may be susceptible to an integer overflow where the function will
       try to free memory at a negative offset. This may result in memory
       corruption.
     + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
       be vulnerable to a buffer overflow where the function might attempt to
       allocate too small of buffer and may lead to memory corruption of
       neighbouring heap memory.
     + CVE-2025-0755: The various bson_append functions in the MongoDB C
       driver library may be susceptible to buffer overflow when performing
       operations that could result in a final BSON document which exceeds the
       maximum allowable size (INT32_MAX), resulting in a segmentation fault and
       possible application crash.

libcap2 (1:2.66-4+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick patch fixing CVE-2025-1390.
     In /etc/security/capability.conf, configurations not starting with "@"
     were incorrectly recognized as group names. (Closes: #1098318)

libdata-entropy-perl (0.007-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-1860: rand() function was used as default source of entropy

libreoffice (4:7.4.7-1+deb12u8) bookworm-security; urgency=medium
 .
   * debian/patches/Improve-adbe.pkcs7.sha1-signature-verification.diff:
     as name says (CVE-2025-2866)

libsub-handlesvia-perl (0.050000-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * use newer Mite (CVE-2025-30673)

libxslt (1.1.35-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix UAF related to excluded namespaces (CVE-2024-55549) (Closes: #1100565)
   * Fix use-after-free of XPath context node (CVE-2025-24855)
     (Closes: #1100566)

linux (6.1.137-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.136
     - module: sign with sha512 instead of sha1 by default
     - tracing: Add __cpumask to denote a trace event field that is a cpumask_t
     - tracing: Fix cpumask() example typo
     - tracing: Add __string_len() example
     - tracing: Add __print_dynamic_array() helper
     - tracing: Verify event formats that have "%*p.."
     - [arm64,armhf] net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings
       from mdiobus code
     - [arm64,armhf] net: dsa: add support for mac_prepare() and mac_finish()
       calls
     - [arm64,armhf] net: dsa: mv88e6xxx: move link forcing to
       mac_prepare/mac_finish
     - [arm64,armhf] net: dsa: mv88e6xxx: pass directly chip structure to
       mv88e6xxx_phy_is_internal
     - [arm64,armhf] net: dsa: mv88e6xxx: add field to specify internal phys
       layout
     - [arm64,armhf] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
     - [arm64,armhf] net: dsa: mv88e6xxx: fix VTU methods for 6320 family
     - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
       return value check
     - iio: adc: ad7768-1: Fix conversion result sign
     - [arm64] backlight: led_bl: Convert to platform remove callback returning
       void
     - [arm64] backlight: led_bl: Hold led_access lock when calling
       led_sysfs_disable() (CVE-2025-23144)
     - of: resolver: Simplify of_resolve_phandles() using __free()
     - of: resolver: Fix device node refcount leakage in of_resolve_phandles()
     - PCI: Assign PCI domain IDs by ida_alloc()
     - PCI: Fix reference leak in pci_register_host_bridge()
     - ASoC: qcom: q6dsp: add support to more display ports
     - ASoC: qcom: Fix sc7280 lpass potential buffer overflow
     - dma/contiguous: avoid warning about unused size_bytes
     - [arm64] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
     - [arm64] cpufreq: cppc: Fix invalid return value in .get() callback
     - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
     - scsi: core: Clear flags for scsi_cmnd that did not complete
     - net: lwtunnel: disable BHs when required
     - net: phy: leds: fix memory leak
     - tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
     - net_sched: hfsc: Fix a UAF vulnerability in class handling
       (CVE-2025-37797)
     - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
     - [amd64] iommu/amd: Return an error if vCPU affinity is set for non-vCPU
       IRTE
     - [x86] perf/x86: Fix non-sampling (counting) events on certain x86
       platforms
     - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
     - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
     - virtio_console: fix missing byte order handling for cols and rows
     - xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
     - drm/amd/display: Fix gpu reset in multidisplay config
     - drm/amd/display: Force full update in gpu reset
     - [x86] KVM: SVM: Allocate IR data using atomic allocation
     - USB: storage: quirk for ADATA Portable HDD CH94
     - mei: me: add panther lake H DID
     - [x86] KVM: x86: Explicitly treat routing entry type changes as changes
     - [x86] KVM: x86: Reset IRTE to host control if *new* route isn't postable
     - [arm64] serial: msm: Configure correct working mode before starting
       earlycon
     - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
     - USB: serial: option: add Sierra Wireless EM9291
     - USB: serial: simple: add OWON HDS200 series oscilloscope support
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix usbmisc handling
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix call balance of regulator
       routines
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error
       handling
     - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
     - [arm64,armhf] usb: dwc3: gadget: check that event count does not exceed
       event buffer length
     - [arm64,armhf] usb: dwc3: xilinx: Prevent spike in reset signal
     - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
     - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
     - USB: VLI disk crashes if LPM is used
     - USB: wdm: handle IO errors in wdm_wwan_port_start
     - USB: wdm: close race between wdm_open and wdm_wwan_port_stop
     - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
     - USB: wdm: add annotation
     - [mips*] cm: Detect CM quirks from device tree
     - crypto: null - Use spin lock instead of mutex
     - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
     - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
     - [s390x] sclp: Add check for get_zeroed_page()
     - [s390x] tty: Fix a potential memory leak bug
     - [arm64,armhf] usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
     - [arm64,armhf] usb: dwc3: gadget: Avoid using reserved endpoints on Intel
       Merrifield
     - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
     - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
     - [armhf] usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
     - [arm64,armhf] usb: host: xhci-plat: mvebu: use ->quirks instead of
       ->init_quirk() func
     - [x86] thunderbolt: Scan retimers after device router has been enumerated
     - objtool: Silence more KCOV warnings
     - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
       wcd934x_slim_irq_handler()
     - objtool, lkdtm: Obfuscate the do_nothing() pointer
     - [amd64] qibfs: fix _another_ leak
     - 9p/net: fix improper handling of bogus negative read/write replies
     - [arm64] rtc: pcf85063: do a SW reset if POR failed
     - [s390x] KVM: s390: Don't use %pK through tracepoints
     - udmabuf: fix a buf size overflow issue during udmabuf creation
     - xen: Change xen-acpi-processor dom0 dependency
     - nvme: requeue namespace scan on missed AENs
     - ACPI: EC: Set ec_no_wakeup for Lenovo Go S
     - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
     - nvme: re-read ANA log page after ns scan completes
     - objtool: Stop UNRET validation on UD2
     - [x86] bugs: Use SBPB in write_ibpb() if applicable
     - [x86] bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
     - [x86] bugs: Don't fill RSB on context switch with eIBRS
     - ext4: make block validity check resistent to sb bh corruption
     - [arm64] scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
     - scsi: pm80xx: Set phy_attached to zero when device is gone
     - [x86] i8253: Call clockevent_i8253_disable() with interrupts disabled
     - loop: aio inherit the ioprio of original request
     - md/raid1: Add check for missing source disk in process_checks()
     - [arm64,armhf] spi: spi-imx: Add check for spi_imx_setupxfer()
     - of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
       (Closes: #1103277)
     - jfs: define xtree root and page independently
     - [x86] comedi: jr3_pci: Fix synchronous deletion of timer
     - net/sched: act_mirred: don't override retval if we already lost the skb
       (CVE-2024-26739)
     - [arm64,armhf] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable PVT for 6321 switch
     - [arm64,armhf] net: dsa: mv88e6xxx: enable .port_set_policy() for 6320
       family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable STU methods for 6320 family
     - xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
     - nvme: fixup scan failure for non-ANA multipath controllers
     - tracing: Remove pointer (asterisk) and brackets from cpumask_t field
     - PCI: Fix use-after-free in pci_bus_release_domain_nr()
     - objtool: Silence more KCOV warnings, part 2
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.137
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 35
   * md: move initialization and destruction of 'io_acct_set' to md.c
     (Closes: #1104460)
   * Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Closes: #1104511)
 .
   [ Raphaël Hertzog ]
   * udeb: add dm-thin-pool md-modules (Closes: #956226)
linux (6.1.135-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
     - watch_queue: fix pipe accounting mismatch
     - [x86] mm/pat: cpa-test: fix length for CPA_ARRAY test
     - cpufreq: scpi: compare kHz instead of Hz
     - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
     - [x86] fpu: Fix guest FPU state buffer allocation size
     - [x86] fpu: Avoid copying dynamic FP state from init_task in
       arch_dup_task_struct()
     - [x86] platform: Only allow CONFIG_EISA for 32-bit
     - [x86] sev: Add missing RIP_REL_REF() invocations during sme_enable()
     - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
     - PM: sleep: Adjust check before setting power.must_resume
     - selinux: Chain up tool resolving errors in install_policy.sh
     - [x86] EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
     - [x86] EDAC/ie31200: Fix the DIMM size mask for several SoCs
     - [x86] EDAC/ie31200: Fix the error path order of ie31200_init()
     - thermal: int340x: Add NULL check for adev
     - PM: sleep: Fix handling devices with direct_complete set on errors
     - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
     - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
     - [x86] fpu/xstate: Fix inconsistencies in guest FPU xfeatures
     - [arm64,armhf] media: verisilicon: HEVC: Initialize start_bit field
     - [x86] ASoC: cs35l41: check the return value from spi_setup()
     - HID: remove superfluous (and wrong) Makefile entry for
       CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
     - ALSA: hda/realtek: Always honor no_shutup_pins
     - [arm64] drm/bridge: ti-sn65dsi86: Fix multiple instances
     - drm/dp_mst: Fix drm RAD print
     - PCI: Use downstream bridges for distributing resources
     - PCI/ASPM: Fix link state exit during switch upstream function removal
     - [arm64] drm/msm/dsi: Set PHY usescase (and mode) before registering DSI
       host
     - [arm64] PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without
       data payload
     - [arm64] PCI: brcmstb: Use internal register to change link capability
     - [arm64] PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
     - [arm64] PCI: brcmstb: Fix potential premature regulator disabling
     - PCI/portdrv: Only disable pciehp interrupts early when needed
     - PCI: Avoid reset when disabled via sysfs
     - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
     - PCI: Remove stray put_device() in pci_register_host_bridge()
     - drm/amd/display: avoid NPD when ASIC does not support DMUB
     - PCI: pciehp: Don't enable HPIE when resuming in poll mode
     - [mips*] fbdev: sm501fb: Add some geometry checks.
     - [arm64] clk: amlogic: gxbb: drop incorrect flag on 32k clock
     - [arm64,armhf] remoteproc: core: Clear table_sz when rproc_shutdown
     - bpf: Use preempt_count() directly in bpf_send_signal_common()
     - lib: 842: Improve error handling in sw842_compress()
     - [arm64] clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
     - RDMA/core: Don't expose hw_counters outside of init net namespace
     - RDMA/mlx5: Fix calculation of total invalidated pages
     - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
     - IB/mad: Check available slots before posting receive WRs
     - [arm64,armhf] pinctrl: tegra: Set SFIO mode to Mux Register
     - [arm64] clk: amlogic: g12b: fix cluster A parent data
     - [arm64] clk: amlogic: gxbb: drop non existing 32k clock parent
     - [arm64] clk: amlogic: g12a: fix mmc A peripheral clock
     - [x86] entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
     - power: supply: max77693: Fix wrong conversion of charge input threshold
       value
     - [powerpc*] crypto: nx - Fix uninitialised hv_nxc on error
     - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
     - [mips*] mfd: sm501: Switch to BIT() to mitigate integer overflows
     - [x86] dumpstack: Fix inaccurate unwinding from exception stacks due to
       misplaced assignment
     - isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
     - soundwire: slave: fix an OF node reference leak in soundwire slave device
     - [arm64] coresight-etm4x: add isb() before reading the TRCSTATR
     - iio: accel: mma8452: Ensure error return on failure to matching
       oversampling ratio
     - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim
       fails.
     - usb: xhci: correct debug message page size calculation
     - iio: adc: ad7124: Fix comparison of channel configs
     - perf evlist: Add success path to evlist__create_syswide_maps
     - perf units: Fix insufficient array space
     - kexec: initialize ELF lowest address to ULONG_MAX
     - ocfs2: validate l_tree_depth to avoid out-of-bounds access
     - NFSv4: Don't trigger uneccessary scans for return-on-close delegations
     - fuse: fix dax truncate/punch_hole fault path
     - i3c: master: svc: Fix missing the IBI rules
     - perf python: Fixup description of sample.id event member
     - perf python: Decrement the refcount of just created event on failure
     - perf python: Don't keep a raw_data pointer to consumed ring buffer space
     - perf python: Check if there is space to copy all the event
     - fs/procfs: fix the comment above proc_pid_wchan()
     - perf tools: annotate asm_pure_loop.S
     - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
     - exfat: fix the infinite loop in exfat_find_last_cluster()
     - rtnetlink: Allocate vfinfo size for VF GUIDs when supported
     - rndis_host: Flag RNDIS modems as WWAN devices
     - ksmbd: use aead_request_free to match aead_request_alloc
     - ksmbd: fix multichannel connection failure
     - net/mlx5e: SHAMPO, Make reserved size independent of page size
     - ring-buffer: Fix bytes_dropped calculation issue
     - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
       invalid
     - sched/smt: Always inline sched_smt_active()
     - context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
     - rcu-tasks: Always inline rcu_irq_work_resched()
     - wifi: iwlwifi: fw: allocate chained SG tables for dump
     - wifi: iwlwifi: mvm: use the right version of the rate API
     - nvme-tcp: fix possible UAF in nvme_tcp_poll
     - nvme-pci: clean up CMBMSC when registering CMB fails
     - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
     - wifi: brcmfmac: keep power during suspend if board requires it
     - affs: generate OFS sequence numbers starting at 1
     - affs: don't write overlarge OFS data block size fields
     - ALSA: hda/realtek: Fix Asus Z13 2025 audio
     - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
     - [x86] platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go
       4 tablet
     - HID: i2c-hid: improve i2c_hid_get_report error message
     - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
       CS35L41 HDA
     - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
       CS35L41 HDA
     - sched/deadline: Use online cpus for validating runtime
     - locking/semaphore: Use wake_q to wake up processes outside lock critical
       section
     - [x86] sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
     - drm/amd: Keep display off while going into S4
     - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
     - can: statistics: use atomic access in hot path
     - memory: omap-gpmc: drop no compatible check
     - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
     - spufs: fix a leak on spufs_new_file() failure
     - spufs: fix gang directory lifetimes
     - spufs: fix a leak in spufs_create_context()
     - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
     - ntb: intel: Fix using link status DB's
     - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
       only
     - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
     - net_sched: skbprio: Remove overly strict queue assertions
     - [arm64,armhf] net: mvpp2: Prevent parser TCAM memory corruption
     - udp: Fix memory accounting leak.
     - vsock: avoid timeout during connect() if the socket is closing
     - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
     - netfilter: nft_tunnel: fix geneve_opt type confusion addition
     - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
     - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
     - net: fix geneve_opt length integer overflow
     - ipv6: Start path selection from the first nexthop
     - ipv6: Do not consider link down nexthops in path selection
     - arcnet: Add NULL check in com20020pci_probe()
     - io_uring/filetable: ensure node switch is always done, if needed
     - drm/amdgpu/gfx11: fix num_mec
     - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
     - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
       registers
     - usbnet:fix NPE during rx_complete
     - [x86] platform/x86: ISST: Correct command storage data length
     - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
     - [x86] perf/x86/intel: Apply static call for drain_pebs
     - [x86] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
     - kunit/overflow: Fix UB in overflow_allocation_test (CVE-2024-46823)
     - btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
     - [x86] tsc: Always save/restore TSC sched_clock() on suspend/resume
     - [x86] mm: Fix flush_tlb_range() when used for zapping normal PMDs
     - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
     - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
     - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
     - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
     - ksmbd: add bounds check for create lease context
     - ksmbd: fix use-after-free in ksmbd_sessions_deregister()
     - ksmbd: fix session use-after-free in multichannel connection
     - ksmbd: validate zero num_subauth before sub_auth is accessed
     - tracing: Fix use-after-free in print_graph_function_flags during tracer
       switching
     - tracing: Ensure module defining synth event cannot be unloaded while
       tracing
     - tracing: Fix synth event printk format for str fields
     - tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
     - [arm64] Don't call NULL in do_compat_alignment_fixup()
     - ext4: don't over-report free space or inodes in statvfs
     - ext4: fix OOB read when checking dotdot dir
     - jfs: fix slab-out-of-bounds read in ea_get()
     - jfs: add index corruption check to DT_GETPAGE()
     - media: streamzap: fix race between device disconnection and urb callback
     - nfsd: put dl_stid if fail to queue dl_recall
     - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
     - tracing: Do not use PERF enums when perf is not defined
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
     - tipc: fix memory leak in tipc_link_xmit
     - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
     - net: tls: explicitly disallow disconnect
     - rtnl: add helper to check if rtnl group has listeners
     - rtnl: add helper to check if a notification is needed
     - net/sched: cls_api: conditional notification of events
     - tc: Ensure we have enough buffer space when sending filter netlink
       notifications
     - net: ethtool: Don't call .cleanup_data when prepare_data fails
     - ata: sata_sx4: Add error handling in pdc20621_i2c_read()
     - nvmet-fcloop: swap list_add_tail arguments
     - net_sched: sch_sfq: use a temporary work area for validating configuration
     - net_sched: sch_sfq: move the limit validation
     - ipv6: Align behavior across nexthops during path selection
     - net: ppp: Add bound checking for skb data on ppp_sync_txmung
     - nft_set_pipapo: fix incorrect avx2 match of 5th field octet
     - fs: consistently deref the files table with rcu_dereference_raw()
     - umount: Allow superblock owners to force umount
     - pm: cpupower: bench: Prevent NULL dereference on malloc failure
     - [x86] cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
       when running in a virtual machine
     - [arm*] perf: arm_pmu: Don't disable counter in armpmu_add()
     - [arm64] cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
     - xen/mcelog: Add __nonstring annotations for unterminated strings
     - HID: pidff: Convert infinite length from Linux API to PID standard
     - HID: pidff: Do not send effect envelope if it's empty
     - HID: pidff: Fix null pointer dereference in pidff_find_fields
     - ALSA: hda: intel: Fix Optimus when GPU has no sound
     - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
     - [arm64] ASoC: fsl_audmix: register card device depends on 'dais' property
     - [arm64,armhf] mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two
       halves
     - ALSA: usb-audio: Fix CME quirk for UF series keyboards
     - [x86] ASoC: amd: Add DMI quirk for ACP6X mic support
     - f2fs: don't retry IO for corrupted data scenario
     - page_pool: avoid infinite loop to schedule delayed worker
     - jfs: Fix uninit-value access of imap allocated in the diMount() function
     - fs/jfs: cast inactags to s64 to prevent potential overflow
     - fs/jfs: Prevent integer overflow in AG size calculation
     - jfs: Prevent copying of nlink with value 0 from disk inode
     - jfs: add sanity check for agwidth in dbMount
     - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
     - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
     - ahci: add PCI ID for Marvell 88SE9215 SATA Controller
     - ext4: protect ext4_release_dquot against freezing
     - ext4: ignore xattrs past end
     - scsi: st: Fix array overflow in st_setup()
     - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
     - net: vlan: don't propagate flags on open
     - tracing: fix return value in __ftrace_event_enable_disable for
       TRACE_REG_UNREGISTER
     - Bluetooth: hci_uart: fix race during initialization
     - Bluetooth: qca: simplify WCN399x NVM loading
     - drm: allow encoder mode_set even when connectors change for crtc
     - drm/amd/display: Update Cursor request mode to the beginning prefetch
       always
     - drm: panel-orientation-quirks: Add support for AYANEO 2S
     - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
     - drm: panel-orientation-quirks: Add new quirk for GPD Win 2
     - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
     - drm/bridge: panel: forbid initializing a panel with unknown connector type
     - drivers: base: devres: Allow to release group on device release
     - drm/amdkfd: clamp queue size to minimum
     - drm/amdkfd: Fix mode1 reset crash issue
     - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
     - drm/amdgpu: handle amdgpu_cgs_create_device() errors in
       amd_powerplay_create()
     - [amd64] PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
     - drm/amdgpu: grab an additional reference on the gang fence v2
     - tpm, tpm_tis: Workaround failed command reception on Infineon devices
     - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
     - ext4: don't treat fhandle lookup of ea_inode as FS corruption
     - xenfs/xensyms: respect hypervisor's "next" indication
     - [arm64] cputype: Add MIDR_CORTEX_A76AE
     - [arm64] errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
     - [arm64] errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
     - [arm64] errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
     - [arm64] KVM: arm64: Tear down vGIC on failed vCPU creation
     - spi: cadence-qspi: Fix probe on AM62A LP SK
     - tpm, tpm_tis: Fix timeout handling when waiting for TPM status
     - media: streamzap: prevent processing IR data on URB failure
     - media: platform: stm32: Add check for clk_enable()
     - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
     - media: i2c: ccs: Set the device's runtime PM status correctly in remove
     - media: i2c: ccs: Set the device's runtime PM status correctly in probe
     - media: i2c: ov7251: Set enable GPIO low in probe
     - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
     - mptcp: sockopt: fix getting IPV6_V6ONLY
     - mtd: Add check for devm_kcalloc()
     - [arm64,armhf] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum
       for 6320 family
     - wifi: mt76: Add check for devm_kstrdup()
     - wifi: mac80211: fix integer overflow in hwmp_route_info_get()
     - io_uring/kbuf: reject zero sized provided buffers
     - bus: mhi: host: Fix race between unprepare and queue_buf
     - ext4: fix off-by-one error in do_split
     - [armhf] soc: samsung: exynos-chipid: Add NULL pointer check in
       exynos_chipid_probe()
     - smb311 client: fix missing tcon check when mounting with linux/posix
       extensions
     - i3c: master: svc: Use readsb helper for reading MDB
     - i3c: Add NULL pointer check in i3c_master_queue_ibi()
     - jbd2: remove wrong sb->s_sequence check
     - [armhf] mfd: ene-kb3930: Fix a potential NULL pointer dereference
     - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
     - lib: scatterlist: fix sg_split_phys to preserve original scatterlist
       offsets
     - mptcp: fix NULL pointer in can_accept_new_subflow
     - mptcp: only inc MPJoinAckHMacFailure for HMAC failures
     - mtd: inftlcore: Add error check for inftl_read_oob()
     - mtd: rawnand: Add status chack in r852_ready()
     - [arm64] mm: Correct the update of max_pfn
     - [arm64] dts: mediatek: mt8173: Fix disp-pwm compatible string
     - btrfs: fix non-empty delayed iputs list on unmount due to compressed write
       workers
     - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
     - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
     - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
     - sctp: detect and prevent references to a freed transport in sendmsg
     - thermal/drivers/rockchip: Add missing rk3328 mapping entry
     - cifs: avoid NULL pointer dereference in dbg call
     - cifs: fix integer overflow in match_server()
     - [arm64] clk: qcom: gdsc: Release pm subdomains in reverse add order
     - [arm64] clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
     - [arm64] clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - [x86] crypto: ccp - Fix check for the primary ASP device
     - dm-integrity: set ti->error on memory allocation failure
     - dm-verity: fix prefetch-vs-suspend race
     - ftrace: Add cond_resched() to ftrace_graph_set_hash()
     - [arm64] gpio: zynq: Fix wakeup source leaks on device unbind
     - gve: handle overflow when reporting TX consumed descriptors
     - [x86] KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory
       accesses
     - of/irq: Fix device node refcount leakage in API of_irq_parse_one()
     - of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
     - of/irq: Fix device node refcount leakages in of_irq_count()
     - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
     - of/irq: Fix device node refcount leakages in of_irq_init()
     - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
     - PCI: Fix reference leak in pci_alloc_child_bus()
     - [arm64] pinctrl: qcom: Clear latched interrupt status when changing IRQ
       type
     - [arm64] errata: Add newer ARM cores to the spectre_bhb_loop_affected()
       lists
     - [x86] ACPI: platform-profile: Fix CFI violation when accessing sysfs files
     - [x86] e820: Fix handling of subpage regions when calculating nosave ranges
       in e820__register_nosave_regions()
     - Bluetooth: hci_uart: Fix another race during initialization
     - [armhf] HSI: ssi_protocol: Fix use after free vulnerability in
       ssi_protocol Driver Due to Race Condition (CVE-2025-37838)
     - [arm64] scsi: hisi_sas: Enable force phy when SATA disk directly connected
     - wifi: at76c50x: fix use after free access in at76_disconnect
     - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
     - wifi: mac80211: Purge vif txq in ieee80211_do_stop()
     - wifi: wl1251: fix memory leak in wl1251_tx_work
     - scsi: iscsi: Fix missing scsi_host_put() in error path
     - md/raid10: fix missing discard IO accounting
     - md/md-bitmap: fix stats collection for external bitmaps
     - [amd64] RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
     - [arm64] RDMA/hns: Fix wrong maximum DMA segment size
     - RDMA/core: Silence oversized kvmalloc() warning
     - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
     - Bluetooth: btrtl: Prevent potential NULL dereference
     - Bluetooth: l2cap: Check encryption key size on incoming connection
     - Revert "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - igc: fix PTM cycle trigger logic
     - igc: move ktime snapshot into PTM retry loop
     - igc: handle the IGC_PTP_ENABLED flag correctly
     - igc: cleanup PTP module if probe fails
     - net: mctp: Set SOCK_RCU_FREE
     - net: openvswitch: fix nested key length validation in the set() action
     - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
     - net: b53: enable BPDU reception for management port
     - net: bridge: switchdev: do not notify new brentries as changed
     - [arm64,armhf] net: dsa: mv88e6xxx: avoid unregistering devlink regions
       which were never registered
     - [arm64,armhf] net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST
       is unsupported
     - [arm64,armhf] net: dsa: avoid refcount warnings when
       ds->ops->tag_8021q_vlan_del() fails
     - ptp: ocp: fix start time alignment in ptp_ocp_signal_set
     - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
     - writeback: fix false warning in inode_to_wb()
     - Revert "PCI: Avoid reset when disabled via sysfs"
     - [x86] asus-laptop: Fix an uninitialized variable
     - nfs: move nfs_fhandle_hash to common include file
     - nfs: add missing selections of CONFIG_CRC32
     - nfsd: decrease sc_count directly if fail to queue dl_recall
     - btrfs: correctly escape subvol in btrfs_show_options()
     - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
     - i2c: cros-ec-tunnel: defer probe if parent EC is not present
     - isofs: Prevent the use of too small fid
     - loop: properly send KOBJ_CHANGED uevent for disk device
     - loop: LOOP_SET_FD: send uevents for partitions
     - mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
     - mm: fix filemap_get_folios_contig returning batches of identical folios
     - ksmbd: Fix dangling pointer in krb_authenticate
     - ksmbd: Prevent integer overflow in calculation of deadtime
     - ksmbd: fix the warning from __kernel_write_iter
     - smb3 client: fix open hardlink on deferred close file error
     - string: Add load_unaligned_zeropad() code path to sized_strscpy()
     - tracing: Fix filter string testing
     - virtiofs: add filesystem context source name check
     - scsi: megaraid_sas: Block zero-length ATA VPD inquiry
     - scsi: ufs: exynos: Ensure consistent phy reference counts
     - [x86] perf/x86/intel: Allow to update user space GPRs from PEBS records
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SNR
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       ICX
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SPR
     - [arm64] drm/msm/a6xx: Fix stale rpmh votes from GPU
     - drm/amd: Handle being compiled without SI or CIK support better
     - drm/amd/pm: Prevent division by zero
     - drm/amd/pm/powerplay: Prevent division by zero
     - drm/amd/pm/smu11: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
     - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
     - drm/amdgpu/dma_buf: fix page_link check
     - drm/nouveau: prime: fix ttm_bo_delayed_delete oops
     - [x86] drm/i915/gvt: fix unterminated-string-initialization warning
     - io_uring/net: fix accept multishot handling
     - [arm64] KVM: arm64: Discard any SVE state when entering KVM guests
     - [arm64] fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
     - [arm64] fpsimd: Have KVM explicitly say which FP registers to save
     - [arm64] fpsimd: Stop using TIF_SVE to manage register saving in KVM
     - [arm64] KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
     - [arm64] KVM: arm64: Remove host FPSIMD saving for non-protected KVM
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
     - [arm64] KVM: arm64: Refactor exit handlers
     - [arm64] KVM: arm64: Mark some header functions as inline
     - [arm64] KVM: arm64: Calculate cptr_el2 traps on activating traps
     - [arm64] KVM: arm64: Eagerly switch ZCR_EL{1,2}
     - cpufreq: Reference count policy in cpufreq_update_limits()
     - kbuild: Add '-fno-builtin-wcslen'
     - mptcp: sockopt: fix getting freebind & transparent
     - mm: Fix is_zero_page() usage in try_grab_page() (Closes: #1102914)
     - [x86] split_lock: Fix the delayed detection logic
     - [x86] pvh: Call C code via the kernel virtual mapping
     - [powerpc*] rtas: Prevent Spectre v1 gadget construction in sys_rtas()
       (CVE-2024-46774)
     - btrfs: fix qgroup reserve leaks in cow_file_range (CVE-2024-46733)
     - btrfs: zoned: fix zone activation with missing devices
     - btrfs: zoned: fix zone finishing with missing devices
     - Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
     - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
       max_links (CVE-2024-46816)
     - landlock: Add the errata interface
     - nvmet-fc: Remove unused functions
     - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
       (CVE-2024-46742)
     - cifs: use origin fullpath for automounts
     - btrfs: fix the length of reserved qgroup to free
     - bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
     - bpf: Prevent tail call between progs attached to different hooks
       (CVE-2024-50063)
     - blk-cgroup: support to track if policy is online
     - blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
     - mm: fix apply_to_existing_page_range()
     - sign-file,extract-cert: move common SSL helper functions to a header
     - sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
     - sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
     - [mips*] ds1287: Match ds1287_set_base_clock() function types
     - md: factor out a helper from mddev_put()
     - md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
       (Closes: #1086175)
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 34
 .
   [ Ben Hutchings ]
   * d/rules.d/certs: Add newly required include directory to CPPFLAGS
linux (6.1.133-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130
     - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
     - md/md-bitmap: replace md_bitmap_status() with a new helper
       md_bitmap_get_stats()
     - md/md-cluster: fix spares warnings for __le64
     - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
     - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
     - mm: update mark_victim tracepoints fields
     - memcg: fix soft lockup in the OOM process (CVE-2024-57977)
     - Bluetooth: qca: Support downloading board id specific NVM for WCN7850
     - Bluetooth: qca: Update firmware-name to support board specific nvm
     - Bluetooth: qca: Fix poor RF performance for WCN6855
     - scsi: core: Handle depopulation and restoration in progress
     - scsi: core: Do not retry I/Os during depopulation
     - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default
     - [arm64] dts: qcom: trim addresses to 8 digits
     - [arm64] dts: qcom: sm8450: Fix CDSP memory length
     - tpm: Use managed allocation for bios event log
     - tpm: Change to kvalloc() in eventlog/acpi.c
     - media: Switch to use dev_err_probe() helper
     - media: uvcvideo: Fix crash during unbind if gpio unit is in use
       (CVE-2024-58079)
     - media: uvcvideo: Refactor iterators
     - media: uvcvideo: Only save async fh if success
     - media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
     - USB: gadget: core: create sysfs link between udc and gadget
     - usb: gadget: core: flush gadget workqueue after device removal
       (CVE-2025-21838)
     - USB: gadget: f_midi: f_midi_complete to call queue_work
     - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h
     - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
     - ALSA: hda/realtek: Fixup ALC225 depop procedure
     - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area
       as VM_ALLOC
     - geneve: Fix use-after-free in geneve_find_dev().
     - ALSA: hda/cirrus: Correct the full scale volume set logic
     - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
     - geneve: Suppress list corruption splat in geneve_destroy_tunnels().
     - flow_dissector: Fix handling of mixed port and port-range keys
     - flow_dissector: Fix port range key handling in BPF conversion
     - net: Add non-RCU dev_getbyhwaddr() helper
     - arp: switch to dev_getbyhwaddr() in arp_req_set_public()
     - net: axienet: Set mac_managed_pm
     - tcp: drop secpath at the same time as we currently drop dst
     - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
     - strparser: Add read_sock callback
     - bpf: Fix wrong copied_seq calculation
     - power: supply: da9150-fg: fix potential overflow
     - nouveau/svm: fix missing folio unlock + put after
       make_device_exclusive_range()
     - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC
       fields
     - nvme/ioctl: add missing space in err message
     - bpf: skip non exist keys in generic_map_lookup_batch
     - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup
     - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc
       included
     - [arm64] tee: optee: Fix supplicant wait loop
     - drop_monitor: fix incorrect initialization order
     - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
     - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality()
     - ALSA: hda: Add error check for snd_ctl_rename_id() in
       snd_hda_create_dig_out_ctls()
     - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
     - acct: perform last write from workqueue
     - acct: block access to kernel internal filesystems
     - mm,madvise,hugetlb: check for 0-length range after end address adjustment
     - smb: client: Add check for next_buffer in receive_encrypted_standard()
     - ftrace: Correct preemption accounting for function tracing.
     - ftrace: Do not add duplicate entries in subops manager ops
     - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
     - block, bfq: split sync bfq_queues on a per-actuator basis
     - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)
     - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
       (CVE-2024-47754)
     - netfilter: allow exp not to be removed in nf_ct_find_expectation
     - IB/mlx5: Set and get correct qp_num for a DCT QP
     - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
     - SUNRPC: convert RPC_TASK_* constants to enum
     - SUNRPC: Prevent looping due to rpc_signal_task() races
     - scsi: core: Clear driver private data when retrying request
     - RDMA/mlx5: Fix bind QP error cleanup flow
     - sunrpc: suppress warnings for unused procfs functions
     - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
     - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
     - afs: remove variable nr_servers
     - afs: Make it possible to find the volumes that are using a server
     - afs: Fix the server_list to unuse a displaced server rather than putting
       it
     - net: loopback: Avoid sending IP packets without an Ethernet header
     - net: set the minimum for net_hotdata.netdev_budget_usecs
     - net/ipv4: add tracepoint for icmp_send
     - ipv4: icmp: Pass full DS field to ip_route_input()
     - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup()
     - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound()
     - ipv4: Convert icmp_route_lookup() to dscp_t.
     - ipv4: Convert ip_route_input() to dscp_t.
     - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos
       conversion.
     - ipvlan: ensure network headers are in skb linear part
     - [arm64] net: cadence: macb: Synchronize stats calculations
     - [armhf] ASoC: es8328: fix route from DAC to output
     - ipvs: Always clear ipvs_property flag in skb_scrub_packet()
     - tcp: Defer ts_recent changes until req is owned
     - net: Clear old fragment checksum value in napi_reuse_skb
     - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
     - net/mlx5: IRQ, Fix null string in debug print
     - include: net: add static inline dst_dev_overhead() to dst.h
     - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in seg6 lwt
     - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in rpl lwt
     - mm: Don't pin ZERO_PAGE in pin_user_pages()
     - uprobes: Reject the shared zeropage in uprobe_write_opcode()
     - io_uring/net: save msg_control for compat
     - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
     - tracing: Fix bad hist from corrupting named_triggers list
     - ftrace: Avoid potential division by zero in function_stat_show()
     - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
     - [x86] perf/x86: Fix low freqency setting issue
     - perf/core: Fix low freq setting via IOC_PERIOD
     - drm/amd/display: Disable PSR-SU on eDP panels
     - drm/amd/display: Fix HPD after gpu reset
     - i2c: npcm: disable interrupt enable bit before devm_request_irq
     - usbnet: gl620a: fix endpoint checking in genelink_bind()
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
     - [arm64] net: enetc: keep track of correct Tx BD count in
       enetc_map_tx_tso_buffs()
     - [arm64] net: enetc: update UDP checksum when updating originTimestamp
       field
     - [arm64] net: enetc: correct the xdp_tx statistics
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs()
     - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks
       in refclk
     - mptcp: always handle address removal under msk socket lock
     - mptcp: reset when MPTCP opts are dropped after join
     - vmlinux.lds: Ensure that const vars with relocations are mapped R/O
     - sched/core: Prevent rescheduling when interrupts are disabled
     - drm/amd/display: fixed integer types and null check locations
       (CVE-2024-26767)
     - amdgpu/pm/legacy: fix suspend/resume issues
     - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C
       states, correctly (Closes: #1088682)
     - Squashfs: check the inode number is not the invalid value of zero
       (CVE-2024-26982)
     - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
     - media: mtk-vcodec: potential null pointer deference in SCP
       (CVE-2024-40973)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
     - drm/amdgpu: Check extended configuration space register when system uses
       large bar
     - drm/amdgpu: disable BAR resize on Dell G5 SE
     - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS
     - [x86] speculation: Add __update_spec_ctrl() helper
     - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
     - Revert "of: reserved-memory: Fix using wrong number of cells to get
       property 'alignment'"
     - HID: appleir: Fix potential NULL dereference at raw event handle
     - ksmbd: fix type confusion via race condition when using
       ipc_msg_send_request
     - ksmbd: fix use-after-free in smb2_lock
     - ksmbd: fix bug on trap in smb2_lock
     - [arm64] gpio: rcar: Use raw_spinlock to protect register access
     - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
     - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
     - ALSA: hda/realtek: update ALC222 depop optimize
     - drm/amd/display: Fix null check for pipe_ctx->plane_state in
       resource_build_scaling_params
     - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
     - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
     - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
     - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
     - wifi: cfg80211: regulatory: improve invalid hints checking
     - wifi: nl80211: reject cooked mode if it is set along with other flags
     - rapidio: add check for rio_add_net() in rio_scan_alloc_net()
     - rapidio: fix an API misues when rio_add_net() fails
     - dma: kmsan: export kmsan_handle_dma() for modules
     - [s390x] traps: Fix test_monitor_call() inline assembly
     - block: fix conversion of GPT partition name to 7-bit
     - mm/page_alloc: fix uninitialized variable
     - mm: don't skip arch_sync_kernel_mappings() in error paths
     - wifi: iwlwifi: limit printed string from FW file
     - HID: google: fix unused variable warning under !CONFIG_ACPI
     - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
     - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
     - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
     - net: gso: fix ownership in __udp_gso_segment
     - caif_virtio: fix wrong pointer check in cfv_probe()
     - hwmon: (pmbus) Initialise page count in pmbus_identify()
     - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
     - hwmon: (ad7314) Validate leading zero bits and return error
     - ALSA: usx2y: validate nrpacks module parameter on probe
     - llc: do not use skb_get() before dev_queue_xmit()
     - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
     - drm/sched: Fix preprocessor guard
     - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
     - [arm64] net: hns3: make sure ptp clock is unregister and freed if
       hclge_ptp_get_cycle returns an error
     - vlan: enforce underlying device type
     - [x86] sgx: Fix size overflows in sgx_encl_create()
     - exfat: fix soft lockup in exfat_clear_bitmap
     - net-timestamp: support TCP GSO case for a few missing flags
     - ublk: set_params: properly check if parameters can be applied
     - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
     - net: ipv6: fix dst ref loop in ila lwtunnel
     - net: ipv6: fix missing dst ref drop in ila lwtunnel
     - [arm64] gpio: rcar: Fix missing of_node_put() call
     - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
       (Closes: #1100746)
     - usb: hub: lack of clearing xHC resources
     - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
       Reader
     - usb: atm: cxacru: fix a flaw in existing endpoint checks
     - usb: dwc3: Set SUSPENDENABLE soon after phy init
     - usb: dwc3: gadget: Prevent irq storm when TH re-executes
     - usb: typec: ucsi: increase timeout for PPM reset operations
     - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
     - usb: gadget: Set self-powered based on MaxPower and bmAttributes
     - usb: gadget: Fix setting self-powered state on suspend
     - usb: gadget: Check bmAttributes only if configuration is valid
     - xhci: pci: Fix indentation in the PCI device ID definitions
     - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Closes: #1050352)
     - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
     - [x86] mei: me: add panther lake P DID
     - [x86] intel_th: pci: Add Arrow Lake support
     - [x86] intel_th: pci: Add Panther Lake-H support
     - [x86] intel_th: pci: Add Panther Lake-P/U support
     - drivers: core: fix device leak in __fw_devlink_relax_cycles()
     - slimbus: messaging: Free transaction ID in delayed interrupt scenario
     - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid
       deadlock
     - eeprom: digsy_mtc: Make GPIO lookup table match the device
     - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
     - iio: filter: admv8818: Force initialization of SDO
     - iio: dac: ad3552r: clear reset status flag
     - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
     - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
     - Revert "KVM: e500: always restore irqs"
     - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
     - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock"
     - Revert "KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()"
     - uprobes: Fix race in uprobe_free_utask
     - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode
     - spi-mxs: Fix chipselect glitch
     - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
     - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
     - nilfs2: handle errors that nilfs_prepare_chunk() may return
     - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
       (CVE-2024-24855)
     - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831)
     - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
     - bpf, vsock: Invoke proto::close on close()
     - vsock: Keep the binding until socket destruction (CVE-2025-21756)
     - vsock: Orphan socket after transport release
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132
     - clockevents/drivers/i8253: Fix stop sequence for timer 0
     - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
     - hrtimer: Use and report correct timerslack values for realtime tasks
     - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
     - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
     - ice: fix memory leak in aRFS after reset
     - netfilter: nf_conncount: garbage collection is not skipped when jiffies
       wrap around
     - sched: address a potential NULL pointer dereference in the GRED scheduler.
     - wifi: cfg80211: cancel wiphy_work before freeing wiphy
     - Bluetooth: hci_event: Fix enabling passive scanning
     - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid
       context"
     - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops
     - net: mctp i2c: Copy headers if cloned
     - netpoll: hold rcu read lock in __netpoll_send_skb()
     - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device
       is removed
     - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in
       vmbus_free_mmio()
     - net/mlx5: handle errors in mlx5_chains_create_table()
     - eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
     - net: switchdev: Convert blocking notification chain to a raw one
     - bonding: fix incorrect MAC address setting to receive NS messages
     - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
       insert_tree()
     - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
     - net_sched: Prevent creation of classes with TC_H_ROOT
     - netfilter: nft_exthdr: fix offset with ipv4_find_option()
     - gre: Fix IPv6 link-local address generation.
     - net: openvswitch: remove misbehaving actions length check
     - net/mlx5: Bridge, fix the crash caused by LAG state check
     - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed
       devices
     - nvme-fc: go straight to connecting state when initializing
     - hrtimers: Mark is_migration_base() with __always_inline
     - powercap: call put_device() on an error path in
       powercap_register_control_type()
     - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
     - scsi: core: Use GFP_NOIO to avoid circular locking dependency
     - scsi: qla1280: Fix kernel oops when debug level > 2
     - ACPI: resource: IRQ override for Eluktronics MECH-17
     - smb: client: fix noisy when tree connecting to DFS interlink targets
     - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
     - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset
     - HID: ignore non-functional sensor in HP 5MP Camera
     - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
     - HID: apple: fix up the F6 key on the Omoton KB066 keyboard
     - sched: Clarify wake_up_q()'s write to task->wake_q.next
     - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
     - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
     - [s390x] cio: Fix CHPID "configure" attribute caching
     - thermal/cpufreq_cooling: Remove structure member documentation
     - Xen/swiotlb: mark xen_swiotlb_fixup() __init
     - ALSA: hda/realtek: Limit mic boost on Positivo ARN50
     - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
     - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
     - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
     - nvme-tcp: add basic support for the C2HTermReq PDU
     - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
     - sctp: Fix undefined behavior in left shift operation
     - nvme: only allow entering LIVE from CONNECTING state
     - fuse: don't truncate cached, mutated symlink
     - [x86] perf/x86/intel: Use better start period for frequency mode
     - [x86] irq: Define trace events conditionally
     - mptcp: safety check before fallback
     - drm/nouveau: Do not override forced connector status
     - block: fix 'kmem_cache of name 'bio-108' already exists'
     - io_uring: return error pointer from io_mem_alloc()
     - io_uring: add ring freeing helper
     - mm: add nommu variant of vm_insert_pages()
     - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
     - io_uring: don't attempt to mmap larger than what the user asks for
     - io_uring: fix corner case forgetting to vunmap
     - xfs: pass refcount intent directly through the log intent code
     - xfs: pass xfs_extent_free_item directly through the log intent code
     - xfs: fix confusing xfs_extent_item variable names
     - xfs: pass the xfs_bmbt_irec directly through the log intent code
     - xfs: pass per-ag references to xfs_free_extent
     - xfs: validate block number being freed before adding to xefi
     - xfs: fix bounds check in xfs_defer_agfl_block()
     - xfs: use deferred frees for btree block freeing
     - xfs: reserve less log space when recovering log intent items
     - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
     - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
     - xfs: consider minlen sized extents in xfs_rtallocate_extent_block
     - xfs: don't leak recovered attri intent items
     - xfs: make rextslog computation consistent with mkfs
     - xfs: fix 32-bit truncation in xfs_compute_rextslog
     - xfs: don't allow overly small or large realtime volumes
     - xfs: remove unused fields from struct xbtree_ifakeroot
     - xfs: recompute growfsrtfree transaction reservation while growing rt
       volume
     - xfs: force all buffers to be written during btree bulk load
     - xfs: initialise di_crc in xfs_log_dinode
     - xfs: add lock protection when remove perag from radix tree
     - xfs: fix perag leak when growfs fails
     - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
     - xfs: update dir3 leaf block metadata after swap
     - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
     - xfs: remove conditional building of rt geometry validator functions
     - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
     - Input: i8042 - add required quirks for missing old boardnames
     - Input: i8042 - swap old quirk combination with new quirk for several
       devices
     - Input: i8042 - swap old quirk combination with new quirk for more devices
     - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
     - USB: serial: option: add Telit Cinterion FE990B compositions
     - USB: serial: option: fix Telit Cinterion FE990A name
     - USB: serial: option: match on interface class for Telit FN990B
     - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
     - drm/atomic: Filter out redundant DPMS calls
     - drm/dp_mst: Fix locking when skipping CSN before topology probing
     - drm/amd/display: Restore correct backlight brightness after a GPU reset
     - drm/amd/display: Assign normalized_pix_clk when color depth = 14
     - drm/amd/display: Fix slab-use-after-free on hdcp_work
     - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2
       model
     - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
     - lib/buildid: Handle memfd_secret() files in build_id_parse()
     - tcp: fix races in tcp_abort()
     - tcp: fix forever orphan socket caused by tcp_abort
     - leds: mlxreg: Use devm_mutex_init() for mutex initialization
     - ASoC: ops: Consistently treat platform_max as control value
     - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
     - cifs: Fix integer overflow while processing acregmax mount option
     - cifs: Fix integer overflow while processing acdirmax mount option
     - cifs: Fix integer overflow while processing actimeo mount option
     - cifs: Fix integer overflow while processing closetimeo mount option
     - i2c: ali1535: Fix an error handling path in ali1535_probe()
     - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
     - i2c: sis630: Fix an error handling path in sis630_probe()
     - [arm64] mm: Populate vmemmap at the page level if not section aligned
     - smb3: add support for IAKerb
     - smb: client: Fix match_session bug preventing session reuse
     - HID: apple: disable Fn key handling on the Omoton KB066
     - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
     - firmware: imx-scu: fix OF node leak in .probe()
     - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply
     - xfrm_output: Force software GSO only in tunnel mode
     - [arm64] soc: imx8m: Remove global soc_uid
     - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling
     - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path
     - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
     - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
     - ARM: dts: bcm2711: Don't mark timer regs unconfigured
     - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
     - [arm64] RDMA/hns: Fix soft lockup during bt pages loop
     - [arm64] RDMA/hns: Fix unmatched condition in error path of
       alloc_user_qp_db()
     - [arm64] RDMA/hns: Fix a missing rollback in error path of
       hns_roce_create_qp_common()
     - [arm64] RDMA/hns: Fix wrong value of max_sge_rd
     - Bluetooth: Fix error code in chan_alloc_skb_cb()
     - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
     - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
     - net: atm: fix use after free in lec_send()
     - net: lwtunnel: fix recursion loops
     - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
     - Revert "gre: Fix IPv6 link-local address generation."
     - i2c: omap: fix IRQ storms
     - [arm64,armhf] can: flexcan: only change CAN state when link up in system
       PM
     - [arm64,armhf] can: flexcan: disable transceiver during system PM
     - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence
     - regulator: check that dummy regulator has been probed before using it
     - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound
       card
     - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
     - mmc: atmel-mci: Add missing clk_disable_unprepare()
     - proc: fix UAF in proc_get_inode()
     - efi/libstub: Avoid physical address 0x0 when doing random allocation
     - xsk: fix an integer overflow in xp_create_and_assign_umem()
     - batman-adv: Ignore own maximum aggregation size during RX
     - [arm64] soc: qcom: pdr: Fix the potential deadlock
     - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
     - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
     - ksmbd: fix incorrect validation for num_aces field of smb_acl
     - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
     - mptcp: Fix data stream corruption in the address announcement
     - netfilter: nft_counter: Use u64_stats_t for statistic.
     - drm/mediatek: Fix coverity issue with unintentional integer overflow
       (CVE-2023-52857)
     - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
       (CVE-2024-47753)
     - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S
     - drm/amdgpu: fix use-after-free bug (CVE-2024-26656)
     - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056)
     - mm/migrate: fix shmem xarray update during migration
     - block, bfq: fix re-introduced UAF in bic_set_bfqq()
     - xfs: give xfs_extfree_intent its own perag reference
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133
     - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
     - HID: hid-plantronics: Add mic mute mapping and generalize quirks
     - atm: Fix NULL pointer dereference
     - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
     - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts
     - [armel,armhf] Remove address checking for MMUless devices
     - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772)
     - netfilter: socket: Lookup orig tuple for IPv6 SNAT
     - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
     - tty: serial: 8250: Add some more device IDs
     - tty: serial: 8250: Add Brainboxes XC devices
     - net: usb: qmi_wwan: add Telit Cinterion FN990B composition
     - net: usb: qmi_wwan: add Telit Cinterion FE990B composition
     - net: usb: usbnet: restore usb%d name exception for local mac addresses
     - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
     - serial: 8250_dma: terminate correct DMA in tx_dma_flush()
     - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056)
     - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918)
     - media: i2c: et8ek8: Don't strip remove function when driver is builtin
       (CVE-2024-38611)
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.12:
     - net: mana: Use mana_cleanup_port_context() for rxq cleanup
     - net: mana: Add support for page sizes other than 4KB on ARM64
     - net: mana: Add page pool for RX buffers
     - net: mana: Fix the tso_bytes calculation
     - net: mana: Fix oversized sge0 for GSO packets
     - net: mana: Avoid open coded arithmetic
     - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
     - net: mana: Allow variable size indirection table
 .
   [ Ben Hutchings ]
   * d/salsa-ci.yml: Run lintian from the target release, not always unstable
   * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes:
     #1085949)
   * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13
 .
   [ Salvatore Bonaccorso ]
   * d/b/genpatch-rt: Drop now unused 'io' module.
   * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors"
   * Bump ABI to 33
   * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
     (Closes: #1100928)

linux-signed-amd64 (6.1.137+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.137-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.136
     - module: sign with sha512 instead of sha1 by default
     - tracing: Add __cpumask to denote a trace event field that is a cpumask_t
     - tracing: Fix cpumask() example typo
     - tracing: Add __string_len() example
     - tracing: Add __print_dynamic_array() helper
     - tracing: Verify event formats that have "%*p.."
     - [arm64,armhf] net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings
       from mdiobus code
     - [arm64,armhf] net: dsa: add support for mac_prepare() and mac_finish()
       calls
     - [arm64,armhf] net: dsa: mv88e6xxx: move link forcing to
       mac_prepare/mac_finish
     - [arm64,armhf] net: dsa: mv88e6xxx: pass directly chip structure to
       mv88e6xxx_phy_is_internal
     - [arm64,armhf] net: dsa: mv88e6xxx: add field to specify internal phys
       layout
     - [arm64,armhf] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
     - [arm64,armhf] net: dsa: mv88e6xxx: fix VTU methods for 6320 family
     - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
       return value check
     - iio: adc: ad7768-1: Fix conversion result sign
     - [arm64] backlight: led_bl: Convert to platform remove callback returning
       void
     - [arm64] backlight: led_bl: Hold led_access lock when calling
       led_sysfs_disable() (CVE-2025-23144)
     - of: resolver: Simplify of_resolve_phandles() using __free()
     - of: resolver: Fix device node refcount leakage in of_resolve_phandles()
     - PCI: Assign PCI domain IDs by ida_alloc()
     - PCI: Fix reference leak in pci_register_host_bridge()
     - ASoC: qcom: q6dsp: add support to more display ports
     - ASoC: qcom: Fix sc7280 lpass potential buffer overflow
     - dma/contiguous: avoid warning about unused size_bytes
     - [arm64] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
     - [arm64] cpufreq: cppc: Fix invalid return value in .get() callback
     - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
     - scsi: core: Clear flags for scsi_cmnd that did not complete
     - net: lwtunnel: disable BHs when required
     - net: phy: leds: fix memory leak
     - tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
     - net_sched: hfsc: Fix a UAF vulnerability in class handling
       (CVE-2025-37797)
     - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
     - [amd64] iommu/amd: Return an error if vCPU affinity is set for non-vCPU
       IRTE
     - [x86] perf/x86: Fix non-sampling (counting) events on certain x86
       platforms
     - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
     - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
     - virtio_console: fix missing byte order handling for cols and rows
     - xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
     - drm/amd/display: Fix gpu reset in multidisplay config
     - drm/amd/display: Force full update in gpu reset
     - [x86] KVM: SVM: Allocate IR data using atomic allocation
     - USB: storage: quirk for ADATA Portable HDD CH94
     - mei: me: add panther lake H DID
     - [x86] KVM: x86: Explicitly treat routing entry type changes as changes
     - [x86] KVM: x86: Reset IRTE to host control if *new* route isn't postable
     - [arm64] serial: msm: Configure correct working mode before starting
       earlycon
     - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
     - USB: serial: option: add Sierra Wireless EM9291
     - USB: serial: simple: add OWON HDS200 series oscilloscope support
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix usbmisc handling
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix call balance of regulator
       routines
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error
       handling
     - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
     - [arm64,armhf] usb: dwc3: gadget: check that event count does not exceed
       event buffer length
     - [arm64,armhf] usb: dwc3: xilinx: Prevent spike in reset signal
     - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
     - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
     - USB: VLI disk crashes if LPM is used
     - USB: wdm: handle IO errors in wdm_wwan_port_start
     - USB: wdm: close race between wdm_open and wdm_wwan_port_stop
     - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
     - USB: wdm: add annotation
     - [mips*] cm: Detect CM quirks from device tree
     - crypto: null - Use spin lock instead of mutex
     - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
     - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
     - [s390x] sclp: Add check for get_zeroed_page()
     - [s390x] tty: Fix a potential memory leak bug
     - [arm64,armhf] usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
     - [arm64,armhf] usb: dwc3: gadget: Avoid using reserved endpoints on Intel
       Merrifield
     - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
     - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
     - [armhf] usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
     - [arm64,armhf] usb: host: xhci-plat: mvebu: use ->quirks instead of
       ->init_quirk() func
     - [x86] thunderbolt: Scan retimers after device router has been enumerated
     - objtool: Silence more KCOV warnings
     - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
       wcd934x_slim_irq_handler()
     - objtool, lkdtm: Obfuscate the do_nothing() pointer
     - [amd64] qibfs: fix _another_ leak
     - 9p/net: fix improper handling of bogus negative read/write replies
     - [arm64] rtc: pcf85063: do a SW reset if POR failed
     - [s390x] KVM: s390: Don't use %pK through tracepoints
     - udmabuf: fix a buf size overflow issue during udmabuf creation
     - xen: Change xen-acpi-processor dom0 dependency
     - nvme: requeue namespace scan on missed AENs
     - ACPI: EC: Set ec_no_wakeup for Lenovo Go S
     - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
     - nvme: re-read ANA log page after ns scan completes
     - objtool: Stop UNRET validation on UD2
     - [x86] bugs: Use SBPB in write_ibpb() if applicable
     - [x86] bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
     - [x86] bugs: Don't fill RSB on context switch with eIBRS
     - ext4: make block validity check resistent to sb bh corruption
     - [arm64] scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
     - scsi: pm80xx: Set phy_attached to zero when device is gone
     - [x86] i8253: Call clockevent_i8253_disable() with interrupts disabled
     - loop: aio inherit the ioprio of original request
     - md/raid1: Add check for missing source disk in process_checks()
     - [arm64,armhf] spi: spi-imx: Add check for spi_imx_setupxfer()
     - of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
       (Closes: #1103277)
     - jfs: define xtree root and page independently
     - [x86] comedi: jr3_pci: Fix synchronous deletion of timer
     - net/sched: act_mirred: don't override retval if we already lost the skb
       (CVE-2024-26739)
     - [arm64,armhf] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable PVT for 6321 switch
     - [arm64,armhf] net: dsa: mv88e6xxx: enable .port_set_policy() for 6320
       family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable STU methods for 6320 family
     - xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
     - nvme: fixup scan failure for non-ANA multipath controllers
     - tracing: Remove pointer (asterisk) and brackets from cpumask_t field
     - PCI: Fix use-after-free in pci_bus_release_domain_nr()
     - objtool: Silence more KCOV warnings, part 2
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.137
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 35
   * md: move initialization and destruction of 'io_acct_set' to md.c
     (Closes: #1104460)
   * Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Closes: #1104511)
 .
   [ Raphaël Hertzog ]
   * udeb: add dm-thin-pool md-modules (Closes: #956226)
linux-signed-amd64 (6.1.135+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.135-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
     - watch_queue: fix pipe accounting mismatch
     - [x86] mm/pat: cpa-test: fix length for CPA_ARRAY test
     - cpufreq: scpi: compare kHz instead of Hz
     - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
     - [x86] fpu: Fix guest FPU state buffer allocation size
     - [x86] fpu: Avoid copying dynamic FP state from init_task in
       arch_dup_task_struct()
     - [x86] platform: Only allow CONFIG_EISA for 32-bit
     - [x86] sev: Add missing RIP_REL_REF() invocations during sme_enable()
     - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
     - PM: sleep: Adjust check before setting power.must_resume
     - selinux: Chain up tool resolving errors in install_policy.sh
     - [x86] EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
     - [x86] EDAC/ie31200: Fix the DIMM size mask for several SoCs
     - [x86] EDAC/ie31200: Fix the error path order of ie31200_init()
     - thermal: int340x: Add NULL check for adev
     - PM: sleep: Fix handling devices with direct_complete set on errors
     - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
     - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
     - [x86] fpu/xstate: Fix inconsistencies in guest FPU xfeatures
     - [arm64,armhf] media: verisilicon: HEVC: Initialize start_bit field
     - [x86] ASoC: cs35l41: check the return value from spi_setup()
     - HID: remove superfluous (and wrong) Makefile entry for
       CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
     - ALSA: hda/realtek: Always honor no_shutup_pins
     - [arm64] drm/bridge: ti-sn65dsi86: Fix multiple instances
     - drm/dp_mst: Fix drm RAD print
     - PCI: Use downstream bridges for distributing resources
     - PCI/ASPM: Fix link state exit during switch upstream function removal
     - [arm64] drm/msm/dsi: Set PHY usescase (and mode) before registering DSI
       host
     - [arm64] PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without
       data payload
     - [arm64] PCI: brcmstb: Use internal register to change link capability
     - [arm64] PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
     - [arm64] PCI: brcmstb: Fix potential premature regulator disabling
     - PCI/portdrv: Only disable pciehp interrupts early when needed
     - PCI: Avoid reset when disabled via sysfs
     - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
     - PCI: Remove stray put_device() in pci_register_host_bridge()
     - drm/amd/display: avoid NPD when ASIC does not support DMUB
     - PCI: pciehp: Don't enable HPIE when resuming in poll mode
     - [mips*] fbdev: sm501fb: Add some geometry checks.
     - [arm64] clk: amlogic: gxbb: drop incorrect flag on 32k clock
     - [arm64,armhf] remoteproc: core: Clear table_sz when rproc_shutdown
     - bpf: Use preempt_count() directly in bpf_send_signal_common()
     - lib: 842: Improve error handling in sw842_compress()
     - [arm64] clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
     - RDMA/core: Don't expose hw_counters outside of init net namespace
     - RDMA/mlx5: Fix calculation of total invalidated pages
     - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
     - IB/mad: Check available slots before posting receive WRs
     - [arm64,armhf] pinctrl: tegra: Set SFIO mode to Mux Register
     - [arm64] clk: amlogic: g12b: fix cluster A parent data
     - [arm64] clk: amlogic: gxbb: drop non existing 32k clock parent
     - [arm64] clk: amlogic: g12a: fix mmc A peripheral clock
     - [x86] entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
     - power: supply: max77693: Fix wrong conversion of charge input threshold
       value
     - [powerpc*] crypto: nx - Fix uninitialised hv_nxc on error
     - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
     - [mips*] mfd: sm501: Switch to BIT() to mitigate integer overflows
     - [x86] dumpstack: Fix inaccurate unwinding from exception stacks due to
       misplaced assignment
     - isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
     - soundwire: slave: fix an OF node reference leak in soundwire slave device
     - [arm64] coresight-etm4x: add isb() before reading the TRCSTATR
     - iio: accel: mma8452: Ensure error return on failure to matching
       oversampling ratio
     - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim
       fails.
     - usb: xhci: correct debug message page size calculation
     - iio: adc: ad7124: Fix comparison of channel configs
     - perf evlist: Add success path to evlist__create_syswide_maps
     - perf units: Fix insufficient array space
     - kexec: initialize ELF lowest address to ULONG_MAX
     - ocfs2: validate l_tree_depth to avoid out-of-bounds access
     - NFSv4: Don't trigger uneccessary scans for return-on-close delegations
     - fuse: fix dax truncate/punch_hole fault path
     - i3c: master: svc: Fix missing the IBI rules
     - perf python: Fixup description of sample.id event member
     - perf python: Decrement the refcount of just created event on failure
     - perf python: Don't keep a raw_data pointer to consumed ring buffer space
     - perf python: Check if there is space to copy all the event
     - fs/procfs: fix the comment above proc_pid_wchan()
     - perf tools: annotate asm_pure_loop.S
     - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
     - exfat: fix the infinite loop in exfat_find_last_cluster()
     - rtnetlink: Allocate vfinfo size for VF GUIDs when supported
     - rndis_host: Flag RNDIS modems as WWAN devices
     - ksmbd: use aead_request_free to match aead_request_alloc
     - ksmbd: fix multichannel connection failure
     - net/mlx5e: SHAMPO, Make reserved size independent of page size
     - ring-buffer: Fix bytes_dropped calculation issue
     - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
       invalid
     - sched/smt: Always inline sched_smt_active()
     - context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
     - rcu-tasks: Always inline rcu_irq_work_resched()
     - wifi: iwlwifi: fw: allocate chained SG tables for dump
     - wifi: iwlwifi: mvm: use the right version of the rate API
     - nvme-tcp: fix possible UAF in nvme_tcp_poll
     - nvme-pci: clean up CMBMSC when registering CMB fails
     - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
     - wifi: brcmfmac: keep power during suspend if board requires it
     - affs: generate OFS sequence numbers starting at 1
     - affs: don't write overlarge OFS data block size fields
     - ALSA: hda/realtek: Fix Asus Z13 2025 audio
     - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
     - [x86] platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go
       4 tablet
     - HID: i2c-hid: improve i2c_hid_get_report error message
     - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
       CS35L41 HDA
     - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
       CS35L41 HDA
     - sched/deadline: Use online cpus for validating runtime
     - locking/semaphore: Use wake_q to wake up processes outside lock critical
       section
     - [x86] sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
     - drm/amd: Keep display off while going into S4
     - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
     - can: statistics: use atomic access in hot path
     - memory: omap-gpmc: drop no compatible check
     - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
     - spufs: fix a leak on spufs_new_file() failure
     - spufs: fix gang directory lifetimes
     - spufs: fix a leak in spufs_create_context()
     - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
     - ntb: intel: Fix using link status DB's
     - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
       only
     - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
     - net_sched: skbprio: Remove overly strict queue assertions
     - [arm64,armhf] net: mvpp2: Prevent parser TCAM memory corruption
     - udp: Fix memory accounting leak.
     - vsock: avoid timeout during connect() if the socket is closing
     - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
     - netfilter: nft_tunnel: fix geneve_opt type confusion addition
     - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
     - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
     - net: fix geneve_opt length integer overflow
     - ipv6: Start path selection from the first nexthop
     - ipv6: Do not consider link down nexthops in path selection
     - arcnet: Add NULL check in com20020pci_probe()
     - io_uring/filetable: ensure node switch is always done, if needed
     - drm/amdgpu/gfx11: fix num_mec
     - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
     - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
       registers
     - usbnet:fix NPE during rx_complete
     - [x86] platform/x86: ISST: Correct command storage data length
     - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
     - [x86] perf/x86/intel: Apply static call for drain_pebs
     - [x86] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
     - kunit/overflow: Fix UB in overflow_allocation_test (CVE-2024-46823)
     - btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
     - [x86] tsc: Always save/restore TSC sched_clock() on suspend/resume
     - [x86] mm: Fix flush_tlb_range() when used for zapping normal PMDs
     - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
     - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
     - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
     - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
     - ksmbd: add bounds check for create lease context
     - ksmbd: fix use-after-free in ksmbd_sessions_deregister()
     - ksmbd: fix session use-after-free in multichannel connection
     - ksmbd: validate zero num_subauth before sub_auth is accessed
     - tracing: Fix use-after-free in print_graph_function_flags during tracer
       switching
     - tracing: Ensure module defining synth event cannot be unloaded while
       tracing
     - tracing: Fix synth event printk format for str fields
     - tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
     - [arm64] Don't call NULL in do_compat_alignment_fixup()
     - ext4: don't over-report free space or inodes in statvfs
     - ext4: fix OOB read when checking dotdot dir
     - jfs: fix slab-out-of-bounds read in ea_get()
     - jfs: add index corruption check to DT_GETPAGE()
     - media: streamzap: fix race between device disconnection and urb callback
     - nfsd: put dl_stid if fail to queue dl_recall
     - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
     - tracing: Do not use PERF enums when perf is not defined
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
     - tipc: fix memory leak in tipc_link_xmit
     - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
     - net: tls: explicitly disallow disconnect
     - rtnl: add helper to check if rtnl group has listeners
     - rtnl: add helper to check if a notification is needed
     - net/sched: cls_api: conditional notification of events
     - tc: Ensure we have enough buffer space when sending filter netlink
       notifications
     - net: ethtool: Don't call .cleanup_data when prepare_data fails
     - ata: sata_sx4: Add error handling in pdc20621_i2c_read()
     - nvmet-fcloop: swap list_add_tail arguments
     - net_sched: sch_sfq: use a temporary work area for validating configuration
     - net_sched: sch_sfq: move the limit validation
     - ipv6: Align behavior across nexthops during path selection
     - net: ppp: Add bound checking for skb data on ppp_sync_txmung
     - nft_set_pipapo: fix incorrect avx2 match of 5th field octet
     - fs: consistently deref the files table with rcu_dereference_raw()
     - umount: Allow superblock owners to force umount
     - pm: cpupower: bench: Prevent NULL dereference on malloc failure
     - [x86] cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
       when running in a virtual machine
     - [arm*] perf: arm_pmu: Don't disable counter in armpmu_add()
     - [arm64] cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
     - xen/mcelog: Add __nonstring annotations for unterminated strings
     - HID: pidff: Convert infinite length from Linux API to PID standard
     - HID: pidff: Do not send effect envelope if it's empty
     - HID: pidff: Fix null pointer dereference in pidff_find_fields
     - ALSA: hda: intel: Fix Optimus when GPU has no sound
     - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
     - [arm64] ASoC: fsl_audmix: register card device depends on 'dais' property
     - [arm64,armhf] mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two
       halves
     - ALSA: usb-audio: Fix CME quirk for UF series keyboards
     - [x86] ASoC: amd: Add DMI quirk for ACP6X mic support
     - f2fs: don't retry IO for corrupted data scenario
     - page_pool: avoid infinite loop to schedule delayed worker
     - jfs: Fix uninit-value access of imap allocated in the diMount() function
     - fs/jfs: cast inactags to s64 to prevent potential overflow
     - fs/jfs: Prevent integer overflow in AG size calculation
     - jfs: Prevent copying of nlink with value 0 from disk inode
     - jfs: add sanity check for agwidth in dbMount
     - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
     - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
     - ahci: add PCI ID for Marvell 88SE9215 SATA Controller
     - ext4: protect ext4_release_dquot against freezing
     - ext4: ignore xattrs past end
     - scsi: st: Fix array overflow in st_setup()
     - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
     - net: vlan: don't propagate flags on open
     - tracing: fix return value in __ftrace_event_enable_disable for
       TRACE_REG_UNREGISTER
     - Bluetooth: hci_uart: fix race during initialization
     - Bluetooth: qca: simplify WCN399x NVM loading
     - drm: allow encoder mode_set even when connectors change for crtc
     - drm/amd/display: Update Cursor request mode to the beginning prefetch
       always
     - drm: panel-orientation-quirks: Add support for AYANEO 2S
     - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
     - drm: panel-orientation-quirks: Add new quirk for GPD Win 2
     - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
     - drm/bridge: panel: forbid initializing a panel with unknown connector type
     - drivers: base: devres: Allow to release group on device release
     - drm/amdkfd: clamp queue size to minimum
     - drm/amdkfd: Fix mode1 reset crash issue
     - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
     - drm/amdgpu: handle amdgpu_cgs_create_device() errors in
       amd_powerplay_create()
     - [amd64] PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
     - drm/amdgpu: grab an additional reference on the gang fence v2
     - tpm, tpm_tis: Workaround failed command reception on Infineon devices
     - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
     - ext4: don't treat fhandle lookup of ea_inode as FS corruption
     - xenfs/xensyms: respect hypervisor's "next" indication
     - [arm64] cputype: Add MIDR_CORTEX_A76AE
     - [arm64] errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
     - [arm64] errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
     - [arm64] errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
     - [arm64] KVM: arm64: Tear down vGIC on failed vCPU creation
     - spi: cadence-qspi: Fix probe on AM62A LP SK
     - tpm, tpm_tis: Fix timeout handling when waiting for TPM status
     - media: streamzap: prevent processing IR data on URB failure
     - media: platform: stm32: Add check for clk_enable()
     - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
     - media: i2c: ccs: Set the device's runtime PM status correctly in remove
     - media: i2c: ccs: Set the device's runtime PM status correctly in probe
     - media: i2c: ov7251: Set enable GPIO low in probe
     - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
     - mptcp: sockopt: fix getting IPV6_V6ONLY
     - mtd: Add check for devm_kcalloc()
     - [arm64,armhf] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum
       for 6320 family
     - wifi: mt76: Add check for devm_kstrdup()
     - wifi: mac80211: fix integer overflow in hwmp_route_info_get()
     - io_uring/kbuf: reject zero sized provided buffers
     - bus: mhi: host: Fix race between unprepare and queue_buf
     - ext4: fix off-by-one error in do_split
     - [armhf] soc: samsung: exynos-chipid: Add NULL pointer check in
       exynos_chipid_probe()
     - smb311 client: fix missing tcon check when mounting with linux/posix
       extensions
     - i3c: master: svc: Use readsb helper for reading MDB
     - i3c: Add NULL pointer check in i3c_master_queue_ibi()
     - jbd2: remove wrong sb->s_sequence check
     - [armhf] mfd: ene-kb3930: Fix a potential NULL pointer dereference
     - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
     - lib: scatterlist: fix sg_split_phys to preserve original scatterlist
       offsets
     - mptcp: fix NULL pointer in can_accept_new_subflow
     - mptcp: only inc MPJoinAckHMacFailure for HMAC failures
     - mtd: inftlcore: Add error check for inftl_read_oob()
     - mtd: rawnand: Add status chack in r852_ready()
     - [arm64] mm: Correct the update of max_pfn
     - [arm64] dts: mediatek: mt8173: Fix disp-pwm compatible string
     - btrfs: fix non-empty delayed iputs list on unmount due to compressed write
       workers
     - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
     - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
     - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
     - sctp: detect and prevent references to a freed transport in sendmsg
     - thermal/drivers/rockchip: Add missing rk3328 mapping entry
     - cifs: avoid NULL pointer dereference in dbg call
     - cifs: fix integer overflow in match_server()
     - [arm64] clk: qcom: gdsc: Release pm subdomains in reverse add order
     - [arm64] clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
     - [arm64] clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - [x86] crypto: ccp - Fix check for the primary ASP device
     - dm-integrity: set ti->error on memory allocation failure
     - dm-verity: fix prefetch-vs-suspend race
     - ftrace: Add cond_resched() to ftrace_graph_set_hash()
     - [arm64] gpio: zynq: Fix wakeup source leaks on device unbind
     - gve: handle overflow when reporting TX consumed descriptors
     - [x86] KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory
       accesses
     - of/irq: Fix device node refcount leakage in API of_irq_parse_one()
     - of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
     - of/irq: Fix device node refcount leakages in of_irq_count()
     - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
     - of/irq: Fix device node refcount leakages in of_irq_init()
     - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
     - PCI: Fix reference leak in pci_alloc_child_bus()
     - [arm64] pinctrl: qcom: Clear latched interrupt status when changing IRQ
       type
     - [arm64] errata: Add newer ARM cores to the spectre_bhb_loop_affected()
       lists
     - [x86] ACPI: platform-profile: Fix CFI violation when accessing sysfs files
     - [x86] e820: Fix handling of subpage regions when calculating nosave ranges
       in e820__register_nosave_regions()
     - Bluetooth: hci_uart: Fix another race during initialization
     - [armhf] HSI: ssi_protocol: Fix use after free vulnerability in
       ssi_protocol Driver Due to Race Condition (CVE-2025-37838)
     - [arm64] scsi: hisi_sas: Enable force phy when SATA disk directly connected
     - wifi: at76c50x: fix use after free access in at76_disconnect
     - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
     - wifi: mac80211: Purge vif txq in ieee80211_do_stop()
     - wifi: wl1251: fix memory leak in wl1251_tx_work
     - scsi: iscsi: Fix missing scsi_host_put() in error path
     - md/raid10: fix missing discard IO accounting
     - md/md-bitmap: fix stats collection for external bitmaps
     - [amd64] RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
     - [arm64] RDMA/hns: Fix wrong maximum DMA segment size
     - RDMA/core: Silence oversized kvmalloc() warning
     - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
     - Bluetooth: btrtl: Prevent potential NULL dereference
     - Bluetooth: l2cap: Check encryption key size on incoming connection
     - Revert "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - igc: fix PTM cycle trigger logic
     - igc: move ktime snapshot into PTM retry loop
     - igc: handle the IGC_PTP_ENABLED flag correctly
     - igc: cleanup PTP module if probe fails
     - net: mctp: Set SOCK_RCU_FREE
     - net: openvswitch: fix nested key length validation in the set() action
     - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
     - net: b53: enable BPDU reception for management port
     - net: bridge: switchdev: do not notify new brentries as changed
     - [arm64,armhf] net: dsa: mv88e6xxx: avoid unregistering devlink regions
       which were never registered
     - [arm64,armhf] net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST
       is unsupported
     - [arm64,armhf] net: dsa: avoid refcount warnings when
       ds->ops->tag_8021q_vlan_del() fails
     - ptp: ocp: fix start time alignment in ptp_ocp_signal_set
     - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
     - writeback: fix false warning in inode_to_wb()
     - Revert "PCI: Avoid reset when disabled via sysfs"
     - [x86] asus-laptop: Fix an uninitialized variable
     - nfs: move nfs_fhandle_hash to common include file
     - nfs: add missing selections of CONFIG_CRC32
     - nfsd: decrease sc_count directly if fail to queue dl_recall
     - btrfs: correctly escape subvol in btrfs_show_options()
     - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
     - i2c: cros-ec-tunnel: defer probe if parent EC is not present
     - isofs: Prevent the use of too small fid
     - loop: properly send KOBJ_CHANGED uevent for disk device
     - loop: LOOP_SET_FD: send uevents for partitions
     - mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
     - mm: fix filemap_get_folios_contig returning batches of identical folios
     - ksmbd: Fix dangling pointer in krb_authenticate
     - ksmbd: Prevent integer overflow in calculation of deadtime
     - ksmbd: fix the warning from __kernel_write_iter
     - smb3 client: fix open hardlink on deferred close file error
     - string: Add load_unaligned_zeropad() code path to sized_strscpy()
     - tracing: Fix filter string testing
     - virtiofs: add filesystem context source name check
     - scsi: megaraid_sas: Block zero-length ATA VPD inquiry
     - scsi: ufs: exynos: Ensure consistent phy reference counts
     - [x86] perf/x86/intel: Allow to update user space GPRs from PEBS records
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SNR
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       ICX
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SPR
     - [arm64] drm/msm/a6xx: Fix stale rpmh votes from GPU
     - drm/amd: Handle being compiled without SI or CIK support better
     - drm/amd/pm: Prevent division by zero
     - drm/amd/pm/powerplay: Prevent division by zero
     - drm/amd/pm/smu11: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
     - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
     - drm/amdgpu/dma_buf: fix page_link check
     - drm/nouveau: prime: fix ttm_bo_delayed_delete oops
     - [x86] drm/i915/gvt: fix unterminated-string-initialization warning
     - io_uring/net: fix accept multishot handling
     - [arm64] KVM: arm64: Discard any SVE state when entering KVM guests
     - [arm64] fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
     - [arm64] fpsimd: Have KVM explicitly say which FP registers to save
     - [arm64] fpsimd: Stop using TIF_SVE to manage register saving in KVM
     - [arm64] KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
     - [arm64] KVM: arm64: Remove host FPSIMD saving for non-protected KVM
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
     - [arm64] KVM: arm64: Refactor exit handlers
     - [arm64] KVM: arm64: Mark some header functions as inline
     - [arm64] KVM: arm64: Calculate cptr_el2 traps on activating traps
     - [arm64] KVM: arm64: Eagerly switch ZCR_EL{1,2}
     - cpufreq: Reference count policy in cpufreq_update_limits()
     - kbuild: Add '-fno-builtin-wcslen'
     - mptcp: sockopt: fix getting freebind & transparent
     - mm: Fix is_zero_page() usage in try_grab_page() (Closes: #1102914)
     - [x86] split_lock: Fix the delayed detection logic
     - [x86] pvh: Call C code via the kernel virtual mapping
     - [powerpc*] rtas: Prevent Spectre v1 gadget construction in sys_rtas()
       (CVE-2024-46774)
     - btrfs: fix qgroup reserve leaks in cow_file_range (CVE-2024-46733)
     - btrfs: zoned: fix zone activation with missing devices
     - btrfs: zoned: fix zone finishing with missing devices
     - Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
     - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
       max_links (CVE-2024-46816)
     - landlock: Add the errata interface
     - nvmet-fc: Remove unused functions
     - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
       (CVE-2024-46742)
     - cifs: use origin fullpath for automounts
     - btrfs: fix the length of reserved qgroup to free
     - bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
     - bpf: Prevent tail call between progs attached to different hooks
       (CVE-2024-50063)
     - blk-cgroup: support to track if policy is online
     - blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
     - mm: fix apply_to_existing_page_range()
     - sign-file,extract-cert: move common SSL helper functions to a header
     - sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
     - sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
     - [mips*] ds1287: Match ds1287_set_base_clock() function types
     - md: factor out a helper from mddev_put()
     - md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
       (Closes: #1086175)
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 34
 .
   [ Ben Hutchings ]
   * d/rules.d/certs: Add newly required include directory to CPPFLAGS
linux-signed-amd64 (6.1.133+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.133-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130
     - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
     - md/md-bitmap: replace md_bitmap_status() with a new helper
       md_bitmap_get_stats()
     - md/md-cluster: fix spares warnings for __le64
     - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
     - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
     - mm: update mark_victim tracepoints fields
     - memcg: fix soft lockup in the OOM process (CVE-2024-57977)
     - Bluetooth: qca: Support downloading board id specific NVM for WCN7850
     - Bluetooth: qca: Update firmware-name to support board specific nvm
     - Bluetooth: qca: Fix poor RF performance for WCN6855
     - scsi: core: Handle depopulation and restoration in progress
     - scsi: core: Do not retry I/Os during depopulation
     - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default
     - [arm64] dts: qcom: trim addresses to 8 digits
     - [arm64] dts: qcom: sm8450: Fix CDSP memory length
     - tpm: Use managed allocation for bios event log
     - tpm: Change to kvalloc() in eventlog/acpi.c
     - media: Switch to use dev_err_probe() helper
     - media: uvcvideo: Fix crash during unbind if gpio unit is in use
       (CVE-2024-58079)
     - media: uvcvideo: Refactor iterators
     - media: uvcvideo: Only save async fh if success
     - media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
     - USB: gadget: core: create sysfs link between udc and gadget
     - usb: gadget: core: flush gadget workqueue after device removal
       (CVE-2025-21838)
     - USB: gadget: f_midi: f_midi_complete to call queue_work
     - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h
     - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
     - ALSA: hda/realtek: Fixup ALC225 depop procedure
     - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area
       as VM_ALLOC
     - geneve: Fix use-after-free in geneve_find_dev().
     - ALSA: hda/cirrus: Correct the full scale volume set logic
     - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
     - geneve: Suppress list corruption splat in geneve_destroy_tunnels().
     - flow_dissector: Fix handling of mixed port and port-range keys
     - flow_dissector: Fix port range key handling in BPF conversion
     - net: Add non-RCU dev_getbyhwaddr() helper
     - arp: switch to dev_getbyhwaddr() in arp_req_set_public()
     - net: axienet: Set mac_managed_pm
     - tcp: drop secpath at the same time as we currently drop dst
     - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
     - strparser: Add read_sock callback
     - bpf: Fix wrong copied_seq calculation
     - power: supply: da9150-fg: fix potential overflow
     - nouveau/svm: fix missing folio unlock + put after
       make_device_exclusive_range()
     - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC
       fields
     - nvme/ioctl: add missing space in err message
     - bpf: skip non exist keys in generic_map_lookup_batch
     - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup
     - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc
       included
     - [arm64] tee: optee: Fix supplicant wait loop
     - drop_monitor: fix incorrect initialization order
     - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
     - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality()
     - ALSA: hda: Add error check for snd_ctl_rename_id() in
       snd_hda_create_dig_out_ctls()
     - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
     - acct: perform last write from workqueue
     - acct: block access to kernel internal filesystems
     - mm,madvise,hugetlb: check for 0-length range after end address adjustment
     - smb: client: Add check for next_buffer in receive_encrypted_standard()
     - ftrace: Correct preemption accounting for function tracing.
     - ftrace: Do not add duplicate entries in subops manager ops
     - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
     - block, bfq: split sync bfq_queues on a per-actuator basis
     - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)
     - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
       (CVE-2024-47754)
     - netfilter: allow exp not to be removed in nf_ct_find_expectation
     - IB/mlx5: Set and get correct qp_num for a DCT QP
     - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
     - SUNRPC: convert RPC_TASK_* constants to enum
     - SUNRPC: Prevent looping due to rpc_signal_task() races
     - scsi: core: Clear driver private data when retrying request
     - RDMA/mlx5: Fix bind QP error cleanup flow
     - sunrpc: suppress warnings for unused procfs functions
     - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
     - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
     - afs: remove variable nr_servers
     - afs: Make it possible to find the volumes that are using a server
     - afs: Fix the server_list to unuse a displaced server rather than putting
       it
     - net: loopback: Avoid sending IP packets without an Ethernet header
     - net: set the minimum for net_hotdata.netdev_budget_usecs
     - net/ipv4: add tracepoint for icmp_send
     - ipv4: icmp: Pass full DS field to ip_route_input()
     - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup()
     - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound()
     - ipv4: Convert icmp_route_lookup() to dscp_t.
     - ipv4: Convert ip_route_input() to dscp_t.
     - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos
       conversion.
     - ipvlan: ensure network headers are in skb linear part
     - [arm64] net: cadence: macb: Synchronize stats calculations
     - [armhf] ASoC: es8328: fix route from DAC to output
     - ipvs: Always clear ipvs_property flag in skb_scrub_packet()
     - tcp: Defer ts_recent changes until req is owned
     - net: Clear old fragment checksum value in napi_reuse_skb
     - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
     - net/mlx5: IRQ, Fix null string in debug print
     - include: net: add static inline dst_dev_overhead() to dst.h
     - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in seg6 lwt
     - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in rpl lwt
     - mm: Don't pin ZERO_PAGE in pin_user_pages()
     - uprobes: Reject the shared zeropage in uprobe_write_opcode()
     - io_uring/net: save msg_control for compat
     - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
     - tracing: Fix bad hist from corrupting named_triggers list
     - ftrace: Avoid potential division by zero in function_stat_show()
     - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
     - [x86] perf/x86: Fix low freqency setting issue
     - perf/core: Fix low freq setting via IOC_PERIOD
     - drm/amd/display: Disable PSR-SU on eDP panels
     - drm/amd/display: Fix HPD after gpu reset
     - i2c: npcm: disable interrupt enable bit before devm_request_irq
     - usbnet: gl620a: fix endpoint checking in genelink_bind()
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
     - [arm64] net: enetc: keep track of correct Tx BD count in
       enetc_map_tx_tso_buffs()
     - [arm64] net: enetc: update UDP checksum when updating originTimestamp
       field
     - [arm64] net: enetc: correct the xdp_tx statistics
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs()
     - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks
       in refclk
     - mptcp: always handle address removal under msk socket lock
     - mptcp: reset when MPTCP opts are dropped after join
     - vmlinux.lds: Ensure that const vars with relocations are mapped R/O
     - sched/core: Prevent rescheduling when interrupts are disabled
     - drm/amd/display: fixed integer types and null check locations
       (CVE-2024-26767)
     - amdgpu/pm/legacy: fix suspend/resume issues
     - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C
       states, correctly (Closes: #1088682)
     - Squashfs: check the inode number is not the invalid value of zero
       (CVE-2024-26982)
     - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
     - media: mtk-vcodec: potential null pointer deference in SCP
       (CVE-2024-40973)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
     - drm/amdgpu: Check extended configuration space register when system uses
       large bar
     - drm/amdgpu: disable BAR resize on Dell G5 SE
     - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS
     - [x86] speculation: Add __update_spec_ctrl() helper
     - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
     - Revert "of: reserved-memory: Fix using wrong number of cells to get
       property 'alignment'"
     - HID: appleir: Fix potential NULL dereference at raw event handle
     - ksmbd: fix type confusion via race condition when using
       ipc_msg_send_request
     - ksmbd: fix use-after-free in smb2_lock
     - ksmbd: fix bug on trap in smb2_lock
     - [arm64] gpio: rcar: Use raw_spinlock to protect register access
     - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
     - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
     - ALSA: hda/realtek: update ALC222 depop optimize
     - drm/amd/display: Fix null check for pipe_ctx->plane_state in
       resource_build_scaling_params
     - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
     - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
     - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
     - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
     - wifi: cfg80211: regulatory: improve invalid hints checking
     - wifi: nl80211: reject cooked mode if it is set along with other flags
     - rapidio: add check for rio_add_net() in rio_scan_alloc_net()
     - rapidio: fix an API misues when rio_add_net() fails
     - dma: kmsan: export kmsan_handle_dma() for modules
     - [s390x] traps: Fix test_monitor_call() inline assembly
     - block: fix conversion of GPT partition name to 7-bit
     - mm/page_alloc: fix uninitialized variable
     - mm: don't skip arch_sync_kernel_mappings() in error paths
     - wifi: iwlwifi: limit printed string from FW file
     - HID: google: fix unused variable warning under !CONFIG_ACPI
     - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
     - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
     - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
     - net: gso: fix ownership in __udp_gso_segment
     - caif_virtio: fix wrong pointer check in cfv_probe()
     - hwmon: (pmbus) Initialise page count in pmbus_identify()
     - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
     - hwmon: (ad7314) Validate leading zero bits and return error
     - ALSA: usx2y: validate nrpacks module parameter on probe
     - llc: do not use skb_get() before dev_queue_xmit()
     - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
     - drm/sched: Fix preprocessor guard
     - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
     - [arm64] net: hns3: make sure ptp clock is unregister and freed if
       hclge_ptp_get_cycle returns an error
     - vlan: enforce underlying device type
     - [x86] sgx: Fix size overflows in sgx_encl_create()
     - exfat: fix soft lockup in exfat_clear_bitmap
     - net-timestamp: support TCP GSO case for a few missing flags
     - ublk: set_params: properly check if parameters can be applied
     - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
     - net: ipv6: fix dst ref loop in ila lwtunnel
     - net: ipv6: fix missing dst ref drop in ila lwtunnel
     - [arm64] gpio: rcar: Fix missing of_node_put() call
     - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
       (Closes: #1100746)
     - usb: hub: lack of clearing xHC resources
     - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
       Reader
     - usb: atm: cxacru: fix a flaw in existing endpoint checks
     - usb: dwc3: Set SUSPENDENABLE soon after phy init
     - usb: dwc3: gadget: Prevent irq storm when TH re-executes
     - usb: typec: ucsi: increase timeout for PPM reset operations
     - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
     - usb: gadget: Set self-powered based on MaxPower and bmAttributes
     - usb: gadget: Fix setting self-powered state on suspend
     - usb: gadget: Check bmAttributes only if configuration is valid
     - xhci: pci: Fix indentation in the PCI device ID definitions
     - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Closes: #1050352)
     - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
     - [x86] mei: me: add panther lake P DID
     - [x86] intel_th: pci: Add Arrow Lake support
     - [x86] intel_th: pci: Add Panther Lake-H support
     - [x86] intel_th: pci: Add Panther Lake-P/U support
     - drivers: core: fix device leak in __fw_devlink_relax_cycles()
     - slimbus: messaging: Free transaction ID in delayed interrupt scenario
     - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid
       deadlock
     - eeprom: digsy_mtc: Make GPIO lookup table match the device
     - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
     - iio: filter: admv8818: Force initialization of SDO
     - iio: dac: ad3552r: clear reset status flag
     - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
     - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
     - Revert "KVM: e500: always restore irqs"
     - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
     - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock"
     - Revert "KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()"
     - uprobes: Fix race in uprobe_free_utask
     - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode
     - spi-mxs: Fix chipselect glitch
     - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
     - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
     - nilfs2: handle errors that nilfs_prepare_chunk() may return
     - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
       (CVE-2024-24855)
     - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831)
     - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
     - bpf, vsock: Invoke proto::close on close()
     - vsock: Keep the binding until socket destruction (CVE-2025-21756)
     - vsock: Orphan socket after transport release
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132
     - clockevents/drivers/i8253: Fix stop sequence for timer 0
     - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
     - hrtimer: Use and report correct timerslack values for realtime tasks
     - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
     - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
     - ice: fix memory leak in aRFS after reset
     - netfilter: nf_conncount: garbage collection is not skipped when jiffies
       wrap around
     - sched: address a potential NULL pointer dereference in the GRED scheduler.
     - wifi: cfg80211: cancel wiphy_work before freeing wiphy
     - Bluetooth: hci_event: Fix enabling passive scanning
     - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid
       context"
     - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops
     - net: mctp i2c: Copy headers if cloned
     - netpoll: hold rcu read lock in __netpoll_send_skb()
     - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device
       is removed
     - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in
       vmbus_free_mmio()
     - net/mlx5: handle errors in mlx5_chains_create_table()
     - eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
     - net: switchdev: Convert blocking notification chain to a raw one
     - bonding: fix incorrect MAC address setting to receive NS messages
     - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
       insert_tree()
     - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
     - net_sched: Prevent creation of classes with TC_H_ROOT
     - netfilter: nft_exthdr: fix offset with ipv4_find_option()
     - gre: Fix IPv6 link-local address generation.
     - net: openvswitch: remove misbehaving actions length check
     - net/mlx5: Bridge, fix the crash caused by LAG state check
     - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed
       devices
     - nvme-fc: go straight to connecting state when initializing
     - hrtimers: Mark is_migration_base() with __always_inline
     - powercap: call put_device() on an error path in
       powercap_register_control_type()
     - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
     - scsi: core: Use GFP_NOIO to avoid circular locking dependency
     - scsi: qla1280: Fix kernel oops when debug level > 2
     - ACPI: resource: IRQ override for Eluktronics MECH-17
     - smb: client: fix noisy when tree connecting to DFS interlink targets
     - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
     - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset
     - HID: ignore non-functional sensor in HP 5MP Camera
     - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
     - HID: apple: fix up the F6 key on the Omoton KB066 keyboard
     - sched: Clarify wake_up_q()'s write to task->wake_q.next
     - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
     - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
     - [s390x] cio: Fix CHPID "configure" attribute caching
     - thermal/cpufreq_cooling: Remove structure member documentation
     - Xen/swiotlb: mark xen_swiotlb_fixup() __init
     - ALSA: hda/realtek: Limit mic boost on Positivo ARN50
     - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
     - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
     - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
     - nvme-tcp: add basic support for the C2HTermReq PDU
     - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
     - sctp: Fix undefined behavior in left shift operation
     - nvme: only allow entering LIVE from CONNECTING state
     - fuse: don't truncate cached, mutated symlink
     - [x86] perf/x86/intel: Use better start period for frequency mode
     - [x86] irq: Define trace events conditionally
     - mptcp: safety check before fallback
     - drm/nouveau: Do not override forced connector status
     - block: fix 'kmem_cache of name 'bio-108' already exists'
     - io_uring: return error pointer from io_mem_alloc()
     - io_uring: add ring freeing helper
     - mm: add nommu variant of vm_insert_pages()
     - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
     - io_uring: don't attempt to mmap larger than what the user asks for
     - io_uring: fix corner case forgetting to vunmap
     - xfs: pass refcount intent directly through the log intent code
     - xfs: pass xfs_extent_free_item directly through the log intent code
     - xfs: fix confusing xfs_extent_item variable names
     - xfs: pass the xfs_bmbt_irec directly through the log intent code
     - xfs: pass per-ag references to xfs_free_extent
     - xfs: validate block number being freed before adding to xefi
     - xfs: fix bounds check in xfs_defer_agfl_block()
     - xfs: use deferred frees for btree block freeing
     - xfs: reserve less log space when recovering log intent items
     - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
     - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
     - xfs: consider minlen sized extents in xfs_rtallocate_extent_block
     - xfs: don't leak recovered attri intent items
     - xfs: make rextslog computation consistent with mkfs
     - xfs: fix 32-bit truncation in xfs_compute_rextslog
     - xfs: don't allow overly small or large realtime volumes
     - xfs: remove unused fields from struct xbtree_ifakeroot
     - xfs: recompute growfsrtfree transaction reservation while growing rt
       volume
     - xfs: force all buffers to be written during btree bulk load
     - xfs: initialise di_crc in xfs_log_dinode
     - xfs: add lock protection when remove perag from radix tree
     - xfs: fix perag leak when growfs fails
     - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
     - xfs: update dir3 leaf block metadata after swap
     - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
     - xfs: remove conditional building of rt geometry validator functions
     - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
     - Input: i8042 - add required quirks for missing old boardnames
     - Input: i8042 - swap old quirk combination with new quirk for several
       devices
     - Input: i8042 - swap old quirk combination with new quirk for more devices
     - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
     - USB: serial: option: add Telit Cinterion FE990B compositions
     - USB: serial: option: fix Telit Cinterion FE990A name
     - USB: serial: option: match on interface class for Telit FN990B
     - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
     - drm/atomic: Filter out redundant DPMS calls
     - drm/dp_mst: Fix locking when skipping CSN before topology probing
     - drm/amd/display: Restore correct backlight brightness after a GPU reset
     - drm/amd/display: Assign normalized_pix_clk when color depth = 14
     - drm/amd/display: Fix slab-use-after-free on hdcp_work
     - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2
       model
     - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
     - lib/buildid: Handle memfd_secret() files in build_id_parse()
     - tcp: fix races in tcp_abort()
     - tcp: fix forever orphan socket caused by tcp_abort
     - leds: mlxreg: Use devm_mutex_init() for mutex initialization
     - ASoC: ops: Consistently treat platform_max as control value
     - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
     - cifs: Fix integer overflow while processing acregmax mount option
     - cifs: Fix integer overflow while processing acdirmax mount option
     - cifs: Fix integer overflow while processing actimeo mount option
     - cifs: Fix integer overflow while processing closetimeo mount option
     - i2c: ali1535: Fix an error handling path in ali1535_probe()
     - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
     - i2c: sis630: Fix an error handling path in sis630_probe()
     - [arm64] mm: Populate vmemmap at the page level if not section aligned
     - smb3: add support for IAKerb
     - smb: client: Fix match_session bug preventing session reuse
     - HID: apple: disable Fn key handling on the Omoton KB066
     - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
     - firmware: imx-scu: fix OF node leak in .probe()
     - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply
     - xfrm_output: Force software GSO only in tunnel mode
     - [arm64] soc: imx8m: Remove global soc_uid
     - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling
     - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path
     - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
     - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
     - ARM: dts: bcm2711: Don't mark timer regs unconfigured
     - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
     - [arm64] RDMA/hns: Fix soft lockup during bt pages loop
     - [arm64] RDMA/hns: Fix unmatched condition in error path of
       alloc_user_qp_db()
     - [arm64] RDMA/hns: Fix a missing rollback in error path of
       hns_roce_create_qp_common()
     - [arm64] RDMA/hns: Fix wrong value of max_sge_rd
     - Bluetooth: Fix error code in chan_alloc_skb_cb()
     - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
     - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
     - net: atm: fix use after free in lec_send()
     - net: lwtunnel: fix recursion loops
     - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
     - Revert "gre: Fix IPv6 link-local address generation."
     - i2c: omap: fix IRQ storms
     - [arm64,armhf] can: flexcan: only change CAN state when link up in system
       PM
     - [arm64,armhf] can: flexcan: disable transceiver during system PM
     - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence
     - regulator: check that dummy regulator has been probed before using it
     - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound
       card
     - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
     - mmc: atmel-mci: Add missing clk_disable_unprepare()
     - proc: fix UAF in proc_get_inode()
     - efi/libstub: Avoid physical address 0x0 when doing random allocation
     - xsk: fix an integer overflow in xp_create_and_assign_umem()
     - batman-adv: Ignore own maximum aggregation size during RX
     - [arm64] soc: qcom: pdr: Fix the potential deadlock
     - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
     - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
     - ksmbd: fix incorrect validation for num_aces field of smb_acl
     - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
     - mptcp: Fix data stream corruption in the address announcement
     - netfilter: nft_counter: Use u64_stats_t for statistic.
     - drm/mediatek: Fix coverity issue with unintentional integer overflow
       (CVE-2023-52857)
     - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
       (CVE-2024-47753)
     - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S
     - drm/amdgpu: fix use-after-free bug (CVE-2024-26656)
     - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056)
     - mm/migrate: fix shmem xarray update during migration
     - block, bfq: fix re-introduced UAF in bic_set_bfqq()
     - xfs: give xfs_extfree_intent its own perag reference
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133
     - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
     - HID: hid-plantronics: Add mic mute mapping and generalize quirks
     - atm: Fix NULL pointer dereference
     - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
     - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts
     - [armel,armhf] Remove address checking for MMUless devices
     - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772)
     - netfilter: socket: Lookup orig tuple for IPv6 SNAT
     - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
     - tty: serial: 8250: Add some more device IDs
     - tty: serial: 8250: Add Brainboxes XC devices
     - net: usb: qmi_wwan: add Telit Cinterion FN990B composition
     - net: usb: qmi_wwan: add Telit Cinterion FE990B composition
     - net: usb: usbnet: restore usb%d name exception for local mac addresses
     - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
     - serial: 8250_dma: terminate correct DMA in tx_dma_flush()
     - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056)
     - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918)
     - media: i2c: et8ek8: Don't strip remove function when driver is builtin
       (CVE-2024-38611)
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.12:
     - net: mana: Use mana_cleanup_port_context() for rxq cleanup
     - net: mana: Add support for page sizes other than 4KB on ARM64
     - net: mana: Add page pool for RX buffers
     - net: mana: Fix the tso_bytes calculation
     - net: mana: Fix oversized sge0 for GSO packets
     - net: mana: Avoid open coded arithmetic
     - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
     - net: mana: Allow variable size indirection table
 .
   [ Ben Hutchings ]
   * d/salsa-ci.yml: Run lintian from the target release, not always unstable
   * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes:
     #1085949)
   * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13
 .
   [ Salvatore Bonaccorso ]
   * d/b/genpatch-rt: Drop now unused 'io' module.
   * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors"
   * Bump ABI to 33
   * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
     (Closes: #1100928)

linux-signed-arm64 (6.1.137+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.137-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.136
     - module: sign with sha512 instead of sha1 by default
     - tracing: Add __cpumask to denote a trace event field that is a cpumask_t
     - tracing: Fix cpumask() example typo
     - tracing: Add __string_len() example
     - tracing: Add __print_dynamic_array() helper
     - tracing: Verify event formats that have "%*p.."
     - [arm64,armhf] net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings
       from mdiobus code
     - [arm64,armhf] net: dsa: add support for mac_prepare() and mac_finish()
       calls
     - [arm64,armhf] net: dsa: mv88e6xxx: move link forcing to
       mac_prepare/mac_finish
     - [arm64,armhf] net: dsa: mv88e6xxx: pass directly chip structure to
       mv88e6xxx_phy_is_internal
     - [arm64,armhf] net: dsa: mv88e6xxx: add field to specify internal phys
       layout
     - [arm64,armhf] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
     - [arm64,armhf] net: dsa: mv88e6xxx: fix VTU methods for 6320 family
     - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
       return value check
     - iio: adc: ad7768-1: Fix conversion result sign
     - [arm64] backlight: led_bl: Convert to platform remove callback returning
       void
     - [arm64] backlight: led_bl: Hold led_access lock when calling
       led_sysfs_disable() (CVE-2025-23144)
     - of: resolver: Simplify of_resolve_phandles() using __free()
     - of: resolver: Fix device node refcount leakage in of_resolve_phandles()
     - PCI: Assign PCI domain IDs by ida_alloc()
     - PCI: Fix reference leak in pci_register_host_bridge()
     - ASoC: qcom: q6dsp: add support to more display ports
     - ASoC: qcom: Fix sc7280 lpass potential buffer overflow
     - dma/contiguous: avoid warning about unused size_bytes
     - [arm64] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
     - [arm64] cpufreq: cppc: Fix invalid return value in .get() callback
     - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
     - scsi: core: Clear flags for scsi_cmnd that did not complete
     - net: lwtunnel: disable BHs when required
     - net: phy: leds: fix memory leak
     - tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
     - net_sched: hfsc: Fix a UAF vulnerability in class handling
       (CVE-2025-37797)
     - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
     - [amd64] iommu/amd: Return an error if vCPU affinity is set for non-vCPU
       IRTE
     - [x86] perf/x86: Fix non-sampling (counting) events on certain x86
       platforms
     - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
     - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
     - virtio_console: fix missing byte order handling for cols and rows
     - xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
     - drm/amd/display: Fix gpu reset in multidisplay config
     - drm/amd/display: Force full update in gpu reset
     - [x86] KVM: SVM: Allocate IR data using atomic allocation
     - USB: storage: quirk for ADATA Portable HDD CH94
     - mei: me: add panther lake H DID
     - [x86] KVM: x86: Explicitly treat routing entry type changes as changes
     - [x86] KVM: x86: Reset IRTE to host control if *new* route isn't postable
     - [arm64] serial: msm: Configure correct working mode before starting
       earlycon
     - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
     - USB: serial: option: add Sierra Wireless EM9291
     - USB: serial: simple: add OWON HDS200 series oscilloscope support
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix usbmisc handling
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix call balance of regulator
       routines
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error
       handling
     - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
     - [arm64,armhf] usb: dwc3: gadget: check that event count does not exceed
       event buffer length
     - [arm64,armhf] usb: dwc3: xilinx: Prevent spike in reset signal
     - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
     - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
     - USB: VLI disk crashes if LPM is used
     - USB: wdm: handle IO errors in wdm_wwan_port_start
     - USB: wdm: close race between wdm_open and wdm_wwan_port_stop
     - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
     - USB: wdm: add annotation
     - [mips*] cm: Detect CM quirks from device tree
     - crypto: null - Use spin lock instead of mutex
     - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
     - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
     - [s390x] sclp: Add check for get_zeroed_page()
     - [s390x] tty: Fix a potential memory leak bug
     - [arm64,armhf] usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
     - [arm64,armhf] usb: dwc3: gadget: Avoid using reserved endpoints on Intel
       Merrifield
     - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
     - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
     - [armhf] usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
     - [arm64,armhf] usb: host: xhci-plat: mvebu: use ->quirks instead of
       ->init_quirk() func
     - [x86] thunderbolt: Scan retimers after device router has been enumerated
     - objtool: Silence more KCOV warnings
     - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
       wcd934x_slim_irq_handler()
     - objtool, lkdtm: Obfuscate the do_nothing() pointer
     - [amd64] qibfs: fix _another_ leak
     - 9p/net: fix improper handling of bogus negative read/write replies
     - [arm64] rtc: pcf85063: do a SW reset if POR failed
     - [s390x] KVM: s390: Don't use %pK through tracepoints
     - udmabuf: fix a buf size overflow issue during udmabuf creation
     - xen: Change xen-acpi-processor dom0 dependency
     - nvme: requeue namespace scan on missed AENs
     - ACPI: EC: Set ec_no_wakeup for Lenovo Go S
     - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
     - nvme: re-read ANA log page after ns scan completes
     - objtool: Stop UNRET validation on UD2
     - [x86] bugs: Use SBPB in write_ibpb() if applicable
     - [x86] bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
     - [x86] bugs: Don't fill RSB on context switch with eIBRS
     - ext4: make block validity check resistent to sb bh corruption
     - [arm64] scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
     - scsi: pm80xx: Set phy_attached to zero when device is gone
     - [x86] i8253: Call clockevent_i8253_disable() with interrupts disabled
     - loop: aio inherit the ioprio of original request
     - md/raid1: Add check for missing source disk in process_checks()
     - [arm64,armhf] spi: spi-imx: Add check for spi_imx_setupxfer()
     - of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
       (Closes: #1103277)
     - jfs: define xtree root and page independently
     - [x86] comedi: jr3_pci: Fix synchronous deletion of timer
     - net/sched: act_mirred: don't override retval if we already lost the skb
       (CVE-2024-26739)
     - [arm64,armhf] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable PVT for 6321 switch
     - [arm64,armhf] net: dsa: mv88e6xxx: enable .port_set_policy() for 6320
       family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable STU methods for 6320 family
     - xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
     - nvme: fixup scan failure for non-ANA multipath controllers
     - tracing: Remove pointer (asterisk) and brackets from cpumask_t field
     - PCI: Fix use-after-free in pci_bus_release_domain_nr()
     - objtool: Silence more KCOV warnings, part 2
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.137
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 35
   * md: move initialization and destruction of 'io_acct_set' to md.c
     (Closes: #1104460)
   * Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Closes: #1104511)
 .
   [ Raphaël Hertzog ]
   * udeb: add dm-thin-pool md-modules (Closes: #956226)
linux-signed-arm64 (6.1.135+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.135-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
     - watch_queue: fix pipe accounting mismatch
     - [x86] mm/pat: cpa-test: fix length for CPA_ARRAY test
     - cpufreq: scpi: compare kHz instead of Hz
     - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
     - [x86] fpu: Fix guest FPU state buffer allocation size
     - [x86] fpu: Avoid copying dynamic FP state from init_task in
       arch_dup_task_struct()
     - [x86] platform: Only allow CONFIG_EISA for 32-bit
     - [x86] sev: Add missing RIP_REL_REF() invocations during sme_enable()
     - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
     - PM: sleep: Adjust check before setting power.must_resume
     - selinux: Chain up tool resolving errors in install_policy.sh
     - [x86] EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
     - [x86] EDAC/ie31200: Fix the DIMM size mask for several SoCs
     - [x86] EDAC/ie31200: Fix the error path order of ie31200_init()
     - thermal: int340x: Add NULL check for adev
     - PM: sleep: Fix handling devices with direct_complete set on errors
     - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
     - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
     - [x86] fpu/xstate: Fix inconsistencies in guest FPU xfeatures
     - [arm64,armhf] media: verisilicon: HEVC: Initialize start_bit field
     - [x86] ASoC: cs35l41: check the return value from spi_setup()
     - HID: remove superfluous (and wrong) Makefile entry for
       CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
     - ALSA: hda/realtek: Always honor no_shutup_pins
     - [arm64] drm/bridge: ti-sn65dsi86: Fix multiple instances
     - drm/dp_mst: Fix drm RAD print
     - PCI: Use downstream bridges for distributing resources
     - PCI/ASPM: Fix link state exit during switch upstream function removal
     - [arm64] drm/msm/dsi: Set PHY usescase (and mode) before registering DSI
       host
     - [arm64] PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without
       data payload
     - [arm64] PCI: brcmstb: Use internal register to change link capability
     - [arm64] PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
     - [arm64] PCI: brcmstb: Fix potential premature regulator disabling
     - PCI/portdrv: Only disable pciehp interrupts early when needed
     - PCI: Avoid reset when disabled via sysfs
     - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
     - PCI: Remove stray put_device() in pci_register_host_bridge()
     - drm/amd/display: avoid NPD when ASIC does not support DMUB
     - PCI: pciehp: Don't enable HPIE when resuming in poll mode
     - [mips*] fbdev: sm501fb: Add some geometry checks.
     - [arm64] clk: amlogic: gxbb: drop incorrect flag on 32k clock
     - [arm64,armhf] remoteproc: core: Clear table_sz when rproc_shutdown
     - bpf: Use preempt_count() directly in bpf_send_signal_common()
     - lib: 842: Improve error handling in sw842_compress()
     - [arm64] clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
     - RDMA/core: Don't expose hw_counters outside of init net namespace
     - RDMA/mlx5: Fix calculation of total invalidated pages
     - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
     - IB/mad: Check available slots before posting receive WRs
     - [arm64,armhf] pinctrl: tegra: Set SFIO mode to Mux Register
     - [arm64] clk: amlogic: g12b: fix cluster A parent data
     - [arm64] clk: amlogic: gxbb: drop non existing 32k clock parent
     - [arm64] clk: amlogic: g12a: fix mmc A peripheral clock
     - [x86] entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
     - power: supply: max77693: Fix wrong conversion of charge input threshold
       value
     - [powerpc*] crypto: nx - Fix uninitialised hv_nxc on error
     - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
     - [mips*] mfd: sm501: Switch to BIT() to mitigate integer overflows
     - [x86] dumpstack: Fix inaccurate unwinding from exception stacks due to
       misplaced assignment
     - isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
     - soundwire: slave: fix an OF node reference leak in soundwire slave device
     - [arm64] coresight-etm4x: add isb() before reading the TRCSTATR
     - iio: accel: mma8452: Ensure error return on failure to matching
       oversampling ratio
     - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim
       fails.
     - usb: xhci: correct debug message page size calculation
     - iio: adc: ad7124: Fix comparison of channel configs
     - perf evlist: Add success path to evlist__create_syswide_maps
     - perf units: Fix insufficient array space
     - kexec: initialize ELF lowest address to ULONG_MAX
     - ocfs2: validate l_tree_depth to avoid out-of-bounds access
     - NFSv4: Don't trigger uneccessary scans for return-on-close delegations
     - fuse: fix dax truncate/punch_hole fault path
     - i3c: master: svc: Fix missing the IBI rules
     - perf python: Fixup description of sample.id event member
     - perf python: Decrement the refcount of just created event on failure
     - perf python: Don't keep a raw_data pointer to consumed ring buffer space
     - perf python: Check if there is space to copy all the event
     - fs/procfs: fix the comment above proc_pid_wchan()
     - perf tools: annotate asm_pure_loop.S
     - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
     - exfat: fix the infinite loop in exfat_find_last_cluster()
     - rtnetlink: Allocate vfinfo size for VF GUIDs when supported
     - rndis_host: Flag RNDIS modems as WWAN devices
     - ksmbd: use aead_request_free to match aead_request_alloc
     - ksmbd: fix multichannel connection failure
     - net/mlx5e: SHAMPO, Make reserved size independent of page size
     - ring-buffer: Fix bytes_dropped calculation issue
     - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
       invalid
     - sched/smt: Always inline sched_smt_active()
     - context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
     - rcu-tasks: Always inline rcu_irq_work_resched()
     - wifi: iwlwifi: fw: allocate chained SG tables for dump
     - wifi: iwlwifi: mvm: use the right version of the rate API
     - nvme-tcp: fix possible UAF in nvme_tcp_poll
     - nvme-pci: clean up CMBMSC when registering CMB fails
     - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
     - wifi: brcmfmac: keep power during suspend if board requires it
     - affs: generate OFS sequence numbers starting at 1
     - affs: don't write overlarge OFS data block size fields
     - ALSA: hda/realtek: Fix Asus Z13 2025 audio
     - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
     - [x86] platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go
       4 tablet
     - HID: i2c-hid: improve i2c_hid_get_report error message
     - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
       CS35L41 HDA
     - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
       CS35L41 HDA
     - sched/deadline: Use online cpus for validating runtime
     - locking/semaphore: Use wake_q to wake up processes outside lock critical
       section
     - [x86] sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
     - drm/amd: Keep display off while going into S4
     - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
     - can: statistics: use atomic access in hot path
     - memory: omap-gpmc: drop no compatible check
     - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
     - spufs: fix a leak on spufs_new_file() failure
     - spufs: fix gang directory lifetimes
     - spufs: fix a leak in spufs_create_context()
     - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
     - ntb: intel: Fix using link status DB's
     - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
       only
     - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
     - net_sched: skbprio: Remove overly strict queue assertions
     - [arm64,armhf] net: mvpp2: Prevent parser TCAM memory corruption
     - udp: Fix memory accounting leak.
     - vsock: avoid timeout during connect() if the socket is closing
     - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
     - netfilter: nft_tunnel: fix geneve_opt type confusion addition
     - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
     - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
     - net: fix geneve_opt length integer overflow
     - ipv6: Start path selection from the first nexthop
     - ipv6: Do not consider link down nexthops in path selection
     - arcnet: Add NULL check in com20020pci_probe()
     - io_uring/filetable: ensure node switch is always done, if needed
     - drm/amdgpu/gfx11: fix num_mec
     - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
     - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
       registers
     - usbnet:fix NPE during rx_complete
     - [x86] platform/x86: ISST: Correct command storage data length
     - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
     - [x86] perf/x86/intel: Apply static call for drain_pebs
     - [x86] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
     - kunit/overflow: Fix UB in overflow_allocation_test (CVE-2024-46823)
     - btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
     - [x86] tsc: Always save/restore TSC sched_clock() on suspend/resume
     - [x86] mm: Fix flush_tlb_range() when used for zapping normal PMDs
     - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
     - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
     - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
     - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
     - ksmbd: add bounds check for create lease context
     - ksmbd: fix use-after-free in ksmbd_sessions_deregister()
     - ksmbd: fix session use-after-free in multichannel connection
     - ksmbd: validate zero num_subauth before sub_auth is accessed
     - tracing: Fix use-after-free in print_graph_function_flags during tracer
       switching
     - tracing: Ensure module defining synth event cannot be unloaded while
       tracing
     - tracing: Fix synth event printk format for str fields
     - tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
     - [arm64] Don't call NULL in do_compat_alignment_fixup()
     - ext4: don't over-report free space or inodes in statvfs
     - ext4: fix OOB read when checking dotdot dir
     - jfs: fix slab-out-of-bounds read in ea_get()
     - jfs: add index corruption check to DT_GETPAGE()
     - media: streamzap: fix race between device disconnection and urb callback
     - nfsd: put dl_stid if fail to queue dl_recall
     - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
     - tracing: Do not use PERF enums when perf is not defined
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
     - tipc: fix memory leak in tipc_link_xmit
     - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
     - net: tls: explicitly disallow disconnect
     - rtnl: add helper to check if rtnl group has listeners
     - rtnl: add helper to check if a notification is needed
     - net/sched: cls_api: conditional notification of events
     - tc: Ensure we have enough buffer space when sending filter netlink
       notifications
     - net: ethtool: Don't call .cleanup_data when prepare_data fails
     - ata: sata_sx4: Add error handling in pdc20621_i2c_read()
     - nvmet-fcloop: swap list_add_tail arguments
     - net_sched: sch_sfq: use a temporary work area for validating configuration
     - net_sched: sch_sfq: move the limit validation
     - ipv6: Align behavior across nexthops during path selection
     - net: ppp: Add bound checking for skb data on ppp_sync_txmung
     - nft_set_pipapo: fix incorrect avx2 match of 5th field octet
     - fs: consistently deref the files table with rcu_dereference_raw()
     - umount: Allow superblock owners to force umount
     - pm: cpupower: bench: Prevent NULL dereference on malloc failure
     - [x86] cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
       when running in a virtual machine
     - [arm*] perf: arm_pmu: Don't disable counter in armpmu_add()
     - [arm64] cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
     - xen/mcelog: Add __nonstring annotations for unterminated strings
     - HID: pidff: Convert infinite length from Linux API to PID standard
     - HID: pidff: Do not send effect envelope if it's empty
     - HID: pidff: Fix null pointer dereference in pidff_find_fields
     - ALSA: hda: intel: Fix Optimus when GPU has no sound
     - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
     - [arm64] ASoC: fsl_audmix: register card device depends on 'dais' property
     - [arm64,armhf] mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two
       halves
     - ALSA: usb-audio: Fix CME quirk for UF series keyboards
     - [x86] ASoC: amd: Add DMI quirk for ACP6X mic support
     - f2fs: don't retry IO for corrupted data scenario
     - page_pool: avoid infinite loop to schedule delayed worker
     - jfs: Fix uninit-value access of imap allocated in the diMount() function
     - fs/jfs: cast inactags to s64 to prevent potential overflow
     - fs/jfs: Prevent integer overflow in AG size calculation
     - jfs: Prevent copying of nlink with value 0 from disk inode
     - jfs: add sanity check for agwidth in dbMount
     - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
     - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
     - ahci: add PCI ID for Marvell 88SE9215 SATA Controller
     - ext4: protect ext4_release_dquot against freezing
     - ext4: ignore xattrs past end
     - scsi: st: Fix array overflow in st_setup()
     - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
     - net: vlan: don't propagate flags on open
     - tracing: fix return value in __ftrace_event_enable_disable for
       TRACE_REG_UNREGISTER
     - Bluetooth: hci_uart: fix race during initialization
     - Bluetooth: qca: simplify WCN399x NVM loading
     - drm: allow encoder mode_set even when connectors change for crtc
     - drm/amd/display: Update Cursor request mode to the beginning prefetch
       always
     - drm: panel-orientation-quirks: Add support for AYANEO 2S
     - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
     - drm: panel-orientation-quirks: Add new quirk for GPD Win 2
     - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
     - drm/bridge: panel: forbid initializing a panel with unknown connector type
     - drivers: base: devres: Allow to release group on device release
     - drm/amdkfd: clamp queue size to minimum
     - drm/amdkfd: Fix mode1 reset crash issue
     - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
     - drm/amdgpu: handle amdgpu_cgs_create_device() errors in
       amd_powerplay_create()
     - [amd64] PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
     - drm/amdgpu: grab an additional reference on the gang fence v2
     - tpm, tpm_tis: Workaround failed command reception on Infineon devices
     - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
     - ext4: don't treat fhandle lookup of ea_inode as FS corruption
     - xenfs/xensyms: respect hypervisor's "next" indication
     - [arm64] cputype: Add MIDR_CORTEX_A76AE
     - [arm64] errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
     - [arm64] errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
     - [arm64] errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
     - [arm64] KVM: arm64: Tear down vGIC on failed vCPU creation
     - spi: cadence-qspi: Fix probe on AM62A LP SK
     - tpm, tpm_tis: Fix timeout handling when waiting for TPM status
     - media: streamzap: prevent processing IR data on URB failure
     - media: platform: stm32: Add check for clk_enable()
     - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
     - media: i2c: ccs: Set the device's runtime PM status correctly in remove
     - media: i2c: ccs: Set the device's runtime PM status correctly in probe
     - media: i2c: ov7251: Set enable GPIO low in probe
     - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
     - mptcp: sockopt: fix getting IPV6_V6ONLY
     - mtd: Add check for devm_kcalloc()
     - [arm64,armhf] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum
       for 6320 family
     - wifi: mt76: Add check for devm_kstrdup()
     - wifi: mac80211: fix integer overflow in hwmp_route_info_get()
     - io_uring/kbuf: reject zero sized provided buffers
     - bus: mhi: host: Fix race between unprepare and queue_buf
     - ext4: fix off-by-one error in do_split
     - [armhf] soc: samsung: exynos-chipid: Add NULL pointer check in
       exynos_chipid_probe()
     - smb311 client: fix missing tcon check when mounting with linux/posix
       extensions
     - i3c: master: svc: Use readsb helper for reading MDB
     - i3c: Add NULL pointer check in i3c_master_queue_ibi()
     - jbd2: remove wrong sb->s_sequence check
     - [armhf] mfd: ene-kb3930: Fix a potential NULL pointer dereference
     - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
     - lib: scatterlist: fix sg_split_phys to preserve original scatterlist
       offsets
     - mptcp: fix NULL pointer in can_accept_new_subflow
     - mptcp: only inc MPJoinAckHMacFailure for HMAC failures
     - mtd: inftlcore: Add error check for inftl_read_oob()
     - mtd: rawnand: Add status chack in r852_ready()
     - [arm64] mm: Correct the update of max_pfn
     - [arm64] dts: mediatek: mt8173: Fix disp-pwm compatible string
     - btrfs: fix non-empty delayed iputs list on unmount due to compressed write
       workers
     - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
     - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
     - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
     - sctp: detect and prevent references to a freed transport in sendmsg
     - thermal/drivers/rockchip: Add missing rk3328 mapping entry
     - cifs: avoid NULL pointer dereference in dbg call
     - cifs: fix integer overflow in match_server()
     - [arm64] clk: qcom: gdsc: Release pm subdomains in reverse add order
     - [arm64] clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
     - [arm64] clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - [x86] crypto: ccp - Fix check for the primary ASP device
     - dm-integrity: set ti->error on memory allocation failure
     - dm-verity: fix prefetch-vs-suspend race
     - ftrace: Add cond_resched() to ftrace_graph_set_hash()
     - [arm64] gpio: zynq: Fix wakeup source leaks on device unbind
     - gve: handle overflow when reporting TX consumed descriptors
     - [x86] KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory
       accesses
     - of/irq: Fix device node refcount leakage in API of_irq_parse_one()
     - of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
     - of/irq: Fix device node refcount leakages in of_irq_count()
     - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
     - of/irq: Fix device node refcount leakages in of_irq_init()
     - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
     - PCI: Fix reference leak in pci_alloc_child_bus()
     - [arm64] pinctrl: qcom: Clear latched interrupt status when changing IRQ
       type
     - [arm64] errata: Add newer ARM cores to the spectre_bhb_loop_affected()
       lists
     - [x86] ACPI: platform-profile: Fix CFI violation when accessing sysfs files
     - [x86] e820: Fix handling of subpage regions when calculating nosave ranges
       in e820__register_nosave_regions()
     - Bluetooth: hci_uart: Fix another race during initialization
     - [armhf] HSI: ssi_protocol: Fix use after free vulnerability in
       ssi_protocol Driver Due to Race Condition (CVE-2025-37838)
     - [arm64] scsi: hisi_sas: Enable force phy when SATA disk directly connected
     - wifi: at76c50x: fix use after free access in at76_disconnect
     - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
     - wifi: mac80211: Purge vif txq in ieee80211_do_stop()
     - wifi: wl1251: fix memory leak in wl1251_tx_work
     - scsi: iscsi: Fix missing scsi_host_put() in error path
     - md/raid10: fix missing discard IO accounting
     - md/md-bitmap: fix stats collection for external bitmaps
     - [amd64] RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
     - [arm64] RDMA/hns: Fix wrong maximum DMA segment size
     - RDMA/core: Silence oversized kvmalloc() warning
     - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
     - Bluetooth: btrtl: Prevent potential NULL dereference
     - Bluetooth: l2cap: Check encryption key size on incoming connection
     - Revert "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - igc: fix PTM cycle trigger logic
     - igc: move ktime snapshot into PTM retry loop
     - igc: handle the IGC_PTP_ENABLED flag correctly
     - igc: cleanup PTP module if probe fails
     - net: mctp: Set SOCK_RCU_FREE
     - net: openvswitch: fix nested key length validation in the set() action
     - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
     - net: b53: enable BPDU reception for management port
     - net: bridge: switchdev: do not notify new brentries as changed
     - [arm64,armhf] net: dsa: mv88e6xxx: avoid unregistering devlink regions
       which were never registered
     - [arm64,armhf] net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST
       is unsupported
     - [arm64,armhf] net: dsa: avoid refcount warnings when
       ds->ops->tag_8021q_vlan_del() fails
     - ptp: ocp: fix start time alignment in ptp_ocp_signal_set
     - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
     - writeback: fix false warning in inode_to_wb()
     - Revert "PCI: Avoid reset when disabled via sysfs"
     - [x86] asus-laptop: Fix an uninitialized variable
     - nfs: move nfs_fhandle_hash to common include file
     - nfs: add missing selections of CONFIG_CRC32
     - nfsd: decrease sc_count directly if fail to queue dl_recall
     - btrfs: correctly escape subvol in btrfs_show_options()
     - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
     - i2c: cros-ec-tunnel: defer probe if parent EC is not present
     - isofs: Prevent the use of too small fid
     - loop: properly send KOBJ_CHANGED uevent for disk device
     - loop: LOOP_SET_FD: send uevents for partitions
     - mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
     - mm: fix filemap_get_folios_contig returning batches of identical folios
     - ksmbd: Fix dangling pointer in krb_authenticate
     - ksmbd: Prevent integer overflow in calculation of deadtime
     - ksmbd: fix the warning from __kernel_write_iter
     - smb3 client: fix open hardlink on deferred close file error
     - string: Add load_unaligned_zeropad() code path to sized_strscpy()
     - tracing: Fix filter string testing
     - virtiofs: add filesystem context source name check
     - scsi: megaraid_sas: Block zero-length ATA VPD inquiry
     - scsi: ufs: exynos: Ensure consistent phy reference counts
     - [x86] perf/x86/intel: Allow to update user space GPRs from PEBS records
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SNR
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       ICX
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SPR
     - [arm64] drm/msm/a6xx: Fix stale rpmh votes from GPU
     - drm/amd: Handle being compiled without SI or CIK support better
     - drm/amd/pm: Prevent division by zero
     - drm/amd/pm/powerplay: Prevent division by zero
     - drm/amd/pm/smu11: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
     - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
     - drm/amdgpu/dma_buf: fix page_link check
     - drm/nouveau: prime: fix ttm_bo_delayed_delete oops
     - [x86] drm/i915/gvt: fix unterminated-string-initialization warning
     - io_uring/net: fix accept multishot handling
     - [arm64] KVM: arm64: Discard any SVE state when entering KVM guests
     - [arm64] fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
     - [arm64] fpsimd: Have KVM explicitly say which FP registers to save
     - [arm64] fpsimd: Stop using TIF_SVE to manage register saving in KVM
     - [arm64] KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
     - [arm64] KVM: arm64: Remove host FPSIMD saving for non-protected KVM
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
     - [arm64] KVM: arm64: Refactor exit handlers
     - [arm64] KVM: arm64: Mark some header functions as inline
     - [arm64] KVM: arm64: Calculate cptr_el2 traps on activating traps
     - [arm64] KVM: arm64: Eagerly switch ZCR_EL{1,2}
     - cpufreq: Reference count policy in cpufreq_update_limits()
     - kbuild: Add '-fno-builtin-wcslen'
     - mptcp: sockopt: fix getting freebind & transparent
     - mm: Fix is_zero_page() usage in try_grab_page() (Closes: #1102914)
     - [x86] split_lock: Fix the delayed detection logic
     - [x86] pvh: Call C code via the kernel virtual mapping
     - [powerpc*] rtas: Prevent Spectre v1 gadget construction in sys_rtas()
       (CVE-2024-46774)
     - btrfs: fix qgroup reserve leaks in cow_file_range (CVE-2024-46733)
     - btrfs: zoned: fix zone activation with missing devices
     - btrfs: zoned: fix zone finishing with missing devices
     - Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
     - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
       max_links (CVE-2024-46816)
     - landlock: Add the errata interface
     - nvmet-fc: Remove unused functions
     - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
       (CVE-2024-46742)
     - cifs: use origin fullpath for automounts
     - btrfs: fix the length of reserved qgroup to free
     - bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
     - bpf: Prevent tail call between progs attached to different hooks
       (CVE-2024-50063)
     - blk-cgroup: support to track if policy is online
     - blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
     - mm: fix apply_to_existing_page_range()
     - sign-file,extract-cert: move common SSL helper functions to a header
     - sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
     - sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
     - [mips*] ds1287: Match ds1287_set_base_clock() function types
     - md: factor out a helper from mddev_put()
     - md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
       (Closes: #1086175)
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 34
 .
   [ Ben Hutchings ]
   * d/rules.d/certs: Add newly required include directory to CPPFLAGS
linux-signed-arm64 (6.1.133+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.133-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130
     - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
     - md/md-bitmap: replace md_bitmap_status() with a new helper
       md_bitmap_get_stats()
     - md/md-cluster: fix spares warnings for __le64
     - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
     - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
     - mm: update mark_victim tracepoints fields
     - memcg: fix soft lockup in the OOM process (CVE-2024-57977)
     - Bluetooth: qca: Support downloading board id specific NVM for WCN7850
     - Bluetooth: qca: Update firmware-name to support board specific nvm
     - Bluetooth: qca: Fix poor RF performance for WCN6855
     - scsi: core: Handle depopulation and restoration in progress
     - scsi: core: Do not retry I/Os during depopulation
     - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default
     - [arm64] dts: qcom: trim addresses to 8 digits
     - [arm64] dts: qcom: sm8450: Fix CDSP memory length
     - tpm: Use managed allocation for bios event log
     - tpm: Change to kvalloc() in eventlog/acpi.c
     - media: Switch to use dev_err_probe() helper
     - media: uvcvideo: Fix crash during unbind if gpio unit is in use
       (CVE-2024-58079)
     - media: uvcvideo: Refactor iterators
     - media: uvcvideo: Only save async fh if success
     - media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
     - USB: gadget: core: create sysfs link between udc and gadget
     - usb: gadget: core: flush gadget workqueue after device removal
       (CVE-2025-21838)
     - USB: gadget: f_midi: f_midi_complete to call queue_work
     - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h
     - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
     - ALSA: hda/realtek: Fixup ALC225 depop procedure
     - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area
       as VM_ALLOC
     - geneve: Fix use-after-free in geneve_find_dev().
     - ALSA: hda/cirrus: Correct the full scale volume set logic
     - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
     - geneve: Suppress list corruption splat in geneve_destroy_tunnels().
     - flow_dissector: Fix handling of mixed port and port-range keys
     - flow_dissector: Fix port range key handling in BPF conversion
     - net: Add non-RCU dev_getbyhwaddr() helper
     - arp: switch to dev_getbyhwaddr() in arp_req_set_public()
     - net: axienet: Set mac_managed_pm
     - tcp: drop secpath at the same time as we currently drop dst
     - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
     - strparser: Add read_sock callback
     - bpf: Fix wrong copied_seq calculation
     - power: supply: da9150-fg: fix potential overflow
     - nouveau/svm: fix missing folio unlock + put after
       make_device_exclusive_range()
     - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC
       fields
     - nvme/ioctl: add missing space in err message
     - bpf: skip non exist keys in generic_map_lookup_batch
     - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup
     - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc
       included
     - [arm64] tee: optee: Fix supplicant wait loop
     - drop_monitor: fix incorrect initialization order
     - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
     - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality()
     - ALSA: hda: Add error check for snd_ctl_rename_id() in
       snd_hda_create_dig_out_ctls()
     - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
     - acct: perform last write from workqueue
     - acct: block access to kernel internal filesystems
     - mm,madvise,hugetlb: check for 0-length range after end address adjustment
     - smb: client: Add check for next_buffer in receive_encrypted_standard()
     - ftrace: Correct preemption accounting for function tracing.
     - ftrace: Do not add duplicate entries in subops manager ops
     - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
     - block, bfq: split sync bfq_queues on a per-actuator basis
     - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)
     - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
       (CVE-2024-47754)
     - netfilter: allow exp not to be removed in nf_ct_find_expectation
     - IB/mlx5: Set and get correct qp_num for a DCT QP
     - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
     - SUNRPC: convert RPC_TASK_* constants to enum
     - SUNRPC: Prevent looping due to rpc_signal_task() races
     - scsi: core: Clear driver private data when retrying request
     - RDMA/mlx5: Fix bind QP error cleanup flow
     - sunrpc: suppress warnings for unused procfs functions
     - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
     - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
     - afs: remove variable nr_servers
     - afs: Make it possible to find the volumes that are using a server
     - afs: Fix the server_list to unuse a displaced server rather than putting
       it
     - net: loopback: Avoid sending IP packets without an Ethernet header
     - net: set the minimum for net_hotdata.netdev_budget_usecs
     - net/ipv4: add tracepoint for icmp_send
     - ipv4: icmp: Pass full DS field to ip_route_input()
     - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup()
     - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound()
     - ipv4: Convert icmp_route_lookup() to dscp_t.
     - ipv4: Convert ip_route_input() to dscp_t.
     - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos
       conversion.
     - ipvlan: ensure network headers are in skb linear part
     - [arm64] net: cadence: macb: Synchronize stats calculations
     - [armhf] ASoC: es8328: fix route from DAC to output
     - ipvs: Always clear ipvs_property flag in skb_scrub_packet()
     - tcp: Defer ts_recent changes until req is owned
     - net: Clear old fragment checksum value in napi_reuse_skb
     - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
     - net/mlx5: IRQ, Fix null string in debug print
     - include: net: add static inline dst_dev_overhead() to dst.h
     - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in seg6 lwt
     - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in rpl lwt
     - mm: Don't pin ZERO_PAGE in pin_user_pages()
     - uprobes: Reject the shared zeropage in uprobe_write_opcode()
     - io_uring/net: save msg_control for compat
     - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
     - tracing: Fix bad hist from corrupting named_triggers list
     - ftrace: Avoid potential division by zero in function_stat_show()
     - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
     - [x86] perf/x86: Fix low freqency setting issue
     - perf/core: Fix low freq setting via IOC_PERIOD
     - drm/amd/display: Disable PSR-SU on eDP panels
     - drm/amd/display: Fix HPD after gpu reset
     - i2c: npcm: disable interrupt enable bit before devm_request_irq
     - usbnet: gl620a: fix endpoint checking in genelink_bind()
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
     - [arm64] net: enetc: keep track of correct Tx BD count in
       enetc_map_tx_tso_buffs()
     - [arm64] net: enetc: update UDP checksum when updating originTimestamp
       field
     - [arm64] net: enetc: correct the xdp_tx statistics
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs()
     - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks
       in refclk
     - mptcp: always handle address removal under msk socket lock
     - mptcp: reset when MPTCP opts are dropped after join
     - vmlinux.lds: Ensure that const vars with relocations are mapped R/O
     - sched/core: Prevent rescheduling when interrupts are disabled
     - drm/amd/display: fixed integer types and null check locations
       (CVE-2024-26767)
     - amdgpu/pm/legacy: fix suspend/resume issues
     - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C
       states, correctly (Closes: #1088682)
     - Squashfs: check the inode number is not the invalid value of zero
       (CVE-2024-26982)
     - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
     - media: mtk-vcodec: potential null pointer deference in SCP
       (CVE-2024-40973)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
     - drm/amdgpu: Check extended configuration space register when system uses
       large bar
     - drm/amdgpu: disable BAR resize on Dell G5 SE
     - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS
     - [x86] speculation: Add __update_spec_ctrl() helper
     - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
     - Revert "of: reserved-memory: Fix using wrong number of cells to get
       property 'alignment'"
     - HID: appleir: Fix potential NULL dereference at raw event handle
     - ksmbd: fix type confusion via race condition when using
       ipc_msg_send_request
     - ksmbd: fix use-after-free in smb2_lock
     - ksmbd: fix bug on trap in smb2_lock
     - [arm64] gpio: rcar: Use raw_spinlock to protect register access
     - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
     - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
     - ALSA: hda/realtek: update ALC222 depop optimize
     - drm/amd/display: Fix null check for pipe_ctx->plane_state in
       resource_build_scaling_params
     - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
     - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
     - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
     - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
     - wifi: cfg80211: regulatory: improve invalid hints checking
     - wifi: nl80211: reject cooked mode if it is set along with other flags
     - rapidio: add check for rio_add_net() in rio_scan_alloc_net()
     - rapidio: fix an API misues when rio_add_net() fails
     - dma: kmsan: export kmsan_handle_dma() for modules
     - [s390x] traps: Fix test_monitor_call() inline assembly
     - block: fix conversion of GPT partition name to 7-bit
     - mm/page_alloc: fix uninitialized variable
     - mm: don't skip arch_sync_kernel_mappings() in error paths
     - wifi: iwlwifi: limit printed string from FW file
     - HID: google: fix unused variable warning under !CONFIG_ACPI
     - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
     - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
     - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
     - net: gso: fix ownership in __udp_gso_segment
     - caif_virtio: fix wrong pointer check in cfv_probe()
     - hwmon: (pmbus) Initialise page count in pmbus_identify()
     - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
     - hwmon: (ad7314) Validate leading zero bits and return error
     - ALSA: usx2y: validate nrpacks module parameter on probe
     - llc: do not use skb_get() before dev_queue_xmit()
     - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
     - drm/sched: Fix preprocessor guard
     - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
     - [arm64] net: hns3: make sure ptp clock is unregister and freed if
       hclge_ptp_get_cycle returns an error
     - vlan: enforce underlying device type
     - [x86] sgx: Fix size overflows in sgx_encl_create()
     - exfat: fix soft lockup in exfat_clear_bitmap
     - net-timestamp: support TCP GSO case for a few missing flags
     - ublk: set_params: properly check if parameters can be applied
     - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
     - net: ipv6: fix dst ref loop in ila lwtunnel
     - net: ipv6: fix missing dst ref drop in ila lwtunnel
     - [arm64] gpio: rcar: Fix missing of_node_put() call
     - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
       (Closes: #1100746)
     - usb: hub: lack of clearing xHC resources
     - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
       Reader
     - usb: atm: cxacru: fix a flaw in existing endpoint checks
     - usb: dwc3: Set SUSPENDENABLE soon after phy init
     - usb: dwc3: gadget: Prevent irq storm when TH re-executes
     - usb: typec: ucsi: increase timeout for PPM reset operations
     - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
     - usb: gadget: Set self-powered based on MaxPower and bmAttributes
     - usb: gadget: Fix setting self-powered state on suspend
     - usb: gadget: Check bmAttributes only if configuration is valid
     - xhci: pci: Fix indentation in the PCI device ID definitions
     - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Closes: #1050352)
     - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
     - [x86] mei: me: add panther lake P DID
     - [x86] intel_th: pci: Add Arrow Lake support
     - [x86] intel_th: pci: Add Panther Lake-H support
     - [x86] intel_th: pci: Add Panther Lake-P/U support
     - drivers: core: fix device leak in __fw_devlink_relax_cycles()
     - slimbus: messaging: Free transaction ID in delayed interrupt scenario
     - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid
       deadlock
     - eeprom: digsy_mtc: Make GPIO lookup table match the device
     - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
     - iio: filter: admv8818: Force initialization of SDO
     - iio: dac: ad3552r: clear reset status flag
     - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
     - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
     - Revert "KVM: e500: always restore irqs"
     - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
     - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock"
     - Revert "KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()"
     - uprobes: Fix race in uprobe_free_utask
     - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode
     - spi-mxs: Fix chipselect glitch
     - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
     - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
     - nilfs2: handle errors that nilfs_prepare_chunk() may return
     - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
       (CVE-2024-24855)
     - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831)
     - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
     - bpf, vsock: Invoke proto::close on close()
     - vsock: Keep the binding until socket destruction (CVE-2025-21756)
     - vsock: Orphan socket after transport release
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132
     - clockevents/drivers/i8253: Fix stop sequence for timer 0
     - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
     - hrtimer: Use and report correct timerslack values for realtime tasks
     - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
     - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
     - ice: fix memory leak in aRFS after reset
     - netfilter: nf_conncount: garbage collection is not skipped when jiffies
       wrap around
     - sched: address a potential NULL pointer dereference in the GRED scheduler.
     - wifi: cfg80211: cancel wiphy_work before freeing wiphy
     - Bluetooth: hci_event: Fix enabling passive scanning
     - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid
       context"
     - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops
     - net: mctp i2c: Copy headers if cloned
     - netpoll: hold rcu read lock in __netpoll_send_skb()
     - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device
       is removed
     - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in
       vmbus_free_mmio()
     - net/mlx5: handle errors in mlx5_chains_create_table()
     - eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
     - net: switchdev: Convert blocking notification chain to a raw one
     - bonding: fix incorrect MAC address setting to receive NS messages
     - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
       insert_tree()
     - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
     - net_sched: Prevent creation of classes with TC_H_ROOT
     - netfilter: nft_exthdr: fix offset with ipv4_find_option()
     - gre: Fix IPv6 link-local address generation.
     - net: openvswitch: remove misbehaving actions length check
     - net/mlx5: Bridge, fix the crash caused by LAG state check
     - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed
       devices
     - nvme-fc: go straight to connecting state when initializing
     - hrtimers: Mark is_migration_base() with __always_inline
     - powercap: call put_device() on an error path in
       powercap_register_control_type()
     - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
     - scsi: core: Use GFP_NOIO to avoid circular locking dependency
     - scsi: qla1280: Fix kernel oops when debug level > 2
     - ACPI: resource: IRQ override for Eluktronics MECH-17
     - smb: client: fix noisy when tree connecting to DFS interlink targets
     - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
     - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset
     - HID: ignore non-functional sensor in HP 5MP Camera
     - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
     - HID: apple: fix up the F6 key on the Omoton KB066 keyboard
     - sched: Clarify wake_up_q()'s write to task->wake_q.next
     - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
     - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
     - [s390x] cio: Fix CHPID "configure" attribute caching
     - thermal/cpufreq_cooling: Remove structure member documentation
     - Xen/swiotlb: mark xen_swiotlb_fixup() __init
     - ALSA: hda/realtek: Limit mic boost on Positivo ARN50
     - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
     - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
     - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
     - nvme-tcp: add basic support for the C2HTermReq PDU
     - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
     - sctp: Fix undefined behavior in left shift operation
     - nvme: only allow entering LIVE from CONNECTING state
     - fuse: don't truncate cached, mutated symlink
     - [x86] perf/x86/intel: Use better start period for frequency mode
     - [x86] irq: Define trace events conditionally
     - mptcp: safety check before fallback
     - drm/nouveau: Do not override forced connector status
     - block: fix 'kmem_cache of name 'bio-108' already exists'
     - io_uring: return error pointer from io_mem_alloc()
     - io_uring: add ring freeing helper
     - mm: add nommu variant of vm_insert_pages()
     - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
     - io_uring: don't attempt to mmap larger than what the user asks for
     - io_uring: fix corner case forgetting to vunmap
     - xfs: pass refcount intent directly through the log intent code
     - xfs: pass xfs_extent_free_item directly through the log intent code
     - xfs: fix confusing xfs_extent_item variable names
     - xfs: pass the xfs_bmbt_irec directly through the log intent code
     - xfs: pass per-ag references to xfs_free_extent
     - xfs: validate block number being freed before adding to xefi
     - xfs: fix bounds check in xfs_defer_agfl_block()
     - xfs: use deferred frees for btree block freeing
     - xfs: reserve less log space when recovering log intent items
     - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
     - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
     - xfs: consider minlen sized extents in xfs_rtallocate_extent_block
     - xfs: don't leak recovered attri intent items
     - xfs: make rextslog computation consistent with mkfs
     - xfs: fix 32-bit truncation in xfs_compute_rextslog
     - xfs: don't allow overly small or large realtime volumes
     - xfs: remove unused fields from struct xbtree_ifakeroot
     - xfs: recompute growfsrtfree transaction reservation while growing rt
       volume
     - xfs: force all buffers to be written during btree bulk load
     - xfs: initialise di_crc in xfs_log_dinode
     - xfs: add lock protection when remove perag from radix tree
     - xfs: fix perag leak when growfs fails
     - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
     - xfs: update dir3 leaf block metadata after swap
     - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
     - xfs: remove conditional building of rt geometry validator functions
     - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
     - Input: i8042 - add required quirks for missing old boardnames
     - Input: i8042 - swap old quirk combination with new quirk for several
       devices
     - Input: i8042 - swap old quirk combination with new quirk for more devices
     - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
     - USB: serial: option: add Telit Cinterion FE990B compositions
     - USB: serial: option: fix Telit Cinterion FE990A name
     - USB: serial: option: match on interface class for Telit FN990B
     - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
     - drm/atomic: Filter out redundant DPMS calls
     - drm/dp_mst: Fix locking when skipping CSN before topology probing
     - drm/amd/display: Restore correct backlight brightness after a GPU reset
     - drm/amd/display: Assign normalized_pix_clk when color depth = 14
     - drm/amd/display: Fix slab-use-after-free on hdcp_work
     - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2
       model
     - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
     - lib/buildid: Handle memfd_secret() files in build_id_parse()
     - tcp: fix races in tcp_abort()
     - tcp: fix forever orphan socket caused by tcp_abort
     - leds: mlxreg: Use devm_mutex_init() for mutex initialization
     - ASoC: ops: Consistently treat platform_max as control value
     - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
     - cifs: Fix integer overflow while processing acregmax mount option
     - cifs: Fix integer overflow while processing acdirmax mount option
     - cifs: Fix integer overflow while processing actimeo mount option
     - cifs: Fix integer overflow while processing closetimeo mount option
     - i2c: ali1535: Fix an error handling path in ali1535_probe()
     - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
     - i2c: sis630: Fix an error handling path in sis630_probe()
     - [arm64] mm: Populate vmemmap at the page level if not section aligned
     - smb3: add support for IAKerb
     - smb: client: Fix match_session bug preventing session reuse
     - HID: apple: disable Fn key handling on the Omoton KB066
     - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
     - firmware: imx-scu: fix OF node leak in .probe()
     - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply
     - xfrm_output: Force software GSO only in tunnel mode
     - [arm64] soc: imx8m: Remove global soc_uid
     - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling
     - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path
     - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
     - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
     - ARM: dts: bcm2711: Don't mark timer regs unconfigured
     - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
     - [arm64] RDMA/hns: Fix soft lockup during bt pages loop
     - [arm64] RDMA/hns: Fix unmatched condition in error path of
       alloc_user_qp_db()
     - [arm64] RDMA/hns: Fix a missing rollback in error path of
       hns_roce_create_qp_common()
     - [arm64] RDMA/hns: Fix wrong value of max_sge_rd
     - Bluetooth: Fix error code in chan_alloc_skb_cb()
     - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
     - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
     - net: atm: fix use after free in lec_send()
     - net: lwtunnel: fix recursion loops
     - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
     - Revert "gre: Fix IPv6 link-local address generation."
     - i2c: omap: fix IRQ storms
     - [arm64,armhf] can: flexcan: only change CAN state when link up in system
       PM
     - [arm64,armhf] can: flexcan: disable transceiver during system PM
     - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence
     - regulator: check that dummy regulator has been probed before using it
     - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound
       card
     - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
     - mmc: atmel-mci: Add missing clk_disable_unprepare()
     - proc: fix UAF in proc_get_inode()
     - efi/libstub: Avoid physical address 0x0 when doing random allocation
     - xsk: fix an integer overflow in xp_create_and_assign_umem()
     - batman-adv: Ignore own maximum aggregation size during RX
     - [arm64] soc: qcom: pdr: Fix the potential deadlock
     - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
     - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
     - ksmbd: fix incorrect validation for num_aces field of smb_acl
     - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
     - mptcp: Fix data stream corruption in the address announcement
     - netfilter: nft_counter: Use u64_stats_t for statistic.
     - drm/mediatek: Fix coverity issue with unintentional integer overflow
       (CVE-2023-52857)
     - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
       (CVE-2024-47753)
     - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S
     - drm/amdgpu: fix use-after-free bug (CVE-2024-26656)
     - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056)
     - mm/migrate: fix shmem xarray update during migration
     - block, bfq: fix re-introduced UAF in bic_set_bfqq()
     - xfs: give xfs_extfree_intent its own perag reference
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133
     - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
     - HID: hid-plantronics: Add mic mute mapping and generalize quirks
     - atm: Fix NULL pointer dereference
     - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
     - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts
     - [armel,armhf] Remove address checking for MMUless devices
     - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772)
     - netfilter: socket: Lookup orig tuple for IPv6 SNAT
     - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
     - tty: serial: 8250: Add some more device IDs
     - tty: serial: 8250: Add Brainboxes XC devices
     - net: usb: qmi_wwan: add Telit Cinterion FN990B composition
     - net: usb: qmi_wwan: add Telit Cinterion FE990B composition
     - net: usb: usbnet: restore usb%d name exception for local mac addresses
     - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
     - serial: 8250_dma: terminate correct DMA in tx_dma_flush()
     - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056)
     - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918)
     - media: i2c: et8ek8: Don't strip remove function when driver is builtin
       (CVE-2024-38611)
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.12:
     - net: mana: Use mana_cleanup_port_context() for rxq cleanup
     - net: mana: Add support for page sizes other than 4KB on ARM64
     - net: mana: Add page pool for RX buffers
     - net: mana: Fix the tso_bytes calculation
     - net: mana: Fix oversized sge0 for GSO packets
     - net: mana: Avoid open coded arithmetic
     - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
     - net: mana: Allow variable size indirection table
 .
   [ Ben Hutchings ]
   * d/salsa-ci.yml: Run lintian from the target release, not always unstable
   * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes:
     #1085949)
   * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13
 .
   [ Salvatore Bonaccorso ]
   * d/b/genpatch-rt: Drop now unused 'io' module.
   * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors"
   * Bump ABI to 33
   * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
     (Closes: #1100928)

linux-signed-i386 (6.1.137+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.137-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.136
     - module: sign with sha512 instead of sha1 by default
     - tracing: Add __cpumask to denote a trace event field that is a cpumask_t
     - tracing: Fix cpumask() example typo
     - tracing: Add __string_len() example
     - tracing: Add __print_dynamic_array() helper
     - tracing: Verify event formats that have "%*p.."
     - [arm64,armhf] net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings
       from mdiobus code
     - [arm64,armhf] net: dsa: add support for mac_prepare() and mac_finish()
       calls
     - [arm64,armhf] net: dsa: mv88e6xxx: move link forcing to
       mac_prepare/mac_finish
     - [arm64,armhf] net: dsa: mv88e6xxx: pass directly chip structure to
       mv88e6xxx_phy_is_internal
     - [arm64,armhf] net: dsa: mv88e6xxx: add field to specify internal phys
       layout
     - [arm64,armhf] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
     - [arm64,armhf] net: dsa: mv88e6xxx: fix VTU methods for 6320 family
     - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
       return value check
     - iio: adc: ad7768-1: Fix conversion result sign
     - [arm64] backlight: led_bl: Convert to platform remove callback returning
       void
     - [arm64] backlight: led_bl: Hold led_access lock when calling
       led_sysfs_disable() (CVE-2025-23144)
     - of: resolver: Simplify of_resolve_phandles() using __free()
     - of: resolver: Fix device node refcount leakage in of_resolve_phandles()
     - PCI: Assign PCI domain IDs by ida_alloc()
     - PCI: Fix reference leak in pci_register_host_bridge()
     - ASoC: qcom: q6dsp: add support to more display ports
     - ASoC: qcom: Fix sc7280 lpass potential buffer overflow
     - dma/contiguous: avoid warning about unused size_bytes
     - [arm64] cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
     - [arm64] cpufreq: cppc: Fix invalid return value in .get() callback
     - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
     - scsi: core: Clear flags for scsi_cmnd that did not complete
     - net: lwtunnel: disable BHs when required
     - net: phy: leds: fix memory leak
     - tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
     - net_sched: hfsc: Fix a UAF vulnerability in class handling
       (CVE-2025-37797)
     - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
     - [amd64] iommu/amd: Return an error if vCPU affinity is set for non-vCPU
       IRTE
     - [x86] perf/x86: Fix non-sampling (counting) events on certain x86
       platforms
     - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
     - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
     - virtio_console: fix missing byte order handling for cols and rows
     - xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
     - drm/amd/display: Fix gpu reset in multidisplay config
     - drm/amd/display: Force full update in gpu reset
     - [x86] KVM: SVM: Allocate IR data using atomic allocation
     - USB: storage: quirk for ADATA Portable HDD CH94
     - mei: me: add panther lake H DID
     - [x86] KVM: x86: Explicitly treat routing entry type changes as changes
     - [x86] KVM: x86: Reset IRTE to host control if *new* route isn't postable
     - [arm64] serial: msm: Configure correct working mode before starting
       earlycon
     - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
     - USB: serial: option: add Sierra Wireless EM9291
     - USB: serial: simple: add OWON HDS200 series oscilloscope support
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix usbmisc handling
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: fix call balance of regulator
       routines
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error
       handling
     - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
     - [arm64,armhf] usb: dwc3: gadget: check that event count does not exceed
       event buffer length
     - [arm64,armhf] usb: dwc3: xilinx: Prevent spike in reset signal
     - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
     - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
     - USB: VLI disk crashes if LPM is used
     - USB: wdm: handle IO errors in wdm_wwan_port_start
     - USB: wdm: close race between wdm_open and wdm_wwan_port_stop
     - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
     - USB: wdm: add annotation
     - [mips*] cm: Detect CM quirks from device tree
     - crypto: null - Use spin lock instead of mutex
     - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
     - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
     - [s390x] sclp: Add check for get_zeroed_page()
     - [s390x] tty: Fix a potential memory leak bug
     - [arm64,armhf] usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
     - [arm64,armhf] usb: dwc3: gadget: Avoid using reserved endpoints on Intel
       Merrifield
     - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
     - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
     - [armhf] usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
     - [arm64,armhf] usb: host: xhci-plat: mvebu: use ->quirks instead of
       ->init_quirk() func
     - [x86] thunderbolt: Scan retimers after device router has been enumerated
     - objtool: Silence more KCOV warnings
     - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
       wcd934x_slim_irq_handler()
     - objtool, lkdtm: Obfuscate the do_nothing() pointer
     - [amd64] qibfs: fix _another_ leak
     - 9p/net: fix improper handling of bogus negative read/write replies
     - [arm64] rtc: pcf85063: do a SW reset if POR failed
     - [s390x] KVM: s390: Don't use %pK through tracepoints
     - udmabuf: fix a buf size overflow issue during udmabuf creation
     - xen: Change xen-acpi-processor dom0 dependency
     - nvme: requeue namespace scan on missed AENs
     - ACPI: EC: Set ec_no_wakeup for Lenovo Go S
     - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
     - nvme: re-read ANA log page after ns scan completes
     - objtool: Stop UNRET validation on UD2
     - [x86] bugs: Use SBPB in write_ibpb() if applicable
     - [x86] bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
     - [x86] bugs: Don't fill RSB on context switch with eIBRS
     - ext4: make block validity check resistent to sb bh corruption
     - [arm64] scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
     - scsi: pm80xx: Set phy_attached to zero when device is gone
     - [x86] i8253: Call clockevent_i8253_disable() with interrupts disabled
     - loop: aio inherit the ioprio of original request
     - md/raid1: Add check for missing source disk in process_checks()
     - [arm64,armhf] spi: spi-imx: Add check for spi_imx_setupxfer()
     - of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
       (Closes: #1103277)
     - jfs: define xtree root and page independently
     - [x86] comedi: jr3_pci: Fix synchronous deletion of timer
     - net/sched: act_mirred: don't override retval if we already lost the skb
       (CVE-2024-26739)
     - [arm64,armhf] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable PVT for 6321 switch
     - [arm64,armhf] net: dsa: mv88e6xxx: enable .port_set_policy() for 6320
       family
     - [arm64,armhf] net: dsa: mv88e6xxx: enable STU methods for 6320 family
     - xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
     - nvme: fixup scan failure for non-ANA multipath controllers
     - tracing: Remove pointer (asterisk) and brackets from cpumask_t field
     - PCI: Fix use-after-free in pci_bus_release_domain_nr()
     - objtool: Silence more KCOV warnings, part 2
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.137
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 35
   * md: move initialization and destruction of 'io_acct_set' to md.c
     (Closes: #1104460)
   * Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Closes: #1104511)
 .
   [ Raphaël Hertzog ]
   * udeb: add dm-thin-pool md-modules (Closes: #956226)
linux-signed-i386 (6.1.135+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.135-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.134
     - watch_queue: fix pipe accounting mismatch
     - [x86] mm/pat: cpa-test: fix length for CPA_ARRAY test
     - cpufreq: scpi: compare kHz instead of Hz
     - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
     - [x86] fpu: Fix guest FPU state buffer allocation size
     - [x86] fpu: Avoid copying dynamic FP state from init_task in
       arch_dup_task_struct()
     - [x86] platform: Only allow CONFIG_EISA for 32-bit
     - [x86] sev: Add missing RIP_REL_REF() invocations during sme_enable()
     - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
     - PM: sleep: Adjust check before setting power.must_resume
     - selinux: Chain up tool resolving errors in install_policy.sh
     - [x86] EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
     - [x86] EDAC/ie31200: Fix the DIMM size mask for several SoCs
     - [x86] EDAC/ie31200: Fix the error path order of ie31200_init()
     - thermal: int340x: Add NULL check for adev
     - PM: sleep: Fix handling devices with direct_complete set on errors
     - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
     - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
     - [x86] fpu/xstate: Fix inconsistencies in guest FPU xfeatures
     - [arm64,armhf] media: verisilicon: HEVC: Initialize start_bit field
     - [x86] ASoC: cs35l41: check the return value from spi_setup()
     - HID: remove superfluous (and wrong) Makefile entry for
       CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
     - ALSA: hda/realtek: Always honor no_shutup_pins
     - [arm64] drm/bridge: ti-sn65dsi86: Fix multiple instances
     - drm/dp_mst: Fix drm RAD print
     - PCI: Use downstream bridges for distributing resources
     - PCI/ASPM: Fix link state exit during switch upstream function removal
     - [arm64] drm/msm/dsi: Set PHY usescase (and mode) before registering DSI
       host
     - [arm64] PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without
       data payload
     - [arm64] PCI: brcmstb: Use internal register to change link capability
     - [arm64] PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
     - [arm64] PCI: brcmstb: Fix potential premature regulator disabling
     - PCI/portdrv: Only disable pciehp interrupts early when needed
     - PCI: Avoid reset when disabled via sysfs
     - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
     - PCI: Remove stray put_device() in pci_register_host_bridge()
     - drm/amd/display: avoid NPD when ASIC does not support DMUB
     - PCI: pciehp: Don't enable HPIE when resuming in poll mode
     - [mips*] fbdev: sm501fb: Add some geometry checks.
     - [arm64] clk: amlogic: gxbb: drop incorrect flag on 32k clock
     - [arm64,armhf] remoteproc: core: Clear table_sz when rproc_shutdown
     - bpf: Use preempt_count() directly in bpf_send_signal_common()
     - lib: 842: Improve error handling in sw842_compress()
     - [arm64] clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
     - RDMA/core: Don't expose hw_counters outside of init net namespace
     - RDMA/mlx5: Fix calculation of total invalidated pages
     - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
     - IB/mad: Check available slots before posting receive WRs
     - [arm64,armhf] pinctrl: tegra: Set SFIO mode to Mux Register
     - [arm64] clk: amlogic: g12b: fix cluster A parent data
     - [arm64] clk: amlogic: gxbb: drop non existing 32k clock parent
     - [arm64] clk: amlogic: g12a: fix mmc A peripheral clock
     - [x86] entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
     - power: supply: max77693: Fix wrong conversion of charge input threshold
       value
     - [powerpc*] crypto: nx - Fix uninitialised hv_nxc on error
     - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
     - [mips*] mfd: sm501: Switch to BIT() to mitigate integer overflows
     - [x86] dumpstack: Fix inaccurate unwinding from exception stacks due to
       misplaced assignment
     - isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
     - soundwire: slave: fix an OF node reference leak in soundwire slave device
     - [arm64] coresight-etm4x: add isb() before reading the TRCSTATR
     - iio: accel: mma8452: Ensure error return on failure to matching
       oversampling ratio
     - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim
       fails.
     - usb: xhci: correct debug message page size calculation
     - iio: adc: ad7124: Fix comparison of channel configs
     - perf evlist: Add success path to evlist__create_syswide_maps
     - perf units: Fix insufficient array space
     - kexec: initialize ELF lowest address to ULONG_MAX
     - ocfs2: validate l_tree_depth to avoid out-of-bounds access
     - NFSv4: Don't trigger uneccessary scans for return-on-close delegations
     - fuse: fix dax truncate/punch_hole fault path
     - i3c: master: svc: Fix missing the IBI rules
     - perf python: Fixup description of sample.id event member
     - perf python: Decrement the refcount of just created event on failure
     - perf python: Don't keep a raw_data pointer to consumed ring buffer space
     - perf python: Check if there is space to copy all the event
     - fs/procfs: fix the comment above proc_pid_wchan()
     - perf tools: annotate asm_pure_loop.S
     - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
     - exfat: fix the infinite loop in exfat_find_last_cluster()
     - rtnetlink: Allocate vfinfo size for VF GUIDs when supported
     - rndis_host: Flag RNDIS modems as WWAN devices
     - ksmbd: use aead_request_free to match aead_request_alloc
     - ksmbd: fix multichannel connection failure
     - net/mlx5e: SHAMPO, Make reserved size independent of page size
     - ring-buffer: Fix bytes_dropped calculation issue
     - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
       invalid
     - sched/smt: Always inline sched_smt_active()
     - context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
     - rcu-tasks: Always inline rcu_irq_work_resched()
     - wifi: iwlwifi: fw: allocate chained SG tables for dump
     - wifi: iwlwifi: mvm: use the right version of the rate API
     - nvme-tcp: fix possible UAF in nvme_tcp_poll
     - nvme-pci: clean up CMBMSC when registering CMB fails
     - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
     - wifi: brcmfmac: keep power during suspend if board requires it
     - affs: generate OFS sequence numbers starting at 1
     - affs: don't write overlarge OFS data block size fields
     - ALSA: hda/realtek: Fix Asus Z13 2025 audio
     - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
     - [x86] platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go
       4 tablet
     - HID: i2c-hid: improve i2c_hid_get_report error message
     - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
       CS35L41 HDA
     - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
       CS35L41 HDA
     - sched/deadline: Use online cpus for validating runtime
     - locking/semaphore: Use wake_q to wake up processes outside lock critical
       section
     - [x86] sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
     - drm/amd: Keep display off while going into S4
     - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
     - can: statistics: use atomic access in hot path
     - memory: omap-gpmc: drop no compatible check
     - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
     - spufs: fix a leak on spufs_new_file() failure
     - spufs: fix gang directory lifetimes
     - spufs: fix a leak in spufs_create_context()
     - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
     - ntb: intel: Fix using link status DB's
     - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
       only
     - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
     - net_sched: skbprio: Remove overly strict queue assertions
     - [arm64,armhf] net: mvpp2: Prevent parser TCAM memory corruption
     - udp: Fix memory accounting leak.
     - vsock: avoid timeout during connect() if the socket is closing
     - tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
     - netfilter: nft_tunnel: fix geneve_opt type confusion addition
     - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
     - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
     - net: fix geneve_opt length integer overflow
     - ipv6: Start path selection from the first nexthop
     - ipv6: Do not consider link down nexthops in path selection
     - arcnet: Add NULL check in com20020pci_probe()
     - io_uring/filetable: ensure node switch is always done, if needed
     - drm/amdgpu/gfx11: fix num_mec
     - tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
     - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
       registers
     - usbnet:fix NPE during rx_complete
     - [x86] platform/x86: ISST: Correct command storage data length
     - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
     - [x86] perf/x86/intel: Apply static call for drain_pebs
     - [x86] perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
     - kunit/overflow: Fix UB in overflow_allocation_test (CVE-2024-46823)
     - btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
     - [x86] tsc: Always save/restore TSC sched_clock() on suspend/resume
     - [x86] mm: Fix flush_tlb_range() when used for zapping normal PMDs
     - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
     - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
     - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
     - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
     - ksmbd: add bounds check for create lease context
     - ksmbd: fix use-after-free in ksmbd_sessions_deregister()
     - ksmbd: fix session use-after-free in multichannel connection
     - ksmbd: validate zero num_subauth before sub_auth is accessed
     - tracing: Fix use-after-free in print_graph_function_flags during tracer
       switching
     - tracing: Ensure module defining synth event cannot be unloaded while
       tracing
     - tracing: Fix synth event printk format for str fields
     - tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
     - [arm64] Don't call NULL in do_compat_alignment_fixup()
     - ext4: don't over-report free space or inodes in statvfs
     - ext4: fix OOB read when checking dotdot dir
     - jfs: fix slab-out-of-bounds read in ea_get()
     - jfs: add index corruption check to DT_GETPAGE()
     - media: streamzap: fix race between device disconnection and urb callback
     - nfsd: put dl_stid if fail to queue dl_recall
     - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
     - tracing: Do not use PERF enums when perf is not defined
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
     - tipc: fix memory leak in tipc_link_xmit
     - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
     - net: tls: explicitly disallow disconnect
     - rtnl: add helper to check if rtnl group has listeners
     - rtnl: add helper to check if a notification is needed
     - net/sched: cls_api: conditional notification of events
     - tc: Ensure we have enough buffer space when sending filter netlink
       notifications
     - net: ethtool: Don't call .cleanup_data when prepare_data fails
     - ata: sata_sx4: Add error handling in pdc20621_i2c_read()
     - nvmet-fcloop: swap list_add_tail arguments
     - net_sched: sch_sfq: use a temporary work area for validating configuration
     - net_sched: sch_sfq: move the limit validation
     - ipv6: Align behavior across nexthops during path selection
     - net: ppp: Add bound checking for skb data on ppp_sync_txmung
     - nft_set_pipapo: fix incorrect avx2 match of 5th field octet
     - fs: consistently deref the files table with rcu_dereference_raw()
     - umount: Allow superblock owners to force umount
     - pm: cpupower: bench: Prevent NULL dereference on malloc failure
     - [x86] cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
       when running in a virtual machine
     - [arm*] perf: arm_pmu: Don't disable counter in armpmu_add()
     - [arm64] cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
     - xen/mcelog: Add __nonstring annotations for unterminated strings
     - HID: pidff: Convert infinite length from Linux API to PID standard
     - HID: pidff: Do not send effect envelope if it's empty
     - HID: pidff: Fix null pointer dereference in pidff_find_fields
     - ALSA: hda: intel: Fix Optimus when GPU has no sound
     - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
     - [arm64] ASoC: fsl_audmix: register card device depends on 'dais' property
     - [arm64,armhf] mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two
       halves
     - ALSA: usb-audio: Fix CME quirk for UF series keyboards
     - [x86] ASoC: amd: Add DMI quirk for ACP6X mic support
     - f2fs: don't retry IO for corrupted data scenario
     - page_pool: avoid infinite loop to schedule delayed worker
     - jfs: Fix uninit-value access of imap allocated in the diMount() function
     - fs/jfs: cast inactags to s64 to prevent potential overflow
     - fs/jfs: Prevent integer overflow in AG size calculation
     - jfs: Prevent copying of nlink with value 0 from disk inode
     - jfs: add sanity check for agwidth in dbMount
     - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
     - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
     - ahci: add PCI ID for Marvell 88SE9215 SATA Controller
     - ext4: protect ext4_release_dquot against freezing
     - ext4: ignore xattrs past end
     - scsi: st: Fix array overflow in st_setup()
     - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
     - net: vlan: don't propagate flags on open
     - tracing: fix return value in __ftrace_event_enable_disable for
       TRACE_REG_UNREGISTER
     - Bluetooth: hci_uart: fix race during initialization
     - Bluetooth: qca: simplify WCN399x NVM loading
     - drm: allow encoder mode_set even when connectors change for crtc
     - drm/amd/display: Update Cursor request mode to the beginning prefetch
       always
     - drm: panel-orientation-quirks: Add support for AYANEO 2S
     - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
     - drm: panel-orientation-quirks: Add new quirk for GPD Win 2
     - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
     - drm/bridge: panel: forbid initializing a panel with unknown connector type
     - drivers: base: devres: Allow to release group on device release
     - drm/amdkfd: clamp queue size to minimum
     - drm/amdkfd: Fix mode1 reset crash issue
     - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
     - drm/amdgpu: handle amdgpu_cgs_create_device() errors in
       amd_powerplay_create()
     - [amd64] PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
     - drm/amdgpu: grab an additional reference on the gang fence v2
     - tpm, tpm_tis: Workaround failed command reception on Infineon devices
     - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
     - ext4: don't treat fhandle lookup of ea_inode as FS corruption
     - xenfs/xensyms: respect hypervisor's "next" indication
     - [arm64] cputype: Add MIDR_CORTEX_A76AE
     - [arm64] errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
     - [arm64] errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
     - [arm64] errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
     - [arm64] KVM: arm64: Tear down vGIC on failed vCPU creation
     - spi: cadence-qspi: Fix probe on AM62A LP SK
     - tpm, tpm_tis: Fix timeout handling when waiting for TPM status
     - media: streamzap: prevent processing IR data on URB failure
     - media: platform: stm32: Add check for clk_enable()
     - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
     - media: i2c: ccs: Set the device's runtime PM status correctly in remove
     - media: i2c: ccs: Set the device's runtime PM status correctly in probe
     - media: i2c: ov7251: Set enable GPIO low in probe
     - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
     - mptcp: sockopt: fix getting IPV6_V6ONLY
     - mtd: Add check for devm_kcalloc()
     - [arm64,armhf] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum
       for 6320 family
     - wifi: mt76: Add check for devm_kstrdup()
     - wifi: mac80211: fix integer overflow in hwmp_route_info_get()
     - io_uring/kbuf: reject zero sized provided buffers
     - bus: mhi: host: Fix race between unprepare and queue_buf
     - ext4: fix off-by-one error in do_split
     - [armhf] soc: samsung: exynos-chipid: Add NULL pointer check in
       exynos_chipid_probe()
     - smb311 client: fix missing tcon check when mounting with linux/posix
       extensions
     - i3c: master: svc: Use readsb helper for reading MDB
     - i3c: Add NULL pointer check in i3c_master_queue_ibi()
     - jbd2: remove wrong sb->s_sequence check
     - [armhf] mfd: ene-kb3930: Fix a potential NULL pointer dereference
     - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
     - lib: scatterlist: fix sg_split_phys to preserve original scatterlist
       offsets
     - mptcp: fix NULL pointer in can_accept_new_subflow
     - mptcp: only inc MPJoinAckHMacFailure for HMAC failures
     - mtd: inftlcore: Add error check for inftl_read_oob()
     - mtd: rawnand: Add status chack in r852_ready()
     - [arm64] mm: Correct the update of max_pfn
     - [arm64] dts: mediatek: mt8173: Fix disp-pwm compatible string
     - btrfs: fix non-empty delayed iputs list on unmount due to compressed write
       workers
     - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
     - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
     - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
     - sctp: detect and prevent references to a freed transport in sendmsg
     - thermal/drivers/rockchip: Add missing rk3328 mapping entry
     - cifs: avoid NULL pointer dereference in dbg call
     - cifs: fix integer overflow in match_server()
     - [arm64] clk: qcom: gdsc: Release pm subdomains in reverse add order
     - [arm64] clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
     - [arm64] clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - [x86] crypto: ccp - Fix check for the primary ASP device
     - dm-integrity: set ti->error on memory allocation failure
     - dm-verity: fix prefetch-vs-suspend race
     - ftrace: Add cond_resched() to ftrace_graph_set_hash()
     - [arm64] gpio: zynq: Fix wakeup source leaks on device unbind
     - gve: handle overflow when reporting TX consumed descriptors
     - [x86] KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory
       accesses
     - of/irq: Fix device node refcount leakage in API of_irq_parse_one()
     - of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
     - of/irq: Fix device node refcount leakages in of_irq_count()
     - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
     - of/irq: Fix device node refcount leakages in of_irq_init()
     - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
     - PCI: Fix reference leak in pci_alloc_child_bus()
     - [arm64] pinctrl: qcom: Clear latched interrupt status when changing IRQ
       type
     - [arm64] errata: Add newer ARM cores to the spectre_bhb_loop_affected()
       lists
     - [x86] ACPI: platform-profile: Fix CFI violation when accessing sysfs files
     - [x86] e820: Fix handling of subpage regions when calculating nosave ranges
       in e820__register_nosave_regions()
     - Bluetooth: hci_uart: Fix another race during initialization
     - [armhf] HSI: ssi_protocol: Fix use after free vulnerability in
       ssi_protocol Driver Due to Race Condition (CVE-2025-37838)
     - [arm64] scsi: hisi_sas: Enable force phy when SATA disk directly connected
     - wifi: at76c50x: fix use after free access in at76_disconnect
     - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
     - wifi: mac80211: Purge vif txq in ieee80211_do_stop()
     - wifi: wl1251: fix memory leak in wl1251_tx_work
     - scsi: iscsi: Fix missing scsi_host_put() in error path
     - md/raid10: fix missing discard IO accounting
     - md/md-bitmap: fix stats collection for external bitmaps
     - [amd64] RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
     - [arm64] RDMA/hns: Fix wrong maximum DMA segment size
     - RDMA/core: Silence oversized kvmalloc() warning
     - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
     - Bluetooth: btrtl: Prevent potential NULL dereference
     - Bluetooth: l2cap: Check encryption key size on incoming connection
     - Revert "wifi: mac80211: Update skb's control block key in
       ieee80211_tx_dequeue()"
     - igc: fix PTM cycle trigger logic
     - igc: move ktime snapshot into PTM retry loop
     - igc: handle the IGC_PTP_ENABLED flag correctly
     - igc: cleanup PTP module if probe fails
     - net: mctp: Set SOCK_RCU_FREE
     - net: openvswitch: fix nested key length validation in the set() action
     - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
     - net: b53: enable BPDU reception for management port
     - net: bridge: switchdev: do not notify new brentries as changed
     - [arm64,armhf] net: dsa: mv88e6xxx: avoid unregistering devlink regions
       which were never registered
     - [arm64,armhf] net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST
       is unsupported
     - [arm64,armhf] net: dsa: avoid refcount warnings when
       ds->ops->tag_8021q_vlan_del() fails
     - ptp: ocp: fix start time alignment in ptp_ocp_signal_set
     - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
     - writeback: fix false warning in inode_to_wb()
     - Revert "PCI: Avoid reset when disabled via sysfs"
     - [x86] asus-laptop: Fix an uninitialized variable
     - nfs: move nfs_fhandle_hash to common include file
     - nfs: add missing selections of CONFIG_CRC32
     - nfsd: decrease sc_count directly if fail to queue dl_recall
     - btrfs: correctly escape subvol in btrfs_show_options()
     - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
     - i2c: cros-ec-tunnel: defer probe if parent EC is not present
     - isofs: Prevent the use of too small fid
     - loop: properly send KOBJ_CHANGED uevent for disk device
     - loop: LOOP_SET_FD: send uevents for partitions
     - mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
     - mm: fix filemap_get_folios_contig returning batches of identical folios
     - ksmbd: Fix dangling pointer in krb_authenticate
     - ksmbd: Prevent integer overflow in calculation of deadtime
     - ksmbd: fix the warning from __kernel_write_iter
     - smb3 client: fix open hardlink on deferred close file error
     - string: Add load_unaligned_zeropad() code path to sized_strscpy()
     - tracing: Fix filter string testing
     - virtiofs: add filesystem context source name check
     - scsi: megaraid_sas: Block zero-length ATA VPD inquiry
     - scsi: ufs: exynos: Ensure consistent phy reference counts
     - [x86] perf/x86/intel: Allow to update user space GPRs from PEBS records
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SNR
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       ICX
     - [x86] perf/x86/intel/uncore: Fix the scale of IIO free running counters on
       SPR
     - [arm64] drm/msm/a6xx: Fix stale rpmh votes from GPU
     - drm/amd: Handle being compiled without SI or CIK support better
     - drm/amd/pm: Prevent division by zero
     - drm/amd/pm/powerplay: Prevent division by zero
     - drm/amd/pm/smu11: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
     - drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
     - drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
     - drm/amdgpu/dma_buf: fix page_link check
     - drm/nouveau: prime: fix ttm_bo_delayed_delete oops
     - [x86] drm/i915/gvt: fix unterminated-string-initialization warning
     - io_uring/net: fix accept multishot handling
     - [arm64] KVM: arm64: Discard any SVE state when entering KVM guests
     - [arm64] fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
     - [arm64] fpsimd: Have KVM explicitly say which FP registers to save
     - [arm64] fpsimd: Stop using TIF_SVE to manage register saving in KVM
     - [arm64] KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
     - [arm64] KVM: arm64: Remove host FPSIMD saving for non-protected KVM
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
     - [arm64] KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
     - [arm64] KVM: arm64: Refactor exit handlers
     - [arm64] KVM: arm64: Mark some header functions as inline
     - [arm64] KVM: arm64: Calculate cptr_el2 traps on activating traps
     - [arm64] KVM: arm64: Eagerly switch ZCR_EL{1,2}
     - cpufreq: Reference count policy in cpufreq_update_limits()
     - kbuild: Add '-fno-builtin-wcslen'
     - mptcp: sockopt: fix getting freebind & transparent
     - mm: Fix is_zero_page() usage in try_grab_page() (Closes: #1102914)
     - [x86] split_lock: Fix the delayed detection logic
     - [x86] pvh: Call C code via the kernel virtual mapping
     - [powerpc*] rtas: Prevent Spectre v1 gadget construction in sys_rtas()
       (CVE-2024-46774)
     - btrfs: fix qgroup reserve leaks in cow_file_range (CVE-2024-46733)
     - btrfs: zoned: fix zone activation with missing devices
     - btrfs: zoned: fix zone finishing with missing devices
     - Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
     - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
       max_links (CVE-2024-46816)
     - landlock: Add the errata interface
     - nvmet-fc: Remove unused functions
     - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
       (CVE-2024-46742)
     - cifs: use origin fullpath for automounts
     - btrfs: fix the length of reserved qgroup to free
     - bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
     - bpf: Prevent tail call between progs attached to different hooks
       (CVE-2024-50063)
     - blk-cgroup: support to track if policy is online
     - blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
     - mm: fix apply_to_existing_page_range()
     - sign-file,extract-cert: move common SSL helper functions to a header
     - sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
     - sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
     - [mips*] ds1287: Match ds1287_set_base_clock() function types
     - md: factor out a helper from mddev_put()
     - md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
       (Closes: #1086175)
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 34
 .
   [ Ben Hutchings ]
   * d/rules.d/certs: Add newly required include directory to CPPFLAGS
linux-signed-i386 (6.1.133+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.133-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130
     - [arm64] mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
     - md/md-bitmap: replace md_bitmap_status() with a new helper
       md_bitmap_get_stats()
     - md/md-cluster: fix spares warnings for __le64
     - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
     - md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
     - mm: update mark_victim tracepoints fields
     - memcg: fix soft lockup in the OOM process (CVE-2024-57977)
     - Bluetooth: qca: Support downloading board id specific NVM for WCN7850
     - Bluetooth: qca: Update firmware-name to support board specific nvm
     - Bluetooth: qca: Fix poor RF performance for WCN6855
     - scsi: core: Handle depopulation and restoration in progress
     - scsi: core: Do not retry I/Os during depopulation
     - [arm6]: dts: mediatek: mt8183: Disable DSI display output by default
     - [arm64] dts: qcom: trim addresses to 8 digits
     - [arm64] dts: qcom: sm8450: Fix CDSP memory length
     - tpm: Use managed allocation for bios event log
     - tpm: Change to kvalloc() in eventlog/acpi.c
     - media: Switch to use dev_err_probe() helper
     - media: uvcvideo: Fix crash during unbind if gpio unit is in use
       (CVE-2024-58079)
     - media: uvcvideo: Refactor iterators
     - media: uvcvideo: Only save async fh if success
     - media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
     - USB: gadget: core: create sysfs link between udc and gadget
     - usb: gadget: core: flush gadget workqueue after device removal
       (CVE-2025-21838)
     - USB: gadget: f_midi: f_midi_complete to call queue_work
     - [powerpc*] 64s/mm: Move __real_pte stubs into hash-4k.h
     - [powerpc*] 64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
     - ALSA: hda/realtek: Fixup ALC225 depop procedure
     - [powerpc*] code-patching: Fix KASAN hit by not flagging text patching area
       as VM_ALLOC
     - geneve: Fix use-after-free in geneve_find_dev().
     - ALSA: hda/cirrus: Correct the full scale volume set logic
     - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
     - geneve: Suppress list corruption splat in geneve_destroy_tunnels().
     - flow_dissector: Fix handling of mixed port and port-range keys
     - flow_dissector: Fix port range key handling in BPF conversion
     - net: Add non-RCU dev_getbyhwaddr() helper
     - arp: switch to dev_getbyhwaddr() in arp_req_set_public()
     - net: axienet: Set mac_managed_pm
     - tcp: drop secpath at the same time as we currently drop dst
     - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
     - strparser: Add read_sock callback
     - bpf: Fix wrong copied_seq calculation
     - power: supply: da9150-fg: fix potential overflow
     - nouveau/svm: fix missing folio unlock + put after
       make_device_exclusive_range()
     - [arm64] drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC
       fields
     - nvme/ioctl: add missing space in err message
     - bpf: skip non exist keys in generic_map_lookup_batch
     - [arm64] drm/msm/dpu: Disable dither in phys encoder cleanup
     - [x86] drm/i915: Make sure all planes in use by the joiner have their crtc
       included
     - [arm64] tee: optee: Fix supplicant wait loop
     - drop_monitor: fix incorrect initialization order
     - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
     - [arm64] ASoC: fsl_micfil: Enable default case in micfil_set_quality()
     - ALSA: hda: Add error check for snd_ctl_rename_id() in
       snd_hda_create_dig_out_ctls()
     - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
     - acct: perform last write from workqueue
     - acct: block access to kernel internal filesystems
     - mm,madvise,hugetlb: check for 0-length range after end address adjustment
     - smb: client: Add check for next_buffer in receive_encrypted_standard()
     - ftrace: Correct preemption accounting for function tracing.
     - ftrace: Do not add duplicate entries in subops manager ops
     - [x86] cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
     - block, bfq: split sync bfq_queues on a per-actuator basis
     - block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)
     - media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
       (CVE-2024-47754)
     - netfilter: allow exp not to be removed in nf_ct_find_expectation
     - IB/mlx5: Set and get correct qp_num for a DCT QP
     - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
     - SUNRPC: convert RPC_TASK_* constants to enum
     - SUNRPC: Prevent looping due to rpc_signal_task() races
     - scsi: core: Clear driver private data when retrying request
     - RDMA/mlx5: Fix bind QP error cleanup flow
     - sunrpc: suppress warnings for unused procfs functions
     - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
     - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
     - afs: remove variable nr_servers
     - afs: Make it possible to find the volumes that are using a server
     - afs: Fix the server_list to unuse a displaced server rather than putting
       it
     - net: loopback: Avoid sending IP packets without an Ethernet header
     - net: set the minimum for net_hotdata.netdev_budget_usecs
     - net/ipv4: add tracepoint for icmp_send
     - ipv4: icmp: Pass full DS field to ip_route_input()
     - ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup()
     - ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound()
     - ipv4: Convert icmp_route_lookup() to dscp_t.
     - ipv4: Convert ip_route_input() to dscp_t.
     - ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos
       conversion.
     - ipvlan: ensure network headers are in skb linear part
     - [arm64] net: cadence: macb: Synchronize stats calculations
     - [armhf] ASoC: es8328: fix route from DAC to output
     - ipvs: Always clear ipvs_property flag in skb_scrub_packet()
     - tcp: Defer ts_recent changes until req is owned
     - net: Clear old fragment checksum value in napi_reuse_skb
     - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
     - net/mlx5: IRQ, Fix null string in debug print
     - include: net: add static inline dst_dev_overhead() to dst.h
     - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in seg6 lwt
     - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
     - net: ipv6: fix dst ref loop on input in rpl lwt
     - mm: Don't pin ZERO_PAGE in pin_user_pages()
     - uprobes: Reject the shared zeropage in uprobe_write_opcode()
     - io_uring/net: save msg_control for compat
     - [x86] CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
     - tracing: Fix bad hist from corrupting named_triggers list
     - ftrace: Avoid potential division by zero in function_stat_show()
     - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
     - [x86] perf/x86: Fix low freqency setting issue
     - perf/core: Fix low freq setting via IOC_PERIOD
     - drm/amd/display: Disable PSR-SU on eDP panels
     - drm/amd/display: Fix HPD after gpu reset
     - i2c: npcm: disable interrupt enable bit before devm_request_irq
     - usbnet: gl620a: fix endpoint checking in genelink_bind()
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
     - [arm64] net: enetc: keep track of correct Tx BD count in
       enetc_map_tx_tso_buffs()
     - [arm64] net: enetc: update UDP checksum when updating originTimestamp
       field
     - [arm64] net: enetc: correct the xdp_tx statistics
     - [arm64] net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs()
     - [armhf] phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks
       in refclk
     - mptcp: always handle address removal under msk socket lock
     - mptcp: reset when MPTCP opts are dropped after join
     - vmlinux.lds: Ensure that const vars with relocations are mapped R/O
     - sched/core: Prevent rescheduling when interrupts are disabled
     - drm/amd/display: fixed integer types and null check locations
       (CVE-2024-26767)
     - amdgpu/pm/legacy: fix suspend/resume issues
     - [x86] intel_idle: Handle older CPUs, which stop the TSC in deeper C
       states, correctly (Closes: #1088682)
     - Squashfs: check the inode number is not the invalid value of zero
       (CVE-2024-26982)
     - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
     - media: mtk-vcodec: potential null pointer deference in SCP
       (CVE-2024-40973)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
     - drm/amdgpu: Check extended configuration space register when system uses
       large bar
     - drm/amdgpu: disable BAR resize on Dell G5 SE
     - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS
     - [x86] speculation: Add __update_spec_ctrl() helper
     - [x86] amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
     - Revert "of: reserved-memory: Fix using wrong number of cells to get
       property 'alignment'"
     - HID: appleir: Fix potential NULL dereference at raw event handle
     - ksmbd: fix type confusion via race condition when using
       ipc_msg_send_request
     - ksmbd: fix use-after-free in smb2_lock
     - ksmbd: fix bug on trap in smb2_lock
     - [arm64] gpio: rcar: Use raw_spinlock to protect register access
     - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
     - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
     - ALSA: hda/realtek: update ALC222 depop optimize
     - drm/amd/display: Fix null check for pipe_ctx->plane_state in
       resource_build_scaling_params
     - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
     - [x86] platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
     - [x86] cacheinfo: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Validate CPUID leaf 0x2 EDX output
     - [x86] cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
     - mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
     - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
     - wifi: cfg80211: regulatory: improve invalid hints checking
     - wifi: nl80211: reject cooked mode if it is set along with other flags
     - rapidio: add check for rio_add_net() in rio_scan_alloc_net()
     - rapidio: fix an API misues when rio_add_net() fails
     - dma: kmsan: export kmsan_handle_dma() for modules
     - [s390x] traps: Fix test_monitor_call() inline assembly
     - block: fix conversion of GPT partition name to 7-bit
     - mm/page_alloc: fix uninitialized variable
     - mm: don't skip arch_sync_kernel_mappings() in error paths
     - wifi: iwlwifi: limit printed string from FW file
     - HID: google: fix unused variable warning under !CONFIG_ACPI
     - [amd64] HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
     - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
     - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
     - net: gso: fix ownership in __udp_gso_segment
     - caif_virtio: fix wrong pointer check in cfv_probe()
     - hwmon: (pmbus) Initialise page count in pmbus_identify()
     - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
     - hwmon: (ad7314) Validate leading zero bits and return error
     - ALSA: usx2y: validate nrpacks module parameter on probe
     - llc: do not use skb_get() before dev_queue_xmit()
     - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
     - drm/sched: Fix preprocessor guard
     - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
     - [arm64] net: hns3: make sure ptp clock is unregister and freed if
       hclge_ptp_get_cycle returns an error
     - vlan: enforce underlying device type
     - [x86] sgx: Fix size overflows in sgx_encl_create()
     - exfat: fix soft lockup in exfat_clear_bitmap
     - net-timestamp: support TCP GSO case for a few missing flags
     - ublk: set_params: properly check if parameters can be applied
     - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
     - net: ipv6: fix dst ref loop in ila lwtunnel
     - net: ipv6: fix missing dst ref drop in ila lwtunnel
     - [arm64] gpio: rcar: Fix missing of_node_put() call
     - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
       (Closes: #1100746)
     - usb: hub: lack of clearing xHC resources
     - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
       Reader
     - usb: atm: cxacru: fix a flaw in existing endpoint checks
     - usb: dwc3: Set SUSPENDENABLE soon after phy init
     - usb: dwc3: gadget: Prevent irq storm when TH re-executes
     - usb: typec: ucsi: increase timeout for PPM reset operations
     - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
     - usb: gadget: Set self-powered based on MaxPower and bmAttributes
     - usb: gadget: Fix setting self-powered state on suspend
     - usb: gadget: Check bmAttributes only if configuration is valid
     - xhci: pci: Fix indentation in the PCI device ID definitions
     - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Closes: #1050352)
     - [x86] KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
     - [x86] mei: me: add panther lake P DID
     - [x86] intel_th: pci: Add Arrow Lake support
     - [x86] intel_th: pci: Add Panther Lake-H support
     - [x86] intel_th: pci: Add Panther Lake-P/U support
     - drivers: core: fix device leak in __fw_devlink_relax_cycles()
     - slimbus: messaging: Free transaction ID in delayed interrupt scenario
     - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid
       deadlock
     - eeprom: digsy_mtc: Make GPIO lookup table match the device
     - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
     - iio: filter: admv8818: Force initialization of SDO
     - iio: dac: ad3552r: clear reset status flag
     - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
     - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
     - Revert "KVM: e500: always restore irqs"
     - Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
     - Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock"
     - Revert "KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()"
     - uprobes: Fix race in uprobe_free_utask
     - [x86] mm: Don't disable PCID when INVLPG has been fixed by microcode
     - spi-mxs: Fix chipselect glitch
     - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
     - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
     - nilfs2: handle errors that nilfs_prepare_chunk() may return
     - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
       (CVE-2024-24855)
     - media: mediatek: vcodec: Handle invalid decoder vsi (CVE-2024-43831)
     - fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
     - bpf, vsock: Invoke proto::close on close()
     - vsock: Keep the binding until socket destruction (CVE-2025-21756)
     - vsock: Orphan socket after transport release
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.132
     - clockevents/drivers/i8253: Fix stop sequence for timer 0
     - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
     - hrtimer: Use and report correct timerslack values for realtime tasks
     - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
     - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
     - ice: fix memory leak in aRFS after reset
     - netfilter: nf_conncount: garbage collection is not skipped when jiffies
       wrap around
     - sched: address a potential NULL pointer dereference in the GRED scheduler.
     - wifi: cfg80211: cancel wiphy_work before freeing wiphy
     - Bluetooth: hci_event: Fix enabling passive scanning
     - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid
       context"
     - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops
     - net: mctp i2c: Copy headers if cloned
     - netpoll: hold rcu read lock in __netpoll_send_skb()
     - [amd64,arm64] drm/hyperv: Fix address space leak when Hyper-V DRM device
       is removed
     - [amd64,arm64] Drivers: hv: vmbus: Don't release fb_mmio resource in
       vmbus_free_mmio()
     - net/mlx5: handle errors in mlx5_chains_create_table()
     - eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
     - net: switchdev: Convert blocking notification chain to a raw one
     - bonding: fix incorrect MAC address setting to receive NS messages
     - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
       insert_tree()
     - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
     - net_sched: Prevent creation of classes with TC_H_ROOT
     - netfilter: nft_exthdr: fix offset with ipv4_find_option()
     - gre: Fix IPv6 link-local address generation.
     - net: openvswitch: remove misbehaving actions length check
     - net/mlx5: Bridge, fix the crash caused by LAG state check
     - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed
       devices
     - nvme-fc: go straight to connecting state when initializing
     - hrtimers: Mark is_migration_base() with __always_inline
     - powercap: call put_device() on an error path in
       powercap_register_control_type()
     - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
     - scsi: core: Use GFP_NOIO to avoid circular locking dependency
     - scsi: qla1280: Fix kernel oops when debug level > 2
     - ACPI: resource: IRQ override for Eluktronics MECH-17
     - smb: client: fix noisy when tree connecting to DFS interlink targets
     - [x86] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
     - [x86] HID: intel-ish-hid: Send clock sync message immediately after reset
     - HID: ignore non-functional sensor in HP 5MP Camera
     - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
     - HID: apple: fix up the F6 key on the Omoton KB066 keyboard
     - sched: Clarify wake_up_q()'s write to task->wake_q.next
     - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
     - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
     - [s390x] cio: Fix CHPID "configure" attribute caching
     - thermal/cpufreq_cooling: Remove structure member documentation
     - Xen/swiotlb: mark xen_swiotlb_fixup() __init
     - ALSA: hda/realtek: Limit mic boost on Positivo ARN50
     - [x86] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
     - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
     - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
     - nvme-tcp: add basic support for the C2HTermReq PDU
     - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
     - sctp: Fix undefined behavior in left shift operation
     - nvme: only allow entering LIVE from CONNECTING state
     - fuse: don't truncate cached, mutated symlink
     - [x86] perf/x86/intel: Use better start period for frequency mode
     - [x86] irq: Define trace events conditionally
     - mptcp: safety check before fallback
     - drm/nouveau: Do not override forced connector status
     - block: fix 'kmem_cache of name 'bio-108' already exists'
     - io_uring: return error pointer from io_mem_alloc()
     - io_uring: add ring freeing helper
     - mm: add nommu variant of vm_insert_pages()
     - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
     - io_uring: don't attempt to mmap larger than what the user asks for
     - io_uring: fix corner case forgetting to vunmap
     - xfs: pass refcount intent directly through the log intent code
     - xfs: pass xfs_extent_free_item directly through the log intent code
     - xfs: fix confusing xfs_extent_item variable names
     - xfs: pass the xfs_bmbt_irec directly through the log intent code
     - xfs: pass per-ag references to xfs_free_extent
     - xfs: validate block number being freed before adding to xefi
     - xfs: fix bounds check in xfs_defer_agfl_block()
     - xfs: use deferred frees for btree block freeing
     - xfs: reserve less log space when recovering log intent items
     - xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
     - xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
     - xfs: consider minlen sized extents in xfs_rtallocate_extent_block
     - xfs: don't leak recovered attri intent items
     - xfs: make rextslog computation consistent with mkfs
     - xfs: fix 32-bit truncation in xfs_compute_rextslog
     - xfs: don't allow overly small or large realtime volumes
     - xfs: remove unused fields from struct xbtree_ifakeroot
     - xfs: recompute growfsrtfree transaction reservation while growing rt
       volume
     - xfs: force all buffers to be written during btree bulk load
     - xfs: initialise di_crc in xfs_log_dinode
     - xfs: add lock protection when remove perag from radix tree
     - xfs: fix perag leak when growfs fails
     - xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
     - xfs: update dir3 leaf block metadata after swap
     - xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
     - xfs: remove conditional building of rt geometry validator functions
     - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
     - Input: i8042 - add required quirks for missing old boardnames
     - Input: i8042 - swap old quirk combination with new quirk for several
       devices
     - Input: i8042 - swap old quirk combination with new quirk for more devices
     - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
     - USB: serial: option: add Telit Cinterion FE990B compositions
     - USB: serial: option: fix Telit Cinterion FE990A name
     - USB: serial: option: match on interface class for Telit FN990B
     - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
     - drm/atomic: Filter out redundant DPMS calls
     - drm/dp_mst: Fix locking when skipping CSN before topology probing
     - drm/amd/display: Restore correct backlight brightness after a GPU reset
     - drm/amd/display: Assign normalized_pix_clk when color depth = 14
     - drm/amd/display: Fix slab-use-after-free on hdcp_work
     - [x86] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2
       model
     - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
     - lib/buildid: Handle memfd_secret() files in build_id_parse()
     - tcp: fix races in tcp_abort()
     - tcp: fix forever orphan socket caused by tcp_abort
     - leds: mlxreg: Use devm_mutex_init() for mutex initialization
     - ASoC: ops: Consistently treat platform_max as control value
     - [x86] drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
     - cifs: Fix integer overflow while processing acregmax mount option
     - cifs: Fix integer overflow while processing acdirmax mount option
     - cifs: Fix integer overflow while processing actimeo mount option
     - cifs: Fix integer overflow while processing closetimeo mount option
     - i2c: ali1535: Fix an error handling path in ali1535_probe()
     - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
     - i2c: sis630: Fix an error handling path in sis630_probe()
     - [arm64] mm: Populate vmemmap at the page level if not section aligned
     - smb3: add support for IAKerb
     - smb: client: Fix match_session bug preventing session reuse
     - HID: apple: disable Fn key handling on the Omoton KB066
     - smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
     - firmware: imx-scu: fix OF node leak in .probe()
     - [arm64] dts: freescale: tqma8mpql: Fix vqmmc-supply
     - xfrm_output: Force software GSO only in tunnel mode
     - [arm64] soc: imx8m: Remove global soc_uid
     - [arm64] soc: imx8m: Use devm_* to simplify probe failure handling
     - [arm64] soc: imx8m: Unregister cpufreq and soc dev in cleanup path
     - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
     - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
     - ARM: dts: bcm2711: Don't mark timer regs unconfigured
     - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
     - [arm64] RDMA/hns: Fix soft lockup during bt pages loop
     - [arm64] RDMA/hns: Fix unmatched condition in error path of
       alloc_user_qp_db()
     - [arm64] RDMA/hns: Fix a missing rollback in error path of
       hns_roce_create_qp_common()
     - [arm64] RDMA/hns: Fix wrong value of max_sge_rd
     - Bluetooth: Fix error code in chan_alloc_skb_cb()
     - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
     - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
     - net: atm: fix use after free in lec_send()
     - net: lwtunnel: fix recursion loops
     - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
     - Revert "gre: Fix IPv6 link-local address generation."
     - i2c: omap: fix IRQ storms
     - [arm64,armhf] can: flexcan: only change CAN state when link up in system
       PM
     - [arm64,armhf] can: flexcan: disable transceiver during system PM
     - [arm64] drm/v3d: Don't run jobs that have errors flagged in its fence
     - regulator: check that dummy regulator has been probed before using it
     - [arm64] dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound
       card
     - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
     - mmc: atmel-mci: Add missing clk_disable_unprepare()
     - proc: fix UAF in proc_get_inode()
     - efi/libstub: Avoid physical address 0x0 when doing random allocation
     - xsk: fix an integer overflow in xp_create_and_assign_umem()
     - batman-adv: Ignore own maximum aggregation size during RX
     - [arm64] soc: qcom: pdr: Fix the potential deadlock
     - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
     - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
     - ksmbd: fix incorrect validation for num_aces field of smb_acl
     - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
     - mptcp: Fix data stream corruption in the address announcement
     - netfilter: nft_counter: Use u64_stats_t for statistic.
     - drm/mediatek: Fix coverity issue with unintentional integer overflow
       (CVE-2023-52857)
     - media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
       (CVE-2024-47753)
     - [arm64] dts: rockchip: fix u2phy1_host status for NanoPi R4S
     - drm/amdgpu: fix use-after-free bug (CVE-2024-26656)
     - wifi: iwlwifi: mvm: ensure offloading TID queue exists (CVE-2024-27056)
     - mm/migrate: fix shmem xarray update during migration
     - block, bfq: fix re-introduced UAF in bic_set_bfqq()
     - xfs: give xfs_extfree_intent its own perag reference
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.133
     - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
     - HID: hid-plantronics: Add mic mute mapping and generalize quirks
     - atm: Fix NULL pointer dereference
     - [armel,armhf] 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
     - [armel,armhf] 9351/1: fault: Add "cut here" line for prefetch aborts
     - [armel,armhf] Remove address checking for MMUless devices
     - drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772)
     - netfilter: socket: Lookup orig tuple for IPv6 SNAT
     - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
     - tty: serial: 8250: Add some more device IDs
     - tty: serial: 8250: Add Brainboxes XC devices
     - net: usb: qmi_wwan: add Telit Cinterion FN990B composition
     - net: usb: qmi_wwan: add Telit Cinterion FE990B composition
     - net: usb: usbnet: restore usb%d name exception for local mac addresses
     - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
     - serial: 8250_dma: terminate correct DMA in tx_dma_flush()
     - usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (CVE-2024-50056)
     - usb: typec: ucsi: Fix NULL pointer access (CVE-2025-21918)
     - media: i2c: et8ek8: Don't strip remove function when driver is builtin
       (CVE-2024-38611)
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.12:
     - net: mana: Use mana_cleanup_port_context() for rxq cleanup
     - net: mana: Add support for page sizes other than 4KB on ARM64
     - net: mana: Add page pool for RX buffers
     - net: mana: Fix the tso_bytes calculation
     - net: mana: Fix oversized sge0 for GSO packets
     - net: mana: Avoid open coded arithmetic
     - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
     - net: mana: Allow variable size indirection table
 .
   [ Ben Hutchings ]
   * d/salsa-ci.yml: Run lintian from the target release, not always unstable
   * [powerpc*] Revert "fbdev/offb: Update expected device name" (Closes:
     #1085949)
   * d/b/genpatch-rt: Fix subprocess cleanup with Python 3.13
 .
   [ Salvatore Bonaccorso ]
   * d/b/genpatch-rt: Drop now unused 'io' module.
   * Revert "d/salsa-ci.yml: Suppress aliased-location lintian errors"
   * Bump ABI to 33
   * ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
     (Closes: #1100928)

logcheck (1.4.2+deb12u1) bookworm; urgency=medium
 .
   [ Mathias Gibbens ]
   * Update d/gbp.conf for debian/bookworm branch
 .
   [ Richard Lewis ]
   * Ensure that if a user deleted /etc/logcheck/header.txt before
     upgrading to bookworm then the file stays deleted (Closes: #1049412).
     NB that the best way to suppress the header is to set INTRO=0 in
     /etc/logcheck/logcheck.conf

mediawiki (1:1.39.12-1~deb12u1) bookworm-security; urgency=medium
 .
   [ Kunal Mehta ]
   * Update gbp.conf to use upstream-1.39 branch
   * New upstream version 1.39.12, fixing CVE-2025-3469,
     CVE-2025-32696, CVE-2025-32697, CVE-2025-32698, CVE-2025-32699,
     CVE-2025-32700.
 .
   [ Taavi Väänänen ]
   * Stop changing permissions for files that no longer exist
mediawiki (1:1.39.10-1) unstable; urgency=medium
 .
   * New upstream version 1.39.10

mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high
 .
   * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
   * patchbomb: don't test ambiguous address (fixes FTBFS after python's
     fix for CVE-2023-27043).

mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
     with an exit condition that cannot be reached may occur, i.e. an infinite
     loop.
   * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
     library may be susceptible to an integer overflow where the function will
     try to free memory at a negative offset. This may result in memory
     corruption.
   * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
     be vulnerable to a buffer overflow where the function might attempt to
     allocate too small of buffer and may lead to memory corruption of
     neighbouring heap memory.
   * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
     driver library may be susceptible to buffer overflow when performing
     operations that could result in a final BSON document which exceeds the
     maximum allowable size (INT32_MAX), resulting in a segmentation fault and
     possible application crash.

network-manager (1.42.4-1+deb12u1) bookworm; urgency=medium
 .
   * lldp: fix crash dereferencing NULL pointer during debug logging.
     Patch cherry-picked from upstream nm-1-42 branch.
     (CVE-2024-6501, Closes: #1076294)
   * Set debian-branch to debian/bookworm

nginx (1.22.1-9+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Add upstream patches for CVE-2024-7347:
     - mp4: fix buffer underread while updating stsz atom
     - mp4: reject unordered chunks in stsc atom

node-fstream-ignore (1.0.5-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   [ Jérémy Lal ]
   * Do not run tests in parallel. Closes: #1078886.

node-send (0.18.0+~cs1.19.1-3+deb12u1) bookworm; urgency=medium
 .
   * Fix XSS issue (Closes: #1081483, CVE-2024-43799)

node-serialize-javascript (6.0.0-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Serialize URL string contents to prevent XSS
     (Closes: #1095767, CVE-2024-11831)

nvidia-graphics-drivers (535.247.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.247.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.247.01 (2025-04-17).
     * Fixed CVE-2025-23244.  (Closes: #1104068)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5630
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (535.230.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.230.02 (2025-01-16).
     * Fixed CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131,
       CVE-2024-0149.  (Closes: #1093908)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5614
     * Drop ppc64le driver.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Stop building driver packages for ppc64el.
   * Stop building nvidia-cuda-mps and nvidia-detect for ppc64el.
 .
 nvidia-graphics-drivers (535.216.03-4) unstable; urgency=medium
 .
   * nvidia-driver-full: Relax nvidia-cuda-mps dependency on ppc64el.
   * New Catalan (ca) debconf translations by poc senderi.
   * Updated French (fr) debconf translations by Sylvestre Ledru.
 .
 nvidia-graphics-drivers (535.216.03-3) unstable; urgency=medium
 .
   * Backport drm_driver_has_date changes from 570.124.04 to fix kernel module
     build for Linux 6.14.
   * Backport module_import_ns_takes_string_literal and crypto_akcipher_verify
     changes from 550.144.03 and folio_test_swapcache changes from 565.57.01 to
     fix open kernel module build for Linux 6.13.
   * Let pahole ignore language c++11 for BTF generation.
   * Bump Standards-Version to 4.7.2. No changes needed.
 .
 nvidia-graphics-drivers (535.216.03-2) unstable; urgency=medium
 .
   * Backport cmd_symlink changes from 550.142 to fix kernel module build for
     Linux 6.13.
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
     (Closes: #1094903, #1095032, #1093246, #1092957, #1089513, #1089811)
   * Backport warning fixes from 535.230.02, 550.90.07, 560.28.03 and
     565.57.01.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends. (Closes: #1081314)
 .
 nvidia-graphics-drivers (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
nvidia-graphics-drivers (535.230.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.230.02 (2025-01-16).
     * Fixed CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131,
       CVE-2024-0149.  (Closes: #1093908)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5614
     * Drop ppc64le driver.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Stop building driver packages for ppc64el.
   * Stop building nvidia-cuda-mps and nvidia-detect for ppc64el.
nvidia-graphics-drivers (535.216.03-4) unstable; urgency=medium
 .
   * nvidia-driver-full: Relax nvidia-cuda-mps dependency on ppc64el.
   * New Catalan (ca) debconf translations by poc senderi.
   * Updated French (fr) debconf translations by Sylvestre Ledru.
nvidia-graphics-drivers (535.216.03-3) unstable; urgency=medium
 .
   * Backport drm_driver_has_date changes from 570.124.04 to fix kernel module
     build for Linux 6.14.
   * Backport module_import_ns_takes_string_literal and crypto_akcipher_verify
     changes from 550.144.03 and folio_test_swapcache changes from 565.57.01 to
     fix open kernel module build for Linux 6.13.
   * Let pahole ignore language c++11 for BTF generation.
   * Bump Standards-Version to 4.7.2. No changes needed.
nvidia-graphics-drivers (535.216.03-2) unstable; urgency=medium
 .
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
     (Closes: #1094903, #1095032, #1093246, #1092957, #1089513, #1089811)
   * Backport warning fixes from 535.230.02, 550.90.07, 560.28.03 and
     565.57.01.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends. (Closes: #1081314)
nvidia-graphics-drivers (535.216.03-2~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
 .
 nvidia-graphics-drivers (535.216.03-2) unstable; urgency=medium
 .
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
     (Closes: #1094903, #1095032, #1093246, #1092957, #1089513, #1089811)
   * Backport warning fixes from 535.230.02, 550.90.07, 560.28.03 and
     565.57.01.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends. (Closes: #1081314)
 .
 nvidia-graphics-drivers (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.216.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085968)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * nvidia-detect: Add support for Tesla 535 drivers.
   * nvidia-detect: Restrict support to driver series in trixie.
   * Clean up packaging cruft in preparation for forking Tesla 535 drivers.
 .
 nvidia-graphics-drivers (535.183.06-2) unstable; urgency=medium
 .
   * Simplify using nv_pfn_valid() in virt_addr_valid() on ppc64el.
   * Backport nv_get_kern_phys_address() changes from 555.42.02 to fix kernel
     module build with gcc-14 on arm*.  (Closes: #1084844)
   * Regenerate debian/control with libdpkg-perl/bookworm.
nvidia-graphics-drivers (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
nvidia-graphics-drivers (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085968)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * nvidia-detect: Add support for Tesla 535 drivers.
   * nvidia-detect: Restrict support to driver series in trixie.

nvidia-graphics-drivers-tesla (525.147.05-15~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla (525.147.05-15) unstable; urgency=medium
 .
   * Transition to packages from src:nvidia-graphics-drivers-tesla-535 on
     ppc64el.
 .
 nvidia-graphics-drivers-tesla (525.147.05-14) unstable; urgency=medium
 .
   * Backport drm_driver_has_date changes from 570.124.04 to fix kernel module
     build for Linux 6.14.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends.
   * Bump Standards-Version to 4.7.2. No changes needed.
 .
 nvidia-graphics-drivers-tesla (525.147.05-13) unstable; urgency=medium
 .
   * Backport cmd_symlink changes from 550.142 to fix kernel module build for
     Linux 6.13.
   * Backport drm_output_poll_changed changes from 535.216.01 to fix kernel
     module build for Linux 6.12.  (Closes: #1090254)
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
   * Backport warning fixes from 535.146.02,
     535.216.01, 535.230.02, 550.90.07, 560.28.03 and 565.57.01.
 .
 nvidia-graphics-drivers-tesla (525.147.05-12) unstable; urgency=medium
 .
   * Simplify using nv_pfn_valid() in virt_addr_valid() on ppc64el.
   * Backport nv_get_kern_phys_address() changes from 555.42.02 to fix kernel
     module build with gcc-14 on arm*.
 .
 nvidia-graphics-drivers-tesla (525.147.05-11) unstable; urgency=medium
 .
   * Use dh_movetousr (if available) to relocate the firmware to /usr where
     needed.  (Closes: #1073757)
   * Log an error message if nvidia-peermem refuses to load because it was
     built without IB peer memory symbols present.  (Closes: #1074350)
   * Backport CONFIG_MITIGATION_RETPOLINE changes from 470.256.02.
   * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
     Linux 6.10.
   * Use pfn_valid() variant with rcu_read_{,un}lock_sched() from Linux 6.8-rc3
     in virt_addr_valid() for Linux 5.10.210 - 5.10.999 to avoid using GPL
     symbols on ppc64el.
   * bug-script: Report 'apt-cache policy' (535.183.06-1).
   * Bump Standards-Version to 4.7.0. No changes needed.
 .
 nvidia-graphics-drivers-tesla (525.147.05-10) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
 .
 nvidia-graphics-drivers (525.147.05-10) unstable; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
 .
 nvidia-graphics-drivers (525.147.05-9) unstable; urgency=medium
 .
   * Packaging sync.
 .
 nvidia-graphics-drivers (525.147.05-8) unstable; urgency=medium
 .
   * Backport pfn_valid() usage removal in nv-mmap.c from 470.239.06.
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
nvidia-graphics-drivers-tesla (525.147.05-14) unstable; urgency=medium
 .
   * Backport drm_driver_has_date changes from 570.124.04 to fix kernel module
     build for Linux 6.14.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends.
   * Bump Standards-Version to 4.7.2. No changes needed.
nvidia-graphics-drivers-tesla (525.147.05-13) unstable; urgency=medium
 .
   * Backport drm_output_poll_changed changes from 535.216.01 to fix kernel
     module build for Linux 6.12.  (Closes: #1090254)
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
   * Backport warning fixes from 535.146.02,
     535.216.01, 535.230.02, 550.90.07, 560.28.03 and 565.57.01.
nvidia-graphics-drivers-tesla (525.147.05-12) unstable; urgency=medium
 .
   * ppc64el: Simplify using nv_pfn_valid() in virt_addr_valid().
   * Backport nv_get_kern_phys_address() changes from 555.42.02.
nvidia-graphics-drivers-tesla (525.147.05-11) unstable; urgency=medium
 .
   * Use dh_movetousr (if available) to relocate the firmware to /usr where
     needed.  (Closes: #1073757)
   * Log an error message if nvidia-peermem refuses to load because it was
     built without IB peer memory symbols present.  (Closes: #1074350)
   * Backport CONFIG_MITIGATION_RETPOLINE changes from 470.256.02.
   * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
     Linux 6.10.
   * ppc64el: Use pfn_valid() variant with rcu_read_{,un}lock_sched() for
     Linux 5.10 from 5.10.210 onwards to avoid using GPL symbols.
   * bug-script: Report 'apt-cache policy' (535.183.06-1).
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers-tesla (525.147.05-10) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
nvidia-graphics-drivers-tesla (525.147.05-7) unstable; urgency=medium
 .
   * Relax the dependencies on libnvidia*-glcore/libnvidia*-eglcore for the
     transitional packages.
 .
 nvidia-graphics-drivers (525.147.05-7) UNRELEASED; urgency=medium
 .
   * nvidia-detect: Fix mismerge breaking Tesla 470 detection.
   * Relax dh-dkms build-dependency, satisfied in stable.
 .
 nvidia-graphics-drivers (525.147.05-6~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.

nvidia-graphics-drivers-tesla-535 (535.216.03-3~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
   * This is a fork of the last driver release from the 535 series that still
     supports the ppc64el architecture. Nvidia has discontinued ppc64el support
     and further updates of src:nvidia-graphics-drivers will therefore drop the
     ppc64el driver.
   * Do not build for i386 or arm64.
   * Drop nvidia-settings-tesla-535 dependency, won't be backported to
     bookworm.
nvidia-graphics-drivers-tesla-535 (535.216.03-2) unstable; urgency=medium
 .
   * Rebuild as Tesla 535 driver.
 .
 nvidia-graphics-drivers (535.216.03-3) unstable; urgency=medium
 .
   * Backport drm_driver_has_date changes from 570.124.04 to fix kernel module
     build for Linux 6.14.
   * Backport module_import_ns_takes_string_literal and crypto_akcipher_verify
     changes from 550.144.03 and folio_test_swapcache changes from 565.57.01 to
     fix open kernel module build for Linux 6.13.
   * Let pahole ignore language c++11 for BTF generation.
   * Bump Standards-Version to 4.7.2. No changes needed.
nvidia-graphics-drivers-tesla-535 (535.216.03-1) unstable; urgency=medium
 .
   * Rebuild as Tesla 535 driver.
 .
 nvidia-graphics-drivers (535.216.03-2) unstable; urgency=medium
 .
   * Backport file_operations_fop_unsigned_offset_present changes from
     535.230.02.
     (Closes: #1094903, #1095032, #1093246, #1092957, #1089513, #1089811)
   * Backport warning fixes from 535.230.02, 550.90.07, 560.28.03 and
     565.57.01.
   * nvidia-vulkan-icd: Promote libnvidia-rtcore to Depends. (Closes: #1081314)
 .
 nvidia-graphics-drivers (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
nvidia-graphics-drivers-tesla-535 (535.216.01-1) unstable; urgency=medium
 .
   * Fork as new source package, rename everything to include '-tesla-535'.
   * Do not build 'unversioned' packages from this source.
 .
 nvidia-graphics-drivers (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085968)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * nvidia-detect: Add support for Tesla 535 drivers.
   * nvidia-detect: Restrict support to driver series in trixie.

nvidia-open-gpu-kernel-modules (535.247.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.247.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.247.01 (2025-04-17).
     * Fixed CVE-2025-23244.  (Closes: #1104076)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5630
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.230.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.230.02 (2025-01-16).
     * Fixed CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131,
       CVE-2024-0149.  (Closes: #1093916)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5614
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.216.03-4) unstable; urgency=medium
 .
   * Do not add -mfunction-return=thunk-extern flag, breaks backwards
     compatibility with kernels built without this flag.
   * Apply both patch sets manually.
 .
 nvidia-open-gpu-kernel-modules (535.216.03-3) unstable; urgency=medium
 .
   * Backport NV_MODULE_IMPORT_NS_TAKES_STRING_LITERAL and
     NV_CRYPTO_AKCIPHER_VERIFY_PRESENT changes from 550.144.03 and
     NV_FOLIO_TEST_SWAPCACHE_PRESENT changes from 565.57.01 to fix open kernel
     module build for Linux 6.13.
   * Let pahole ignore language c++11 for BTF generation.  (Closes: #1098812)
   * Fix warnings during open module build.
   * Build with more kernel hardening flags.
   * Sync with src:nvidia-graphics-drivers.
   * Bump Standards-Version to 4.7.2. No changes needed.
 .
 nvidia-open-gpu-kernel-modules (535.216.03-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.  (Closes: #1090361)
 .
 nvidia-open-gpu-kernel-modules (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
nvidia-open-gpu-kernel-modules (535.230.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.230.02 (2025-01-16).
     * Fixed CVE-2024-0150, CVE-2024-0147, CVE-2024-53869, CVE-2024-0131,
       CVE-2024-0149.  (Closes: #1093916)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5614
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
nvidia-open-gpu-kernel-modules (535.216.03-4) unstable; urgency=medium
 .
   * Do not add -mfunction-return=thunk-extern flag, breaks backwards
     compatibility with kernels built without this flag.
   * Apply both patch sets manually.
nvidia-open-gpu-kernel-modules (535.216.03-3) unstable; urgency=medium
 .
   * Backport NV_MODULE_IMPORT_NS_TAKES_STRING_LITERAL and
     NV_CRYPTO_AKCIPHER_VERIFY_PRESENT changes from 550.144.03 and
     NV_FOLIO_TEST_SWAPCACHE_PRESENT changes from 565.57.01 to fix open kernel
     module build for Linux 6.13.
   * Let pahole ignore language c++11 for BTF generation.  (Closes: #1098812)
   * Fix warnings during open module build.
   * Build with more kernel hardening flags.
   * Sync with src:nvidia-graphics-drivers.
   * Bump Standards-Version to 4.7.2. No changes needed.
nvidia-open-gpu-kernel-modules (535.216.03-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.  (Closes: #1090361)
nvidia-open-gpu-kernel-modules (535.216.03-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.216.03 (2024-11-19).
nvidia-open-gpu-kernel-modules (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085976)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
   * Sync with src:nvidia-graphics-drivers.

nvidia-settings (535.247.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-settings (535.247.01-1) unstable; urgency=medium
 .
   * New upstream release 535.247.01.
   * Relax the nvidia-alternative dependency on ppc64el.
   * Bump Standards-Version to 4.7.2. No changes needed.
 .
 nvidia-settings (535.230.02-1) unstable; urgency=medium
 .
   * New upstream release 535.230.02.
   * Bump Standards-Version to 4.7.1. No changes needed.
 .
 nvidia-settings (535.216.01-1) unstable; urgency=medium
 .
   * New upstream release 535.216.01.
   * Drop support for -tesla and -legacy-ABCxx packages.
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-settings (535.230.02-1) unstable; urgency=medium
 .
   * New upstream release 535.230.02.
   * Bump Standards-Version to 4.7.1. No changes needed.
nvidia-settings (535.216.01-1) unstable; urgency=medium
 .
   * New upstream release 535.216.01.
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-settings (535.171.04-1) unstable; urgency=medium
 .
   * New upstream release 535.171.04.
     - Updated the nvidia-settings control panel to ensure that the entire
       Display Configuration page can be used when the Layout window is shown.
     - Updated the nvidia-settings control panel to allow the primary display
       to be set on any GPU in a multi-GPU system.
   * New upstream release 535.146.02.
     - Fixed a bug that caused the nvidia-settings control panel to crash
       when running on Wayland with newer versions of libwayland-client.
   * New upstream release 535.54.03.
     - Fixed a bug that prevented SLI Mosaic controls from being displayed in
   * New upstream release 535.43.02.
     - Added power usage and power limits information to nvidia-settings
       PowerMizer page.
       the nvidia-settings control panel when using GSP Firmware.

openjdk-17 (17.0.15+6-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm
openjdk-17 (17.0.15~5ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.14 early access, build 5.
 .
   [ Vladimir Petko ]
   * d/t/problems.csv: Disable tests failing due to upstream bugs.
openjdk-17 (17.0.15~4ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.14 early access, build 4.
 .
   [ Vladimir Petko ]
   * d/rules: Disable dtrace on jammy armhf (was not enabled before and cannot
     be built due to a GCC ICE (see LP #2091225).
openjdk-17 (17.0.14+7-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.14 release, build 7. Release notes:
     https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-January/040827.html
 .
     - CVEs:
       + CVE-2025-21502 - 8330045: Enhance array handling.
 .
   [ Vladimir Petko ]
   * d/rules: Dump complete hs_err_pid and replay_pid logs to stdout.
   * d/t/problems.csv: Add openjdk-24 and openjdk-25 to the problems.csv.
   * d/rules: Create link to jquery-3.7.1.min.js instead of jquery-3.6.1.min.js
     (LP: #2095455).
   * d/copyright: Regenerate.
 .
   [ Matthias Klose ]
   * d/rules: Also dump logs for zero builds and for build failures.

openrazer (3.5.1+dfsg-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-32776: out-of-bounds read

opensaml (3.2.1-3+deb12u1) bookworm-security; urgency=high
 .
   * [b3e86fd] New patch: CPPOST-126 - Simple signature verification fails to
     detect parameter smuggling.
     Security fix cherry-picked from v3.3.1 (upstream commit
     22a610b322e2178abd03e97cdbc8fb50b45efaee).
     Parameter manipulation allows the forging of signed SAML messages
     =================================================================
     A number of vulnerabilities in the OpenSAML library used by the
     Shibboleth Service Provider allowed for creative manipulation of
     parameters combined with reuse of the contents of older requests
     to fool the library's signature verification of non-XML based
     signed messages.
     Most uses of that feature involve very low or low impact use cases
     without critical security implications; however, there are two
     scenarios that are much more critical, one affecting the SP and
     one affecting some implementers who have implemented their own
     code on top of our OpenSAML library and done so improperly.
     The SP's support for the HTTP-POST-SimpleSign SAML binding for
     Single Sign-On responses is its critical vulnerability, and
     it is enabled by default (regardless of what one's published
     SAML metadata may advertise).
     The other critical case involves a mistake that does *not*
     impact the Shibboleth SP, allowing SSO to occur over the
     HTTP-Redirect binding contrary to the plain language of the
     SAML Browser SSO profile. The SP does not support this, but
     other implementers may have done so.
     Contrary to the initial publication of this advisory, there is no
     workaround within the SP configuration other than to remove the
     "SimpleSigning" security policy rule from the security-policy.xml
     file entirely.
     That will also prevent support of legitimate signed requests or
     responses via the HTTP-Redirect binding, which is generally used
     only for logout messages within the SP itself. Removing support
     for that binding in favor of HTTP-POST in any published metadata
     is an option of course.
     Full advisory:
     https://shibboleth.net/community/advisories/secadv_20250313.txt
     Thanks to Scott Cantor (Closes: #1100464)

openssh (1:9.2p1-2+deb12u6) bookworm; urgency=medium
 .
   * CVE-2025-32728: sshd(8): fix the DisableForwarding directive, which was
     failing to disable X11 forwarding and agent forwarding as documented
     (closes: #1102603).

openssl (3.0.16-1~deb12u1) bookworm; urgency=medium
 .
   * Import 3.0.15
     - CVE-2024-13176 (Timing side-channel in ECDSA signature computation)
       (Closes: #1094027).

openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488)
     - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2
       (Closes: #1101935)
     - CVE-2024-5594: malicious peer can DoS or send garbage to logs
     - CVE-2024-28882: client can circumvent management client-kill
       both (Closes: #1074488)
   * Run salsa pipeline in Bookworm environment
     - add d/source/options to make it build in Bookworm Salsa
 .
   [ Aquila Macedo ]
   * d/p/sample-keys-renew-10-years: import upstream patch to update expired
     certificates used in the build-time tests (Closes: #1086653)

perl (5.36.0-7+deb12u2) bookworm-security; urgency=medium
 .
   * [SECURITY] CVE-2024-56406: Fix heap-buffer-overflow with tr//

php8.2 (8.2.28-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.28
    - [CVE-2025-1219]: libxml streams use wrong `content-type` header
      when requesting a redirected resource.
    - [CVE-2025-1736]: Stream HTTP wrapper header check might omit
      basic auth header.
    - [CVE-2025-1861]: Stream HTTP wrapper truncate redirect location
      to 1024 bytes.
    - [CVE-2025-1734]: Streams HTTP wrapper does not fail for headers
      without colon.
    - [CVE-2025-1217]: Header parser of `http` stream wrapper does not
      handle folded headers.
php8.2 (8.2.27-1) unstable; urgency=medium
 .
   * New upstream version 8.2.27
php8.2 (8.2.26-4) unstable; urgency=medium
 .
   * Remove the /usr/lib/libphp.so symbolic link if unowned
     (Closes: #1035798)

phpmyadmin (4:5.2.1+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-24529: XSS on Insert page
   * CVE-2025-24530: XSS when checking tables

policyd-rate-limit (1.0.1.1-2.1+deb12u1) bookworm; urgency=medium
 .
   * patches/yaml-load: Fix startup with newer python3-yaml (Closes: #1022034)

poppler (22.12.0-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-34872: OutlineItem::open crash on malformed files
     (Closes: #1042811)
   * CVE-2024-56378: Out-of-bounds read in JBIG2Bitmap::combine
     (Closes: #1091322)
   * CVE-2025-32364: Floating point exception in PSStack::roll
     (Closes: #1102190)
   * CVE-2025-32365: Out-of-bounds read in JBIG2:Bitmap::combine
     (Closes: #1102191)

postgresql-15 (15.13-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.13.
 .
     + Avoid one-byte buffer overread when examining invalidly-encoded strings
       that are claimed to be in GB18030 encoding (Noah Misch, Andres Freund)
 .
       While unlikely, a SIGSEGV crash could occur if an incomplete multibyte
       character appeared at the end of memory.  This was possible both in the
       server and in libpq-using applications. (CVE-2025-4207)

python-h11 (0.14.0-1.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 python-h11 (0.14.0-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-43859: Don't accept malformed chunked-encoding bodies
     (Closes: #1104056)

python3.11 (3.11.2-6+deb12u6) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-0938: urlparse accepted hostname containing [ or ]
   * CVE-2025-1795: Don't encode list separators in email headers

qemu (1:7.2+dfsg-7+deb12u13) bookworm; urgency=medium
 .
   * v7.2.17:
     - Update version for 7.2.17 release
     - hw/misc/aspeed_hace: Fix buffer overflow in has_padding function
     - target/ppc: Fix e200 duplicate SPRs
     - vdpa: Allow vDPA to work on big-endian machine
     - vdpa: Fix endian bugs in shadow virtqueue
     - target/arm: Simplify pstate_sm check in sve_access_check
     - target/arm: Make DisasContext.{fp, sve}_access_checked tristate
     - util/cacheflush: Make first DSB unconditional on aarch64
     - ui/cocoa: Temporarily ignore annoying deprecated declaration warnings
     - docs: Rename default-configs to configs
     - block: Zero block driver state before reopening
     - hw/net/smc91c111: Don't allow data register access to overrun buffer
     - hw/net/smc91c111: Sanitize packet length on tx
     - hw/net/smc91c111: Sanitize packet numbers
     - hw/net/smc91c111: Ignore attempt to pop from empty RX fifo
     - ppc/pnv/occ: Fix common area sensor offsets
     - hw/gpio: npcm7xx: fixup out-of-bounds access
     - block/qed: fix use-after-free by nullifying timer pointer after free
     - goldfish_rtc: Fix tick_offset migration
     - target/riscv: throw debug exception before page fault
     - target/riscv/debug.c: use wp size = 4 for 32-bit CPUs
     - target/riscv: rvv: Fix unexpected behavior of vector reduction
       instructions when vl is 0
     - cryptodev/vhost: allocate CryptoDevBackendVhost using g_mem0()
     - amd_iommu: Use correct bitmask to set capability BAR
     - hw/i386/amd_iommu: Explicit use of AMDVI_BASE_ADDR in amdvi_init
     - amd_iommu: Use correct DTE field for interrupt passthrough
     - Kconfig: Extract CONFIG_USB_CHIPIDEA from CONFIG_IMX
     - hw/intc/arm_gicv3_cpuif: Don't downgrade monitor traps for AArch32 EL3
     - target/arm: Make CP_ACCESS_TRAPs to AArch32 EL3 be Monitor traps
     - target/arm: Report correct syndrome for UNDEFINED LOR sysregs when NS=0
     - target/arm: Report correct syndrome for UNDEFINED S1E2 AT ops at EL3
     - target/arm: Report correct syndrome for UNDEFINED CNTPS_*_EL1
       from EL2 and NS EL1
     - target/sparc: Fix gdbstub incorrectly handling registers f32-f62
     - ui/sdl2: reenable the SDL2 Windows keyboard hook procedure
     - linux-user: Do not define struct sched_attr if libc headers do
   * v7.2.16:
     - Update version for 7.2.16 release
     - hw/usb/canokey: Fix buffer overflow for OUT packet
     - target/arm: arm_reset_sve_state() should set FPSR, not FPCR
     - tests: acpi: update expected blobs
     - pci: acpi: Windows 'PCI Label Id' bug workaround
     - tests: acpi: whitelist expected blobs
     - pci/msix: Fix msix pba read vector poll end calculation
     - pci: ensure valid link status bits for downstream ports
     - hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec
     - backends/cryptodev-vhost-user: Fix local_error leaks
     - target/i386/cpu: Fix notes for CPU models
     - docs: Correct release of TCG trace-events removal
     - s390x/s390-virtio-ccw: don't crash on weird RAM sizes
     - meson.build: Disallow libnfs v6 to fix the broken macOS build
     - hw/intc/arm_gicv3_its: Zero initialize local DTEntry etc structs
     - x86/loader: only patch linux kernels
     - fuzz: specify audiodev for usb-audio
     - tcg/riscv: Fix StoreStore barrier generation
     - hw/openrisc/openrisc_sim: keep serial@90000000 as default
     - target/ppc: Fix non-maskable interrupt while halted
     - tests/9p: also check 'Tgetattr' in 'use-after-unlink' test
     - 9pfs: fix 'Tgetattr' after unlink
     - 9pfs: remove obsolete comment in v9fs_getattr()
     - tests/9p: add 'use-after-unlink' test
     - tests/9p: add missing Rgetattr response name
     - tests/9p: fix Rreaddir response name
     - scsi: megasas: Internal cdbs have 16-byte length
     - ssh: Do not switch session to non-blocking mode
     - qdev: Fix set_pci_devfn() to visit option only once
     - virtio-net: Fix size check in dhclient workaround
     - cirrus-ci: Remove MSYS2 jobs duplicated with gitlab-ci
     - hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
     - bitops.h: Define bit operations on 'uint32_t' arrays
     - hw/intc/openpic: Avoid taking address of out-of-bounds array index

qtbase-opensource-src (5.15.8+dfsg-11+deb12u3) bookworm; urgency=medium
 .
   * Backport upstream patch to add null checks in table iface methods in
     linuxaccessibility/atspiadaptor.cpp (closes: #1081682).
   * Backport upstream patch to delay any communication until encrypted() can
     be responded to (CVE-2024-39936, closes: #1076293).

rails (2:6.1.7.10+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 6.1.7.10+dfsg.
     (Fixes: CVE-2023-28362, CVE-2023-38037, CVE-2024-26144, CVE-2024-28103,
     CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889)
     (Closes: #1051058, #1051057, 1065119, #1072705, #1085376)
   * Add patch to add CSP directive validation.
     (Fixes: CVE-2024-54133) (Closes: #1089755)
rails (2:6.1.7.3+dfsg-13) unstable; urgency=medium
 .
   * Team upload.
   * Revert the relaxing of ruby-rack's dependency in ruby-actionpack.
     This did not work out as planned since rack-session was added as
     a dependency in actionpack/actionpack.gemspec in v2:6.1.7.3+dfsg-9
rails (2:6.1.7.3+dfsg-12) unstable; urgency=medium
 .
   * Team upload
   * Add Breaks: schleuder (<< 5.0.0-3~) (to help migration to testing)
rails (2:6.1.7.3+dfsg-11) unstable; urgency=medium
 .
   * Team upload
   * Change ruby-actionpack's dependency on ruby-rack-session to
     "| ruby-rack (<< 3)", as Rack::Session was part of Rack 2. This
     should allow Rack 3 to transition to testing independently of Rails.
rails (2:6.1.7.3+dfsg-10) unstable; urgency=medium
 .
   * Team upload
   * Disable 'rake test' in 'newapp' autopkgtest
rails (2:6.1.7.3+dfsg-9) unstable; urgency=medium
 .
   * Patch actionpack/actionpack.gemspec to depend on rack-session
rails (2:6.1.7.3+dfsg-8) unstable; urgency=medium
 .
   * Add ruby-rack-rack-session as a Depends for ruby-actionpack.
rails (2:6.1.7.3+dfsg-7) unstable; urgency=medium
 .
   * Team upload
   * Re-upload to unstable
rails (2:6.1.7.3+dfsg-7~exp1) experimental; urgency=medium
 .
   * relax-dependencies.patch: relax rack for actionpack
   * relax rack dependency for ruby-actionpack
rails (2:6.1.7.3+dfsg-6) unstable; urgency=medium
 .
   * Team upload
   * Restore rack v2 constraint for ruby-actionpack
rails (2:6.1.7.3+dfsg-5) unstable; urgency=medium
 .
   * Team upload
   * d/control: relax version dependency on ruby-rack
   * d/rules: remove noop code where a js file is regenerated before being
     deleted
   * Remove build-dependency on ruby-blade
rails (2:6.1.7.3+dfsg-4) unstable; urgency=medium
 .
   * Team upload
   * Relax version dependency on ruby-redis
   * Remove X?-Ruby-Versions fields from d/control
rails (2:6.1.7.3+dfsg-3) unstable; urgency=medium
 .
   * Team upload.
   * Use puma 6.x (to match the version in the archive)
rails (2:6.1.7.3+dfsg-2) unstable; urgency=medium
 .
   * debian/control:
     - Declare that ruby-activerecord breaks and replaces ruby-arel: it was
       merged five years ago, is therefore obsolete and to be removed.
       (Closes: #1038935)

redis (5:7.0.15-1~deb12u4) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-21605: Limit output buffer for unauthenticated clients
     (Closes: #1104010)

renaissance (0.9.0-4.1+deb12u1) bookworm; urgency=medium
 .
   * debian/patches/GSMarkupLocalizableStrings-force-linking.patch: New;
     force linking to avoid exception on startup (Closes: #1095596).

request-tracker4 (4.4.6+dfsg-1.1+deb12u2) bookworm-security; urgency=medium
 .
   * Apply upstream patches which fixes several security vulnerabilities.
     - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
       malicious parameters in a search URL.
     - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
       encrypting SMIME email. This is an outdated cipher algorithm, so the
       default is changed to aes-128-cbc. In addition, this is now configurable
       so you can pick an alternate cipher now or in the future, or revert to
       des3 if needed for compatibility
   * [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452).

request-tracker5 (5.0.3+dfsg-3~deb12u3) bookworm-security; urgency=medium
 .
   * Correct CVE-2023-41260 number in previous entry (Closes: #1055128).
   * Add patches from 5.0.6 to resolve CVE-2024-3262. Information exposure
     vulnerability due to browser cache usage. If you have sensitive
     information enable the $WebStrictBrowserCache option (Closes: #1068453).
   * Apply upstream patches which fix several security vulnerabilities.
     - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
       malicious parameters in a search URL.
     - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
       encrypting SMIME email. This is an outdated cipher algorithm, so the
       default is changed to aes-128-cbc. In addition, this is now configurable
       so you can pick an alternate cipher now or in the future, or revert to
       des3 if needed for compatibility.
     - [CVE-2025-31501] Vulnerable to Cross Site Scripting via JavaScript
       injection in an Asset name.
     - [CVE-2025-31500] Vulnerable to Cross Site Scripting via JavaScript
       injection in an RT permalink.

ruby-rack (2.2.13-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 2.2.13.
     - Fixes: CVE-2025-27610, CVE-2025-27111, CVE-2025-25184.
     - Closes: #1100444, #1099546, #1098257.
   * Drop patches that have been applied in v2.2.13.
ruby-rack (2.2.7-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2024-25126: ReDoS in Content Type header parsing
   * CVE-2024-26141: Reject Range headers which are too large
   * CVE-2024-26146: ReDoS in Accept header parsing
   * Closes: #1064516
ruby-rack (2.2.7-1) unstable; urgency=medium
 .
   * Team Upload
   * New upstream version 2.2.7

shadow (1:4.13+dfsg1-1+deb12u1) bookworm; urgency=medium
 .
   [ Balint Reczey ]
   * Cherry-pick upstream patch to fix gpasswd passwd leak (Closes: #1051062)
     CVE-2023-4641
   * Cherry-pick upstream patch to fix chfn vulnerability (Closes: #1034482)
     CVE-2023-29383
   * Fix valid_field() that regressed in upstream's chfn fix
 .
   [ Chris Hofstaedtler ]
   * Update Uploaders: field from unstable

thunderbird (1:128.10.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.9.0esr-1) unstable; urgency=medium
 .
   * [ccc36f9] New upstream version 128.9.0esr
     Fixed CVE issues in upstream version 128.9 (MFSA 2025-24):
     CVE-2025-3028: Use-after-free triggered by XSLTProcessor
     CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters
     CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137,
                    Firefox ESR 128.9, and Thunderbird 128.9
   * [c70d0c4] rebuild patch queue from patch-queue branch
     modified patches:
     thunderbird-l10n/sl-change-Edit-Uredi-to-CTRL-E.patch
   * [ba02ce1] d/thunderbird.install: install interesting_serverknobs.json file
thunderbird (1:128.9.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.8.0esr-1) unstable; urgency=medium
 .
   * [bb4e012] d/control: Increase Standards-Version to 4.7.1
   * [7843a54] New upstream version 128.8.0esr
     Fixed CVE issues in upstream version 128.8 (MFSA 2025-18):
     CVE-2024-43097: Overflow when growing an SkRegion's RunArray
     CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the
                    Browser process
     CVE-2025-1931: Use-after-free in WebTransportChild
     CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
                    out-of-bounds access
     CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
     CVE-2025-1934: Unexpected GC during RegExp bailout processing
     CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
     CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the
                    interpretation of the contents
     CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
                    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird
                    128.8
     CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
                    Firefox ESR 128.8, and Thunderbird 128.8

tomcat10 (10.1.34-0+deb12u2) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2025-24813:
     It was found that a malicious user was able to view security sensitive
     files and/or inject content into those files when writes were enabled for
     the default servlet (disabled by default) and support for partial PUT was
     enabled (default). Under certain circumstances, depending on the
     application in use, remote code execution may have been possible.

trafficserver (9.2.5+ds-0+deb12u2) bookworm-security; urgency=medium
 .
   * Update to 9.2.9 via 0023-update-to-929.patch (but not via a new
     tarball given unstable is still at 9.2.5).

twitter-bootstrap3 (3.4.1+dfsg-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CVE-2024-6485:
     A security vulnerability has been discovered in bootstrap
     that could enable Cross-Site Scripting (XSS) attacks.
     The vulnerability is associated with the data-loading-text
     attribute within the button plugin.
     This vulnerability can be exploited by injecting malicious
     JavaScript code into the attribute, which would then be
     executed when the button's loading state is triggered.
     (Closes: #1084060)
   * Fix CVE-2024-6484:
     A vulnerability has been identified in Bootstrap that
     exposes users to Cross-Site Scripting (XSS) attacks.
     The issue is present in the carousel component, where the
     data-slide and data-slide-to attributes can be exploited
     through the href attribute of an <a> tag due to inadequate
     sanitization. This vulnerability could potentially enable
     attackers to execute arbitrary JavaScript within
     the victim's browser.
     (Closes: #1084060)

twitter-bootstrap4 (4.6.1+dfsg1-4+deb12u1) bookworm; urgency=high
 .
   * Team upload
   * Fix CVE-2024-6531 (XSS vulnerability):
     An anchor element (<a>), when used for carousel navigation
     with a data-slide attribute, can contain an href attribute
     value that is not subject to proper content sanitization.
     Improper extraction of the intended target carousel’s
     #id from the href attribute can lead to use cases where
     the click event’s preventDefault()
     is not applied and the href is evaluated and executed.
     As a result, restrictions are not applied to the data
     that is evaluated, which can lead to potential
     XSS vulnerabilities.
     (Closes: #1084059)

tzdata (2025b-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 2025b:
     - New America/Coyhaique zone for Aysén Region in Chile, which moves
       from -04/-03 to -03. It will not change its clocks on 2025-04-05.
     - Improve historical data for Iran
   * Add America/Coyhaique to debconf templates
tzdata (2025a-2) unstable; urgency=medium
 .
   [ Aurelien Jarno ]
   * Update Brazilian Portuguese debconf translation.
     Thanks to Adriano Rafael Gomes <adrianorg@debian.org> (Closes: #1093450)
 .
   [ Benjamin Drung ]
   * Add chrono autopkgtest to test C++ chrono library (LP: #2096974)
tzdata (2025a-1) unstable; urgency=medium
 .
   * New upstream version 2025a
     - Paraguay adopts permanent -03 starting spring 2024
     - No leap second on 2025-06-30
   * Add autopkgtest test case for 2025a release
   * Improve NEWS note about the /etc/timezone deprecation

varnish (7.1.1-1.1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-30346: HTTP/1 client-side desync vulnerability

vips (8.14.1-3+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2025-29769: Potential heap-based buffer overflow when attempting
     to convert multiband TIFF input to HEIF output.
   * Add d/salsa-ci.yml for Salsa CI.

webkit2gtk (2.48.1-2~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
webkit2gtk (2.48.1-1) unstable; urgency=high
 .
   [ Alberto Garcia ]
   * New upstream release.
   * Refresh all patches.
   * Build with -mlarge-data and -mlarge-text on alpha to fix build failure
     (thanks, John Paul Adrian Glaubitz) (Closes: #1101547).
   * debian/control.in:
     - Update Standards-Version to 4.7.2 (no changes).
   * fix-typo-denormaldisabler.patch:
     - Fix build failure in i386 and others due to missing semicolon.
 .
   [ Jeremy Bicha ]
   * Disable speech synthesis in Ubuntu builds.
webkit2gtk (2.48.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bring all changes from the 2.47 (experimental) branch.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
   * Remove libwebkit2gtk-4.0-37.lintian-overrides.
   * debian/control.in:
     - Add build dependency on flite1-dev (for speech synthesis).
     - Remove the minimum versions of all build dependencies in the cases
       where they are very old.
     - Remove build dependencies on all lib*-doc packages.
   * Enable clang again in the architectures where it's available and known
     to work.
   * Replace USE_OLD_*_PKG with USE_OLD_PKG_NAMES.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/gbp.conf:
     - Update upstream branch name.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * fix-bmalloc-armhf.patch:
     - Drop this patch, the armhf build works fine now without it.
   * fix-ftbfs-hurd.patch:
     - Drop this patch, I forgot to do it in 2.46.1-2.
   * disable-nvidia-dmabuf.patch:
     - Update this patch for the 2.48.x branch.
   * debian/rules:
     - Stop overriding dh_builddeb, running it in parallel used to be a
       problem when we were building without -g1 and had very large debug
       packages.
webkit2gtk (2.48.0-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old
       package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
   * Use clang-16 instead of clang.
webkit2gtk (2.47.90-1) experimental; urgency=medium
 .
   * New upstream development release.
   * fix-bmalloc-armhf.patch:
     - Drop this patch, the armhf build works fine now without it.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
webkit2gtk (2.47.4-1) experimental; urgency=medium
 .
   * New upstream development release.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/rules:
     - Stop using -DWTF_CPU_ARM64_CORTEXA53=OFF, this was fixed upstream a
       long time ago (WebKit bug #197192).
   * debian/upstream/signing-key.asc:
     - sq complains about multiple concatenated ASCII Armor blocks, so put
       all keys in the same block.
webkit2gtk (2.47.3-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Refresh disable-nvidia-dmabuf.patch.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
webkit2gtk (2.47.2-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Drop calctree-static-assert.patch.
   * debian/control.in:
     - Add build dependency on flite1-dev (for speech synthesis).
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
   * Remove libwebkit2gtk-4.0-37.lintian-overrides.
   * debian/copyright:
     - Update copyright information of all files.
   * Disable clang in i386 ("unknown type name __m128i") and mips64el
     ("failed to perform tail call elimination on a call site marked
     musttail").
webkit2gtk (2.47.1-1) experimental; urgency=medium
 .
   * New upstream development release.
   * debian/watch, debian/gbp.conf:
     - Branch for 2.47.x in experimental.
   * Drop fix-ftbfs-hurd.patch, I forgot to do it in 2.46.1-2.
   * debian/copyright:
     - Update copyright information of all files.
   * Replace USE_OLD_*_PKG with USE_OLD_PKG_NAMES.
   * debian/control.in:
     - Remove build dependencies on all lib*-doc packages.
     - Remove the minimum versions of all build dependencies in the cases
       where they are very old.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * Enable clang again in the architectures where it's available.
   * debian/rules:
     - Stop overriding dh_builddeb, running it in parallel used to be a
       problem when we were building without -g1 and had very large debug
       packages.
   * debian/patches/calctree-static-assert.patch:
     - Fix static assertion in i386.
webkit2gtk (2.46.6-1) unstable; urgency=high
 .
   * New upstream release (Closes: #1092311).
   * Refresh debian/patches/disable-nvidia-dmabuf.patch
   * debian/copyright:
     - Update copyright information of all files.
   * debian/rules:
     - Stop using -DWTF_CPU_ARM64_CORTEXA53=OFF, this was fixed upstream a
       long time ago (WebKit bug #197192).
   * debian/upstream/signing-key.asc:
     - sq complains about multiple concatenated ASCII Armor blocks, so put
       all keys in the same block.

wireless-regdb (2025.02.20-1~deb12u1) bookworm; urgency=medium
 .
   * Backport to bookworm:
     - d/salsa-ci.yml: Set RELEASE to bookworm
   * d/salsa-ci.yml: Run lintian from the target release, not always unstable
wireless-regdb (2024.10.07-2) unstable; urgency=medium
 .
   [ Colin Watson ]
   * d/tests/check-signatures: Fix subprocess cleanup (closes: #1092796).
wireless-regdb (2024.10.07-1) unstable; urgency=medium
 .
   * New upstream version:
     - Update regulatory info for Qatar (QA) on 6GHz
     - Update regulatory info for New Zealand (NZ) for 2022
     - Update regulatory info for Peru (PE) on 6GHz
     - Update regulatory info for El Salvador (SV) on 6GHz
     - Update regulatory info for Togo (TG) for 2022
     - Add regulatory info for Namibia (NA) for 2023
     - Update regulatory info for Bahrain (BH) for 2024
     - Update regulatory info for Guatemala (GT) for 2020
     - Update regulatory info for Philippines (PH) on 6GHz
     - Correct regulatory rules for China (CN)
     - Update regulatory info for Kuwait (KW) for 2022
     - Update regulatory info for Israel (IL) for 2021
     - Update regulatory info for Honduras (HN) for 2023
     - Correct regulatory rules of 6GHz frequency for Türkiye (TR)
     - Update regulatory info for Serbia (RS) for 2024
     - Update regulatory info for Pakistan (PK) for 2024
     - Update regulatory info for Tanzania (TZ) for 2024
     - update regulatory database based on preceding changes
   * Revert "Run scripts with Python 3" and Build-Depend on python-is-python3
wireless-regdb (2024.07.04-1) unstable; urgency=medium
 .
   * New upstream version:
     - Update regulatory rules for Mongolia (MN) on 6GHz
     - Update regulatory rules for Saudi Arabia (SA) on 6GHz
     - Update regulatory rules for South Africa (ZA) on 6GHz
     - Update regulatory info for Thailand (TH) on 6GHz
     - Update regulatory info for Malaysia (MY) for 2022
     - Update regulatory info for Morocco (MA) on 6GHz
     - Update regulatory info for Chile (CL) on 6GHz
     - Update regulatory info for Mexico (MX) on 6GHz
     - Update regulatory info for Iceland (IS) on 6GHz
     - Update regulatory info for Mauritius(MU) on 6GHz
     - Update regulatory info for Argentina (AR) on 6GHz
     - Update regulatory info for United Arab Emirates (AE) on 6GHz
     - Update regulatory info for Colombia (CO) on 6GHz
     - Update regulatory info for Costa Rica (CR) for 2021
     - Update regulatory info for Dominican Republic (DO) on 6GHz
     - Update regulatory info for Liechtenstein (LI) on 6GHz
     - Update regulatory info for Jordan (JO) for 2022
     - Update regulatory info for Kenya (KE) for 2022
     - Update regulatory info for Macao (MO) for 2024
     - update regulatory database based on preceding changes
wireless-regdb (2024.05.08-1) unstable; urgency=medium
 .
   * New upstream version:
     - add 5 GHz rules for GY
     - update 5 GHz rules for PK and add 60 GHz rule
     - Update regulatory rules for Brazil (BR)
     - update regulatory rules for Switzerland (CH)
     - Update regulatory rules for Japan (JP) on 5GHz
     - Update regulatory rules for Japan (JP) on 6GHz
     - Update regulatory info for Russia (RU) on 5GHz
     - Update regulatory info for Russia (RU) on 6GHz
     - Update regulatory rules for Russia (RU). Remove DFS requirement.
     - update regulatory rules for India (IN)
     - Update regulatory rules for Hong Kong (HK)
     - Update regulatory rules for Philippines (PH)
     - Update regulatory rules for Egypt (EG) from March 2022 guidelines
     - Update regulatory info for Türkiye (TR)
     - Update regulatory rules for Australia (AU) for June 2023
     - Update keys and maintainer information
     - Makefile: Reproducible signatures
     - Update regulatory rules for China (CN)
     - Update regulatory rules for Japan (JP) for December 2023
     - Update regulatory rules for Singapore (SG) for September 2023
     - Update regulatory rules for Taiwan (TW) on 6GHz
   * d/upstream/signing-key.asc: Update for new upstream maintainer
   * d/tests/check-signatures: Update openssl invocation to fix warning
wireless-regdb (2022.06.06-2) experimental; urgency=medium
 .
   * d/rules: Run dh_movetousr if available

xmedcon (0.23.0-gtk3+dfsg-1+deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * CVE-2025-2581.patch: new: fix CVE-2025-2581. (Closes: #1100986)

xz-utils (5.4.1-1) bookworm-security; urgency=medium
 .
   * Add fix from upstream when the threaded decompresses frees memory too
     early on invalid input (CVE-2025-31115).
========================================
Sat, 15 Mar 2025 - Debian 12.10 released
========================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:36:20 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
btrfs-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
btrfs-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
cdrom-core-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
cdrom-core-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
cdrom-core-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
crc-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
crc-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
crc-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
crypto-dm-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
crypto-dm-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
crypto-dm-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
crypto-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
crypto-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
crypto-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
dasd-extra-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
dasd-extra-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
dasd-extra-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
dasd-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
dasd-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
dasd-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
ext4-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
ext4-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
ext4-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
f2fs-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
f2fs-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
f2fs-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
fat-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
fat-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
fat-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
fuse-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
fuse-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
fuse-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
isofs-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
isofs-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
isofs-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
kernel-image-6.1.0-27-s390x-di |  6.1.115-1 | s390x
kernel-image-6.1.0-30-s390x-di |  6.1.124-1 | s390x
kernel-image-6.1.0-31-s390x-di |  6.1.128-1 | s390x
linux-headers-6.1.0-27-s390x |  6.1.115-1 | s390x
linux-headers-6.1.0-30-s390x |  6.1.124-1 | s390x
linux-headers-6.1.0-31-s390x |  6.1.128-1 | s390x
linux-image-6.1.0-27-s390x |  6.1.115-1 | s390x
linux-image-6.1.0-27-s390x-dbg |  6.1.115-1 | s390x
linux-image-6.1.0-30-s390x |  6.1.124-1 | s390x
linux-image-6.1.0-30-s390x-dbg |  6.1.124-1 | s390x
linux-image-6.1.0-31-s390x |  6.1.128-1 | s390x
linux-image-6.1.0-31-s390x-dbg |  6.1.128-1 | s390x
loop-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
loop-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
loop-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
md-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
md-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
md-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
mtd-core-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
mtd-core-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
mtd-core-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
multipath-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
multipath-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
multipath-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
nbd-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
nbd-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
nbd-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
nic-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
nic-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
nic-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
scsi-core-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
scsi-core-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
scsi-core-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
scsi-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
scsi-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
scsi-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
udf-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
udf-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
udf-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x
xfs-modules-6.1.0-27-s390x-di |  6.1.115-1 | s390x
xfs-modules-6.1.0-30-s390x-di |  6.1.124-1 | s390x
xfs-modules-6.1.0-31-s390x-di |  6.1.128-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:36:41 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
affs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
affs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
affs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
affs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
affs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
ata-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
ata-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
ata-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
ata-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
ata-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
ata-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
btrfs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
btrfs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
btrfs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
btrfs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
btrfs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
btrfs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
cdrom-core-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
cdrom-core-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
cdrom-core-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
cdrom-core-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
cdrom-core-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
cdrom-core-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
crc-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
crc-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
crc-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
crc-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
crc-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
crc-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
crypto-dm-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
crypto-dm-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
crypto-dm-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
crypto-dm-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
crypto-dm-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
crypto-dm-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
crypto-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
crypto-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
crypto-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
crypto-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
crypto-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
crypto-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
event-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
event-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
event-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
event-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
event-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
event-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
ext4-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
ext4-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
ext4-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
ext4-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
ext4-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
ext4-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
f2fs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
f2fs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
f2fs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
f2fs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
f2fs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
f2fs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
fat-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
fat-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
fat-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
fat-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
fat-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
fat-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
fb-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
fb-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
fb-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
fb-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
fb-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
fb-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
firewire-core-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
firewire-core-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
firewire-core-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
firewire-core-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
firewire-core-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
firewire-core-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
fuse-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
fuse-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
fuse-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
fuse-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
fuse-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
fuse-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
input-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
input-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
input-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
input-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
input-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
input-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
isofs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
isofs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
isofs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
isofs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
isofs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
isofs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
jfs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
jfs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
jfs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
jfs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
jfs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
jfs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
kernel-image-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
kernel-image-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
kernel-image-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
kernel-image-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
kernel-image-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
kernel-image-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
linux-headers-6.1.0-27-4kc-malta |  6.1.115-1 | mipsel
linux-headers-6.1.0-27-mips32r2el |  6.1.115-1 | mipsel
linux-headers-6.1.0-30-4kc-malta |  6.1.124-1 | mipsel
linux-headers-6.1.0-30-mips32r2el |  6.1.124-1 | mipsel
linux-headers-6.1.0-31-4kc-malta |  6.1.128-1 | mipsel
linux-headers-6.1.0-31-mips32r2el |  6.1.128-1 | mipsel
linux-image-6.1.0-27-4kc-malta |  6.1.115-1 | mipsel
linux-image-6.1.0-27-4kc-malta-dbg |  6.1.115-1 | mipsel
linux-image-6.1.0-27-mips32r2el |  6.1.115-1 | mipsel
linux-image-6.1.0-27-mips32r2el-dbg |  6.1.115-1 | mipsel
linux-image-6.1.0-30-4kc-malta |  6.1.124-1 | mipsel
linux-image-6.1.0-30-4kc-malta-dbg |  6.1.124-1 | mipsel
linux-image-6.1.0-30-mips32r2el |  6.1.124-1 | mipsel
linux-image-6.1.0-30-mips32r2el-dbg |  6.1.124-1 | mipsel
linux-image-6.1.0-31-4kc-malta |  6.1.128-1 | mipsel
linux-image-6.1.0-31-4kc-malta-dbg |  6.1.128-1 | mipsel
linux-image-6.1.0-31-mips32r2el |  6.1.128-1 | mipsel
linux-image-6.1.0-31-mips32r2el-dbg |  6.1.128-1 | mipsel
loop-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
loop-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
loop-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
loop-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
loop-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
loop-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
md-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
md-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
md-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
md-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
md-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
md-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
minix-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
minix-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
minix-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
minix-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
minix-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
minix-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
mmc-core-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
mmc-core-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
mmc-core-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
mmc-core-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
mmc-core-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
mmc-core-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
mmc-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
mmc-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
mmc-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
mmc-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
mmc-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
mmc-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
mouse-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
mouse-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
mouse-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
mouse-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
mouse-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
mouse-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
multipath-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
multipath-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
multipath-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
multipath-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
multipath-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
multipath-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nbd-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nbd-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nbd-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nbd-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nbd-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nbd-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nfs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nfs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nfs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nfs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nfs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nfs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nic-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nic-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nic-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nic-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nic-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nic-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nic-shared-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nic-shared-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nic-shared-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nic-shared-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nic-shared-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nic-shared-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nic-usb-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nic-usb-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nic-usb-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nic-usb-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nic-usb-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nic-usb-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
nic-wireless-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
nic-wireless-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
nic-wireless-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
nic-wireless-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
nic-wireless-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
nic-wireless-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
pata-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
pata-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
pata-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
pata-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
pata-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
pata-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
ppp-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
ppp-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
ppp-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
ppp-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
ppp-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
ppp-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
sata-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
sata-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
sata-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
sata-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
sata-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
sata-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
scsi-core-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
scsi-core-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
scsi-core-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
scsi-core-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
scsi-core-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
scsi-core-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
scsi-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
scsi-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
scsi-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
scsi-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
scsi-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
scsi-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
scsi-nic-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
scsi-nic-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
scsi-nic-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
scsi-nic-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
scsi-nic-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
scsi-nic-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
sound-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
sound-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
sound-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
sound-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
sound-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
sound-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
speakup-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
speakup-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
speakup-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
speakup-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
speakup-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
speakup-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
squashfs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
squashfs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
squashfs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
squashfs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
squashfs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
squashfs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
udf-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
udf-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
udf-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
udf-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
udf-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
udf-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
usb-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
usb-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
usb-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
usb-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
usb-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
usb-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
usb-serial-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
usb-serial-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
usb-serial-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
usb-serial-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
usb-serial-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
usb-serial-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
usb-storage-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
usb-storage-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
usb-storage-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
usb-storage-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
usb-storage-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
usb-storage-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel
xfs-modules-6.1.0-27-4kc-malta-di |  6.1.115-1 | mipsel
xfs-modules-6.1.0-27-mips32r2el-di |  6.1.115-1 | mipsel
xfs-modules-6.1.0-30-4kc-malta-di |  6.1.124-1 | mipsel
xfs-modules-6.1.0-30-mips32r2el-di |  6.1.124-1 | mipsel
xfs-modules-6.1.0-31-4kc-malta-di |  6.1.128-1 | mipsel
xfs-modules-6.1.0-31-mips32r2el-di |  6.1.128-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:36:53 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
ata-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
ata-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
btrfs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
btrfs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
btrfs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
cdrom-core-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
cdrom-core-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
cdrom-core-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
crc-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
crc-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
crc-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
crypto-dm-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
crypto-dm-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
crypto-dm-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
crypto-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
crypto-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
crypto-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
event-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
event-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
event-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
ext4-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
ext4-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
ext4-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
f2fs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
f2fs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
f2fs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
fancontrol-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
fancontrol-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
fancontrol-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
fat-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
fat-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
fat-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
fb-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
fb-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
fb-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
firewire-core-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
firewire-core-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
firewire-core-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
fuse-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
fuse-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
fuse-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
hypervisor-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
hypervisor-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
hypervisor-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
i2c-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
i2c-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
i2c-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
input-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
input-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
input-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
isofs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
isofs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
isofs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
jfs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
jfs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
jfs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
kernel-image-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
kernel-image-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
kernel-image-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
linux-headers-6.1.0-27-powerpc64le |  6.1.115-1 | ppc64el
linux-headers-6.1.0-30-powerpc64le |  6.1.124-1 | ppc64el
linux-headers-6.1.0-31-powerpc64le |  6.1.128-1 | ppc64el
linux-image-6.1.0-27-powerpc64le |  6.1.115-1 | ppc64el
linux-image-6.1.0-27-powerpc64le-dbg |  6.1.115-1 | ppc64el
linux-image-6.1.0-30-powerpc64le |  6.1.124-1 | ppc64el
linux-image-6.1.0-30-powerpc64le-dbg |  6.1.124-1 | ppc64el
linux-image-6.1.0-31-powerpc64le |  6.1.128-1 | ppc64el
linux-image-6.1.0-31-powerpc64le-dbg |  6.1.128-1 | ppc64el
loop-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
loop-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
loop-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
md-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
md-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
md-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
mouse-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
mouse-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
mouse-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
mtd-core-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
mtd-core-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
mtd-core-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
multipath-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
multipath-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
multipath-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
nbd-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
nbd-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
nbd-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
nic-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
nic-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
nic-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
nic-shared-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
nic-shared-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
nic-shared-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
nic-usb-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
nic-usb-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
nic-usb-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
nic-wireless-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
nic-wireless-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
nic-wireless-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
ppp-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
ppp-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
ppp-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
sata-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
sata-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
sata-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
scsi-core-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
scsi-core-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
scsi-core-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
scsi-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
scsi-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
scsi-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
scsi-nic-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
scsi-nic-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
scsi-nic-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
serial-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
serial-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
serial-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
squashfs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
squashfs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
squashfs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
udf-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
udf-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
udf-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
uinput-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
uinput-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
uinput-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
usb-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
usb-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
usb-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
usb-serial-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
usb-serial-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
usb-serial-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
usb-storage-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
usb-storage-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
usb-storage-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el
xfs-modules-6.1.0-27-powerpc64le-di |  6.1.115-1 | ppc64el
xfs-modules-6.1.0-30-powerpc64le-di |  6.1.124-1 | ppc64el
xfs-modules-6.1.0-31-powerpc64le-di |  6.1.128-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:37:20 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-27-amd64 |  6.1.115-1 | amd64
linux-headers-6.1.0-27-cloud-amd64 |  6.1.115-1 | amd64
linux-headers-6.1.0-27-rt-amd64 |  6.1.115-1 | amd64
linux-headers-6.1.0-30-amd64 |  6.1.124-1 | amd64
linux-headers-6.1.0-30-cloud-amd64 |  6.1.124-1 | amd64
linux-headers-6.1.0-30-rt-amd64 |  6.1.124-1 | amd64
linux-headers-6.1.0-31-amd64 |  6.1.128-1 | amd64
linux-headers-6.1.0-31-cloud-amd64 |  6.1.128-1 | amd64
linux-headers-6.1.0-31-rt-amd64 |  6.1.128-1 | amd64
linux-image-6.1.0-27-amd64-dbg |  6.1.115-1 | amd64
linux-image-6.1.0-27-amd64-unsigned |  6.1.115-1 | amd64
linux-image-6.1.0-27-cloud-amd64-dbg |  6.1.115-1 | amd64
linux-image-6.1.0-27-cloud-amd64-unsigned |  6.1.115-1 | amd64
linux-image-6.1.0-27-rt-amd64-dbg |  6.1.115-1 | amd64
linux-image-6.1.0-27-rt-amd64-unsigned |  6.1.115-1 | amd64
linux-image-6.1.0-30-amd64-dbg |  6.1.124-1 | amd64
linux-image-6.1.0-30-amd64-unsigned |  6.1.124-1 | amd64
linux-image-6.1.0-30-cloud-amd64-dbg |  6.1.124-1 | amd64
linux-image-6.1.0-30-cloud-amd64-unsigned |  6.1.124-1 | amd64
linux-image-6.1.0-30-rt-amd64-dbg |  6.1.124-1 | amd64
linux-image-6.1.0-30-rt-amd64-unsigned |  6.1.124-1 | amd64
linux-image-6.1.0-31-amd64-dbg |  6.1.128-1 | amd64
linux-image-6.1.0-31-amd64-unsigned |  6.1.128-1 | amd64
linux-image-6.1.0-31-cloud-amd64-dbg |  6.1.128-1 | amd64
linux-image-6.1.0-31-cloud-amd64-unsigned |  6.1.128-1 | amd64
linux-image-6.1.0-31-rt-amd64-dbg |  6.1.128-1 | amd64
linux-image-6.1.0-31-rt-amd64-unsigned |  6.1.128-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:37:35 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-27-arm64 |  6.1.115-1 | arm64
linux-headers-6.1.0-27-cloud-arm64 |  6.1.115-1 | arm64
linux-headers-6.1.0-27-rt-arm64 |  6.1.115-1 | arm64
linux-headers-6.1.0-30-arm64 |  6.1.124-1 | arm64
linux-headers-6.1.0-30-cloud-arm64 |  6.1.124-1 | arm64
linux-headers-6.1.0-30-rt-arm64 |  6.1.124-1 | arm64
linux-headers-6.1.0-31-arm64 |  6.1.128-1 | arm64
linux-headers-6.1.0-31-cloud-arm64 |  6.1.128-1 | arm64
linux-headers-6.1.0-31-rt-arm64 |  6.1.128-1 | arm64
linux-image-6.1.0-27-arm64-dbg |  6.1.115-1 | arm64
linux-image-6.1.0-27-arm64-unsigned |  6.1.115-1 | arm64
linux-image-6.1.0-27-cloud-arm64-dbg |  6.1.115-1 | arm64
linux-image-6.1.0-27-cloud-arm64-unsigned |  6.1.115-1 | arm64
linux-image-6.1.0-27-rt-arm64-dbg |  6.1.115-1 | arm64
linux-image-6.1.0-27-rt-arm64-unsigned |  6.1.115-1 | arm64
linux-image-6.1.0-30-arm64-dbg |  6.1.124-1 | arm64
linux-image-6.1.0-30-arm64-unsigned |  6.1.124-1 | arm64
linux-image-6.1.0-30-cloud-arm64-dbg |  6.1.124-1 | arm64
linux-image-6.1.0-30-cloud-arm64-unsigned |  6.1.124-1 | arm64
linux-image-6.1.0-30-rt-arm64-dbg |  6.1.124-1 | arm64
linux-image-6.1.0-30-rt-arm64-unsigned |  6.1.124-1 | arm64
linux-image-6.1.0-31-arm64-dbg |  6.1.128-1 | arm64
linux-image-6.1.0-31-arm64-unsigned |  6.1.128-1 | arm64
linux-image-6.1.0-31-cloud-arm64-dbg |  6.1.128-1 | arm64
linux-image-6.1.0-31-cloud-arm64-unsigned |  6.1.128-1 | arm64
linux-image-6.1.0-31-rt-arm64-dbg |  6.1.128-1 | arm64
linux-image-6.1.0-31-rt-arm64-unsigned |  6.1.128-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:38:14 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
btrfs-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
btrfs-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
cdrom-core-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
cdrom-core-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
cdrom-core-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
crc-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
crc-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
crc-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
crypto-dm-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
crypto-dm-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
crypto-dm-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
crypto-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
crypto-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
crypto-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
event-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
event-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
event-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
ext4-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
ext4-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
ext4-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
f2fs-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
f2fs-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
f2fs-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
fat-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
fat-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
fat-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
fb-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
fb-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
fb-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
fuse-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
fuse-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
fuse-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
input-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
input-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
input-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
ipv6-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
ipv6-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
ipv6-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
isofs-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
isofs-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
isofs-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
jffs2-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
jffs2-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
jffs2-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
jfs-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
jfs-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
jfs-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
kernel-image-6.1.0-27-marvell-di |  6.1.115-1 | armel
kernel-image-6.1.0-30-marvell-di |  6.1.124-1 | armel
kernel-image-6.1.0-31-marvell-di |  6.1.128-1 | armel
leds-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
leds-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
leds-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
linux-headers-6.1.0-27-marvell |  6.1.115-1 | armel
linux-headers-6.1.0-27-rpi |  6.1.115-1 | armel
linux-headers-6.1.0-30-marvell |  6.1.124-1 | armel
linux-headers-6.1.0-30-rpi |  6.1.124-1 | armel
linux-headers-6.1.0-31-marvell |  6.1.128-1 | armel
linux-headers-6.1.0-31-rpi |  6.1.128-1 | armel
linux-image-6.1.0-27-marvell |  6.1.115-1 | armel
linux-image-6.1.0-27-marvell-dbg |  6.1.115-1 | armel
linux-image-6.1.0-27-rpi |  6.1.115-1 | armel
linux-image-6.1.0-27-rpi-dbg |  6.1.115-1 | armel
linux-image-6.1.0-30-marvell |  6.1.124-1 | armel
linux-image-6.1.0-30-marvell-dbg |  6.1.124-1 | armel
linux-image-6.1.0-30-rpi |  6.1.124-1 | armel
linux-image-6.1.0-30-rpi-dbg |  6.1.124-1 | armel
linux-image-6.1.0-31-marvell |  6.1.128-1 | armel
linux-image-6.1.0-31-marvell-dbg |  6.1.128-1 | armel
linux-image-6.1.0-31-rpi |  6.1.128-1 | armel
linux-image-6.1.0-31-rpi-dbg |  6.1.128-1 | armel
loop-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
loop-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
loop-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
md-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
md-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
md-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
minix-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
minix-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
minix-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
mmc-core-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
mmc-core-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
mmc-core-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
mmc-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
mmc-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
mmc-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
mouse-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
mouse-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
mouse-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
mtd-core-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
mtd-core-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
mtd-core-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
mtd-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
mtd-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
mtd-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
multipath-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
multipath-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
multipath-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
nbd-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
nbd-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
nbd-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
nic-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
nic-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
nic-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
nic-shared-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
nic-shared-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
nic-shared-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
nic-usb-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
nic-usb-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
nic-usb-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
ppp-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
ppp-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
ppp-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
sata-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
sata-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
sata-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
scsi-core-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
scsi-core-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
scsi-core-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
squashfs-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
squashfs-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
squashfs-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
udf-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
udf-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
udf-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
uinput-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
uinput-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
uinput-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
usb-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
usb-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
usb-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
usb-serial-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
usb-serial-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
usb-serial-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel
usb-storage-modules-6.1.0-27-marvell-di |  6.1.115-1 | armel
usb-storage-modules-6.1.0-30-marvell-di |  6.1.124-1 | armel
usb-storage-modules-6.1.0-31-marvell-di |  6.1.128-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:38:36 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
ata-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
ata-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
btrfs-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
btrfs-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
btrfs-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
cdrom-core-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
cdrom-core-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
cdrom-core-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
crc-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
crc-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
crc-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
crypto-dm-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
crypto-dm-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
crypto-dm-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
crypto-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
crypto-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
crypto-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
efi-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
efi-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
efi-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
event-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
event-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
event-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
ext4-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
ext4-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
ext4-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
f2fs-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
f2fs-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
f2fs-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
fat-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
fat-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
fat-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
fb-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
fb-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
fb-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
fuse-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
fuse-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
fuse-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
i2c-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
i2c-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
i2c-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
input-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
input-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
input-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
isofs-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
isofs-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
isofs-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
jfs-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
jfs-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
jfs-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
kernel-image-6.1.0-27-armmp-di |  6.1.115-1 | armhf
kernel-image-6.1.0-30-armmp-di |  6.1.124-1 | armhf
kernel-image-6.1.0-31-armmp-di |  6.1.128-1 | armhf
leds-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
leds-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
leds-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
linux-headers-6.1.0-27-armmp |  6.1.115-1 | armhf
linux-headers-6.1.0-27-armmp-lpae |  6.1.115-1 | armhf
linux-headers-6.1.0-27-rt-armmp |  6.1.115-1 | armhf
linux-headers-6.1.0-30-armmp |  6.1.124-1 | armhf
linux-headers-6.1.0-30-armmp-lpae |  6.1.124-1 | armhf
linux-headers-6.1.0-30-rt-armmp |  6.1.124-1 | armhf
linux-headers-6.1.0-31-armmp |  6.1.128-1 | armhf
linux-headers-6.1.0-31-armmp-lpae |  6.1.128-1 | armhf
linux-headers-6.1.0-31-rt-armmp |  6.1.128-1 | armhf
linux-image-6.1.0-27-armmp |  6.1.115-1 | armhf
linux-image-6.1.0-27-armmp-dbg |  6.1.115-1 | armhf
linux-image-6.1.0-27-armmp-lpae |  6.1.115-1 | armhf
linux-image-6.1.0-27-armmp-lpae-dbg |  6.1.115-1 | armhf
linux-image-6.1.0-27-rt-armmp |  6.1.115-1 | armhf
linux-image-6.1.0-27-rt-armmp-dbg |  6.1.115-1 | armhf
linux-image-6.1.0-30-armmp |  6.1.124-1 | armhf
linux-image-6.1.0-30-armmp-dbg |  6.1.124-1 | armhf
linux-image-6.1.0-30-armmp-lpae |  6.1.124-1 | armhf
linux-image-6.1.0-30-armmp-lpae-dbg |  6.1.124-1 | armhf
linux-image-6.1.0-30-rt-armmp |  6.1.124-1 | armhf
linux-image-6.1.0-30-rt-armmp-dbg |  6.1.124-1 | armhf
linux-image-6.1.0-31-armmp |  6.1.128-1 | armhf
linux-image-6.1.0-31-armmp-dbg |  6.1.128-1 | armhf
linux-image-6.1.0-31-armmp-lpae |  6.1.128-1 | armhf
linux-image-6.1.0-31-armmp-lpae-dbg |  6.1.128-1 | armhf
linux-image-6.1.0-31-rt-armmp |  6.1.128-1 | armhf
linux-image-6.1.0-31-rt-armmp-dbg |  6.1.128-1 | armhf
loop-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
loop-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
loop-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
md-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
md-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
md-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
mmc-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
mmc-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
mmc-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
mtd-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
mtd-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
mtd-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
multipath-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
multipath-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
multipath-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
nbd-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
nbd-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
nbd-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
nic-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
nic-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
nic-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
nic-shared-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
nic-shared-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
nic-shared-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
nic-usb-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
nic-usb-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
nic-usb-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
nic-wireless-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
nic-wireless-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
nic-wireless-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
pata-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
pata-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
pata-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
ppp-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
ppp-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
ppp-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
sata-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
sata-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
sata-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
scsi-core-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
scsi-core-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
scsi-core-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
scsi-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
scsi-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
scsi-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
scsi-nic-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
scsi-nic-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
scsi-nic-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
sound-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
sound-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
sound-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
speakup-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
speakup-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
speakup-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
squashfs-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
squashfs-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
squashfs-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
udf-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
udf-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
udf-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
uinput-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
uinput-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
uinput-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
usb-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
usb-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
usb-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
usb-serial-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
usb-serial-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
usb-serial-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf
usb-storage-modules-6.1.0-27-armmp-di |  6.1.115-1 | armhf
usb-storage-modules-6.1.0-30-armmp-di |  6.1.124-1 | armhf
usb-storage-modules-6.1.0-31-armmp-di |  6.1.128-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:38:53 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-27-686 |  6.1.115-1 | i386
linux-headers-6.1.0-27-686-pae |  6.1.115-1 | i386
linux-headers-6.1.0-27-rt-686-pae |  6.1.115-1 | i386
linux-headers-6.1.0-30-686 |  6.1.124-1 | i386
linux-headers-6.1.0-30-686-pae |  6.1.124-1 | i386
linux-headers-6.1.0-30-rt-686-pae |  6.1.124-1 | i386
linux-headers-6.1.0-31-686 |  6.1.128-1 | i386
linux-headers-6.1.0-31-686-pae |  6.1.128-1 | i386
linux-headers-6.1.0-31-rt-686-pae |  6.1.128-1 | i386
linux-image-6.1.0-27-686-dbg |  6.1.115-1 | i386
linux-image-6.1.0-27-686-pae-dbg |  6.1.115-1 | i386
linux-image-6.1.0-27-686-pae-unsigned |  6.1.115-1 | i386
linux-image-6.1.0-27-686-unsigned |  6.1.115-1 | i386
linux-image-6.1.0-27-rt-686-pae-dbg |  6.1.115-1 | i386
linux-image-6.1.0-27-rt-686-pae-unsigned |  6.1.115-1 | i386
linux-image-6.1.0-30-686-dbg |  6.1.124-1 | i386
linux-image-6.1.0-30-686-pae-dbg |  6.1.124-1 | i386
linux-image-6.1.0-30-686-pae-unsigned |  6.1.124-1 | i386
linux-image-6.1.0-30-686-unsigned |  6.1.124-1 | i386
linux-image-6.1.0-30-rt-686-pae-dbg |  6.1.124-1 | i386
linux-image-6.1.0-30-rt-686-pae-unsigned |  6.1.124-1 | i386
linux-image-6.1.0-31-686-dbg |  6.1.128-1 | i386
linux-image-6.1.0-31-686-pae-dbg |  6.1.128-1 | i386
linux-image-6.1.0-31-686-pae-unsigned |  6.1.128-1 | i386
linux-image-6.1.0-31-686-unsigned |  6.1.128-1 | i386
linux-image-6.1.0-31-rt-686-pae-dbg |  6.1.128-1 | i386
linux-image-6.1.0-31-rt-686-pae-unsigned |  6.1.128-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:39:25 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
affs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
affs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
affs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
affs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
affs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
ata-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
ata-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
ata-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
ata-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
ata-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
ata-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
btrfs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
btrfs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
btrfs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
btrfs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
btrfs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
btrfs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
cdrom-core-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
cdrom-core-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
cdrom-core-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
cdrom-core-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
cdrom-core-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
cdrom-core-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
crc-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
crc-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
crc-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
crc-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
crc-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
crc-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
crypto-dm-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
crypto-dm-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
crypto-dm-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
crypto-dm-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
crypto-dm-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
crypto-dm-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
crypto-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
crypto-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
crypto-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
crypto-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
crypto-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
crypto-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
event-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
event-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
event-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
event-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
event-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
event-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
ext4-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
ext4-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
ext4-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
ext4-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
ext4-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
ext4-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
f2fs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
f2fs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
f2fs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
f2fs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
f2fs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
f2fs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
fat-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
fat-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
fat-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
fat-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
fat-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
fat-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
fb-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
fb-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
fb-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
fb-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
fb-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
fb-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
firewire-core-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
firewire-core-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
firewire-core-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
firewire-core-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
firewire-core-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
firewire-core-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
fuse-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
fuse-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
fuse-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
fuse-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
fuse-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
fuse-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
input-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
input-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
input-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
input-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
input-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
input-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
isofs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
isofs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
isofs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
isofs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
isofs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
isofs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
jfs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
jfs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
jfs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
jfs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
jfs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
jfs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
kernel-image-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
kernel-image-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
kernel-image-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
kernel-image-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
kernel-image-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
kernel-image-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
linux-headers-6.1.0-27-5kc-malta |  6.1.115-1 | mips64el
linux-headers-6.1.0-27-mips64r2el |  6.1.115-1 | mips64el
linux-headers-6.1.0-30-5kc-malta |  6.1.124-1 | mips64el
linux-headers-6.1.0-30-mips64r2el |  6.1.124-1 | mips64el
linux-headers-6.1.0-31-5kc-malta |  6.1.128-1 | mips64el
linux-headers-6.1.0-31-mips64r2el |  6.1.128-1 | mips64el
linux-image-6.1.0-27-5kc-malta |  6.1.115-1 | mips64el
linux-image-6.1.0-27-5kc-malta-dbg |  6.1.115-1 | mips64el
linux-image-6.1.0-27-mips64r2el |  6.1.115-1 | mips64el
linux-image-6.1.0-27-mips64r2el-dbg |  6.1.115-1 | mips64el
linux-image-6.1.0-30-5kc-malta |  6.1.124-1 | mips64el
linux-image-6.1.0-30-5kc-malta-dbg |  6.1.124-1 | mips64el
linux-image-6.1.0-30-mips64r2el |  6.1.124-1 | mips64el
linux-image-6.1.0-30-mips64r2el-dbg |  6.1.124-1 | mips64el
linux-image-6.1.0-31-5kc-malta |  6.1.128-1 | mips64el
linux-image-6.1.0-31-5kc-malta-dbg |  6.1.128-1 | mips64el
linux-image-6.1.0-31-mips64r2el |  6.1.128-1 | mips64el
linux-image-6.1.0-31-mips64r2el-dbg |  6.1.128-1 | mips64el
loop-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
loop-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
loop-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
loop-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
loop-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
loop-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
md-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
md-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
md-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
md-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
md-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
md-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
minix-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
minix-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
minix-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
minix-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
minix-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
minix-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
mmc-core-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
mmc-core-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
mmc-core-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
mmc-core-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
mmc-core-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
mmc-core-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
mmc-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
mmc-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
mmc-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
mmc-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
mmc-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
mmc-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
mouse-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
mouse-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
mouse-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
mouse-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
mouse-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
mouse-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
multipath-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
multipath-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
multipath-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
multipath-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
multipath-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
multipath-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nbd-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nbd-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nbd-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nbd-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nbd-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nbd-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nfs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nfs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nfs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nfs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nfs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nfs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nic-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nic-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nic-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nic-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nic-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nic-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nic-shared-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nic-shared-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nic-shared-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nic-shared-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nic-shared-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nic-shared-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nic-usb-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nic-usb-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nic-usb-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nic-usb-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nic-usb-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nic-usb-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
nic-wireless-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
nic-wireless-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
nic-wireless-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
nic-wireless-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
nic-wireless-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
nic-wireless-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
pata-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
pata-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
pata-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
pata-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
pata-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
pata-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
ppp-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
ppp-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
ppp-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
ppp-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
ppp-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
ppp-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
sata-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
sata-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
sata-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
sata-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
sata-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
sata-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
scsi-core-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
scsi-core-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
scsi-core-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
scsi-core-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
scsi-core-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
scsi-core-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
scsi-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
scsi-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
scsi-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
scsi-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
scsi-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
scsi-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
scsi-nic-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
scsi-nic-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
scsi-nic-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
scsi-nic-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
scsi-nic-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
scsi-nic-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
sound-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
sound-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
sound-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
sound-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
sound-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
sound-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
speakup-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
speakup-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
speakup-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
speakup-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
speakup-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
speakup-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
squashfs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
squashfs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
squashfs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
squashfs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
squashfs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
squashfs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
udf-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
udf-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
udf-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
udf-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
udf-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
udf-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
usb-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
usb-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
usb-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
usb-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
usb-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
usb-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
usb-serial-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
usb-serial-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
usb-serial-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
usb-serial-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
usb-serial-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
usb-serial-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
usb-storage-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
usb-storage-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
usb-storage-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
usb-storage-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
usb-storage-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
usb-storage-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el
xfs-modules-6.1.0-27-5kc-malta-di |  6.1.115-1 | mips64el
xfs-modules-6.1.0-27-mips64r2el-di |  6.1.115-1 | mips64el
xfs-modules-6.1.0-30-5kc-malta-di |  6.1.124-1 | mips64el
xfs-modules-6.1.0-30-mips64r2el-di |  6.1.124-1 | mips64el
xfs-modules-6.1.0-31-5kc-malta-di |  6.1.128-1 | mips64el
xfs-modules-6.1.0-31-mips64r2el-di |  6.1.128-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:39:40 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
affs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
affs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
affs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
affs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
affs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
ata-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
ata-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
ata-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
ata-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
ata-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
ata-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
btrfs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
btrfs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
btrfs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
btrfs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
btrfs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
btrfs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
crc-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
crc-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
crc-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
crc-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
crc-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
crc-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
crypto-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
crypto-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
crypto-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
crypto-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
crypto-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
crypto-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
event-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
event-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
event-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
event-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
event-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
event-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
ext4-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
ext4-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
ext4-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
ext4-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
ext4-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
ext4-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
f2fs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
f2fs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
f2fs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
f2fs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
f2fs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
f2fs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
fat-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
fat-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
fat-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
fat-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
fat-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
fat-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
fb-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
fb-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
fb-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
fb-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
fb-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
fb-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
firewire-core-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
firewire-core-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
firewire-core-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
firewire-core-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
firewire-core-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
firewire-core-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
fuse-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
fuse-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
fuse-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
fuse-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
fuse-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
fuse-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
input-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
input-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
input-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
input-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
input-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
input-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
isofs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
isofs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
isofs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
isofs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
isofs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
isofs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
jfs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
jfs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
jfs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
jfs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
jfs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
jfs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
kernel-image-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
kernel-image-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
kernel-image-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
kernel-image-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
kernel-image-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
kernel-image-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
linux-headers-6.1.0-27-loongson-3 |  6.1.115-1 | mips64el, mipsel
linux-headers-6.1.0-27-octeon |  6.1.115-1 | mips64el, mipsel
linux-headers-6.1.0-30-loongson-3 |  6.1.124-1 | mips64el, mipsel
linux-headers-6.1.0-30-octeon |  6.1.124-1 | mips64el, mipsel
linux-headers-6.1.0-31-loongson-3 |  6.1.128-1 | mips64el, mipsel
linux-headers-6.1.0-31-octeon |  6.1.128-1 | mips64el, mipsel
linux-image-6.1.0-27-loongson-3 |  6.1.115-1 | mips64el, mipsel
linux-image-6.1.0-27-loongson-3-dbg |  6.1.115-1 | mips64el, mipsel
linux-image-6.1.0-27-octeon |  6.1.115-1 | mips64el, mipsel
linux-image-6.1.0-27-octeon-dbg |  6.1.115-1 | mips64el, mipsel
linux-image-6.1.0-30-loongson-3 |  6.1.124-1 | mips64el, mipsel
linux-image-6.1.0-30-loongson-3-dbg |  6.1.124-1 | mips64el, mipsel
linux-image-6.1.0-30-octeon |  6.1.124-1 | mips64el, mipsel
linux-image-6.1.0-30-octeon-dbg |  6.1.124-1 | mips64el, mipsel
linux-image-6.1.0-31-loongson-3 |  6.1.128-1 | mips64el, mipsel
linux-image-6.1.0-31-loongson-3-dbg |  6.1.128-1 | mips64el, mipsel
linux-image-6.1.0-31-octeon |  6.1.128-1 | mips64el, mipsel
linux-image-6.1.0-31-octeon-dbg |  6.1.128-1 | mips64el, mipsel
loop-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
loop-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
loop-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
loop-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
loop-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
loop-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
md-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
md-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
md-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
md-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
md-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
md-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
minix-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
minix-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
minix-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
minix-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
minix-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
minix-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
mmc-core-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
mmc-core-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
mmc-core-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
mmc-core-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
mmc-core-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
mmc-core-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
mmc-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
mmc-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
mmc-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
mmc-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
mmc-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
mmc-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
mouse-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
mouse-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
mouse-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
mouse-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
mouse-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
mouse-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
multipath-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
multipath-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
multipath-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
multipath-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
multipath-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
multipath-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nbd-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nbd-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nbd-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nbd-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nbd-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nbd-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nfs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nfs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nfs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nfs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nfs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nfs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nic-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nic-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nic-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nic-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nic-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nic-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nic-shared-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nic-shared-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nic-shared-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nic-shared-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nic-shared-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nic-shared-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nic-usb-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nic-usb-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nic-usb-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nic-usb-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nic-usb-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nic-usb-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
pata-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
pata-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
pata-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
pata-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
pata-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
pata-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
ppp-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
ppp-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
ppp-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
ppp-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
ppp-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
ppp-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
sata-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
sata-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
sata-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
sata-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
sata-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
sata-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
scsi-core-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
scsi-core-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
scsi-core-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
scsi-core-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
scsi-core-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
scsi-core-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
scsi-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
scsi-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
scsi-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
scsi-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
scsi-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
scsi-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
sound-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
sound-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
sound-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
sound-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
sound-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
sound-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
speakup-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
speakup-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
speakup-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
speakup-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
speakup-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
speakup-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
squashfs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
squashfs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
squashfs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
squashfs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
squashfs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
squashfs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
udf-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
udf-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
udf-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
udf-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
udf-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
udf-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
usb-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
usb-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
usb-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
usb-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
usb-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
usb-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
usb-serial-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
usb-serial-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
usb-serial-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
usb-serial-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
usb-serial-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
usb-serial-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
usb-storage-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
usb-storage-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
usb-storage-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
usb-storage-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
usb-storage-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
usb-storage-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel
xfs-modules-6.1.0-27-loongson-3-di |  6.1.115-1 | mips64el, mipsel
xfs-modules-6.1.0-27-octeon-di |  6.1.115-1 | mips64el, mipsel
xfs-modules-6.1.0-30-loongson-3-di |  6.1.124-1 | mips64el, mipsel
xfs-modules-6.1.0-30-octeon-di |  6.1.124-1 | mips64el, mipsel
xfs-modules-6.1.0-31-loongson-3-di |  6.1.128-1 | mips64el, mipsel
xfs-modules-6.1.0-31-octeon-di |  6.1.128-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:39:58 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
acpi-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
acpi-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
ata-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
ata-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
ata-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
btrfs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
btrfs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
btrfs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
cdrom-core-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
cdrom-core-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
cdrom-core-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
crc-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
crc-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
crc-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
crypto-dm-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
crypto-dm-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
crypto-dm-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
crypto-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
crypto-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
crypto-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
efi-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
efi-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
efi-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
event-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
event-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
event-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
ext4-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
ext4-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
ext4-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
f2fs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
f2fs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
f2fs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
fat-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
fat-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
fat-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
fb-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
fb-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
fb-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
firewire-core-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
firewire-core-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
firewire-core-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
fuse-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
fuse-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
fuse-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
i2c-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
i2c-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
i2c-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
input-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
input-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
input-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
isofs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
isofs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
isofs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
jfs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
jfs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
jfs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
kernel-image-6.1.0-27-amd64-di |  6.1.115-1 | amd64
kernel-image-6.1.0-30-amd64-di |  6.1.124-1 | amd64
kernel-image-6.1.0-31-amd64-di |  6.1.128-1 | amd64
linux-image-6.1.0-27-amd64 |  6.1.115-1 | amd64
linux-image-6.1.0-27-cloud-amd64 |  6.1.115-1 | amd64
linux-image-6.1.0-27-rt-amd64 |  6.1.115-1 | amd64
linux-image-6.1.0-30-amd64 |  6.1.124-1 | amd64
linux-image-6.1.0-30-cloud-amd64 |  6.1.124-1 | amd64
linux-image-6.1.0-30-rt-amd64 |  6.1.124-1 | amd64
linux-image-6.1.0-31-amd64 |  6.1.128-1 | amd64
linux-image-6.1.0-31-cloud-amd64 |  6.1.128-1 | amd64
linux-image-6.1.0-31-rt-amd64 |  6.1.128-1 | amd64
loop-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
loop-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
loop-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
md-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
md-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
md-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
mmc-core-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
mmc-core-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
mmc-core-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
mmc-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
mmc-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
mmc-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
mouse-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
mouse-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
mouse-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
mtd-core-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
mtd-core-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
mtd-core-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
multipath-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
multipath-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
multipath-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nbd-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nbd-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nbd-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nic-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nic-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nic-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nic-pcmcia-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nic-pcmcia-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nic-pcmcia-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nic-shared-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nic-shared-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nic-shared-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nic-usb-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nic-usb-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nic-usb-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
nic-wireless-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
nic-wireless-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
nic-wireless-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
pata-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
pata-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
pata-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
pcmcia-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
pcmcia-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
pcmcia-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
pcmcia-storage-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
pcmcia-storage-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
pcmcia-storage-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
ppp-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
ppp-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
ppp-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
rfkill-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
rfkill-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
rfkill-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
sata-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
sata-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
sata-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
scsi-core-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
scsi-core-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
scsi-core-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
scsi-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
scsi-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
scsi-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
scsi-nic-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
scsi-nic-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
scsi-nic-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
serial-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
serial-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
serial-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
sound-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
sound-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
sound-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
speakup-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
speakup-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
speakup-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
squashfs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
squashfs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
squashfs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
udf-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
udf-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
udf-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
uinput-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
uinput-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
uinput-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
usb-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
usb-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
usb-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
usb-serial-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
usb-serial-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
usb-serial-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
usb-storage-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
usb-storage-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
usb-storage-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64
xfs-modules-6.1.0-27-amd64-di |  6.1.115-1 | amd64
xfs-modules-6.1.0-30-amd64-di |  6.1.124-1 | amd64
xfs-modules-6.1.0-31-amd64-di |  6.1.128-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:40:16 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
ata-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
ata-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
btrfs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
btrfs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
btrfs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
cdrom-core-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
cdrom-core-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
cdrom-core-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
crc-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
crc-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
crc-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
crypto-dm-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
crypto-dm-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
crypto-dm-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
crypto-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
crypto-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
crypto-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
efi-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
efi-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
efi-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
event-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
event-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
event-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
ext4-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
ext4-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
ext4-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
f2fs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
f2fs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
f2fs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
fat-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
fat-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
fat-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
fb-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
fb-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
fb-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
fuse-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
fuse-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
fuse-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
i2c-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
i2c-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
i2c-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
input-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
input-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
input-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
isofs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
isofs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
isofs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
jfs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
jfs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
jfs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
kernel-image-6.1.0-27-arm64-di |  6.1.115-1 | arm64
kernel-image-6.1.0-30-arm64-di |  6.1.124-1 | arm64
kernel-image-6.1.0-31-arm64-di |  6.1.128-1 | arm64
leds-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
leds-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
leds-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
linux-image-6.1.0-27-arm64 |  6.1.115-1 | arm64
linux-image-6.1.0-27-cloud-arm64 |  6.1.115-1 | arm64
linux-image-6.1.0-27-rt-arm64 |  6.1.115-1 | arm64
linux-image-6.1.0-30-arm64 |  6.1.124-1 | arm64
linux-image-6.1.0-30-cloud-arm64 |  6.1.124-1 | arm64
linux-image-6.1.0-30-rt-arm64 |  6.1.124-1 | arm64
linux-image-6.1.0-31-arm64 |  6.1.128-1 | arm64
linux-image-6.1.0-31-cloud-arm64 |  6.1.128-1 | arm64
linux-image-6.1.0-31-rt-arm64 |  6.1.128-1 | arm64
loop-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
loop-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
loop-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
md-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
md-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
md-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
mmc-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
mmc-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
mmc-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
mtd-core-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
mtd-core-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
mtd-core-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
multipath-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
multipath-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
multipath-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
nbd-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
nbd-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
nbd-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
nic-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
nic-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
nic-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
nic-shared-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
nic-shared-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
nic-shared-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
nic-usb-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
nic-usb-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
nic-usb-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
nic-wireless-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
nic-wireless-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
nic-wireless-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
ppp-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
ppp-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
ppp-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
sata-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
sata-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
sata-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
scsi-core-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
scsi-core-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
scsi-core-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
scsi-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
scsi-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
scsi-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
scsi-nic-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
scsi-nic-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
scsi-nic-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
sound-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
sound-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
sound-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
speakup-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
speakup-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
speakup-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
squashfs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
squashfs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
squashfs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
udf-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
udf-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
udf-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
uinput-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
uinput-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
uinput-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
usb-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
usb-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
usb-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
usb-serial-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
usb-serial-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
usb-serial-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
usb-storage-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
usb-storage-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
usb-storage-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64
xfs-modules-6.1.0-27-arm64-di |  6.1.115-1 | arm64
xfs-modules-6.1.0-30-arm64-di |  6.1.124-1 | arm64
xfs-modules-6.1.0-31-arm64-di |  6.1.128-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:40:32 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-27-686-di |  6.1.115-1 | i386
acpi-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
acpi-modules-6.1.0-30-686-di |  6.1.124-1 | i386
acpi-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
acpi-modules-6.1.0-31-686-di |  6.1.128-1 | i386
acpi-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
ata-modules-6.1.0-27-686-di |  6.1.115-1 | i386
ata-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
ata-modules-6.1.0-30-686-di |  6.1.124-1 | i386
ata-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
ata-modules-6.1.0-31-686-di |  6.1.128-1 | i386
ata-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
btrfs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
btrfs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
btrfs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
btrfs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
btrfs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
btrfs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
cdrom-core-modules-6.1.0-27-686-di |  6.1.115-1 | i386
cdrom-core-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
cdrom-core-modules-6.1.0-30-686-di |  6.1.124-1 | i386
cdrom-core-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
cdrom-core-modules-6.1.0-31-686-di |  6.1.128-1 | i386
cdrom-core-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
crc-modules-6.1.0-27-686-di |  6.1.115-1 | i386
crc-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
crc-modules-6.1.0-30-686-di |  6.1.124-1 | i386
crc-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
crc-modules-6.1.0-31-686-di |  6.1.128-1 | i386
crc-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
crypto-dm-modules-6.1.0-27-686-di |  6.1.115-1 | i386
crypto-dm-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
crypto-dm-modules-6.1.0-30-686-di |  6.1.124-1 | i386
crypto-dm-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
crypto-dm-modules-6.1.0-31-686-di |  6.1.128-1 | i386
crypto-dm-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
crypto-modules-6.1.0-27-686-di |  6.1.115-1 | i386
crypto-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
crypto-modules-6.1.0-30-686-di |  6.1.124-1 | i386
crypto-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
crypto-modules-6.1.0-31-686-di |  6.1.128-1 | i386
crypto-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
efi-modules-6.1.0-27-686-di |  6.1.115-1 | i386
efi-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
efi-modules-6.1.0-30-686-di |  6.1.124-1 | i386
efi-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
efi-modules-6.1.0-31-686-di |  6.1.128-1 | i386
efi-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
event-modules-6.1.0-27-686-di |  6.1.115-1 | i386
event-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
event-modules-6.1.0-30-686-di |  6.1.124-1 | i386
event-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
event-modules-6.1.0-31-686-di |  6.1.128-1 | i386
event-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
ext4-modules-6.1.0-27-686-di |  6.1.115-1 | i386
ext4-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
ext4-modules-6.1.0-30-686-di |  6.1.124-1 | i386
ext4-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
ext4-modules-6.1.0-31-686-di |  6.1.128-1 | i386
ext4-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
f2fs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
f2fs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
f2fs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
f2fs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
f2fs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
f2fs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
fat-modules-6.1.0-27-686-di |  6.1.115-1 | i386
fat-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
fat-modules-6.1.0-30-686-di |  6.1.124-1 | i386
fat-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
fat-modules-6.1.0-31-686-di |  6.1.128-1 | i386
fat-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
fb-modules-6.1.0-27-686-di |  6.1.115-1 | i386
fb-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
fb-modules-6.1.0-30-686-di |  6.1.124-1 | i386
fb-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
fb-modules-6.1.0-31-686-di |  6.1.128-1 | i386
fb-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
firewire-core-modules-6.1.0-27-686-di |  6.1.115-1 | i386
firewire-core-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
firewire-core-modules-6.1.0-30-686-di |  6.1.124-1 | i386
firewire-core-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
firewire-core-modules-6.1.0-31-686-di |  6.1.128-1 | i386
firewire-core-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
fuse-modules-6.1.0-27-686-di |  6.1.115-1 | i386
fuse-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
fuse-modules-6.1.0-30-686-di |  6.1.124-1 | i386
fuse-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
fuse-modules-6.1.0-31-686-di |  6.1.128-1 | i386
fuse-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
i2c-modules-6.1.0-27-686-di |  6.1.115-1 | i386
i2c-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
i2c-modules-6.1.0-30-686-di |  6.1.124-1 | i386
i2c-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
i2c-modules-6.1.0-31-686-di |  6.1.128-1 | i386
i2c-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
input-modules-6.1.0-27-686-di |  6.1.115-1 | i386
input-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
input-modules-6.1.0-30-686-di |  6.1.124-1 | i386
input-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
input-modules-6.1.0-31-686-di |  6.1.128-1 | i386
input-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
isofs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
isofs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
isofs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
isofs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
isofs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
isofs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
jfs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
jfs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
jfs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
jfs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
jfs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
jfs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
kernel-image-6.1.0-27-686-di |  6.1.115-1 | i386
kernel-image-6.1.0-27-686-pae-di |  6.1.115-1 | i386
kernel-image-6.1.0-30-686-di |  6.1.124-1 | i386
kernel-image-6.1.0-30-686-pae-di |  6.1.124-1 | i386
kernel-image-6.1.0-31-686-di |  6.1.128-1 | i386
kernel-image-6.1.0-31-686-pae-di |  6.1.128-1 | i386
linux-image-6.1.0-27-686 |  6.1.115-1 | i386
linux-image-6.1.0-27-686-pae |  6.1.115-1 | i386
linux-image-6.1.0-27-rt-686-pae |  6.1.115-1 | i386
linux-image-6.1.0-30-686 |  6.1.124-1 | i386
linux-image-6.1.0-30-686-pae |  6.1.124-1 | i386
linux-image-6.1.0-30-rt-686-pae |  6.1.124-1 | i386
linux-image-6.1.0-31-686 |  6.1.128-1 | i386
linux-image-6.1.0-31-686-pae |  6.1.128-1 | i386
linux-image-6.1.0-31-rt-686-pae |  6.1.128-1 | i386
loop-modules-6.1.0-27-686-di |  6.1.115-1 | i386
loop-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
loop-modules-6.1.0-30-686-di |  6.1.124-1 | i386
loop-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
loop-modules-6.1.0-31-686-di |  6.1.128-1 | i386
loop-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
md-modules-6.1.0-27-686-di |  6.1.115-1 | i386
md-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
md-modules-6.1.0-30-686-di |  6.1.124-1 | i386
md-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
md-modules-6.1.0-31-686-di |  6.1.128-1 | i386
md-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
mmc-core-modules-6.1.0-27-686-di |  6.1.115-1 | i386
mmc-core-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
mmc-core-modules-6.1.0-30-686-di |  6.1.124-1 | i386
mmc-core-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
mmc-core-modules-6.1.0-31-686-di |  6.1.128-1 | i386
mmc-core-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
mmc-modules-6.1.0-27-686-di |  6.1.115-1 | i386
mmc-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
mmc-modules-6.1.0-30-686-di |  6.1.124-1 | i386
mmc-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
mmc-modules-6.1.0-31-686-di |  6.1.128-1 | i386
mmc-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
mouse-modules-6.1.0-27-686-di |  6.1.115-1 | i386
mouse-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
mouse-modules-6.1.0-30-686-di |  6.1.124-1 | i386
mouse-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
mouse-modules-6.1.0-31-686-di |  6.1.128-1 | i386
mouse-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
mtd-core-modules-6.1.0-27-686-di |  6.1.115-1 | i386
mtd-core-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
mtd-core-modules-6.1.0-30-686-di |  6.1.124-1 | i386
mtd-core-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
mtd-core-modules-6.1.0-31-686-di |  6.1.128-1 | i386
mtd-core-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
multipath-modules-6.1.0-27-686-di |  6.1.115-1 | i386
multipath-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
multipath-modules-6.1.0-30-686-di |  6.1.124-1 | i386
multipath-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
multipath-modules-6.1.0-31-686-di |  6.1.128-1 | i386
multipath-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nbd-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nbd-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nbd-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nbd-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nbd-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nbd-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nic-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nic-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nic-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nic-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nic-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nic-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nic-pcmcia-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nic-pcmcia-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nic-pcmcia-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nic-pcmcia-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nic-pcmcia-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nic-pcmcia-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nic-shared-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nic-shared-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nic-shared-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nic-shared-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nic-shared-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nic-shared-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nic-usb-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nic-usb-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nic-usb-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nic-usb-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nic-usb-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nic-usb-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
nic-wireless-modules-6.1.0-27-686-di |  6.1.115-1 | i386
nic-wireless-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
nic-wireless-modules-6.1.0-30-686-di |  6.1.124-1 | i386
nic-wireless-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
nic-wireless-modules-6.1.0-31-686-di |  6.1.128-1 | i386
nic-wireless-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
pata-modules-6.1.0-27-686-di |  6.1.115-1 | i386
pata-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
pata-modules-6.1.0-30-686-di |  6.1.124-1 | i386
pata-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
pata-modules-6.1.0-31-686-di |  6.1.128-1 | i386
pata-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
pcmcia-modules-6.1.0-27-686-di |  6.1.115-1 | i386
pcmcia-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
pcmcia-modules-6.1.0-30-686-di |  6.1.124-1 | i386
pcmcia-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
pcmcia-modules-6.1.0-31-686-di |  6.1.128-1 | i386
pcmcia-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
pcmcia-storage-modules-6.1.0-27-686-di |  6.1.115-1 | i386
pcmcia-storage-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
pcmcia-storage-modules-6.1.0-30-686-di |  6.1.124-1 | i386
pcmcia-storage-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
pcmcia-storage-modules-6.1.0-31-686-di |  6.1.128-1 | i386
pcmcia-storage-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
ppp-modules-6.1.0-27-686-di |  6.1.115-1 | i386
ppp-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
ppp-modules-6.1.0-30-686-di |  6.1.124-1 | i386
ppp-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
ppp-modules-6.1.0-31-686-di |  6.1.128-1 | i386
ppp-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
rfkill-modules-6.1.0-27-686-di |  6.1.115-1 | i386
rfkill-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
rfkill-modules-6.1.0-30-686-di |  6.1.124-1 | i386
rfkill-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
rfkill-modules-6.1.0-31-686-di |  6.1.128-1 | i386
rfkill-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
sata-modules-6.1.0-27-686-di |  6.1.115-1 | i386
sata-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
sata-modules-6.1.0-30-686-di |  6.1.124-1 | i386
sata-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
sata-modules-6.1.0-31-686-di |  6.1.128-1 | i386
sata-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
scsi-core-modules-6.1.0-27-686-di |  6.1.115-1 | i386
scsi-core-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
scsi-core-modules-6.1.0-30-686-di |  6.1.124-1 | i386
scsi-core-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
scsi-core-modules-6.1.0-31-686-di |  6.1.128-1 | i386
scsi-core-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
scsi-modules-6.1.0-27-686-di |  6.1.115-1 | i386
scsi-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
scsi-modules-6.1.0-30-686-di |  6.1.124-1 | i386
scsi-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
scsi-modules-6.1.0-31-686-di |  6.1.128-1 | i386
scsi-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
scsi-nic-modules-6.1.0-27-686-di |  6.1.115-1 | i386
scsi-nic-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
scsi-nic-modules-6.1.0-30-686-di |  6.1.124-1 | i386
scsi-nic-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
scsi-nic-modules-6.1.0-31-686-di |  6.1.128-1 | i386
scsi-nic-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
serial-modules-6.1.0-27-686-di |  6.1.115-1 | i386
serial-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
serial-modules-6.1.0-30-686-di |  6.1.124-1 | i386
serial-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
serial-modules-6.1.0-31-686-di |  6.1.128-1 | i386
serial-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
sound-modules-6.1.0-27-686-di |  6.1.115-1 | i386
sound-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
sound-modules-6.1.0-30-686-di |  6.1.124-1 | i386
sound-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
sound-modules-6.1.0-31-686-di |  6.1.128-1 | i386
sound-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
speakup-modules-6.1.0-27-686-di |  6.1.115-1 | i386
speakup-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
speakup-modules-6.1.0-30-686-di |  6.1.124-1 | i386
speakup-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
speakup-modules-6.1.0-31-686-di |  6.1.128-1 | i386
speakup-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
squashfs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
squashfs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
squashfs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
squashfs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
squashfs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
squashfs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
udf-modules-6.1.0-27-686-di |  6.1.115-1 | i386
udf-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
udf-modules-6.1.0-30-686-di |  6.1.124-1 | i386
udf-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
udf-modules-6.1.0-31-686-di |  6.1.128-1 | i386
udf-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
uinput-modules-6.1.0-27-686-di |  6.1.115-1 | i386
uinput-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
uinput-modules-6.1.0-30-686-di |  6.1.124-1 | i386
uinput-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
uinput-modules-6.1.0-31-686-di |  6.1.128-1 | i386
uinput-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
usb-modules-6.1.0-27-686-di |  6.1.115-1 | i386
usb-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
usb-modules-6.1.0-30-686-di |  6.1.124-1 | i386
usb-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
usb-modules-6.1.0-31-686-di |  6.1.128-1 | i386
usb-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
usb-serial-modules-6.1.0-27-686-di |  6.1.115-1 | i386
usb-serial-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
usb-serial-modules-6.1.0-30-686-di |  6.1.124-1 | i386
usb-serial-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
usb-serial-modules-6.1.0-31-686-di |  6.1.128-1 | i386
usb-serial-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
usb-storage-modules-6.1.0-27-686-di |  6.1.115-1 | i386
usb-storage-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
usb-storage-modules-6.1.0-30-686-di |  6.1.124-1 | i386
usb-storage-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
usb-storage-modules-6.1.0-31-686-di |  6.1.128-1 | i386
usb-storage-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386
xfs-modules-6.1.0-27-686-di |  6.1.115-1 | i386
xfs-modules-6.1.0-27-686-pae-di |  6.1.115-1 | i386
xfs-modules-6.1.0-30-686-di |  6.1.124-1 | i386
xfs-modules-6.1.0-30-686-pae-di |  6.1.124-1 | i386
xfs-modules-6.1.0-31-686-di |  6.1.128-1 | i386
xfs-modules-6.1.0-31-686-pae-di |  6.1.128-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:41:00 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-27-common |  6.1.115-1 | all
linux-headers-6.1.0-27-common-rt |  6.1.115-1 | all
linux-headers-6.1.0-30-common |  6.1.124-1 | all
linux-headers-6.1.0-30-common-rt |  6.1.124-1 | all
linux-headers-6.1.0-31-common |  6.1.128-1 | all
linux-headers-6.1.0-31-common-rt |  6.1.128-1 | all
linux-support-6.1.0-27 |  6.1.115-1 | all
linux-support-6.1.0-30 |  6.1.124-1 | all
linux-support-6.1.0-31 |  6.1.128-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:23:59 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

libnet-easytcp-perl |     0.26-6 | source, all
Closed bugs: 1093386

------------------- Reason -------------------
RoQA; unmaintained upstream; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:26:01 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

looking-glass | 0+b5.0.1-2 | source
looking-glass-client | 0+b5.0.1-2+b1 | amd64
obs-plugin-looking-glass | 0+b5.0.1-2+b1 | amd64
Closed bugs: 1094310

------------------- Reason -------------------
RoM; upstream requested removal
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 15 Mar 2025 08:27:04 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

  kanboard | 1.2.26+ds-2+deb12u2 | source, all
Closed bugs: 1100426

------------------- Reason -------------------
RoST; unmaintained; security issues
----------------------------------------------
=========================================================================
389-ds-base (2.3.1+dfsg1-1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Apply security patches from the upstream:
     - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword
       using malformed input (Closes: #1072531, #1082852).
     - CVE-2024-5953: Denial of service while attempting to log in with
       a user with a malformed hash in their password.
     - CVE-2024-3657: Failure on the directory server with specially-crafted
       LDAP query leading to denial of service.

base-files (12.4+deb12u10) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.10, for Debian 12.10 point release.

bind9 (1:9.18.33-1~deb12u2) bookworm-security; urgency=high
 .
   * New upstream version 9.18.33
    - CVE-2024-12705: DNS-over-HTTPS flooding fixes
    - CVE-2024-11187: Limit additional section processing for large RDATA
      sets

bup (0.33.7-1~deb12u1) bookworm; urgency=medium
 .
   * Upstream versions 0.33.3, 0.33.4, 0.33.5, 0.33.6, and 0.33.7 from bup's
     stable update branch with various fixes for bugs that affect bookworm.
bup (0.33.7-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
 .
 bup (0.33.7-1) unstable; urgency=medium
 .
   * New upstream versions 0.33.6, 0.33.7
   * debian/docs: Include upstream release note '0.33.6-from-0.33.5.md'
   * debian/docs: Include upstream release note '0.33.7-from-0.33.6.md'
 .
 bup (0.33.6~git20241212-1) unstable; urgency=medium
 .
   [ Rob Browning ]
   * debian/rules: Generate checkout info prior to dh_auto_configure
 .
   [ Robert Edmonds ]
   * New upstream git snapshot of commit 3cd11d3840b0714820ca5fc540115a339d1ee7fa
     due to call for testing
   * debian/docs: Include upstream release note '0.33.5-from-0.33.4.md'
   * Revert "debian/rules: Relocate bup-config.5 to the correct manpage
     directory" (fixed upstream)
 .
 bup (0.33.5-1) unstable; urgency=medium
 .
   * New upstream version 0.33.5
     - Bug fixes for "three issues that could cause a repository to end up
       with trees that had dangling references, i.e. missing files, parts of
       files, subtrees, etc." if the "bup gc" command is utilized.
       (Closes: #1086123)
   * debian/rules: Relocate bup-config.5 to the correct manpage directory
 .
 bup (0.33.4-1) unstable; urgency=medium
 .
   * New upstream version 0.33.4
     - "configure.inc: fix main() prototype and other (now) invalid test code"
     (Closes: #1074858)
   * debian/docs: Include upstream release note '0.33.4-from-0.33.3.md'
 .
 bup (0.33.3-1) unstable; urgency=medium
 .
   * New upstream version 0.33.3
     - "fuse: don't filter output when backgrounding" (Closes: #1050040)
     - "test-help: fix dependency on C locale with current pandoc" (Closes:
     #1042250)
   * debian/docs: Include upstream release note '0.33.3-from-0.33.2.md'
bup (0.33.6~git20241212-1) unstable; urgency=medium
 .
   [ Rob Browning ]
   * debian/rules: Generate checkout info prior to dh_auto_configure
 .
   [ Robert Edmonds ]
   * New upstream git snapshot of commit 3cd11d3840b0714820ca5fc540115a339d1ee7fa
     due to call for testing
   * debian/docs: Include upstream release note '0.33.5-from-0.33.4.md'
   * Revert "debian/rules: Relocate bup-config.5 to the correct manpage
     directory" (fixed upstream)
bup (0.33.5-1) unstable; urgency=medium
 .
   * New upstream version 0.33.5
     - Bug fixes for "three issues that could cause a repository to end up
       with trees that had dangling references, i.e. missing files, parts of
       files, subtrees, etc." if the "bup gc" command is utilized.
       (Closes: #1086123)
   * debian/rules: Relocate bup-config.5 to the correct manpage directory
bup (0.33.4-1) unstable; urgency=medium
 .
   * New upstream version 0.33.4
     - "configure.inc: fix main() prototype and other (now) invalid test code"
     (Closes: #1074858)
   * debian/docs: Include upstream release note '0.33.4-from-0.33.3.md'
bup (0.33.3-1) unstable; urgency=medium
 .
   * New upstream version 0.33.3
     - "fuse: don't filter output when backgrounding" (Closes: #1050040)
     - "test-help: fix dependency on C locale with current pandoc" (Closes:
     #1042250)
   * debian/docs: Include upstream release note '0.33.3-from-0.33.2.md'
bup (0.33.2-1) unstable; urgency=medium
 .
   [ Rob Browning ]
   * 0.33.2
     - Update base_version for 0.33.2 development
     - correct_posix1e_v1_delimiters: provide path for error messages
       (Closes: #1039089)
     - Update docs for 0.33.2 release
     - Update base_version for 0.33.2 release
 .
   [ Robert Edmonds ]
   * New upstream version 0.33.2
   * debian/docs: Include upstream release note '0.33.2-from-0.33.1.md'

cacti (1.2.24+ds1-1+deb12u5) bookworm-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2024-27082: Stored XSS vulnerability.
   * Fix CVE-2024-43362: XSS (Cross-Site Scripting) Vulnerability.
     The `fileurl` parameter is not properly sanitized when
     saving external links in `links.php` . Morever, the said
     fileurl is placed in some html code which is passed to
     the `print` function in `link.php` and `index.php`,
     finally leading to stored XSS
   * Fix CVE-2024-43363: Remote Code Execution (RCE) by
     log poisoning. An admin user can create a device with
     a malicious hostname containing php code and repeat
     the installation process to use a php file as the
     cacti log file. After having the malicious hostname end
     up in the logs (log poisoning), one can simply go to the
     log file url to execute commands to achieve RCE.
   * Fix CVE-2024-43364: Stored XSS (Cross-Site Scripting) Vulnerability.
     The `title` parameter is not properly sanitized when
     saving external links in links.php . Morever, the said
     title parameter is stored in the database and reflected back
     to user in index.php, finally leading to stored XSS.
   * Fix CVE-2024-43365: Stored XSS (Cross-Site Scripting) Vulnerability.
     The`consolenewsection` parameter is not properly sanitized
     when saving external links in links.php . Morever, the said
     consolenewsection parameter is stored in the database and
     reflected back to user in `index.php`, finally leading
     to stored XSS.
   * Fix CVE-2024-45598: Local File Inclusion (LFI) Vulnerability
     via Poller Standard Error Log Path.
     An admin can change Poller Standard Error Log Path parameter in
     either Installation Step 5 or in Configuration->Settings->Paths tab
     to a local file inside the server. Then simply going to Logs tab and
     selecting the name of the local file will show its content
     on the web UI.
   * Fix CVE-2024-54145: SQL Injection vulnerability when request
     automation devices.
     A SQL injection vulnerability in get_discovery_results function
     of automation_devices.php.paramter networkconcat into
     sql_wherewithout Sufficient filtration.
   * Fix CVE-2025-22604: Authenticated RCE via multi-line SNMP responses
     Due to a flaw in multi-line SNMP result parser, authenticated users
     can inject malformed OIDs in the response. When processed by
     ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each
     OID will be used as a key in an array that is used as part of a
     system command, causing a command execution vulnerability.
   * Fix CVE-2025-24367: Arbitrary File Creation leading to RCE
     An authenticated Cacti user can abuse graph creation and graph
     template functionality to create arbitrary PHP scripts in the
     web root of the application, leading to remote code
     execution on the server.
   * Fix CVE-2025-24368: SQL Injection vulnerability when using
     tree rules through Automation API
     Some of the data stored in automation_tree_rules.php is not
     thoroughly checked and is used to concatenate the SQL statement in
     build_rule_item_filter() function from lib/api_automation.php ,*
     finally resulting in SQL injection.

chromium (134.0.6998.35-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-1914: Out of bounds read in V8. Reported by
       Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13).
     - CVE-2025-1915: Improper Limitation of a Pathname to a Restricted
       Directory in DevTools. Reported by Topi Lassila.
     - CVE-2025-1916: Use after free in Profiles.
       Reported by parkminchan, SSD Labs Korea.
     - CVE-2025-1917: Inappropriate Implementation in Browser UI.
       Reported by Khalil Zhani.
     - CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine.
     - CVE-2025-1919: Out of bounds read in Media.
       Reported by @Bl1nnnk and @Pisanbao.
     - CVE-2025-1921: Inappropriate Implementation in Media Stream.
       Reported by Kaiido.
     - CVE-2025-1922: Inappropriate Implementation in Selection.
       Reported by Alesandro Ortiz.
     - CVE-2025-1923: Inappropriate Implementation in Permission Prompts.
       Reported by Khalil Zhani.
   * d/patches:
     - fixes/widevine-revision.patch: drop. Upstream says "with CDMs using
       manifest-based registration, no need to" hardcode version string.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh from ungoogled.
     - bookworm/gn-allowlist.patch: add workaround for older gn.
     - bookworm/adler1.patch: add workaround for older rust.
     - fixes/stdatomic.patch: add build fix to ensure <stdatomic.h> isn't
       used.
     - fixes/variant.patch: add missing header include.
     - upstream/qualifications.patch: add fix to silence annoying warnings.
     - upstream/optional.patch: add more missing header includes.
     - bookworm/constflatset.patch: refresh.
     - bookworm/constexpr.patch: refresh.
     - bookworm/modff.patch: add workaround for libstdc++ build issue.
     - bookworm/foreach.patch: add workaround for libstdc++ build issue.
   * d/rules: update to ensure both qt5 AND qt6 are disabled.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/swiftshader-llvm.patch: Add LLVM patches from upstream LLVM
       project to fix integrated SwiftShader LLVM FTBFS
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
chromium (133.0.6943.141-2) unstable; urgency=high
 .
   * Add a bunch of lintian overrides for embedded libraries.
 .
 chromium (133.0.6943.141-1) unstable; urgency=high
 .
   * New upstream security release (no CVEs).
   * Move various .pak files from chromium package to chromium-common.
   * Have chromium-driver depend upon chromium-common instead of chromium.
   * Double quote args in chromium-shell script (closes: #971906).
   * Add new package 'chromium-headless-shell' that is equivalent to the
     now-removed --headless=old argument (closes: #1081204).
   * d/patches/fixes/headless-gn.patch: add build fix for headless_shell.
chromium (133.0.6943.126-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-0999: Heap buffer overflow in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2025-1426: Heap buffer overflow in GPU.
       Reported by un3xploitable && GF.
     - CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam
       Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks.
   * d/patches:
     - fixes/bindgen-unsafe-op.patch: drop now that sid's bindgen is fixed.
chromium (133.0.6943.126-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-0999: Heap buffer overflow in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2025-1426: Heap buffer overflow in GPU.
       Reported by un3xploitable && GF.
     - CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam
       Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks.
   * d/patches:
     - fixes/bindgen-unsafe-op.patch: drop now that sid's bindgen is fixed.
chromium (133.0.6943.98-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2025-0995: Use after free in V8. Reported by Popax21.
     - CVE-2025-0996: Inappropriate implementation in Browser UI.
       Reported by yuki yamaoto.
     - CVE-2025-0997: Use after free in Navigation. Reported by asnine.
     - CVE-2025-0998: Out of bounds memory access in V8.
       Reported by Alan Goodman.
   * d/patches:
     - fixes/bindgen-unsafe-op.patch: add a workaround for a bindgen bug
       that causes FTBFS on armhf.
chromium (133.0.6943.98-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2025-0995: Use after free in V8. Reported by Popax21.
     - CVE-2025-0996: Inappropriate implementation in Browser UI.
       Reported by yuki yamaoto.
     - CVE-2025-0997: Use after free in Navigation. Reported by asnine.
     - CVE-2025-0998: Out of bounds memory access in V8.
       Reported by Alan Goodman.
   * d/patches:
     - fixes/bindgen-unsafe-op.patch: add a workaround for a bindgen bug
       that causes FTBFS on armhf.
     - bookworm/stdarch-arm.patch: add workaround to build w/ rust 1.78.
chromium (133.0.6943.53-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-0444: Use after free in Skia.
       Reported by Francisco Alonso (@revskills).
     - CVE-2025-0445: Use after free in V8. Reported by 303f06e3.
     - CVE-2025-0451: Inappropriate implementation in Extensions API.
       Reported by Vitor Torres and Alesandro Ortiz.
   * Stop deleting third_party/highway, drop libhwy-dev build-dep, and
     build against the bundled libhwy due to new API requirements.
   * d/patches:
     - fixes/highway-include-path.patch: drop; switching to bundled hwy.
     - upstream/array.patch: drop, merged upstream.
     - upstream/ink-isfinite.patch: drop, merged upstream.
     - upstream/ruy-include.patch: drop, merged upstream.
     - upstream/uint.patch: drop, merged upstream.
     - upstream/variant.patch: drop, merged upstream.
     - upstream/webrtc-optional.patch: drop, merged upstream.
     - fixes/perfetto.patch: drop, merged upstream.
     - system/event.patch: drop, upstream no longer uses libevent.
     - ungoogled/disable-privacy-sandbox.patch: refresh from upstream.
     - fixes/highway-include-path.patch: delete a libhwy build test, add
       another header build fix.
     - bookworm/clang19.patch: add patch to disable unsupported build args
     - fixes/optional.patch: add header build fix.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
       Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/0001-third-party-hwy-wrong-include.patch: Work around
       incorrect header include
chromium (133.0.6943.53-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-0444: Use after free in Skia.
       Reported by Francisco Alonso (@revskills).
     - CVE-2025-0445: Use after free in V8. Reported by 303f06e3.
     - CVE-2025-0451: Inappropriate implementation in Extensions API.
       Reported by Vitor Torres and Alesandro Ortiz.
   * Stop deleting third_party/highway, drop libhwy-dev build-dep, and
     build against the bundled libhwy due to new API requirements.
   * d/patches:
     - fixes/highway-include-path.patch: drop; switching to bundled hwy.
     - bookworm/highway-blink.patch: drop; switching to bundled hwy.
     - upstream/array.patch: drop, merged upstream.
     - upstream/ink-isfinite.patch: drop, merged upstream.
     - upstream/ruy-include.patch: drop, merged upstream.
     - upstream/uint.patch: drop, merged upstream.
     - upstream/variant.patch: drop, merged upstream.
     - upstream/webrtc-optional.patch: drop, merged upstream.
     - fixes/perfetto.patch: drop, merged upstream.
     - system/event.patch: drop, upstream no longer uses libevent.
     - ungoogled/disable-privacy-sandbox.patch: refresh from upstream.
     - fixes/highway-include-path.patch: delete a libhwy build test, add
       another header build fix.
     - bookworm/clang19.patch: add patch to disable unsupported build args
     - fixes/optional.patch: add header build fix.
     - bookworm/gn-absl.patch: add global visibilty for more symbols.
     - bookworm/dq-forward-iterator.patch: add workaround for bookworm's
       libstdc++ 12.
     - bookworm/constflatset.patch, bookworm/constexpr.patch: add another
       workaround for bookworm's libstdc++ 12.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
       Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/0001-third-party-hwy-wrong-include.patch: Work around
       incorrect header include
chromium (132.0.6834.159-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S.
 .
   [ Daniel Richard G. ]
   * d/copyright: Sort the list of Files-Excluded: entries, remove a few
     that are no longer needed, and consolidate some others with brackets.
   * d/rules:
     - Use simple assignments for variables defined using $(shell ...)
       to avoid recursive-expansion issues with GNU Make 4.4.1.
     - Download the upstream lite tarball instead of the regular one now
       that the former has everything we need.
     - Delete empty directories when making the orig-source tarball.
chromium (132.0.6834.159-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S.
 .
   [ Daniel Richard G. ]
   * d/copyright: Sort the list of Files-Excluded: entries, remove a few
     that are no longer needed, and consolidate some others with brackets.
   * d/rules:
     - Use simple assignments for variables defined using $(shell ...)
       to avoid recursive-expansion issues with GNU Make 4.4.1.
     - Download the upstream lite tarball instead of the regular one now
       that the former has everything we need.
     - Delete empty directories when making the orig-source tarball.
chromium (132.0.6834.110-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0611: Object corruption in V8. Reported by 303f06e3.
     - CVE-2025-0612: Out of bounds memory access in V8.
       Reported by Alan Goodman.
   * d/patches/upstream/mojo.patch: drop, upstream tarballs are now fixed.
   * d/chromium-shell.NEWS: ask users of the chromium-shell package to
     email me; otherwise, chromium-shell will be removed in the future.
 .
   [ Ahmad Khalifa ]
   * d/NEWS uses missing release, set it to nearest to silence lintian.
   * d/control: replace obsolete pkg-config with pkgconf.
   * d/upstream/metadata: switch fields to expected case.
   * d/patches/series: help lintian ignore unused bullseye patches.
 .
   [ Daniel Richard G. ]
   * d/etc/dev-shm: Add --disable-dev-shm-usage if the system has less than
     ~4 GB available in /dev/shm to avoid crashes (closes: #1072299).
 .
   [ Jianfeng Liu ]
   * d/patches:
     - fixes/libsync-rk3588-panthor.patch: Fix upstream issue #343592370,
       which can cause browser crash when running with ozone wayland on
       rk3588 platform.
chromium (132.0.6834.110-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0611: Object corruption in V8. Reported by 303f06e3.
     - CVE-2025-0612: Out of bounds memory access in V8.
       Reported by Alan Goodman.
   * d/patches/upstream/mojo.patch: drop, upstream tarballs are now fixed.
   * d/chromium-shell.NEWS: ask users of the chromium-shell package to
     email me; otherwise, chromium-shell will be removed in the future.
 .
   [ Ahmad Khalifa ]
   * d/NEWS uses missing release, set it to nearest to silence lintian.
   * d/control: replace obsolete pkg-config with pkgconf.
   * d/upstream/metadata: switch fields to expected case.
   * d/patches/series: help lintian ignore unused bullseye patches.
 .
   [ Daniel Richard G. ]
   * d/etc/dev-shm: Add --disable-dev-shm-usage if the system has less than
     ~4 GB available in /dev/shm to avoid crashes (closes: #1072299).
 .
   [ Jianfeng Liu ]
   * d/patches:
     - fixes/libsync-rk3588-panthor.patch: Fix upstream issue #343592370,
       which can cause browser crash when running with ozone wayland on
       rk3588 platform.
chromium (132.0.6834.83-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme.
     - CVE-2025-0435: Inappropriate implementation in Navigation.
       Reported by Alesandro Ortiz.
     - CVE-2025-0436: Integer overflow in Skia.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0437: Out of bounds read in Metrics.
       Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
     - CVE-2025-0438: Stack buffer overflow in Tracing.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0439: Race in Frames. Reported by Hafiizh.
     - CVE-2025-0440: Inappropriate implementation in Fullscreen.
       Reported by Umar Farooq.
     - CVE-2025-0441: Inappropriate implementation in Fenced Frames.
       Reported by someoneverycurious.
     - CVE-2025-0442: Inappropriate implementation in Payments.
       Reported by Ahmed ElMasry.
     - CVE-2025-0443: Insufficient data validation in Extensions.
       Reported by Anonymous.
     - CVE-2025-0446: Inappropriate implementation in Extensions.
       Reported by Hafiizh.
     - CVE-2025-0447: Inappropriate implementation in Navigation.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2025-0448: Inappropriate implementation in Compositing.
       Reported by Dahyeon Park.
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: drop, merged upstream.
     - upstream/dawn-strlen.patch: drop, merged upstream.
     - upstream/mrc-copy-op.patch: drop, merged upstream.
     - upstream/variant.patch: part of this was merged upstream; keep the
       rest.
     - fixes/freetype.patch: drop, merged upstream.
     - fixes/gpu-crash.patch: drop, merged upstream.
     - fixes/bindgen.patch: refresh and make patch even smaller. Also some
       upstream churn.
     - fixes/fix-assert-in-vnc-sessions.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - upstream/mojo.patch: fix missing files.
     - upstream/uint.patch: add gcc-specific build fix.
     - bookworm/constflatset.patch: add (probably) gcc-specific workaround.
     - fixes/lens-optional.patch: add gcc-specific build fix.
   * Downgrade to rollup3 for devtools-frontend stuff, due to the bundled
     rollup4 including wasm blobs. Update d/patches/system/rollup.patch to
     point to the right place as well, and build-dep on
     node-rollup-plugin-terser.
   * Build against newer bundled libtiff for memory limiting protection.
   * Switch to bundled libdrm due to DRM_IOCTL_SYNCOBJ_EVENTFD usage.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Drop due
       to upstream fixes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
chromium (132.0.6834.83-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme.
     - CVE-2025-0435: Inappropriate implementation in Navigation.
       Reported by Alesandro Ortiz.
     - CVE-2025-0436: Integer overflow in Skia.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0437: Out of bounds read in Metrics.
       Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
     - CVE-2025-0438: Stack buffer overflow in Tracing.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0439: Race in Frames. Reported by Hafiizh.
     - CVE-2025-0440: Inappropriate implementation in Fullscreen.
       Reported by Umar Farooq.
     - CVE-2025-0441: Inappropriate implementation in Fenced Frames.
       Reported by someoneverycurious.
     - CVE-2025-0442: Inappropriate implementation in Payments.
       Reported by Ahmed ElMasry.
     - CVE-2025-0443: Insufficient data validation in Extensions.
       Reported by Anonymous.
     - CVE-2025-0446: Inappropriate implementation in Extensions.
       Reported by Hafiizh.
     - CVE-2025-0447: Inappropriate implementation in Navigation.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2025-0448: Inappropriate implementation in Compositing.
       Reported by Dahyeon Park.
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: drop, merged upstream.
     - upstream/dawn-strlen.patch: drop, merged upstream.
     - upstream/mrc-copy-op.patch: drop, merged upstream.
     - upstream/variant.patch: part of this was merged upstream; keep the
       rest.
     - fixes/freetype.patch: drop, merged upstream.
     - fixes/gpu-crash.patch: drop, merged upstream.
     - fixes/bindgen.patch: refresh and make patch even smaller. Also some
       upstream churn.
     - fixes/fix-assert-in-vnc-sessions.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - upstream/mojo.patch: fix missing files.
     - upstream/uint.patch: add gcc-specific build fix.
     - bookworm/constflatset.patch: add (probably) gcc-specific workaround.
     - fixes/lens-optional.patch: add gcc-specific build fix.
     - bookworm/gn-absl.patch: modify for new dependency.
     - bookworm/rust-visibility.patch: add build fix for older rustc.
     - bookworm/less-void.patch: add build fix for older libstdc++/gcc.
   * Downgrade to rollup3 for devtools-frontend stuff, due to the bundled
     rollup4 including wasm blobs. Update d/patches/system/rollup.patch to
     point to the right place as well, and build-dep on
     node-rollup-plugin-terser.
   * Build against newer bundled libtiff for memory limiting protection.
   * Switch to bundled libdrm due to DRM_IOCTL_SYNCOBJ_EVENTFD usage.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Drop due
       to upstream fixes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
chromium (131.0.6778.264-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0291: Type Confusion in V8. Reported by Popax21.
   * d/copyright: Delete some unused upstream binaries that we'd
     previously missed (closes: #1091459).
 .
   [ Bo YU ]
   * Enable 0001-swiftshader-fix-build.patch on ppc64el again to fix
     FTBFS issue.
chromium (131.0.6778.264-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2025-0291: Type Confusion in V8. Reported by Popax21.
   * d/copyright: Delete some unused upstream binaries that we'd
     previously missed (closes: #1091459).
 .
   [ Bo YU ]
   * Enable 0001-swiftshader-fix-build.patch on ppc64el again to fix
     FTBFS issue.
chromium (131.0.6778.204-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-12692: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-12693: Out of bounds memory access in V8.
       Reported by 303f06e3.
     - CVE-2024-12694: Use after free in Compositing. Reported by Anonymous.
     - CVE-2024-12695: Out of bounds write in V8. Reported by 303f06e3.
   * d/patches/fixes/absl-optional.patch: comment out __glibcxx_assert()
     that we keep hitting with gcc 12; it was previously commented out, but
     we lost the change when we switched from libstdc++ and then back.
 .
   [ Bo Yu ]
   * Build swiftshader with llvm-16 instead of llvm-10.
chromium (131.0.6778.204-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-12692: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-12693: Out of bounds memory access in V8.
       Reported by 303f06e3.
     - CVE-2024-12694: Use after free in Compositing. Reported by Anonymous.
     - CVE-2024-12695: Out of bounds write in V8. Reported by 303f06e3.
   * d/patches/fixes/absl-optional.patch: comment out __glibcxx_assert()
     that we keep hitting with gcc 12; it was previously commented out, but
     we lost the change when we switched from libstdc++ and then back.
 .
   [ Bo Yu ]
   * Build swiftshader with llvm-16 instead of llvm-10.
chromium (131.0.6778.139-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-12381: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-12382: Use after free in Translate. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
   * (Temporarily?) switch from llvm's libc++ to gcc's libstdc++ to
     simplify the prior clang-16/19 upgrades.
   * d/patches:
     - fixes/bindgen.patch: refresh.
     - upstream/dawn-strlen.patch: add gcc-specific build fix.
     - upstream/ink-isfinite.patch: add gcc-specific build fix.
     - upstream/webrtc-optional.patch: add gcc-specific build fix.
     - upstream/variant.patch: add gcc-specific build fixes.
     - upstream/array.patch: add gcc-specific build fix.
     - fixes/absl-optional.patch: re-introduce clang/gcc build workaround.
     - upstream/mrc-copy-op.patch: add gcc-specific build fix.
     - fixes/font-gc-asan.patch: add a better workaround for bad font-gc
       behavior under libstdc++. This is self-contained and small, unlike
       the prior reverts of the switch to font garbage collection.
 .
   [ Nathan Teodosio ]
   * Simplify fixes/bindgen.patch so it doesn't need frequent rebasing.
 .
   [ Daniel Richard G. ]
   * d/copyright: Expand list of Files-Excluded: entries.
   * d/rules: Various updates to get-orig-source rule, including use of
     grep-dctrl(1) and the LASTCHANGE.committime timestamp.
   * d/scripts/check-upstream: Avoid issues with inaccurate $(pwd) value and
     spaces in filenames, and print all errors instead of only the first one.

containerd (1.6.20~ds1-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport 0011-allow-test-run-in-userns.patch to fix FTBFS
     on builders with unshare (closes: #1070411)

curl (7.88.1-10+deb12u12) bookworm; urgency=medium
 .
   * d/p/runtests.pl-Increase-variance-of-random-seed-used-for-tes: Fix test
     failures due to port clashes
curl (7.88.1-10+deb12u11) bookworm; urgency=medium
 .
   * Team upload.
   * Import patch for CVE-2025-0167.
    - When asked to use a `.netrc` file for credentials **and** to follow HTTP
      redirects, curl could leak the password used for the first host to the
      followed-to host under certain circumstances. This flaw only manifests
      itself if the netrc file has a `default` entry that omits both login
      and password. A rare circumstance.
 .
 curl (7.88.1-10+deb12u10) bookworm; urgency=medium
 .
   * Team upload.
   * Import patch for CVE-2024-11053
     - When asked to both use a `.netrc` file for credentials and to follow HTTP
       redirects, curl could leak the password used for the first host to the
       followed-to host under certain circumstances.
   * d/patches:
     - url-use-same-credentials-on-redirect.patch: Backport upstream patch to
       fix the issue of reusing closed connections when the server disconnects
       unexpectedly, and ensure redirects keep both username and password.
       This patch is required for CVE-2024-11053.
     - CVE-2024-11053.patch: Import and backport upstream patch to
       fix CVE-2024-11053
curl (7.88.1-10+deb12u9) bookworm; urgency=medium
 .
   * Team upload.
   * Import patches for CVE-2024-9681
     - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time
       to overwrite its parent domain’s cache entry. This can lead to unintended
       HTTPS upgrades or premature reversion to HTTP when both subdomains and
       parent domains are used. Affects applications with HSTS enabled,
       potentially disrupting access when a domain stops supporting HTTPS.
   * d/patches:
     - CVE-2024-9681-*.patch: Backport patches.
     - CVE-2024-9681-1: fix backport inconsistencies
     - large-time-testable-feature.patch: Import 'large-time' feature for tests
     - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping
       stunnel before retrying

dacite (1.8.0-1+deb12u1) bookworm; urgency=medium
 .
   * Add upstream fix for caching bug (Closes: #1069304)

dcmtk (3.6.7-9~deb12u3) bookworm; urgency=medium
 .
   * Team upload.
   * Introduce patch series to fix CVE-2024-28130.
     This change introduces the patches:
       * 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
       * 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
       * 0003-Fixed-wrong-error-handling-previous-commit.patch
     mapping to upstream commits:
       * dc6a2446dc03c9db90f82ce17a597f2cd53776c5
       * 601b227eecaab33a3a3a11dc256d84b1a62f63af
       * 7d54f8efec995e5601d089fa17b0625c2b41af23
     with the nuance that upstream check functions are inlined, in order to
     avoid an ABI breakage.
     Thanks to Adrian Bunk (Closes: #1070207)
   * 0009-CVE-2025-25475.patch: new: fix CVE-2025-25475. (Closes: #1098373)
   * 0010-CVE-2025-25474.patch: new: fix CVE-2025-25474. (Closes: #1098374)
   * 0011-CVE-2025-25472.patch: new: fix CVE-2025-25472.
dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * 0007-CVE-2024-47796.patch: new.
     This patch addresses CVE-2024-47796. (Closes: #1093043)
   * 0008-CVE-2024-52333.patch: new.
     This patch addresses CVE-2024-52333. (Closes: #1093047)
   * 0009-CVE-2024-27628.patch: new.
     This patch fixes CVE-2024-27628. (Closes: #1074483)
   * 0010-CVE-2024-34508-34509.patch: new.
     This patch fixes CVE-2024-34508 and CVE-2024-34509.
   * 0011-CVE-2024-34508-34509_bis.patch: new.
     This introduces upstream's fix to the test regression introduced by
     the mitigation against CVE-2024-34508 and CVE-2024-34509.

debian-installer (20230607+deb12u10) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-32.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u10) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u10, from bookworm-proposed-updates.

debian-ports-archive-keyring (2025.02.01~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm:
     - gbp.conf: change branch to bookworm
     - Revert "DEP17: Move all aliased files to /usr."
debian-ports-archive-keyring (2025.01.01) unstable; urgency=medium
 .
   * Add Vcs-git and Vcs-browser to debian/control
   * Switch to debhelper 13
   * Bump Standards-Version to 4.7.0 (no changes)
   * DEP17: Move all aliased files to /usr.
   * Add Debian Ports Archive Automatic Signing Key (2026)
     <ftpmaster@ports-master.debian.org> (ID: C6894E6BB25B9C99)
   * Switch to use ASCII-armoured fragments for APT trust
debian-ports-archive-keyring (2024.02.02) unstable; urgency=medium
 .
   * Remove the obsolete debian-ports-archive-2023.gpg conffile on upgrade.
     Closes: #1062406.
debian-ports-archive-keyring (2024.01.31) unstable; urgency=medium
 .
   * Move the 2023 key (ID: B523E5F3FC4E5F2C) to the removed keyring.
debian-ports-archive-keyring (2024.01.05) unstable; urgency=medium
 .
   * Add Debian Ports Archive Automatic Signing Key (2025)
     <ftpmaster@ports-master.debian.org> (ID: 3AF65F93D6FBC5B9).

dgit (10.7+deb12u3) bookworm; urgency=medium
 .
   * git-debpush: Add source= & version= (Closes: #1069001).

djoser (2.1.0-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Cherry-pick upstream commit fixing CVE-2024-21543
     (Closes: #1089915)

dns-root-data (2024071801~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
dns-root-data (2024071800) unstable; urgency=medium
 .
   * Update root-anchors.xml and its signature to add the new KSK-2024.
     (Closes: #1076995)
dns-root-data (2024041802) unstable; urgency=medium
 .
   * Stop installing root.hints.sig, since no package actually uses the file.
   * Stop the package from FTBFS in the periods between when root-anchors.xml
     is updated and the new root KSK is actually published in the DNS.
dns-root-data (2024041801) unstable; urgency=medium
 .
   * Add myself to the Uploaders field, as discussed with Ondřej.
   * Fix the package description. (Closes: #1064829)
   * Update the expired Verisign GRS PGP key.
   * Update the root hints file to version 2024041801, with:
     + updated A and AAAA records for B. (Closes: #1054393)

edk2 (2022.11-6+deb12u2) bookworm; urgency=medium
 .
   * Fix overflow condition in PeCoffLoaderRelocateImage(), CVE-2024-38796:
     - d/p/0001-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
     - d/p/0002-MdePkg-Improving-readability-of-CVE-patch-for-PeCoff.patch
     (Closes: #1084055)
   * Fix potential UINT32 overflow in S3 ResumeCount. CVE-2024-1298:
     - d/p/MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch

elpa (2022.11.001-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Enable oversubscribe to run the tests, allowing the package
     to be built when less than 2 slots are detected. This not only
     happens on machines with 1 CPU but also on some AWS machines
     with 2 vCPUs like c6a.large or m6a.large. Closes: #1057556.

emacs (1:28.2+1-15+deb12u4) bookworm-security; urgency=high
 .
   * Disable Flymake byte-compile backend in untrusted files
     (CVE-2024-53920) (Closes: #1088690).
   * Fix man.el shell injection vulnerability (CVE-2025-1244)
     (Closes: #1098255).

firefox-esr (128.8.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-16, also known as:
     CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933,
     CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937,
     CVE-2025-1938.
firefox-esr (128.7.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-09, also known as:
     CVE-2025-1009, CVE-2025-1010, CVE-2025-1011, CVE-2025-1012,
     CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017.
firefox-esr (128.7.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-09, also known as:
     CVE-2025-1009, CVE-2025-1010, CVE-2025-1011, CVE-2025-1012,
     CVE-2024-11704, CVE-2025-1013, CVE-2025-1014, CVE-2025-1016,
     CVE-2025-1017.
firefox-esr (128.6.0esr-4) unstable; urgency=medium
 .
   * third_party/wasm2c/src/prebuilt/wasm2c_simd_source_declarations.cc,
     third_party/wasm2c/src/prebuilt/wasm2c_source_declarations.cc: Apply
     wasm2c upstream fix for clang targetting mips.
firefox-esr (128.6.0esr-3) unstable; urgency=medium
 .
   * gfx/ycbcr/yuv_convert_arm.cpp: Move the .fpu neon directive around.
firefox-esr (128.6.0esr-2) unstable; urgency=medium
 .
   * debian/rules:
     - Properly enable clang only on trixie. Thanks David Turner.
     - Revert work around for some binutils change. Upstream has had a fix for
       it for a while now.
 .
   * gfx/cairo/libpixman/src/moz.build: Don't use clang clang's integrated
     assembler to compile pixman ARM neon code.
firefox-esr (128.6.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-02, also known as:
     CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240,
     CVE-2025-0241, CVE-2025-0242, CVE-2025-0243.
firefox-esr (128.6.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2025-02, also known as:
     CVE-2025-0237, CVE-2025-0238, CVE-2025-0239, CVE-2025-0240,
     CVE-2025-0241, CVE-2025-0242, CVE-2025-0243.
firefox-esr (128.5.1esr-1) unstable; urgency=medium
 .
   * New upstream release.
 .
   * debian/rules: Switch to clang as the compiler for trixie.
 .
   * python/mach/mach/site.py: Fix virtual environment sysconfig path
     calculation. bz#1935621.
firefox-esr (128.5.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-64, also known as:
     CVE-2024-11691, CVE-2024-11692, CVE-2024-11694, CVE-2024-11695,
     CVE-2024-11696, CVE-2024-11697, CVE-2024-11699.
 .
   * debian/control*: Build depend on libdbus-1-dev rather than
     libdbus-glib-1-dev. Closes: #955891.

flightgear (1:2020.3.16+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * New patch: move checkIORules() to SGPath::NasalIORulesChecker()
     Thanks to Florent Rougon <f.rougon@frougon.net> (CVE-2025-0781)
   * Update versioned Build-Depends for libsimgear-dev

gensim (4.2.0+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Fix build on single-CPU systems.

git (1:2.39.5-0+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * credential_format(): also encode <host>[:<port>]
   * credential: sanitize the user prompt (CVE-2024-50349)
   * credential: disallow Carriage Returns in the protocol by default
     (CVE-2024-52006)

git-lfs (3.3.0-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to fix CVE-2024-53263:
     - Reject LF bytes in credential data

glibc (2.36-9+deb12u10) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Change ldconfig auxcache magic number.
     - Ensure data passed to the rseq syscall are properly initialized.
     - Avoid integer truncation when parsing CPUID data with large cache sizes,
       fixing a memcpy/memmove when running under the FreeBSD's bhyve
       hypervisor.
     - Optimize log2/expm1/log1p math functions with FMA.
     - Fix missing cache information when running under Azure TDX hypervisor.
     - Fix TLS performance degradation after dlopen() usage.
     - Fix memset performance for unaligned destinations causing additional
       loop iterations.
     - Fixes a buffer overflow when printing assertion failure message
       (GLIBC-SA-2025-0001 / CVE-2025-0395).

gnutls28 (3.7.9-2+deb12u4) bookworm-security; urgency=medium
 .
   *  libgnutls: Fix potential DoS in handling certificates with numerous
      name constraints, as a follow-up of CVE-2024-12133 in libtasn1.
      Patch cherry-picked from 3.8.9 release.
      [GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]

golang-github-containers-buildah (1.28.2+ds1-3+deb12u1) bookworm; urgency=medium
 .
   * Backport 0005-Disable-TestDeviceFromPath.patch:
     fix FTBFS by skipping TestDeviceFromPath (closes: #1072147)

intel-microcode (3.20250211.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm
   * All trixie-only changes (from 3.20240813.2) are reverted on this branch
 .
 intel-microcode (3.20250211.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20250211 (closes: #1095805)
     - Mitigations for INTEL-SA-01166 (CVE-2024-31068)
       Improper Finite State Machines (FSMs) in Hardware Logic for some Intel
       Processors may allow privileged user to potentially enable denial of
       service via local access.
     - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
       Improper access control in the EDECCSSA user leaf function for some
       Intel Processors with Intel SGX may allow an authenticated user to
       potentially enable denial of service via local access.  Intel disclosed
       that some 9th Generation Intel Core processor models were already fixed
       by a previous microcode update.
     - Mitigations for INTEL-SA-01139 (CVE-2023-43758, CVE-2023-34440,
       CVE-2024-24582, CVE-2024-29214, CVE-2024-28127, CVE-2024-39279,
       CVE-2024-31157, CVE-2024-28047)
       Improper input validation, insufficient granularity of access control,
       and improper initialization issues in UEFI firmware for some Intel
       processors may allow escalation of privilege, denial of service, or
       information disclosure.  An UEFI firmware update is needed for complete
       mitigation.
     - Mitigations for INTEL-SA-01228 (CVE-2024-39355)
       Improper handling of physical or environmental conditions in some 13th
       and 14th Generation Intel Core Processors may allow an authenticated
       user to enable denial of service via local access.  An UEFI firmware
       update may be required for complete mitigation.
     - Mitigations for INTEL-SA-01194 (CVE-2024-37020)
       Sequence of processor instructions leads to unexpected behavior in the
       Intel DSA V1.0 for some Intel Xeon Processors may allow an authenticated
       user to potentially enable denial of service via local access.
     - Fixes for unspecified functional issues on several processor models
   * New microcodes or new extended signatures:
     sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952
     sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032
     sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824
     sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620
     sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592
     sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
     sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
     sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038
     sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232
     sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436
     sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808
     sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472
     sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496
     sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544
     sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
     sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124
     sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124
     sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240
     sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128
     sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291
   * source: update symlinks to reflect id of the latest release, 20250211
   * Update changelog for 3.20240813.1 with new information
intel-microcode (3.20241112.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20241112 (closes: #1086483)
     - Mitigations for INTEL-SA-01101 (CVE-2024-21853)
       Improper Finite State Machines (FSMs) in the Hardware logic in some
       4th and 5th Generation Intel Xeon Processors may allow an authorized
       user to potentially enable denial of service via local access.
     - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
       Potential security vulnerabilities in some Intel Xeon processors
       using Intel SGX may allow escalation of privilege.  Intel disclosed
       that some processor models were already fixed by a previous
       microcode update.
     - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
       Improper finite state machines (FSMs) in hardware logic in some
       Intel Processors may allow an privileged user to potentially enable a
       denial of service via local access.
     - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
       A potential security vulnerability in the Running Average Power Limit
       (RAPL) interface for some Intel Processors may allow information
       disclosure.  Added mitigations for more processor models.
   * Updated Microcodes:
     sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
     sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
     sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
     sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
     sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
     sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
     sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
     sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
     sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
   * source: update symlinks to reflect id of the latest release, 20241112
   * Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
     INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
     and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
     some processor models.

iptables-netflow (2.6-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Dump the generated compat_def.h.
   * Avoid dkms recursion.
   * Unexporting find_module() has been backported to Linux v5.10.220.
     (Closes: #1076456, #1088678)

jinja2 (3.1.2-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS security team.
   * Fix CVE-2024-56201:
     In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler
     allows an attacker that controls both the content and filename of a template
     to execute arbitrary Python code, regardless of if Jinja's sandbox is used.
     To exploit the vulnerability, an attacker needs to control both the filename
     and the contents of a template. Whether that is the case depends on the type
     of application using Jinja. This vulnerability impacts users of applications
     which execute untrusted templates where the template author can also choose
     the template filename.
   * Fix CVE-2024-56326:
     Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects
     calls to str.format allows an attacker that controls the content of a
     template to execute arbitrary Python code. To exploit the vulnerability, an
     attacker needs to control the content of a template. Whether that is the
     case depends on the type of application using Jinja. This vulnerability
     impacts users of applications which execute untrusted templates. Jinja's
     sandbox does catch calls to str.format and ensures they don't escape the
     sandbox. However, it's possible to store a reference to a malicious string's
     format method, then pass that to a filter that calls it. No such filters are
     built-in to Jinja, but could be present through custom filters in an
     application. After the fix, such indirect calls are also handled by the
     sandbox.

joblib (1.2.0-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Fix FTBFS on single-CPU systems. Closes: #1085692.

lemonldap-ng (2.16.1+ds-deb12u5) bookworm; urgency=medium
 .
   * Fix CSRF on 2FA registration interface (Closes: CVE-2024-52948)

libapache-mod-jk (1:1.2.48-2+deb12u2) bookworm; urgency=medium
 .
   * Fix CVE-2024-46544:
     An issue with incorrect default permissions could have allowed local users
     to view and modify shared memory containing mod_jk's configuration, which
     may have potentially led to information disclosure and/or a denial of
     service attack. (Closes: #1082713)

libeconf (0.5.1+dfsg1-1+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick upstream buffer overflow fix (Closes: #1037333)
     - CVE-2023-32181
     - CVE-2023-22652

librabbitmq (0.11.0-1+deb12u1) bookworm; urgency=medium
 .
   * [4e71ff7] d/patches/CVE-2023-35789.patch: added for addressing
     CVE-2023-35789 (Closes: #1037322)
   * [c4d0d0b] d/control: adjust Maintainer/Uploaders to match current
     situation

libreoffice (4:7.4.7-1+deb12u7) bookworm-security; urgency=medium
 .
   * debian/patches/Filter-out-more-unwanted-command-URIs.diff: as name says;
     fix for CVE-2025-1080 ("Macro URL arbitrary script execution via protocol
     chaining" , similar as CVE-2022-3140)
libreoffice (4:7.4.7-1+deb12u6) bookworm-security; urgency=medium
 .
   * debian/patches/be-coservative-about-allowed-font-names.diff: as name says
     (CVE-2024-12425)
   * debian/patches/consider-VndSunStarExpand-an-exotic-protocol.diff
     debian/patches/look-at-embedded-protocols-too.diff: add patches for
     CVE-2024-12426 from upstream "co-22-05" branch

libtar (1.2.20-8+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2021-33643: out-of-bounds read in gnu_longlink()
   * CVE-2021-33644: out-of-bounds read in gnu_longname()
   * CVE-2021-33645: memory leak in th_read()
   * CVE-2021-33646: memory leak in th_read()

libtasn1-6 (4.19.0-2+deb12u1) bookworm-security; urgency=high
 .
   * Fix CVE-2024-12133 potential DoS in handling of numerous SEQUENCE OF
     or SET OF elements. Closes: #1095406

linux (6.1.129-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129
     - [powerpc*] book3s64/hugetlb: Fix disabling hugetlb when fadump is active
     - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
     - afs: Fix directory format encoding struct
     - fs: fix proc_handler for sysctl_nr_open
     - block: retry call probe after request_module in blk_request_module
     - nbd: don't allow reconnect after disconnect
     - pstore/blk: trivial typo fixes
     - nvme: Add error check for xa_store in nvme_get_effects_log
     - partitions: ldm: remove the initial kernel-doc notation
     - select: Fix unbalanced user_access_end()
     - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
     - sched/psi: Use task->psi_flags to clear in CPU migration
     - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
     - [arm64] drm/msm/dp: set safe_to_exit_level before printing it
     - [arm64,armhf] drm/etnaviv: Fix page property being used for non
       writecombine buffers
     - HID: core: Fix assumption that Resolution Multipliers must be in Logical
       Collections
     - drm/amdgpu: Fix potential NULL pointer dereference in
       atomctrl_get_smc_sclk_range_table
     - [arm64] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters
       offset
     - [arm64] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
     - [arm64] drm/rockchip: vop2: Set YUV/RGB overlay mode
     - [arm64] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
     - [arm64] drm/rockchip: vop2: Fix the windows switch between different
       layers
     - [arm64] drm/rockchip: vop2: Check linear format for Cluster windows on
       rk3566/8
     - OPP: Rearrange entries in pm_opp.h
     - OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
     - OPP: Introduce dev_pm_opp_get_freq_indexed() API
     - OPP: Add dev_pm_opp_find_freq_exact_indexed()
     - OPP: Reuse dev_pm_opp_get_freq_indexed()
     - OPP: add index check to assert to avoid buffer overflow in _read_freq()
     - OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
     - genirq: Make handle_enforce_irqctx() unconditionally available
     - ipmi: ipmb: Add check devm_kasprintf() returned value
     - wifi: ath11k: Fix unexpected return buffer manager error for
       WCN6750/WCN6855
     - wifi: rtlwifi: do not complete firmware loading needlessly
     - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
     - wifi: rtlwifi: wait for firmware loading before releasing memory
     - wifi: rtlwifi: fix init_sw_vars leak when probe fails
     - wifi: rtlwifi: usb: fix workqueue leak when probe fails
     - wifi: wcn36xx: fix channel survey memory allocation size
     - net_sched: sch_sfq: annotate data-races around q->perturb_period
     - net_sched: sch_sfq: handle bigger packets
     - net_sched: sch_sfq: don't allow 1 packet limit
     - dt-bindings: mmc: controller: clarify the address-cells description
     - dt-bindings: leds: class-multicolor: Fix path to color definitions
     - wifi: rtlwifi: remove unused timer and related code
     - wifi: rtlwifi: remove unused dualmac control leftovers
     - wifi: rtlwifi: remove unused check_buddy_priv
     - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
     - wifi: rtlwifi: fix memory leaks and invalid access at probe error path
     - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
     - HID: multitouch: fix support for Goodix PID 0x01e9
     - regulator: dt-bindings: mt6315: Drop regulator-compatible property
     - ACPI: fan: cleanup resources in the error path of .probe()
     - cpupower: fix TSC MHz calculation
     - dt-bindings: mfd: bd71815: Fix rsense and typos
     - leds: netxbig: Fix an OF node reference leak in
       netxbig_leds_get_of_pdata()
     - inetpeer: remove create argument of inet_getpeer_v[46]()
     - inetpeer: remove create argument of inet_getpeer()
     - inetpeer: update inetpeer timestamp in inet_getpeer()
     - inetpeer: do not get a refcount in inet_getpeer()
     - [armhf] pwm: stm32-lp: Add check for clk_enable()
     - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
     - [arm64] clk: imx8mp: Fix clkout1/2 support
     - team: prevent adding a device which is already a team device lower
     - regulator: of: Implement the unwind path of of_regulator_match()
     - OPP: OF: Fix an OF node leak in _opp_add_static_v2()
     - [arm64] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
     - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding
       endpoint check
     - mfd: syscon: Remove extern from function prototypes
     - mfd: syscon: Add of_syscon_register_regmap() API
     - mfd: syscon: Use scoped variables with memory allocators to simplify error
       paths
     - mfd: syscon: Fix race in device_node_get_regmap()
     - samples/landlock: Fix possible NULL dereference in parse_path()
     - wifi: wlcore: fix unbalanced pm_runtime calls
     - wifi: mac80211: prohibit deactivating all links
     - wifi: mac80211: Fix common size calculation for ML element
     - net/smc: fix data error when recvmsg with MSG_PEEK flag
     - landlock: Handle weird files
     - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
     - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
     - wifi: mt76: mt7915: fix register mapping
     - cpufreq: ACPI: Fix max-frequency computation
     - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
     - wifi: cfg80211: adjust allocation of colocated AP data
     - net: let net.core.dev_weight always be non-zero
     - net: avoid race between device unregistration and ethnl ops
       (CVE-2025-21701)
     - net: sched: Disallow replacing of child qdisc from one parent to another
       (CVE-2025-21700)
     - netfilter: nft_flow_offload: update tcp state flags under lock
     - net: ethernet: ti: am65-cpsw: fix freeing IRQ in
       am65_cpsw_nuss_remove_tx_chns()
     - tcp_cubic: fix incorrect HyStart round start detection
     - net/rose: prevent integer overflows in rose_setsockopt()
     - libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is
       missing
     - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
     - libbpf: Fix segfault due to libelf functions not setting errno
     - [armhf] ASoC: sun4i-spdif: Add clock multiplier settings
     - crypto: hisilicon/sec2 - optimize the error return process
     - crypto: hisilicon/sec2 - fix for aead icv error
     - crypto: hisilicon/sec2 - fix for aead invalid authsize
     - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
     - padata: fix sysfs store callback check
     - ASoC: Intel: avs: Fix theoretical infinite loop
     - [armhf] pinctrl: stm32: set default gpio line names using pin names
     - [armhf] pinctrl: stm32: Add check for devm_kcalloc
     - [armhf] pinctrl: stm32: check devm_kasprintf() returned value
     - [armhf] pinctrl: stm32: Add check for clk_enable()
     - bpf: Send signals asynchronously if !preemptible
     - bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
     - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31
       laptop
     - padata: fix UAF in padata_reorder
     - padata: add pd get/put refcnt helper
     - padata: avoid UAF for reorder_work
     - smb: client: fix oops due to unset link speed
     - [arm64] dts: mt8183: set DMIC one-wire mode on Damu
     - [arm64] dts: mediatek: mt8516: fix GICv2 range
     - [arm64] dts: mediatek: mt8516: fix wdt irq type
     - [arm64] dts: mediatek: mt8516: add i2c clock-div property
     - [arm64] dts: mediatek: mt8516: reserve 192 KiB for TF-A
     - RDMA/mlx4: Avoid false error about access to uninitialized gids array
     - rdma/cxgb4: Prevent potential integer overflow on 32bit
     - [arm64] dts: mediatek: mt8173-evb: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8192-asurada: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-cherry: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-demo: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8183: kenzo: Support second source touchscreen
     - [arm64] dts: mediatek: mt8183: willow: Support second source touchscreen
     - RDMA/srp: Fix error handling in srp_add_port
     - memory: tegra20-emc: fix an OF node reference bug in
       tegra_emc_find_node_by_ram_code()
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
       settings
     - [arm64] dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
     - [arm64] dts: qcom: msm8996: Fix up USB3 interrupts
     - [arm64] dts: qcom: msm8994: Describe USB interrupts
     - [arm64] dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
     - [arm64] dts: qcom: msm8916: correct sleep clock frequency
     - [arm64] dts: qcom: msm8994: correct sleep clock frequency
     - [arm64] dts: qcom: sc7280: correct sleep clock frequency
     - [arm64] dts: qcom: sm6125: correct sleep clock frequency
     - [arm64] dts: qcom: sm8250: correct sleep clock frequency
     - [arm64] dts: qcom: sm8350: correct sleep clock frequency
     - [arm64] dts: qcom: sm8450: correct sleep clock frequency
     - [arm64] dts: ti: k3-am62: Remove duplicate GICR reg
     - [arm64] dts: ti: k3-am62a: Remove duplicate GICR reg
     - [arm64] dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
     - [arm64] dts: qcom: sc7180-idp: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
     - [arm64] dts: qcom: sc7180: Don't enable lpass clocks by default
     - [arm64] dts: qcom: sc7180: Drop redundant disable in mdp
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
     - [arm64] dts: qcom: pm6150l: add temp sensor and thermal zone config
     - [arm64] dts: qcom: sc7180-*: Remove thermal zone polling delays
     - [arm64] dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
     - [arm64] dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
       properties
     - [arm64] dts: qcom: sc8280xp: Fix up remoteproc register space sizes
     - [arm64] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
     - [arm64] dts: qcom: sdm845: Fix interrupt types of camss interrupts
     - [arm64] dts: qcom: sm8250: Fix interrupt types of camss interrupts
     - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
     - RDMA/mlx5: Fix indirect mkey ODP page count
     - of: reserved-memory: Do not make kmemleak ignore freed address
     - efi: sysfb_efi: fix W=1 warnings when EFI is not set
     - RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
     - iommufd/iova_bitmap: Fix shift-out-of-bounds in
       iova_bitmap_offset_to_index()
     - media: rc: iguanair: handle timeouts
     - media: lmedm04: Handle errors for lme2510_int_read
     - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
     - media: marvell: Add check for clk_enable()
     - media: i2c: imx412: Add missing newline to prints
     - media: i2c: ov9282: Correct the exposure offset
     - media: mipi-csis: Add check for clk_enable()
     - media: camif-core: Add check for clk_enable()
     - media: uvcvideo: Propagate buf->error to userspace
     - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
       void
     - mtd: hyperbus: hbmc-am654: fix an OF node reference leak
     - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
     - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
     - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
     - ocfs2: mark dquot as inactive if failed to start trans while releasing
       dquot
     - module: Extend the preempt disabled section in
       dereference_symbol_descriptor().
     - serial: 8250: Adjust the timeout for FIFO mode
     - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
     - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
     - tools/bootconfig: Fix the wrong format specifier
     - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
     - [armhf] dmaengine: ti: edma: fix OF node reference leaks in edma_driver
     - [arm64] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
     - ubifs: skip dumping tnc tree when zroot is null
     - regulator: core: Add missing newline character
     - [arm64] net: hns3: fix oops when unload drivers paralleling
     - gpio: mxc: remove dead code after switch to DT-only
     - net: fec: implement TSO descriptor cleanup
     - ipmr: do not call mr_mfc_uses_dev() for unres entries
     - PM: hibernate: Add error handling for syscore_suspend()
     - iavf: allow changing VLAN state without calling PF
     - net: rose: fix timer races against user threads
     - net: netdevsim: try to close UDP port harness races
     - vxlan: Fix uninit-value in vxlan_vnifilter_dump()
     - net: davicom: fix UAF in dm9000_drv_remove
     - bgmac: reduce max frame size to support just MTU 1500
     - net: sh_eth: Fix missing rtnl lock in suspend/resume path
     - net: hsr: fix fill_frame_info() regression vs VLAN packets
     - genksyms: fix memory leak when the same symbol is added from source
     - genksyms: fix memory leak when the same symbol is read from *.symref file
     - [arm64] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
     - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
     - kconfig: add warn-unknown-symbols sanity check
     - kconfig: require a space after '#' for valid input
     - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
     - kconfig: deduplicate code in conf_read_simple()
     - kconfig: WERROR unmet symbol dependency
     - kconfig: fix memory leak in sym_warn_unmet_dep()
     - f2fs: Introduce linear search for dentries
     - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Closes: #1071562)
     - kbuild: switch from lz4c to lz4 for compression
     - netfilter: nf_tables: reject mismatching sum of field_len with set key
       length
     - nvme: fix metadata handling in nvme-passthrough
     - drm/amd/display: fix double free issue during amdgpu module unload
       (CVE-2024-49989)
     - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
     - net: usb: rtl8150: enable basic endpoint checking
     - usb: xhci: Fix NULL pointer dereference on certain command aborts
     - drivers/card_reader/rtsx_usb: Restore interrupt based detection
     - usb: gadget: f_tcm: Fix Get/SetInterface return value
     - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
     - usb: dwc3: core: Defer the probe until USB power supply ready
     - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to
       PD_T_SENDER_RESPONSE
     - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR
       PPS
     - mptcp: consolidate suboption status
     - mptcp: handle fastopen disconnect correctly
     - remoteproc: core: Fix ida_free call while not allocated
     - media: uvcvideo: Fix double free in error path
     - usb: gadget: f_tcm: Don't free command immediately
     - staging: media: max96712: fix kernel oops when removing module
     - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
     - btrfs: output the reason for open_ctree() failure
     - ptp: Properly handle compat ioctls
     - [s390x] Add '-std=gnu11' to decompressor and purgatory CFLAGS
     - [armhf] pinctrl: stm32: fix array read out of bound
     - btrfs: fix use-after-free when attempting to join an aborted transaction
     - [arm64] mm: Ensure adequate HUGE_MAX_HSTATE
     - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
     - btrfs: fix data race when accessing the inode's disk_i_size at
       btrfs_drop_extents()
     - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
     - sched: Don't try to catch up excess steal time.
     - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
     - [x86] amd_nb: Restrict init function to AMD-based systems
     - drm/virtio: New fence for every plane update
     - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
     - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
     - safesetid: check size of policy writes
     - tun: fix group permission check
     - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
     - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
     - tomoyo: don't emit warning in tomoyo_write_control()
     - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
     - HID: Wacom: Add PCI Wacom device support
     - net/mlx5: use do_aux_work for PHC overflow checks
     - wifi: brcmfmac: Check the return value of of_property_read_string_index()
     - wifi: iwlwifi: avoid memory leak
     - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
     - APEI: GHES: Have GHES honor the panic= setting
     - Bluetooth: MGMT: Fix slab-use-after-free Read in
       mgmt_remove_adv_monitor_sync
     - net: wwan: iosm: Fix hibernation by re-binding the driver around it
     - mmc: sdhci-msm: Correctly set the load for the regulator
     - tipc: re-order conditions in tipc_crypto_key_rcv()
     - [x86] kexec: Allocate PGD for x86_64 transition page tables separately
     - [arm64] iommu/arm-smmu-v3: Clean up more on probe failure
     - [x86] platform/x86: int3472: Check for adev == NULL
     - ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
     - ASoC: amd: Add ACPI dependency to fix build error
     - Input: allocate keycode for phone linking
     - [x86] platform/x86: acer-wmi: Ignore AC events
     - [powerpc*] KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()
     - [powerpc*] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock
     - [powerpc*] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
     - KVM: e500: always restore irqs
     - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
       void
     - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and
       in the error path of .probe()
     - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
     - net/ncsi: fix locking in Get MAC Address handling
     - gpio: xilinx: Convert to immutable irq_chip
     - gpio: xilinx: Convert gpio_lock to raw spinlock (CVE-2025-21684)
     - xfs: report realtime block quota limits on realtime directories
     - xfs: don't over-report free space or inodes in statvfs
     - nvme: handle connectivity loss in nvme_set_queue_count
     - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
     - gpu: drm_dp_cec: fix broken CEC adapter properties check
     - tg3: Disable tg3 PCIe AER on system reboot
     - udp: gso: do not drop small packets when PMTU reduces
     - gpio: pca953x: Improve interrupt support
     - net: atlantic: fix warning during hot unplug
     - net: rose: lock the socket in rose_bind()
     - [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx (Closes: #1095435)
     - [x86] xen: add FRAME_END to xen_hypercall_hvm()
     - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
     - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
       (CVE-2025-21703)
     - tun: revert fix group permission check
     - net: sched: Fix truncation of offloaded action statistics
     - cpufreq: s3c64xx: Fix compilation warning
     - leds: lp8860: Write full EEPROM, not only half of it
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
     - drm/modeset: Handle tiled displays in pan_display_atomic.
     - smb: client: change lease epoch type from unsigned int to __u16
     - [s390x] futex: Fix FUTEX_OP_ANDN implementation
     - fs/proc: do_task_stat: Fix ESP not readable during coredump
     - binfmt_flat: Fix integer overflow bug on 32 bit systems
     - [arm64] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
     - [arm64] dts: rockchip: increase gmac rx_delay on rk3399-puma
     - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
     - [s390x] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
     - ksmbd: fix integer overflows on 32 bit systems
     - drm/amd/pm: Mark MM activity as unsupported
     - Revert "drm/amd/display: Use HW lock mgr for PSR1"
     - [x86] drm/i915/guc: Debug print LRC state entries only if the context is
       pinned
     - drm/komeda: Add check for komeda_get_layer_fourcc_list()
     - [x86] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
     - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
     - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
     - [arm64] clk: sunxi-ng: a100: enable MMC clock reparenting
     - [arm64] clk: qcom: clk-alpha-pll: fix alpha mode configuration
     - [arm64] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
     - [arm64] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
     - [arm64] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
     - [arm64] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
     - blk-cgroup: Fix class @block_class's subsystem refcount leakage
     - efi: libstub: Use '-std=gnu11' to fix build with GCC 15
     - scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
     - of: Correct child specifier used as input of the 2nd nexus node
     - of: Fix of_find_node_opts_by_path() handling of alias+path+options
     - of: reserved-memory: Fix using wrong number of cells to get property
       'alignment'
     - HID: hid-sensor-hub: don't use stale platform-data on remove
     - wifi: rtlwifi: rtl8821ae: Fix media status report
     - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
     - usb: gadget: f_tcm: Translate error to sense
     - usb: gadget: f_tcm: Decrement command ref count on cleanup
     - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
     - usb: gadget: f_tcm: Don't prepare BOT write request twice
     - ASoC: acp: Support microphone from Lenovo Go S
     - soc: qcom: socinfo: Avoid out of bounds read of serial number
     - serial: sh-sci: Drop __initdata macro for port_cfg
     - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
       in use
     - [mips*] Loongson64: remove ROM Size unit in boardinfo
     - [powerpc*] pseries/eeh: Fix get PE state translation
     - dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
     - dm-crypt: track tag_offset in convert_context
     - mips/math-emu: fix emulation of the prefx instruction (Closes: #1091858)
     - block: don't revert iter for -EIOCBQUEUED
     - Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
       (Closes: #1095764)
     - ALSA: hda/realtek: Enable headset mic on Positivo C6400
     - ALSA: hda: Fix headset detection failure due to unstable sort
     - [arm64] tegra: Fix Tegra234 PCIe interrupt-map
     - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
     - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
     - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
     - scsi: qla2xxx: Move FCE Trace buffer allocation to user control
     - scsi: storvsc: Set correct data length for sending SCSI command without
       payload
     - kbuild: Move -Wenum-enum-conversion to W=2
     - [x86] boot: Use '-std=gnu11' to fix build with GCC 15
     - [arm64] dts: qcom: sm6350: Fix ADSP memory length
     - [arm64] dts: qcom: sm6350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8450: Fix MPSS memory length
     - crypto: qce - fix priority to be less than ARMv8 CE
     - [arm64] tegra: Disable Tegra234 sce-fabric node
     - xfs: Add error handling for xfs_reflink_cancel_cow_range
     - ACPI: PRM: Remove unnecessary strict handler address checks
     - rv: Reset per-task monitors also for idle tasks
     - kfence: skip __GFP_THISNODE allocations on NUMA systems
     - media: ccs: Clean up parsed CCS static data on parse failure
     - iio: light: as73211: fix channel handling in only-color triggered buffer
     - soc: qcom: smem_state: fix missing of_node_put in error path
     - media: mc: fix endpoint iteration
     - media: ov5640: fix get_light_freq on auto
     - media: ccs: Fix CCS static data parsing for large block sizes
     - media: ccs: Fix cleanup order in ccs_probe()
     - media: uvcvideo: Fix event flags in uvc_ctrl_send_events
     - media: uvcvideo: Remove redundant NULL assignment
     - mm: kmemleak: fix upper boundary check for physical address objects
     - ata: libata-sff: Ensure that we cannot write outside the allocated buffer
     - crypto: qce - fix goto jump in error path
     - crypto: qce - unregister previously registered algos in error path
     - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
     - nvmem: core: improve range check for nvmem_cell_write()
     - io_uring/net: don't retry connect operation on EPOLLERR
     - vfio/platform: check the bounds of read/write syscalls
     - pnfs/flexfiles: retry getting layout segment for reads
     - ocfs2: fix incorrect CPU endianness conversion causing mount failure
     - ocfs2: handle a symlink read error correctly
     - nilfs2: fix possible int overflows in nilfs_fiemap()
     - mailbox: tegra-hsp: Clear mailbox before using message
     - NFC: nci: Add bounds checking in nci_hci_create_pipe()
     - i3c: master: Fix missing 'ret' assignment in set_speed()
     - irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
     - mtd: onenand: Fix uninitialized retlen in do_otp_read()
     - misc: fastrpc: Deregister device nodes properly in error scenarios
     - misc: fastrpc: Fix registered buffer page address
     - misc: fastrpc: Fix copy buffer page size
     - net/ncsi: wait for the last response to Deselect Package before
       configuring channel
     - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
     - rtla/osnoise: Distinguish missing workload option
     - rtla: Add trace_instance_stop
     - rtla/timerlat_hist: Stop timerlat tracer on signal
     - rtla/timerlat_top: Stop timerlat tracer on signal
     - [armhf] pinctrl: samsung: fix fwnode refcount cleanup if
       platform_get_irq_optional() fails
     - ptp: Ensure info->enable callback is always set
     - rtc: zynqmp: Fix optional clock name property
     - io_uring: fix multishots with selected buffers
     - io_uring: fix io_req_prep_async with provided buffers
     - io_uring/rw: commit provided buffer state on async
     - [mips*] ftrace: Declare ftrace_get_parent_ra_addr() as static
     - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
     - gpio: xilinx: remove excess kernel doc
     - ocfs2: check dir i_size in ocfs2_find_entry
     - cachefiles: Fix NULL pointer dereference in object->file (CVE-2024-56549)
     - mptcp: pm: only set fullmesh for subflow endp
     - mptcp: prevent excessive coalescing on receive
     - tty: xilinx_uartps: split sysrq handling
     - maple_tree: fix static analyser cppcheck issue
     - maple_tree: simplify split calculation
     - pps: Fix a use-after-free
     - Revert "btrfs: avoid monopolizing a core when activating a swap file"
     - btrfs: avoid monopolizing a core when activating a swap file
     - nfsd: clear acl_access/acl_default after releasing them
     - NFSD: fix hang in nfsd4_shutdown_callback (Closes: #1071562)
     - HID: multitouch: Add NULL check in mt_input_configured
     - HID: hid-thrustmaster: fix stack-out-of-bounds read in
       usb_check_int_endpoints()
     - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
     - vrf: use RCU protection in l3mdev_l3_out()
     - vxlan: check vxlan_vnigroup_init() return value
     - team: better TEAM_OPTION_TYPE_STRING validation
     - [arm64] cacheinfo: Avoid out-of-bounds write to cacheinfo array
     - cgroup: Remove steal time from usage_usec
     - xen/swiotlb: relax alignment requirements (Closes: #1093371, #1088159,
       #1087807)
     - xen: remove a confusing comment on auto-translated guest I/O
     - [x86] xen: allow larger contiguous memory regions in PV guests
       (Closes: #1093371, #1088159, #1087807)
     - fbdev: omap: use threaded IRQ for LCD DMA
     - media: cxd2841er: fix 64-bit division on gcc-9
     - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
     - PCI: switchtec: Add Microchip PCI100X device IDs
     - scsi: ufs: bsg: Set bsg_queue to NULL after removal
     - rtla/timerlat_hist: Abort event processing on second signal
     - rtla/timerlat_top: Abort event processing on second signal
     - vfio/pci: Enable iowrite64 and ioread64 for vfio pci
     - Grab mm lock before grabbing pt lock
     - [x86] mm/tlb: Only trim the mm_cpumask once a second
     - orangefs: fix a oob in orangefs_debug_write
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet 5V
     - batman-adv: fix panic during interface removal
     - batman-adv: Ignore neighbor throughput metrics in error case
     - batman-adv: Drop unmanaged ELP metric worker
     - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
     - [x86] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't
       in-kernel
     - [x86] KVM: nSVM: Enter guest mode before initializing nested NPT MMU
     - [x86] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
     - usb: dwc3: Fix timeout issue during controller enter/exit from halt state
     - usb: roles: set switch registered flag early on
     - usb: gadget: udc: renesas_usb3: Fix compiler warning
     - usb: dwc2: gadget: remove of_node reference upon udc_stop
     - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
     - usb: core: fix pipe creation for get_bMaxPacketSize0
     - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
     - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
       (Closes: #1091517)
     - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
     - USB: hub: Ignore non-compliant devices with too many configs or interfaces
     - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
     - usb: cdc-acm: Check control transfer buffer size before access
       (CVE-2025-21704)
     - usb: cdc-acm: Fix handling of oversized fragments
     - USB: serial: option: add MeiG Smart SLM828
     - USB: serial: option: add Telit Cinterion FN990B compositions
     - USB: serial: option: fix Telit Cinterion FN990A name
     - USB: serial: option: drop MeiG Smart defines
     - can: ctucanfd: handle skb allocation failure
     - can: c_can: fix unbalanced runtime PM disable in error path
     - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
       length zero
     - efi: Avoid cold plugged memory for placing the kernel
     - cgroup: fix race between fork and cgroup.kill
     - serial: 8250: Fix fifo underflow on flush
     - gpiolib: acpi: Add a quirk for Acer Nitro ANV14
     - gpio: stmpe: Check return value of stmpe_reg_read in
       stmpe_gpio_irq_sync_unlock
     - partitions: mac: fix handling of bogus partition table
     - regmap-irq: Add missing kfree()
     - [arm64] Handle .ARM.attributes section in linker scripts
     - mmc: mtk-sd: Fix register settings for hs400(es) mode
     - btrfs: fix hole expansion when writing at an offset beyond EOF
     - clocksource: Use pr_info() for "Checking clocksource synchronization"
       message
     - clocksource: Use migrate_disable() to avoid calling get_random_u32() in
       atomic context
     - ipv4: add RCU protection to ip4_dst_hoplimit()
     - net: treat possible_net_t net pointer as an RCU one and add
       read_pnet_rcu()
     - net: add dev_net_rcu() helper
     - ipv4: use RCU protection in ipv4_default_advmss()
     - ipv4: use RCU protection in rt_is_expired()
     - ipv4: use RCU protection in inet_select_addr()
     - net: ipv4: Cache pmtu for all packet paths if multipath enabled
     - ipv4: use RCU protection in __ip_rt_update_pmtu()
     - ipv4: icmp: convert to dev_net_rcu()
     - flow_dissector: use RCU protection to fetch dev_net()
     - ipv6: use RCU protection in ip6_default_advmss()
     - ndisc: use RCU protection in ndisc_alloc_skb()
     - neighbour: delete redundant judgment statements
     - neighbour: use RCU protection in __neigh_notify()
     - arp: use RCU protection in arp_xmit()
     - openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
     - ndisc: extend RCU protection in ndisc_send_skb()
     - ipv6: mcast: add RCU protection to mld_newpack()
     - [arm64] drm/v3d: Stop active perfmon if it is being destroyed
     - kdb: Do not assume write() callback available
     - [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
       dom0
     - iommu: Return right value in iommu_sva_bind_device() (CVE-2024-40945)
     - [arm64] tegra: Fix typo in Tegra234 dce-fabric compatible
     - mm: gup: fix infinite loop within __get_longterm_locked
     - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
       Driver Due to Race Condition (CVE-2024-50061)
     - nilfs2: do not output warnings when clearing dirty buffers
     - nilfs2: do not force clear folio if buffer is referenced
     - nilfs2: protect access to buffers with no active references
     - can: ems_pci: move ASIX AX99100 ids to pci_ids.h
     - serial: 8250_pci: add support for ASIX AX99100
     - parport_pc: add support for ASIX AX99100
     - net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice
       events
     - netdevsim: print human readable IP address
     - f2fs: fix to wait dio completion (CVE-2024-47726)
     - drm/amd/display: Add NULL pointer check for kzalloc (CVE-2024-42122)
     - [x86] i8253: Disable PIT timer 0 when not in use
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 32
   * [arm64] phy: rockchip: naneng-combphy: compatible reset with old DT
     (Closes: #1095745, #1098250, #1098354)
   * net: mana: Fix possible double free in error handling path (CVE-2024-42069)
     (Closes: #1099138)
   * net: mana: Fix RX buf alloc_size alignment and atomic op panic
     (CVE-2024-45001) (Closes: #1099138)
   * ptrace: Introduce exception_ip arch hook
   * mm/memory: Use exception ip to search exception tables
     (Closes: #1093200, #1087809, #1086028)
linux (6.1.128-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
     - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
     - bpf, sockmap: Fix race between element replace and close()
       (CVE-2024-56664)
     - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
       (CVE-2024-53128)
     - jbd2: increase IO priority for writing revoke records
     - jbd2: flush filesystem device before updating tail sequence
     - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
     - dm array: fix unreleased btree blocks on closing a faulty array cursor
     - dm array: fix cursor index when skipping across block boundaries
     - exfat: fix the infinite loop in exfat_readdir()
     - exfat: fix the infinite loop in __exfat_free_cluster()
     - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
       transitivity
     - net: 802: LLC+SNAP OID:PID lookup on start of skb data
     - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
     - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
     - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
     - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
     - cxgb4: Avoid removal of uninserted tid
     - ice: fix incorrect PHY settings for 100 GB/s
     - tls: Fix tls_sw_sendmsg error handling
     - Bluetooth: hci_sync: Fix not setting Random Address when required
     - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
     - netfilter: nf_tables: imbalance in flowtable binding
     - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
     - sched: sch_cake: add bounds checks to host bulk flow fairness counts
     - net/mlx5: Fix variable not being completed when function returns
     - ksmbd: fix a missing return value check bug
     - afs: Fix the maximum cell name length
     - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
     - dm thin: make get_first_thin use rcu-safe list first function
     - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
     - sctp: sysctl: rto_min/max: avoid using current->nsproxy
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
     - sctp: sysctl: udp_port: avoid using current->nsproxy
     - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
     - thermal: of: fix OF node leak in of_thermal_zone_find()
     - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
     - ACPI: resource: Add Asus Vivobook X1504VAP to
       irq1_level_low_skip_override[]
     - drm/amd/display: increase MAX_SURFACES to the value supported by hw
     - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
       2)
     - bpf: Add MEM_WRITE attribute
     - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
     - USB: serial: option: add MeiG Smart SRM815
     - USB: serial: option: add Neoway N723-EA support
     - usb-storage: Add max sectors quirk for Nokia 208
     - USB: serial: cp210x: add Phoenix Contact UPS Device
     - usb: dwc3: gadget: fix writing NYET threshold
     - topology: Keep the cpumask unchanged when printing cpumap
     - usb: gadget: u_serial: Disable ep before setting port to null to fix the
       crash caused by port being null
     - usb: dwc3-am62: Disable autosuspend during remove
     - USB: usblp: return error when setting unsupported protocol
     - USB: core: Disable LPM only for non-suspended ports
     - usb: fix reference leak in usb_new_device()
     - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
     - iio: light: vcnl4035: fix information leak in triggered buffer
     - iio: imu: kmx61: fix information leak in triggered buffer
     - iio: gyro: fxas21002c: Fix missing data update in trigger handler
     - iio: inkern: call iio_device_put() only on mapped devices
     - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
     - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
     - of/address: Add support for 3 address cell bus
     - of: address: Fix address translation when address-size is greater than 2
     - of: address: Remove duplicated functions
     - of: address: Store number of bus flag cells rather than bool
     - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
     - ocfs2: correct return value of ocfs2_local_free_info()
     - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
       (CVE-2024-57892)
     - drm: bridge: adv7511: use dev_err_probe in probe function
     - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
     - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
     - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
       conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
     - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
     - bpf: Fix bpf_sk_select_reuseport() memory leak
     - openvswitch: fix lockup on tx to unregistering netdev with carrier
     - pktgen: Avoid out-of-bounds access in get_imix_entries
     - net: add exit_batch_rtnl() method
     - gtp: use exit_batch_rtnl() method
     - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
     - gtp: Destroy device along with udp socket's netns dismantle.
     - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
     - net/mlx5: Fix RDMA TX steering prio
     - net/mlx5: Clear port select structure when fail to create
     - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
     - hwmon: (tmp513) Fix division of negative numbers
     - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
     - i2c: mux: demux-pinctrl: check initial mux selection, too
     - i2c: rcar: fix NACK handling when being a target
     - nvmet: propagate npwg topology
     - mac802154: check local interfaces before deleting sdata list
     - hfs: Sanity check the root record
     - fs: fix missing declaration of init_files
     - kheaders: Ignore silly-rename files
     - cachefiles: Parse the "secctx" immediately
     - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
       drivers
     - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
     - iomap: avoid avoid truncating 64-bit offset to 32 bits
     - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
       .poll()
     - [x86] asm: Make serialize() always_inline
     - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
     - zram: fix potential UAF of zram table
     - mptcp: be sure to send ack when mptcp-level window re-opens
     - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
     - vsock/virtio: discard packets if the transport changes
     - vsock/virtio: cancel close work in the destructor
     - vsock: reset socket state when de-assigning the transport
     - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
     - filemap: avoid truncating 64-bit offset to 32 bits
     - fs/proc: fix softlockup in __read_vmcore (part 2)
     - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
       (CVE-2024-36899)
     - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
     - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
     - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
     - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
     - hrtimers: Handle CPU state correctly on hotplug
     - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
     - Revert "PCI: Use preserve_config in place of pci_flags"
     - iio: imu: inv_icm42600: fix spi burst write not supported
     - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
     - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
       buffer (CVE-2024-57907)
     - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
       (CVE-2024-56608)
     - drm/amdgpu: fix usage slab after free (CVE-2024-56551)
     - block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
     - Revert "drm/amdgpu: rework resume handling for display (v2)"
       (Closes: #1094766)
     - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
     - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
     - Revert "regmap: detach regmap from dev on regmap_exit"
     - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
     - erofs: tidy up EROFS on-disk naming
     - erofs: handle NONHEAD !delta[1] lclusters gracefully
     - nfsd: add list_head nf_gc to struct nfsd_file
     - [x86] xen: fix SLS mitigation in xen_hypercall_iret()
     - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
     - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
       request
     - drm/amd/display: Use HW lock mgr for PSR1
     - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
     - regmap: detach regmap from dev on regmap_exit
     - ipv6: Fix soft lockups in fib6_select_path under high next hop churn
       (CVE-2024-56703)
     - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
     - xfs: bump max fsgeom struct version
     - xfs: hoist freeing of rt data fork extent mappings
     - xfs: prevent rt growfs when quota is enabled
     - xfs: rt stubs should return negative errnos when rt disabled
     - xfs: fix units conversion error in xfs_bmap_del_extent_delay
     - xfs: make sure maxlen is still congruent with prod when rounding down
     - xfs: introduce protection for drop nlink
     - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
     - xfs: allow read IO and FICLONE to run concurrently
     - xfs: factor out xfs_defer_pending_abort
     - xfs: abort intent items when recovery intents fail
     - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
     - xfs: up(ic_sema) if flushing data device fails
     - xfs: fix internal error from AGFL exhaustion
     - xfs: inode recovery does not validate the recovered inode
     - xfs: clean up dqblk extraction
     - xfs: dquot recovery does not validate the recovered dquot
     - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
     - xfs: respect the stable writes flag on the RT device
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
     - io_uring: fix waiters missing wake ups (Closes: #1093243)
     - net: sched: fix ets qdisc OOB Indexing
     - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
     - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
     - vfio/platform: check the bounds of read/write syscalls
     - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
       (CVE-2024-50304)
     - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
     - wifi: iwlwifi: add a few rate index validity checks
     - smb: client: fix UAF in async decryption (CVE-2024-50047)
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
     - Revert "usb: gadget: u_serial: Disable ep before setting port to null to
       fix the crash caused by port being null"
     - ALSA: usb-audio: Add delay quirk for USB Audio Device
     - Input: atkbd - map F23 key to support default copilot shortcut
     - Input: xpad - add unofficial Xbox 360 wireless receiver clone
     - Input: xpad - add support for wooting two he (arm)
     - smb: client: fix NULL ptr deref in crypto_aead_setkey()
     - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 31
   * [rt] Update to 6.1.127-rt48
linux (6.1.124-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124
     - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
     - selinux: ignore unknown extended permissions
     - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582)
     - tracing: Have process_string() also allow arrays
     - [x86] thunderbolt: Add support for Intel Lunar Lake
     - [x86] thunderbolt: Add support for Intel Panther Lake-M/P
     - [x86] thunderbolt: Don't display nvm_version unless upgrade supported
     - xhci: retry Stop Endpoint on buggy NEC controllers
     - usb: xhci: Limit Stop Endpoint retries
     - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
     - net: mctp: handle skb cleanup on sock_queue failures
     - RDMA/mlx5: Enforce same type port association for multiport RoCE
     - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
     - [arm64] RDMA/hns: Refactor mtr find
     - [arm64] RDMA/hns: Remove unused parameters and variables
     - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer
     - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path
     - [arm64] RDMA/hns: Fix missing flush CQE for DWQE
     - net: stmmac: platform: provide devm_stmmac_probe_config_dt()
     - net: stmmac: don't create a MDIO bus if unnecessary
     - net: stmmac: restructure the error path of stmmac_probe_config_dt()
     - net: fix memory leak in tcp_conn_request()
     - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices
     - ip_tunnel: annotate data-races around t->parms.link
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
     - net: Fix netns for ip_tunnel_init_flow()
     - netrom: check buffer length before accessing it
     - [x86] drm/i915/dg1: Fix power gate sequence.
     - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
       (Closes: #1092772)
     - net: llc: reset skb->transport_header
     - ALSA: usb-audio: US16x08: Initialize array before use
     - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak
     - net: wwan: t7xx: Fix FSM command timeout issue
     - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
     - net: restrict SO_REUSEPORT to inet sockets
     - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
     - af_packet: fix vlan_get_tci() vs MSG_PEEK
     - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
     - ila: serialize calls to nf_register_net_hooks()
     - btrfs: rename and export __btrfs_cow_block()
     - btrfs: fix use-after-free when COWing tree bock and tracing is enabled
       (CVE-2024-56759)
     - wifi: mac80211: wake the queues in case of failure in resume
     - btrfs: flush delalloc workers queue before stopping cleaner kthread during
       unmount
     - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
     - sound: usb: enable DSD output for ddHiFi TC44C
     - sound: usb: format: don't warn that raw DSD is unsupported
     - bpf: fix potential error return
     - ksmbd: retry iterate_dir in smb2_query_dir
     - net: usb: qmi_wwan: add Telit FE910C04 compositions
     - Bluetooth: hci_core: Fix sleeping function called from invalid context
     - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
     - usb: xhci: Avoid queuing redundant Stop Endpoint commands
     - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
     - modpost: fix the missed iteration for the max bit in do_input()
     - ALSA hda/realtek: Add quirk for Framework F111:000C
     - ALSA: seq: oss: Fix races at processing SysEx messages
     - kcov: mark in_softirq_really() as __always_inline
     - RDMA/uverbs: Prevent integer overflow issue
     - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
       locking
     - sky2: Add device ID 11ab:4373 for Marvell 88E8075
     - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
     - [arm64] drm: adv7511: Drop dsi single lane support
     - dt-bindings: display: adi,adv7533: Drop single lane support
     - mm/readahead: fix large folio support in async readahead
     - mm: vmscan: account for free pages to prevent infinite Loop in
       throttle_direct_reclaim()
     - mptcp: fix TCP options overflow.
     - mptcp: fix recvbuffer adjust on sleeping rcvmsg
     - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
     - zram: check comp is non-NULL before calling comp_destroy
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 30

linux-signed-amd64 (6.1.129+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.129-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129
     - [powerpc*] book3s64/hugetlb: Fix disabling hugetlb when fadump is active
     - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
     - afs: Fix directory format encoding struct
     - fs: fix proc_handler for sysctl_nr_open
     - block: retry call probe after request_module in blk_request_module
     - nbd: don't allow reconnect after disconnect
     - pstore/blk: trivial typo fixes
     - nvme: Add error check for xa_store in nvme_get_effects_log
     - partitions: ldm: remove the initial kernel-doc notation
     - select: Fix unbalanced user_access_end()
     - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
     - sched/psi: Use task->psi_flags to clear in CPU migration
     - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
     - [arm64] drm/msm/dp: set safe_to_exit_level before printing it
     - [arm64,armhf] drm/etnaviv: Fix page property being used for non
       writecombine buffers
     - HID: core: Fix assumption that Resolution Multipliers must be in Logical
       Collections
     - drm/amdgpu: Fix potential NULL pointer dereference in
       atomctrl_get_smc_sclk_range_table
     - [arm64] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters
       offset
     - [arm64] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
     - [arm64] drm/rockchip: vop2: Set YUV/RGB overlay mode
     - [arm64] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
     - [arm64] drm/rockchip: vop2: Fix the windows switch between different
       layers
     - [arm64] drm/rockchip: vop2: Check linear format for Cluster windows on
       rk3566/8
     - OPP: Rearrange entries in pm_opp.h
     - OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
     - OPP: Introduce dev_pm_opp_get_freq_indexed() API
     - OPP: Add dev_pm_opp_find_freq_exact_indexed()
     - OPP: Reuse dev_pm_opp_get_freq_indexed()
     - OPP: add index check to assert to avoid buffer overflow in _read_freq()
     - OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
     - genirq: Make handle_enforce_irqctx() unconditionally available
     - ipmi: ipmb: Add check devm_kasprintf() returned value
     - wifi: ath11k: Fix unexpected return buffer manager error for
       WCN6750/WCN6855
     - wifi: rtlwifi: do not complete firmware loading needlessly
     - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
     - wifi: rtlwifi: wait for firmware loading before releasing memory
     - wifi: rtlwifi: fix init_sw_vars leak when probe fails
     - wifi: rtlwifi: usb: fix workqueue leak when probe fails
     - wifi: wcn36xx: fix channel survey memory allocation size
     - net_sched: sch_sfq: annotate data-races around q->perturb_period
     - net_sched: sch_sfq: handle bigger packets
     - net_sched: sch_sfq: don't allow 1 packet limit
     - dt-bindings: mmc: controller: clarify the address-cells description
     - dt-bindings: leds: class-multicolor: Fix path to color definitions
     - wifi: rtlwifi: remove unused timer and related code
     - wifi: rtlwifi: remove unused dualmac control leftovers
     - wifi: rtlwifi: remove unused check_buddy_priv
     - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
     - wifi: rtlwifi: fix memory leaks and invalid access at probe error path
     - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
     - HID: multitouch: fix support for Goodix PID 0x01e9
     - regulator: dt-bindings: mt6315: Drop regulator-compatible property
     - ACPI: fan: cleanup resources in the error path of .probe()
     - cpupower: fix TSC MHz calculation
     - dt-bindings: mfd: bd71815: Fix rsense and typos
     - leds: netxbig: Fix an OF node reference leak in
       netxbig_leds_get_of_pdata()
     - inetpeer: remove create argument of inet_getpeer_v[46]()
     - inetpeer: remove create argument of inet_getpeer()
     - inetpeer: update inetpeer timestamp in inet_getpeer()
     - inetpeer: do not get a refcount in inet_getpeer()
     - [armhf] pwm: stm32-lp: Add check for clk_enable()
     - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
     - [arm64] clk: imx8mp: Fix clkout1/2 support
     - team: prevent adding a device which is already a team device lower
     - regulator: of: Implement the unwind path of of_regulator_match()
     - OPP: OF: Fix an OF node leak in _opp_add_static_v2()
     - [arm64] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
     - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding
       endpoint check
     - mfd: syscon: Remove extern from function prototypes
     - mfd: syscon: Add of_syscon_register_regmap() API
     - mfd: syscon: Use scoped variables with memory allocators to simplify error
       paths
     - mfd: syscon: Fix race in device_node_get_regmap()
     - samples/landlock: Fix possible NULL dereference in parse_path()
     - wifi: wlcore: fix unbalanced pm_runtime calls
     - wifi: mac80211: prohibit deactivating all links
     - wifi: mac80211: Fix common size calculation for ML element
     - net/smc: fix data error when recvmsg with MSG_PEEK flag
     - landlock: Handle weird files
     - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
     - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
     - wifi: mt76: mt7915: fix register mapping
     - cpufreq: ACPI: Fix max-frequency computation
     - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
     - wifi: cfg80211: adjust allocation of colocated AP data
     - net: let net.core.dev_weight always be non-zero
     - net: avoid race between device unregistration and ethnl ops
       (CVE-2025-21701)
     - net: sched: Disallow replacing of child qdisc from one parent to another
       (CVE-2025-21700)
     - netfilter: nft_flow_offload: update tcp state flags under lock
     - net: ethernet: ti: am65-cpsw: fix freeing IRQ in
       am65_cpsw_nuss_remove_tx_chns()
     - tcp_cubic: fix incorrect HyStart round start detection
     - net/rose: prevent integer overflows in rose_setsockopt()
     - libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is
       missing
     - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
     - libbpf: Fix segfault due to libelf functions not setting errno
     - [armhf] ASoC: sun4i-spdif: Add clock multiplier settings
     - crypto: hisilicon/sec2 - optimize the error return process
     - crypto: hisilicon/sec2 - fix for aead icv error
     - crypto: hisilicon/sec2 - fix for aead invalid authsize
     - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
     - padata: fix sysfs store callback check
     - ASoC: Intel: avs: Fix theoretical infinite loop
     - [armhf] pinctrl: stm32: set default gpio line names using pin names
     - [armhf] pinctrl: stm32: Add check for devm_kcalloc
     - [armhf] pinctrl: stm32: check devm_kasprintf() returned value
     - [armhf] pinctrl: stm32: Add check for clk_enable()
     - bpf: Send signals asynchronously if !preemptible
     - bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
     - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31
       laptop
     - padata: fix UAF in padata_reorder
     - padata: add pd get/put refcnt helper
     - padata: avoid UAF for reorder_work
     - smb: client: fix oops due to unset link speed
     - [arm64] dts: mt8183: set DMIC one-wire mode on Damu
     - [arm64] dts: mediatek: mt8516: fix GICv2 range
     - [arm64] dts: mediatek: mt8516: fix wdt irq type
     - [arm64] dts: mediatek: mt8516: add i2c clock-div property
     - [arm64] dts: mediatek: mt8516: reserve 192 KiB for TF-A
     - RDMA/mlx4: Avoid false error about access to uninitialized gids array
     - rdma/cxgb4: Prevent potential integer overflow on 32bit
     - [arm64] dts: mediatek: mt8173-evb: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8192-asurada: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-cherry: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-demo: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8183: kenzo: Support second source touchscreen
     - [arm64] dts: mediatek: mt8183: willow: Support second source touchscreen
     - RDMA/srp: Fix error handling in srp_add_port
     - memory: tegra20-emc: fix an OF node reference bug in
       tegra_emc_find_node_by_ram_code()
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
       settings
     - [arm64] dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
     - [arm64] dts: qcom: msm8996: Fix up USB3 interrupts
     - [arm64] dts: qcom: msm8994: Describe USB interrupts
     - [arm64] dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
     - [arm64] dts: qcom: msm8916: correct sleep clock frequency
     - [arm64] dts: qcom: msm8994: correct sleep clock frequency
     - [arm64] dts: qcom: sc7280: correct sleep clock frequency
     - [arm64] dts: qcom: sm6125: correct sleep clock frequency
     - [arm64] dts: qcom: sm8250: correct sleep clock frequency
     - [arm64] dts: qcom: sm8350: correct sleep clock frequency
     - [arm64] dts: qcom: sm8450: correct sleep clock frequency
     - [arm64] dts: ti: k3-am62: Remove duplicate GICR reg
     - [arm64] dts: ti: k3-am62a: Remove duplicate GICR reg
     - [arm64] dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
     - [arm64] dts: qcom: sc7180-idp: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
     - [arm64] dts: qcom: sc7180: Don't enable lpass clocks by default
     - [arm64] dts: qcom: sc7180: Drop redundant disable in mdp
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
     - [arm64] dts: qcom: pm6150l: add temp sensor and thermal zone config
     - [arm64] dts: qcom: sc7180-*: Remove thermal zone polling delays
     - [arm64] dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
     - [arm64] dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
       properties
     - [arm64] dts: qcom: sc8280xp: Fix up remoteproc register space sizes
     - [arm64] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
     - [arm64] dts: qcom: sdm845: Fix interrupt types of camss interrupts
     - [arm64] dts: qcom: sm8250: Fix interrupt types of camss interrupts
     - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
     - RDMA/mlx5: Fix indirect mkey ODP page count
     - of: reserved-memory: Do not make kmemleak ignore freed address
     - efi: sysfb_efi: fix W=1 warnings when EFI is not set
     - RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
     - iommufd/iova_bitmap: Fix shift-out-of-bounds in
       iova_bitmap_offset_to_index()
     - media: rc: iguanair: handle timeouts
     - media: lmedm04: Handle errors for lme2510_int_read
     - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
     - media: marvell: Add check for clk_enable()
     - media: i2c: imx412: Add missing newline to prints
     - media: i2c: ov9282: Correct the exposure offset
     - media: mipi-csis: Add check for clk_enable()
     - media: camif-core: Add check for clk_enable()
     - media: uvcvideo: Propagate buf->error to userspace
     - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
       void
     - mtd: hyperbus: hbmc-am654: fix an OF node reference leak
     - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
     - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
     - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
     - ocfs2: mark dquot as inactive if failed to start trans while releasing
       dquot
     - module: Extend the preempt disabled section in
       dereference_symbol_descriptor().
     - serial: 8250: Adjust the timeout for FIFO mode
     - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
     - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
     - tools/bootconfig: Fix the wrong format specifier
     - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
     - [armhf] dmaengine: ti: edma: fix OF node reference leaks in edma_driver
     - [arm64] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
     - ubifs: skip dumping tnc tree when zroot is null
     - regulator: core: Add missing newline character
     - [arm64] net: hns3: fix oops when unload drivers paralleling
     - gpio: mxc: remove dead code after switch to DT-only
     - net: fec: implement TSO descriptor cleanup
     - ipmr: do not call mr_mfc_uses_dev() for unres entries
     - PM: hibernate: Add error handling for syscore_suspend()
     - iavf: allow changing VLAN state without calling PF
     - net: rose: fix timer races against user threads
     - net: netdevsim: try to close UDP port harness races
     - vxlan: Fix uninit-value in vxlan_vnifilter_dump()
     - net: davicom: fix UAF in dm9000_drv_remove
     - bgmac: reduce max frame size to support just MTU 1500
     - net: sh_eth: Fix missing rtnl lock in suspend/resume path
     - net: hsr: fix fill_frame_info() regression vs VLAN packets
     - genksyms: fix memory leak when the same symbol is added from source
     - genksyms: fix memory leak when the same symbol is read from *.symref file
     - [arm64] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
     - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
     - kconfig: add warn-unknown-symbols sanity check
     - kconfig: require a space after '#' for valid input
     - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
     - kconfig: deduplicate code in conf_read_simple()
     - kconfig: WERROR unmet symbol dependency
     - kconfig: fix memory leak in sym_warn_unmet_dep()
     - f2fs: Introduce linear search for dentries
     - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Closes: #1071562)
     - kbuild: switch from lz4c to lz4 for compression
     - netfilter: nf_tables: reject mismatching sum of field_len with set key
       length
     - nvme: fix metadata handling in nvme-passthrough
     - drm/amd/display: fix double free issue during amdgpu module unload
       (CVE-2024-49989)
     - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
     - net: usb: rtl8150: enable basic endpoint checking
     - usb: xhci: Fix NULL pointer dereference on certain command aborts
     - drivers/card_reader/rtsx_usb: Restore interrupt based detection
     - usb: gadget: f_tcm: Fix Get/SetInterface return value
     - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
     - usb: dwc3: core: Defer the probe until USB power supply ready
     - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to
       PD_T_SENDER_RESPONSE
     - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR
       PPS
     - mptcp: consolidate suboption status
     - mptcp: handle fastopen disconnect correctly
     - remoteproc: core: Fix ida_free call while not allocated
     - media: uvcvideo: Fix double free in error path
     - usb: gadget: f_tcm: Don't free command immediately
     - staging: media: max96712: fix kernel oops when removing module
     - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
     - btrfs: output the reason for open_ctree() failure
     - ptp: Properly handle compat ioctls
     - [s390x] Add '-std=gnu11' to decompressor and purgatory CFLAGS
     - [armhf] pinctrl: stm32: fix array read out of bound
     - btrfs: fix use-after-free when attempting to join an aborted transaction
     - [arm64] mm: Ensure adequate HUGE_MAX_HSTATE
     - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
     - btrfs: fix data race when accessing the inode's disk_i_size at
       btrfs_drop_extents()
     - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
     - sched: Don't try to catch up excess steal time.
     - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
     - [x86] amd_nb: Restrict init function to AMD-based systems
     - drm/virtio: New fence for every plane update
     - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
     - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
     - safesetid: check size of policy writes
     - tun: fix group permission check
     - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
     - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
     - tomoyo: don't emit warning in tomoyo_write_control()
     - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
     - HID: Wacom: Add PCI Wacom device support
     - net/mlx5: use do_aux_work for PHC overflow checks
     - wifi: brcmfmac: Check the return value of of_property_read_string_index()
     - wifi: iwlwifi: avoid memory leak
     - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
     - APEI: GHES: Have GHES honor the panic= setting
     - Bluetooth: MGMT: Fix slab-use-after-free Read in
       mgmt_remove_adv_monitor_sync
     - net: wwan: iosm: Fix hibernation by re-binding the driver around it
     - mmc: sdhci-msm: Correctly set the load for the regulator
     - tipc: re-order conditions in tipc_crypto_key_rcv()
     - [x86] kexec: Allocate PGD for x86_64 transition page tables separately
     - [arm64] iommu/arm-smmu-v3: Clean up more on probe failure
     - [x86] platform/x86: int3472: Check for adev == NULL
     - ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
     - ASoC: amd: Add ACPI dependency to fix build error
     - Input: allocate keycode for phone linking
     - [x86] platform/x86: acer-wmi: Ignore AC events
     - [powerpc*] KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()
     - [powerpc*] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock
     - [powerpc*] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
     - KVM: e500: always restore irqs
     - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
       void
     - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and
       in the error path of .probe()
     - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
     - net/ncsi: fix locking in Get MAC Address handling
     - gpio: xilinx: Convert to immutable irq_chip
     - gpio: xilinx: Convert gpio_lock to raw spinlock (CVE-2025-21684)
     - xfs: report realtime block quota limits on realtime directories
     - xfs: don't over-report free space or inodes in statvfs
     - nvme: handle connectivity loss in nvme_set_queue_count
     - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
     - gpu: drm_dp_cec: fix broken CEC adapter properties check
     - tg3: Disable tg3 PCIe AER on system reboot
     - udp: gso: do not drop small packets when PMTU reduces
     - gpio: pca953x: Improve interrupt support
     - net: atlantic: fix warning during hot unplug
     - net: rose: lock the socket in rose_bind()
     - [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx (Closes: #1095435)
     - [x86] xen: add FRAME_END to xen_hypercall_hvm()
     - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
     - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
       (CVE-2025-21703)
     - tun: revert fix group permission check
     - net: sched: Fix truncation of offloaded action statistics
     - cpufreq: s3c64xx: Fix compilation warning
     - leds: lp8860: Write full EEPROM, not only half of it
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
     - drm/modeset: Handle tiled displays in pan_display_atomic.
     - smb: client: change lease epoch type from unsigned int to __u16
     - [s390x] futex: Fix FUTEX_OP_ANDN implementation
     - fs/proc: do_task_stat: Fix ESP not readable during coredump
     - binfmt_flat: Fix integer overflow bug on 32 bit systems
     - [arm64] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
     - [arm64] dts: rockchip: increase gmac rx_delay on rk3399-puma
     - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
     - [s390x] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
     - ksmbd: fix integer overflows on 32 bit systems
     - drm/amd/pm: Mark MM activity as unsupported
     - Revert "drm/amd/display: Use HW lock mgr for PSR1"
     - [x86] drm/i915/guc: Debug print LRC state entries only if the context is
       pinned
     - drm/komeda: Add check for komeda_get_layer_fourcc_list()
     - [x86] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
     - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
     - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
     - [arm64] clk: sunxi-ng: a100: enable MMC clock reparenting
     - [arm64] clk: qcom: clk-alpha-pll: fix alpha mode configuration
     - [arm64] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
     - [arm64] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
     - [arm64] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
     - [arm64] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
     - blk-cgroup: Fix class @block_class's subsystem refcount leakage
     - efi: libstub: Use '-std=gnu11' to fix build with GCC 15
     - scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
     - of: Correct child specifier used as input of the 2nd nexus node
     - of: Fix of_find_node_opts_by_path() handling of alias+path+options
     - of: reserved-memory: Fix using wrong number of cells to get property
       'alignment'
     - HID: hid-sensor-hub: don't use stale platform-data on remove
     - wifi: rtlwifi: rtl8821ae: Fix media status report
     - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
     - usb: gadget: f_tcm: Translate error to sense
     - usb: gadget: f_tcm: Decrement command ref count on cleanup
     - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
     - usb: gadget: f_tcm: Don't prepare BOT write request twice
     - ASoC: acp: Support microphone from Lenovo Go S
     - soc: qcom: socinfo: Avoid out of bounds read of serial number
     - serial: sh-sci: Drop __initdata macro for port_cfg
     - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
       in use
     - [mips*] Loongson64: remove ROM Size unit in boardinfo
     - [powerpc*] pseries/eeh: Fix get PE state translation
     - dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
     - dm-crypt: track tag_offset in convert_context
     - mips/math-emu: fix emulation of the prefx instruction (Closes: #1091858)
     - block: don't revert iter for -EIOCBQUEUED
     - Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
       (Closes: #1095764)
     - ALSA: hda/realtek: Enable headset mic on Positivo C6400
     - ALSA: hda: Fix headset detection failure due to unstable sort
     - [arm64] tegra: Fix Tegra234 PCIe interrupt-map
     - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
     - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
     - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
     - scsi: qla2xxx: Move FCE Trace buffer allocation to user control
     - scsi: storvsc: Set correct data length for sending SCSI command without
       payload
     - kbuild: Move -Wenum-enum-conversion to W=2
     - [x86] boot: Use '-std=gnu11' to fix build with GCC 15
     - [arm64] dts: qcom: sm6350: Fix ADSP memory length
     - [arm64] dts: qcom: sm6350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8450: Fix MPSS memory length
     - crypto: qce - fix priority to be less than ARMv8 CE
     - [arm64] tegra: Disable Tegra234 sce-fabric node
     - xfs: Add error handling for xfs_reflink_cancel_cow_range
     - ACPI: PRM: Remove unnecessary strict handler address checks
     - rv: Reset per-task monitors also for idle tasks
     - kfence: skip __GFP_THISNODE allocations on NUMA systems
     - media: ccs: Clean up parsed CCS static data on parse failure
     - iio: light: as73211: fix channel handling in only-color triggered buffer
     - soc: qcom: smem_state: fix missing of_node_put in error path
     - media: mc: fix endpoint iteration
     - media: ov5640: fix get_light_freq on auto
     - media: ccs: Fix CCS static data parsing for large block sizes
     - media: ccs: Fix cleanup order in ccs_probe()
     - media: uvcvideo: Fix event flags in uvc_ctrl_send_events
     - media: uvcvideo: Remove redundant NULL assignment
     - mm: kmemleak: fix upper boundary check for physical address objects
     - ata: libata-sff: Ensure that we cannot write outside the allocated buffer
     - crypto: qce - fix goto jump in error path
     - crypto: qce - unregister previously registered algos in error path
     - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
     - nvmem: core: improve range check for nvmem_cell_write()
     - io_uring/net: don't retry connect operation on EPOLLERR
     - vfio/platform: check the bounds of read/write syscalls
     - pnfs/flexfiles: retry getting layout segment for reads
     - ocfs2: fix incorrect CPU endianness conversion causing mount failure
     - ocfs2: handle a symlink read error correctly
     - nilfs2: fix possible int overflows in nilfs_fiemap()
     - mailbox: tegra-hsp: Clear mailbox before using message
     - NFC: nci: Add bounds checking in nci_hci_create_pipe()
     - i3c: master: Fix missing 'ret' assignment in set_speed()
     - irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
     - mtd: onenand: Fix uninitialized retlen in do_otp_read()
     - misc: fastrpc: Deregister device nodes properly in error scenarios
     - misc: fastrpc: Fix registered buffer page address
     - misc: fastrpc: Fix copy buffer page size
     - net/ncsi: wait for the last response to Deselect Package before
       configuring channel
     - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
     - rtla/osnoise: Distinguish missing workload option
     - rtla: Add trace_instance_stop
     - rtla/timerlat_hist: Stop timerlat tracer on signal
     - rtla/timerlat_top: Stop timerlat tracer on signal
     - [armhf] pinctrl: samsung: fix fwnode refcount cleanup if
       platform_get_irq_optional() fails
     - ptp: Ensure info->enable callback is always set
     - rtc: zynqmp: Fix optional clock name property
     - io_uring: fix multishots with selected buffers
     - io_uring: fix io_req_prep_async with provided buffers
     - io_uring/rw: commit provided buffer state on async
     - [mips*] ftrace: Declare ftrace_get_parent_ra_addr() as static
     - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
     - gpio: xilinx: remove excess kernel doc
     - ocfs2: check dir i_size in ocfs2_find_entry
     - cachefiles: Fix NULL pointer dereference in object->file (CVE-2024-56549)
     - mptcp: pm: only set fullmesh for subflow endp
     - mptcp: prevent excessive coalescing on receive
     - tty: xilinx_uartps: split sysrq handling
     - maple_tree: fix static analyser cppcheck issue
     - maple_tree: simplify split calculation
     - pps: Fix a use-after-free
     - Revert "btrfs: avoid monopolizing a core when activating a swap file"
     - btrfs: avoid monopolizing a core when activating a swap file
     - nfsd: clear acl_access/acl_default after releasing them
     - NFSD: fix hang in nfsd4_shutdown_callback (Closes: #1071562)
     - HID: multitouch: Add NULL check in mt_input_configured
     - HID: hid-thrustmaster: fix stack-out-of-bounds read in
       usb_check_int_endpoints()
     - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
     - vrf: use RCU protection in l3mdev_l3_out()
     - vxlan: check vxlan_vnigroup_init() return value
     - team: better TEAM_OPTION_TYPE_STRING validation
     - [arm64] cacheinfo: Avoid out-of-bounds write to cacheinfo array
     - cgroup: Remove steal time from usage_usec
     - xen/swiotlb: relax alignment requirements (Closes: #1093371, #1088159,
       #1087807)
     - xen: remove a confusing comment on auto-translated guest I/O
     - [x86] xen: allow larger contiguous memory regions in PV guests
       (Closes: #1093371, #1088159, #1087807)
     - fbdev: omap: use threaded IRQ for LCD DMA
     - media: cxd2841er: fix 64-bit division on gcc-9
     - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
     - PCI: switchtec: Add Microchip PCI100X device IDs
     - scsi: ufs: bsg: Set bsg_queue to NULL after removal
     - rtla/timerlat_hist: Abort event processing on second signal
     - rtla/timerlat_top: Abort event processing on second signal
     - vfio/pci: Enable iowrite64 and ioread64 for vfio pci
     - Grab mm lock before grabbing pt lock
     - [x86] mm/tlb: Only trim the mm_cpumask once a second
     - orangefs: fix a oob in orangefs_debug_write
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet 5V
     - batman-adv: fix panic during interface removal
     - batman-adv: Ignore neighbor throughput metrics in error case
     - batman-adv: Drop unmanaged ELP metric worker
     - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
     - [x86] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't
       in-kernel
     - [x86] KVM: nSVM: Enter guest mode before initializing nested NPT MMU
     - [x86] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
     - usb: dwc3: Fix timeout issue during controller enter/exit from halt state
     - usb: roles: set switch registered flag early on
     - usb: gadget: udc: renesas_usb3: Fix compiler warning
     - usb: dwc2: gadget: remove of_node reference upon udc_stop
     - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
     - usb: core: fix pipe creation for get_bMaxPacketSize0
     - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
     - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
       (Closes: #1091517)
     - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
     - USB: hub: Ignore non-compliant devices with too many configs or interfaces
     - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
     - usb: cdc-acm: Check control transfer buffer size before access
       (CVE-2025-21704)
     - usb: cdc-acm: Fix handling of oversized fragments
     - USB: serial: option: add MeiG Smart SLM828
     - USB: serial: option: add Telit Cinterion FN990B compositions
     - USB: serial: option: fix Telit Cinterion FN990A name
     - USB: serial: option: drop MeiG Smart defines
     - can: ctucanfd: handle skb allocation failure
     - can: c_can: fix unbalanced runtime PM disable in error path
     - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
       length zero
     - efi: Avoid cold plugged memory for placing the kernel
     - cgroup: fix race between fork and cgroup.kill
     - serial: 8250: Fix fifo underflow on flush
     - gpiolib: acpi: Add a quirk for Acer Nitro ANV14
     - gpio: stmpe: Check return value of stmpe_reg_read in
       stmpe_gpio_irq_sync_unlock
     - partitions: mac: fix handling of bogus partition table
     - regmap-irq: Add missing kfree()
     - [arm64] Handle .ARM.attributes section in linker scripts
     - mmc: mtk-sd: Fix register settings for hs400(es) mode
     - btrfs: fix hole expansion when writing at an offset beyond EOF
     - clocksource: Use pr_info() for "Checking clocksource synchronization"
       message
     - clocksource: Use migrate_disable() to avoid calling get_random_u32() in
       atomic context
     - ipv4: add RCU protection to ip4_dst_hoplimit()
     - net: treat possible_net_t net pointer as an RCU one and add
       read_pnet_rcu()
     - net: add dev_net_rcu() helper
     - ipv4: use RCU protection in ipv4_default_advmss()
     - ipv4: use RCU protection in rt_is_expired()
     - ipv4: use RCU protection in inet_select_addr()
     - net: ipv4: Cache pmtu for all packet paths if multipath enabled
     - ipv4: use RCU protection in __ip_rt_update_pmtu()
     - ipv4: icmp: convert to dev_net_rcu()
     - flow_dissector: use RCU protection to fetch dev_net()
     - ipv6: use RCU protection in ip6_default_advmss()
     - ndisc: use RCU protection in ndisc_alloc_skb()
     - neighbour: delete redundant judgment statements
     - neighbour: use RCU protection in __neigh_notify()
     - arp: use RCU protection in arp_xmit()
     - openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
     - ndisc: extend RCU protection in ndisc_send_skb()
     - ipv6: mcast: add RCU protection to mld_newpack()
     - [arm64] drm/v3d: Stop active perfmon if it is being destroyed
     - kdb: Do not assume write() callback available
     - [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
       dom0
     - iommu: Return right value in iommu_sva_bind_device() (CVE-2024-40945)
     - [arm64] tegra: Fix typo in Tegra234 dce-fabric compatible
     - mm: gup: fix infinite loop within __get_longterm_locked
     - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
       Driver Due to Race Condition (CVE-2024-50061)
     - nilfs2: do not output warnings when clearing dirty buffers
     - nilfs2: do not force clear folio if buffer is referenced
     - nilfs2: protect access to buffers with no active references
     - can: ems_pci: move ASIX AX99100 ids to pci_ids.h
     - serial: 8250_pci: add support for ASIX AX99100
     - parport_pc: add support for ASIX AX99100
     - net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice
       events
     - netdevsim: print human readable IP address
     - f2fs: fix to wait dio completion (CVE-2024-47726)
     - drm/amd/display: Add NULL pointer check for kzalloc (CVE-2024-42122)
     - [x86] i8253: Disable PIT timer 0 when not in use
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 32
   * [arm64] phy: rockchip: naneng-combphy: compatible reset with old DT
     (Closes: #1095745, #1098250, #1098354)
   * net: mana: Fix possible double free in error handling path (CVE-2024-42069)
     (Closes: #1099138)
   * net: mana: Fix RX buf alloc_size alignment and atomic op panic
     (CVE-2024-45001) (Closes: #1099138)
   * ptrace: Introduce exception_ip arch hook
   * mm/memory: Use exception ip to search exception tables
     (Closes: #1093200, #1087809, #1086028)
linux-signed-amd64 (6.1.128+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.128-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
     - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
     - bpf, sockmap: Fix race between element replace and close()
       (CVE-2024-56664)
     - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
       (CVE-2024-53128)
     - jbd2: increase IO priority for writing revoke records
     - jbd2: flush filesystem device before updating tail sequence
     - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
     - dm array: fix unreleased btree blocks on closing a faulty array cursor
     - dm array: fix cursor index when skipping across block boundaries
     - exfat: fix the infinite loop in exfat_readdir()
     - exfat: fix the infinite loop in __exfat_free_cluster()
     - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
       transitivity
     - net: 802: LLC+SNAP OID:PID lookup on start of skb data
     - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
     - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
     - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
     - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
     - cxgb4: Avoid removal of uninserted tid
     - ice: fix incorrect PHY settings for 100 GB/s
     - tls: Fix tls_sw_sendmsg error handling
     - Bluetooth: hci_sync: Fix not setting Random Address when required
     - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
     - netfilter: nf_tables: imbalance in flowtable binding
     - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
     - sched: sch_cake: add bounds checks to host bulk flow fairness counts
     - net/mlx5: Fix variable not being completed when function returns
     - ksmbd: fix a missing return value check bug
     - afs: Fix the maximum cell name length
     - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
     - dm thin: make get_first_thin use rcu-safe list first function
     - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
     - sctp: sysctl: rto_min/max: avoid using current->nsproxy
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
     - sctp: sysctl: udp_port: avoid using current->nsproxy
     - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
     - thermal: of: fix OF node leak in of_thermal_zone_find()
     - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
     - ACPI: resource: Add Asus Vivobook X1504VAP to
       irq1_level_low_skip_override[]
     - drm/amd/display: increase MAX_SURFACES to the value supported by hw
     - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
       2)
     - bpf: Add MEM_WRITE attribute
     - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
     - USB: serial: option: add MeiG Smart SRM815
     - USB: serial: option: add Neoway N723-EA support
     - usb-storage: Add max sectors quirk for Nokia 208
     - USB: serial: cp210x: add Phoenix Contact UPS Device
     - usb: dwc3: gadget: fix writing NYET threshold
     - topology: Keep the cpumask unchanged when printing cpumap
     - usb: gadget: u_serial: Disable ep before setting port to null to fix the
       crash caused by port being null
     - usb: dwc3-am62: Disable autosuspend during remove
     - USB: usblp: return error when setting unsupported protocol
     - USB: core: Disable LPM only for non-suspended ports
     - usb: fix reference leak in usb_new_device()
     - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
     - iio: light: vcnl4035: fix information leak in triggered buffer
     - iio: imu: kmx61: fix information leak in triggered buffer
     - iio: gyro: fxas21002c: Fix missing data update in trigger handler
     - iio: inkern: call iio_device_put() only on mapped devices
     - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
     - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
     - of/address: Add support for 3 address cell bus
     - of: address: Fix address translation when address-size is greater than 2
     - of: address: Remove duplicated functions
     - of: address: Store number of bus flag cells rather than bool
     - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
     - ocfs2: correct return value of ocfs2_local_free_info()
     - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
       (CVE-2024-57892)
     - drm: bridge: adv7511: use dev_err_probe in probe function
     - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
     - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
     - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
       conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
     - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
     - bpf: Fix bpf_sk_select_reuseport() memory leak
     - openvswitch: fix lockup on tx to unregistering netdev with carrier
     - pktgen: Avoid out-of-bounds access in get_imix_entries
     - net: add exit_batch_rtnl() method
     - gtp: use exit_batch_rtnl() method
     - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
     - gtp: Destroy device along with udp socket's netns dismantle.
     - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
     - net/mlx5: Fix RDMA TX steering prio
     - net/mlx5: Clear port select structure when fail to create
     - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
     - hwmon: (tmp513) Fix division of negative numbers
     - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
     - i2c: mux: demux-pinctrl: check initial mux selection, too
     - i2c: rcar: fix NACK handling when being a target
     - nvmet: propagate npwg topology
     - mac802154: check local interfaces before deleting sdata list
     - hfs: Sanity check the root record
     - fs: fix missing declaration of init_files
     - kheaders: Ignore silly-rename files
     - cachefiles: Parse the "secctx" immediately
     - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
       drivers
     - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
     - iomap: avoid avoid truncating 64-bit offset to 32 bits
     - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
       .poll()
     - [x86] asm: Make serialize() always_inline
     - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
     - zram: fix potential UAF of zram table
     - mptcp: be sure to send ack when mptcp-level window re-opens
     - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
     - vsock/virtio: discard packets if the transport changes
     - vsock/virtio: cancel close work in the destructor
     - vsock: reset socket state when de-assigning the transport
     - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
     - filemap: avoid truncating 64-bit offset to 32 bits
     - fs/proc: fix softlockup in __read_vmcore (part 2)
     - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
       (CVE-2024-36899)
     - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
     - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
     - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
     - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
     - hrtimers: Handle CPU state correctly on hotplug
     - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
     - Revert "PCI: Use preserve_config in place of pci_flags"
     - iio: imu: inv_icm42600: fix spi burst write not supported
     - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
     - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
       buffer (CVE-2024-57907)
     - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
       (CVE-2024-56608)
     - drm/amdgpu: fix usage slab after free (CVE-2024-56551)
     - block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
     - Revert "drm/amdgpu: rework resume handling for display (v2)"
       (Closes: #1094766)
     - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
     - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
     - Revert "regmap: detach regmap from dev on regmap_exit"
     - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
     - erofs: tidy up EROFS on-disk naming
     - erofs: handle NONHEAD !delta[1] lclusters gracefully
     - nfsd: add list_head nf_gc to struct nfsd_file
     - [x86] xen: fix SLS mitigation in xen_hypercall_iret()
     - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
     - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
       request
     - drm/amd/display: Use HW lock mgr for PSR1
     - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
     - regmap: detach regmap from dev on regmap_exit
     - ipv6: Fix soft lockups in fib6_select_path under high next hop churn
       (CVE-2024-56703)
     - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
     - xfs: bump max fsgeom struct version
     - xfs: hoist freeing of rt data fork extent mappings
     - xfs: prevent rt growfs when quota is enabled
     - xfs: rt stubs should return negative errnos when rt disabled
     - xfs: fix units conversion error in xfs_bmap_del_extent_delay
     - xfs: make sure maxlen is still congruent with prod when rounding down
     - xfs: introduce protection for drop nlink
     - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
     - xfs: allow read IO and FICLONE to run concurrently
     - xfs: factor out xfs_defer_pending_abort
     - xfs: abort intent items when recovery intents fail
     - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
     - xfs: up(ic_sema) if flushing data device fails
     - xfs: fix internal error from AGFL exhaustion
     - xfs: inode recovery does not validate the recovered inode
     - xfs: clean up dqblk extraction
     - xfs: dquot recovery does not validate the recovered dquot
     - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
     - xfs: respect the stable writes flag on the RT device
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
     - io_uring: fix waiters missing wake ups (Closes: #1093243)
     - net: sched: fix ets qdisc OOB Indexing
     - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
     - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
     - vfio/platform: check the bounds of read/write syscalls
     - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
       (CVE-2024-50304)
     - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
     - wifi: iwlwifi: add a few rate index validity checks
     - smb: client: fix UAF in async decryption (CVE-2024-50047)
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
     - Revert "usb: gadget: u_serial: Disable ep before setting port to null to
       fix the crash caused by port being null"
     - ALSA: usb-audio: Add delay quirk for USB Audio Device
     - Input: atkbd - map F23 key to support default copilot shortcut
     - Input: xpad - add unofficial Xbox 360 wireless receiver clone
     - Input: xpad - add support for wooting two he (arm)
     - smb: client: fix NULL ptr deref in crypto_aead_setkey()
     - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 31
   * [rt] Update to 6.1.127-rt48
linux-signed-amd64 (6.1.124+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.124-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124
     - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
     - selinux: ignore unknown extended permissions
     - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582)
     - tracing: Have process_string() also allow arrays
     - [x86] thunderbolt: Add support for Intel Lunar Lake
     - [x86] thunderbolt: Add support for Intel Panther Lake-M/P
     - [x86] thunderbolt: Don't display nvm_version unless upgrade supported
     - xhci: retry Stop Endpoint on buggy NEC controllers
     - usb: xhci: Limit Stop Endpoint retries
     - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
     - net: mctp: handle skb cleanup on sock_queue failures
     - RDMA/mlx5: Enforce same type port association for multiport RoCE
     - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
     - [arm64] RDMA/hns: Refactor mtr find
     - [arm64] RDMA/hns: Remove unused parameters and variables
     - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer
     - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path
     - [arm64] RDMA/hns: Fix missing flush CQE for DWQE
     - net: stmmac: platform: provide devm_stmmac_probe_config_dt()
     - net: stmmac: don't create a MDIO bus if unnecessary
     - net: stmmac: restructure the error path of stmmac_probe_config_dt()
     - net: fix memory leak in tcp_conn_request()
     - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices
     - ip_tunnel: annotate data-races around t->parms.link
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
     - net: Fix netns for ip_tunnel_init_flow()
     - netrom: check buffer length before accessing it
     - [x86] drm/i915/dg1: Fix power gate sequence.
     - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
       (Closes: #1092772)
     - net: llc: reset skb->transport_header
     - ALSA: usb-audio: US16x08: Initialize array before use
     - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak
     - net: wwan: t7xx: Fix FSM command timeout issue
     - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
     - net: restrict SO_REUSEPORT to inet sockets
     - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
     - af_packet: fix vlan_get_tci() vs MSG_PEEK
     - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
     - ila: serialize calls to nf_register_net_hooks()
     - btrfs: rename and export __btrfs_cow_block()
     - btrfs: fix use-after-free when COWing tree bock and tracing is enabled
       (CVE-2024-56759)
     - wifi: mac80211: wake the queues in case of failure in resume
     - btrfs: flush delalloc workers queue before stopping cleaner kthread during
       unmount
     - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
     - sound: usb: enable DSD output for ddHiFi TC44C
     - sound: usb: format: don't warn that raw DSD is unsupported
     - bpf: fix potential error return
     - ksmbd: retry iterate_dir in smb2_query_dir
     - net: usb: qmi_wwan: add Telit FE910C04 compositions
     - Bluetooth: hci_core: Fix sleeping function called from invalid context
     - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
     - usb: xhci: Avoid queuing redundant Stop Endpoint commands
     - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
     - modpost: fix the missed iteration for the max bit in do_input()
     - ALSA hda/realtek: Add quirk for Framework F111:000C
     - ALSA: seq: oss: Fix races at processing SysEx messages
     - kcov: mark in_softirq_really() as __always_inline
     - RDMA/uverbs: Prevent integer overflow issue
     - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
       locking
     - sky2: Add device ID 11ab:4373 for Marvell 88E8075
     - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
     - [arm64] drm: adv7511: Drop dsi single lane support
     - dt-bindings: display: adi,adv7533: Drop single lane support
     - mm/readahead: fix large folio support in async readahead
     - mm: vmscan: account for free pages to prevent infinite Loop in
       throttle_direct_reclaim()
     - mptcp: fix TCP options overflow.
     - mptcp: fix recvbuffer adjust on sleeping rcvmsg
     - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
     - zram: check comp is non-NULL before calling comp_destroy
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 30

linux-signed-arm64 (6.1.129+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.129-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129
     - [powerpc*] book3s64/hugetlb: Fix disabling hugetlb when fadump is active
     - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
     - afs: Fix directory format encoding struct
     - fs: fix proc_handler for sysctl_nr_open
     - block: retry call probe after request_module in blk_request_module
     - nbd: don't allow reconnect after disconnect
     - pstore/blk: trivial typo fixes
     - nvme: Add error check for xa_store in nvme_get_effects_log
     - partitions: ldm: remove the initial kernel-doc notation
     - select: Fix unbalanced user_access_end()
     - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
     - sched/psi: Use task->psi_flags to clear in CPU migration
     - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
     - [arm64] drm/msm/dp: set safe_to_exit_level before printing it
     - [arm64,armhf] drm/etnaviv: Fix page property being used for non
       writecombine buffers
     - HID: core: Fix assumption that Resolution Multipliers must be in Logical
       Collections
     - drm/amdgpu: Fix potential NULL pointer dereference in
       atomctrl_get_smc_sclk_range_table
     - [arm64] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters
       offset
     - [arm64] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
     - [arm64] drm/rockchip: vop2: Set YUV/RGB overlay mode
     - [arm64] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
     - [arm64] drm/rockchip: vop2: Fix the windows switch between different
       layers
     - [arm64] drm/rockchip: vop2: Check linear format for Cluster windows on
       rk3566/8
     - OPP: Rearrange entries in pm_opp.h
     - OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
     - OPP: Introduce dev_pm_opp_get_freq_indexed() API
     - OPP: Add dev_pm_opp_find_freq_exact_indexed()
     - OPP: Reuse dev_pm_opp_get_freq_indexed()
     - OPP: add index check to assert to avoid buffer overflow in _read_freq()
     - OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
     - genirq: Make handle_enforce_irqctx() unconditionally available
     - ipmi: ipmb: Add check devm_kasprintf() returned value
     - wifi: ath11k: Fix unexpected return buffer manager error for
       WCN6750/WCN6855
     - wifi: rtlwifi: do not complete firmware loading needlessly
     - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
     - wifi: rtlwifi: wait for firmware loading before releasing memory
     - wifi: rtlwifi: fix init_sw_vars leak when probe fails
     - wifi: rtlwifi: usb: fix workqueue leak when probe fails
     - wifi: wcn36xx: fix channel survey memory allocation size
     - net_sched: sch_sfq: annotate data-races around q->perturb_period
     - net_sched: sch_sfq: handle bigger packets
     - net_sched: sch_sfq: don't allow 1 packet limit
     - dt-bindings: mmc: controller: clarify the address-cells description
     - dt-bindings: leds: class-multicolor: Fix path to color definitions
     - wifi: rtlwifi: remove unused timer and related code
     - wifi: rtlwifi: remove unused dualmac control leftovers
     - wifi: rtlwifi: remove unused check_buddy_priv
     - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
     - wifi: rtlwifi: fix memory leaks and invalid access at probe error path
     - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
     - HID: multitouch: fix support for Goodix PID 0x01e9
     - regulator: dt-bindings: mt6315: Drop regulator-compatible property
     - ACPI: fan: cleanup resources in the error path of .probe()
     - cpupower: fix TSC MHz calculation
     - dt-bindings: mfd: bd71815: Fix rsense and typos
     - leds: netxbig: Fix an OF node reference leak in
       netxbig_leds_get_of_pdata()
     - inetpeer: remove create argument of inet_getpeer_v[46]()
     - inetpeer: remove create argument of inet_getpeer()
     - inetpeer: update inetpeer timestamp in inet_getpeer()
     - inetpeer: do not get a refcount in inet_getpeer()
     - [armhf] pwm: stm32-lp: Add check for clk_enable()
     - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
     - [arm64] clk: imx8mp: Fix clkout1/2 support
     - team: prevent adding a device which is already a team device lower
     - regulator: of: Implement the unwind path of of_regulator_match()
     - OPP: OF: Fix an OF node leak in _opp_add_static_v2()
     - [arm64] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
     - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding
       endpoint check
     - mfd: syscon: Remove extern from function prototypes
     - mfd: syscon: Add of_syscon_register_regmap() API
     - mfd: syscon: Use scoped variables with memory allocators to simplify error
       paths
     - mfd: syscon: Fix race in device_node_get_regmap()
     - samples/landlock: Fix possible NULL dereference in parse_path()
     - wifi: wlcore: fix unbalanced pm_runtime calls
     - wifi: mac80211: prohibit deactivating all links
     - wifi: mac80211: Fix common size calculation for ML element
     - net/smc: fix data error when recvmsg with MSG_PEEK flag
     - landlock: Handle weird files
     - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
     - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
     - wifi: mt76: mt7915: fix register mapping
     - cpufreq: ACPI: Fix max-frequency computation
     - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
     - wifi: cfg80211: adjust allocation of colocated AP data
     - net: let net.core.dev_weight always be non-zero
     - net: avoid race between device unregistration and ethnl ops
       (CVE-2025-21701)
     - net: sched: Disallow replacing of child qdisc from one parent to another
       (CVE-2025-21700)
     - netfilter: nft_flow_offload: update tcp state flags under lock
     - net: ethernet: ti: am65-cpsw: fix freeing IRQ in
       am65_cpsw_nuss_remove_tx_chns()
     - tcp_cubic: fix incorrect HyStart round start detection
     - net/rose: prevent integer overflows in rose_setsockopt()
     - libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is
       missing
     - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
     - libbpf: Fix segfault due to libelf functions not setting errno
     - [armhf] ASoC: sun4i-spdif: Add clock multiplier settings
     - crypto: hisilicon/sec2 - optimize the error return process
     - crypto: hisilicon/sec2 - fix for aead icv error
     - crypto: hisilicon/sec2 - fix for aead invalid authsize
     - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
     - padata: fix sysfs store callback check
     - ASoC: Intel: avs: Fix theoretical infinite loop
     - [armhf] pinctrl: stm32: set default gpio line names using pin names
     - [armhf] pinctrl: stm32: Add check for devm_kcalloc
     - [armhf] pinctrl: stm32: check devm_kasprintf() returned value
     - [armhf] pinctrl: stm32: Add check for clk_enable()
     - bpf: Send signals asynchronously if !preemptible
     - bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
     - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31
       laptop
     - padata: fix UAF in padata_reorder
     - padata: add pd get/put refcnt helper
     - padata: avoid UAF for reorder_work
     - smb: client: fix oops due to unset link speed
     - [arm64] dts: mt8183: set DMIC one-wire mode on Damu
     - [arm64] dts: mediatek: mt8516: fix GICv2 range
     - [arm64] dts: mediatek: mt8516: fix wdt irq type
     - [arm64] dts: mediatek: mt8516: add i2c clock-div property
     - [arm64] dts: mediatek: mt8516: reserve 192 KiB for TF-A
     - RDMA/mlx4: Avoid false error about access to uninitialized gids array
     - rdma/cxgb4: Prevent potential integer overflow on 32bit
     - [arm64] dts: mediatek: mt8173-evb: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8192-asurada: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-cherry: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-demo: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8183: kenzo: Support second source touchscreen
     - [arm64] dts: mediatek: mt8183: willow: Support second source touchscreen
     - RDMA/srp: Fix error handling in srp_add_port
     - memory: tegra20-emc: fix an OF node reference bug in
       tegra_emc_find_node_by_ram_code()
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
       settings
     - [arm64] dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
     - [arm64] dts: qcom: msm8996: Fix up USB3 interrupts
     - [arm64] dts: qcom: msm8994: Describe USB interrupts
     - [arm64] dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
     - [arm64] dts: qcom: msm8916: correct sleep clock frequency
     - [arm64] dts: qcom: msm8994: correct sleep clock frequency
     - [arm64] dts: qcom: sc7280: correct sleep clock frequency
     - [arm64] dts: qcom: sm6125: correct sleep clock frequency
     - [arm64] dts: qcom: sm8250: correct sleep clock frequency
     - [arm64] dts: qcom: sm8350: correct sleep clock frequency
     - [arm64] dts: qcom: sm8450: correct sleep clock frequency
     - [arm64] dts: ti: k3-am62: Remove duplicate GICR reg
     - [arm64] dts: ti: k3-am62a: Remove duplicate GICR reg
     - [arm64] dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
     - [arm64] dts: qcom: sc7180-idp: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
     - [arm64] dts: qcom: sc7180: Don't enable lpass clocks by default
     - [arm64] dts: qcom: sc7180: Drop redundant disable in mdp
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
     - [arm64] dts: qcom: pm6150l: add temp sensor and thermal zone config
     - [arm64] dts: qcom: sc7180-*: Remove thermal zone polling delays
     - [arm64] dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
     - [arm64] dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
       properties
     - [arm64] dts: qcom: sc8280xp: Fix up remoteproc register space sizes
     - [arm64] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
     - [arm64] dts: qcom: sdm845: Fix interrupt types of camss interrupts
     - [arm64] dts: qcom: sm8250: Fix interrupt types of camss interrupts
     - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
     - RDMA/mlx5: Fix indirect mkey ODP page count
     - of: reserved-memory: Do not make kmemleak ignore freed address
     - efi: sysfb_efi: fix W=1 warnings when EFI is not set
     - RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
     - iommufd/iova_bitmap: Fix shift-out-of-bounds in
       iova_bitmap_offset_to_index()
     - media: rc: iguanair: handle timeouts
     - media: lmedm04: Handle errors for lme2510_int_read
     - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
     - media: marvell: Add check for clk_enable()
     - media: i2c: imx412: Add missing newline to prints
     - media: i2c: ov9282: Correct the exposure offset
     - media: mipi-csis: Add check for clk_enable()
     - media: camif-core: Add check for clk_enable()
     - media: uvcvideo: Propagate buf->error to userspace
     - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
       void
     - mtd: hyperbus: hbmc-am654: fix an OF node reference leak
     - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
     - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
     - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
     - ocfs2: mark dquot as inactive if failed to start trans while releasing
       dquot
     - module: Extend the preempt disabled section in
       dereference_symbol_descriptor().
     - serial: 8250: Adjust the timeout for FIFO mode
     - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
     - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
     - tools/bootconfig: Fix the wrong format specifier
     - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
     - [armhf] dmaengine: ti: edma: fix OF node reference leaks in edma_driver
     - [arm64] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
     - ubifs: skip dumping tnc tree when zroot is null
     - regulator: core: Add missing newline character
     - [arm64] net: hns3: fix oops when unload drivers paralleling
     - gpio: mxc: remove dead code after switch to DT-only
     - net: fec: implement TSO descriptor cleanup
     - ipmr: do not call mr_mfc_uses_dev() for unres entries
     - PM: hibernate: Add error handling for syscore_suspend()
     - iavf: allow changing VLAN state without calling PF
     - net: rose: fix timer races against user threads
     - net: netdevsim: try to close UDP port harness races
     - vxlan: Fix uninit-value in vxlan_vnifilter_dump()
     - net: davicom: fix UAF in dm9000_drv_remove
     - bgmac: reduce max frame size to support just MTU 1500
     - net: sh_eth: Fix missing rtnl lock in suspend/resume path
     - net: hsr: fix fill_frame_info() regression vs VLAN packets
     - genksyms: fix memory leak when the same symbol is added from source
     - genksyms: fix memory leak when the same symbol is read from *.symref file
     - [arm64] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
     - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
     - kconfig: add warn-unknown-symbols sanity check
     - kconfig: require a space after '#' for valid input
     - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
     - kconfig: deduplicate code in conf_read_simple()
     - kconfig: WERROR unmet symbol dependency
     - kconfig: fix memory leak in sym_warn_unmet_dep()
     - f2fs: Introduce linear search for dentries
     - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Closes: #1071562)
     - kbuild: switch from lz4c to lz4 for compression
     - netfilter: nf_tables: reject mismatching sum of field_len with set key
       length
     - nvme: fix metadata handling in nvme-passthrough
     - drm/amd/display: fix double free issue during amdgpu module unload
       (CVE-2024-49989)
     - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
     - net: usb: rtl8150: enable basic endpoint checking
     - usb: xhci: Fix NULL pointer dereference on certain command aborts
     - drivers/card_reader/rtsx_usb: Restore interrupt based detection
     - usb: gadget: f_tcm: Fix Get/SetInterface return value
     - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
     - usb: dwc3: core: Defer the probe until USB power supply ready
     - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to
       PD_T_SENDER_RESPONSE
     - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR
       PPS
     - mptcp: consolidate suboption status
     - mptcp: handle fastopen disconnect correctly
     - remoteproc: core: Fix ida_free call while not allocated
     - media: uvcvideo: Fix double free in error path
     - usb: gadget: f_tcm: Don't free command immediately
     - staging: media: max96712: fix kernel oops when removing module
     - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
     - btrfs: output the reason for open_ctree() failure
     - ptp: Properly handle compat ioctls
     - [s390x] Add '-std=gnu11' to decompressor and purgatory CFLAGS
     - [armhf] pinctrl: stm32: fix array read out of bound
     - btrfs: fix use-after-free when attempting to join an aborted transaction
     - [arm64] mm: Ensure adequate HUGE_MAX_HSTATE
     - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
     - btrfs: fix data race when accessing the inode's disk_i_size at
       btrfs_drop_extents()
     - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
     - sched: Don't try to catch up excess steal time.
     - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
     - [x86] amd_nb: Restrict init function to AMD-based systems
     - drm/virtio: New fence for every plane update
     - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
     - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
     - safesetid: check size of policy writes
     - tun: fix group permission check
     - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
     - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
     - tomoyo: don't emit warning in tomoyo_write_control()
     - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
     - HID: Wacom: Add PCI Wacom device support
     - net/mlx5: use do_aux_work for PHC overflow checks
     - wifi: brcmfmac: Check the return value of of_property_read_string_index()
     - wifi: iwlwifi: avoid memory leak
     - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
     - APEI: GHES: Have GHES honor the panic= setting
     - Bluetooth: MGMT: Fix slab-use-after-free Read in
       mgmt_remove_adv_monitor_sync
     - net: wwan: iosm: Fix hibernation by re-binding the driver around it
     - mmc: sdhci-msm: Correctly set the load for the regulator
     - tipc: re-order conditions in tipc_crypto_key_rcv()
     - [x86] kexec: Allocate PGD for x86_64 transition page tables separately
     - [arm64] iommu/arm-smmu-v3: Clean up more on probe failure
     - [x86] platform/x86: int3472: Check for adev == NULL
     - ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
     - ASoC: amd: Add ACPI dependency to fix build error
     - Input: allocate keycode for phone linking
     - [x86] platform/x86: acer-wmi: Ignore AC events
     - [powerpc*] KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()
     - [powerpc*] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock
     - [powerpc*] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
     - KVM: e500: always restore irqs
     - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
       void
     - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and
       in the error path of .probe()
     - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
     - net/ncsi: fix locking in Get MAC Address handling
     - gpio: xilinx: Convert to immutable irq_chip
     - gpio: xilinx: Convert gpio_lock to raw spinlock (CVE-2025-21684)
     - xfs: report realtime block quota limits on realtime directories
     - xfs: don't over-report free space or inodes in statvfs
     - nvme: handle connectivity loss in nvme_set_queue_count
     - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
     - gpu: drm_dp_cec: fix broken CEC adapter properties check
     - tg3: Disable tg3 PCIe AER on system reboot
     - udp: gso: do not drop small packets when PMTU reduces
     - gpio: pca953x: Improve interrupt support
     - net: atlantic: fix warning during hot unplug
     - net: rose: lock the socket in rose_bind()
     - [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx (Closes: #1095435)
     - [x86] xen: add FRAME_END to xen_hypercall_hvm()
     - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
     - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
       (CVE-2025-21703)
     - tun: revert fix group permission check
     - net: sched: Fix truncation of offloaded action statistics
     - cpufreq: s3c64xx: Fix compilation warning
     - leds: lp8860: Write full EEPROM, not only half of it
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
     - drm/modeset: Handle tiled displays in pan_display_atomic.
     - smb: client: change lease epoch type from unsigned int to __u16
     - [s390x] futex: Fix FUTEX_OP_ANDN implementation
     - fs/proc: do_task_stat: Fix ESP not readable during coredump
     - binfmt_flat: Fix integer overflow bug on 32 bit systems
     - [arm64] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
     - [arm64] dts: rockchip: increase gmac rx_delay on rk3399-puma
     - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
     - [s390x] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
     - ksmbd: fix integer overflows on 32 bit systems
     - drm/amd/pm: Mark MM activity as unsupported
     - Revert "drm/amd/display: Use HW lock mgr for PSR1"
     - [x86] drm/i915/guc: Debug print LRC state entries only if the context is
       pinned
     - drm/komeda: Add check for komeda_get_layer_fourcc_list()
     - [x86] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
     - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
     - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
     - [arm64] clk: sunxi-ng: a100: enable MMC clock reparenting
     - [arm64] clk: qcom: clk-alpha-pll: fix alpha mode configuration
     - [arm64] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
     - [arm64] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
     - [arm64] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
     - [arm64] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
     - blk-cgroup: Fix class @block_class's subsystem refcount leakage
     - efi: libstub: Use '-std=gnu11' to fix build with GCC 15
     - scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
     - of: Correct child specifier used as input of the 2nd nexus node
     - of: Fix of_find_node_opts_by_path() handling of alias+path+options
     - of: reserved-memory: Fix using wrong number of cells to get property
       'alignment'
     - HID: hid-sensor-hub: don't use stale platform-data on remove
     - wifi: rtlwifi: rtl8821ae: Fix media status report
     - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
     - usb: gadget: f_tcm: Translate error to sense
     - usb: gadget: f_tcm: Decrement command ref count on cleanup
     - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
     - usb: gadget: f_tcm: Don't prepare BOT write request twice
     - ASoC: acp: Support microphone from Lenovo Go S
     - soc: qcom: socinfo: Avoid out of bounds read of serial number
     - serial: sh-sci: Drop __initdata macro for port_cfg
     - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
       in use
     - [mips*] Loongson64: remove ROM Size unit in boardinfo
     - [powerpc*] pseries/eeh: Fix get PE state translation
     - dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
     - dm-crypt: track tag_offset in convert_context
     - mips/math-emu: fix emulation of the prefx instruction (Closes: #1091858)
     - block: don't revert iter for -EIOCBQUEUED
     - Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
       (Closes: #1095764)
     - ALSA: hda/realtek: Enable headset mic on Positivo C6400
     - ALSA: hda: Fix headset detection failure due to unstable sort
     - [arm64] tegra: Fix Tegra234 PCIe interrupt-map
     - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
     - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
     - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
     - scsi: qla2xxx: Move FCE Trace buffer allocation to user control
     - scsi: storvsc: Set correct data length for sending SCSI command without
       payload
     - kbuild: Move -Wenum-enum-conversion to W=2
     - [x86] boot: Use '-std=gnu11' to fix build with GCC 15
     - [arm64] dts: qcom: sm6350: Fix ADSP memory length
     - [arm64] dts: qcom: sm6350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8450: Fix MPSS memory length
     - crypto: qce - fix priority to be less than ARMv8 CE
     - [arm64] tegra: Disable Tegra234 sce-fabric node
     - xfs: Add error handling for xfs_reflink_cancel_cow_range
     - ACPI: PRM: Remove unnecessary strict handler address checks
     - rv: Reset per-task monitors also for idle tasks
     - kfence: skip __GFP_THISNODE allocations on NUMA systems
     - media: ccs: Clean up parsed CCS static data on parse failure
     - iio: light: as73211: fix channel handling in only-color triggered buffer
     - soc: qcom: smem_state: fix missing of_node_put in error path
     - media: mc: fix endpoint iteration
     - media: ov5640: fix get_light_freq on auto
     - media: ccs: Fix CCS static data parsing for large block sizes
     - media: ccs: Fix cleanup order in ccs_probe()
     - media: uvcvideo: Fix event flags in uvc_ctrl_send_events
     - media: uvcvideo: Remove redundant NULL assignment
     - mm: kmemleak: fix upper boundary check for physical address objects
     - ata: libata-sff: Ensure that we cannot write outside the allocated buffer
     - crypto: qce - fix goto jump in error path
     - crypto: qce - unregister previously registered algos in error path
     - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
     - nvmem: core: improve range check for nvmem_cell_write()
     - io_uring/net: don't retry connect operation on EPOLLERR
     - vfio/platform: check the bounds of read/write syscalls
     - pnfs/flexfiles: retry getting layout segment for reads
     - ocfs2: fix incorrect CPU endianness conversion causing mount failure
     - ocfs2: handle a symlink read error correctly
     - nilfs2: fix possible int overflows in nilfs_fiemap()
     - mailbox: tegra-hsp: Clear mailbox before using message
     - NFC: nci: Add bounds checking in nci_hci_create_pipe()
     - i3c: master: Fix missing 'ret' assignment in set_speed()
     - irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
     - mtd: onenand: Fix uninitialized retlen in do_otp_read()
     - misc: fastrpc: Deregister device nodes properly in error scenarios
     - misc: fastrpc: Fix registered buffer page address
     - misc: fastrpc: Fix copy buffer page size
     - net/ncsi: wait for the last response to Deselect Package before
       configuring channel
     - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
     - rtla/osnoise: Distinguish missing workload option
     - rtla: Add trace_instance_stop
     - rtla/timerlat_hist: Stop timerlat tracer on signal
     - rtla/timerlat_top: Stop timerlat tracer on signal
     - [armhf] pinctrl: samsung: fix fwnode refcount cleanup if
       platform_get_irq_optional() fails
     - ptp: Ensure info->enable callback is always set
     - rtc: zynqmp: Fix optional clock name property
     - io_uring: fix multishots with selected buffers
     - io_uring: fix io_req_prep_async with provided buffers
     - io_uring/rw: commit provided buffer state on async
     - [mips*] ftrace: Declare ftrace_get_parent_ra_addr() as static
     - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
     - gpio: xilinx: remove excess kernel doc
     - ocfs2: check dir i_size in ocfs2_find_entry
     - cachefiles: Fix NULL pointer dereference in object->file (CVE-2024-56549)
     - mptcp: pm: only set fullmesh for subflow endp
     - mptcp: prevent excessive coalescing on receive
     - tty: xilinx_uartps: split sysrq handling
     - maple_tree: fix static analyser cppcheck issue
     - maple_tree: simplify split calculation
     - pps: Fix a use-after-free
     - Revert "btrfs: avoid monopolizing a core when activating a swap file"
     - btrfs: avoid monopolizing a core when activating a swap file
     - nfsd: clear acl_access/acl_default after releasing them
     - NFSD: fix hang in nfsd4_shutdown_callback (Closes: #1071562)
     - HID: multitouch: Add NULL check in mt_input_configured
     - HID: hid-thrustmaster: fix stack-out-of-bounds read in
       usb_check_int_endpoints()
     - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
     - vrf: use RCU protection in l3mdev_l3_out()
     - vxlan: check vxlan_vnigroup_init() return value
     - team: better TEAM_OPTION_TYPE_STRING validation
     - [arm64] cacheinfo: Avoid out-of-bounds write to cacheinfo array
     - cgroup: Remove steal time from usage_usec
     - xen/swiotlb: relax alignment requirements (Closes: #1093371, #1088159,
       #1087807)
     - xen: remove a confusing comment on auto-translated guest I/O
     - [x86] xen: allow larger contiguous memory regions in PV guests
       (Closes: #1093371, #1088159, #1087807)
     - fbdev: omap: use threaded IRQ for LCD DMA
     - media: cxd2841er: fix 64-bit division on gcc-9
     - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
     - PCI: switchtec: Add Microchip PCI100X device IDs
     - scsi: ufs: bsg: Set bsg_queue to NULL after removal
     - rtla/timerlat_hist: Abort event processing on second signal
     - rtla/timerlat_top: Abort event processing on second signal
     - vfio/pci: Enable iowrite64 and ioread64 for vfio pci
     - Grab mm lock before grabbing pt lock
     - [x86] mm/tlb: Only trim the mm_cpumask once a second
     - orangefs: fix a oob in orangefs_debug_write
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet 5V
     - batman-adv: fix panic during interface removal
     - batman-adv: Ignore neighbor throughput metrics in error case
     - batman-adv: Drop unmanaged ELP metric worker
     - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
     - [x86] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't
       in-kernel
     - [x86] KVM: nSVM: Enter guest mode before initializing nested NPT MMU
     - [x86] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
     - usb: dwc3: Fix timeout issue during controller enter/exit from halt state
     - usb: roles: set switch registered flag early on
     - usb: gadget: udc: renesas_usb3: Fix compiler warning
     - usb: dwc2: gadget: remove of_node reference upon udc_stop
     - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
     - usb: core: fix pipe creation for get_bMaxPacketSize0
     - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
     - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
       (Closes: #1091517)
     - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
     - USB: hub: Ignore non-compliant devices with too many configs or interfaces
     - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
     - usb: cdc-acm: Check control transfer buffer size before access
       (CVE-2025-21704)
     - usb: cdc-acm: Fix handling of oversized fragments
     - USB: serial: option: add MeiG Smart SLM828
     - USB: serial: option: add Telit Cinterion FN990B compositions
     - USB: serial: option: fix Telit Cinterion FN990A name
     - USB: serial: option: drop MeiG Smart defines
     - can: ctucanfd: handle skb allocation failure
     - can: c_can: fix unbalanced runtime PM disable in error path
     - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
       length zero
     - efi: Avoid cold plugged memory for placing the kernel
     - cgroup: fix race between fork and cgroup.kill
     - serial: 8250: Fix fifo underflow on flush
     - gpiolib: acpi: Add a quirk for Acer Nitro ANV14
     - gpio: stmpe: Check return value of stmpe_reg_read in
       stmpe_gpio_irq_sync_unlock
     - partitions: mac: fix handling of bogus partition table
     - regmap-irq: Add missing kfree()
     - [arm64] Handle .ARM.attributes section in linker scripts
     - mmc: mtk-sd: Fix register settings for hs400(es) mode
     - btrfs: fix hole expansion when writing at an offset beyond EOF
     - clocksource: Use pr_info() for "Checking clocksource synchronization"
       message
     - clocksource: Use migrate_disable() to avoid calling get_random_u32() in
       atomic context
     - ipv4: add RCU protection to ip4_dst_hoplimit()
     - net: treat possible_net_t net pointer as an RCU one and add
       read_pnet_rcu()
     - net: add dev_net_rcu() helper
     - ipv4: use RCU protection in ipv4_default_advmss()
     - ipv4: use RCU protection in rt_is_expired()
     - ipv4: use RCU protection in inet_select_addr()
     - net: ipv4: Cache pmtu for all packet paths if multipath enabled
     - ipv4: use RCU protection in __ip_rt_update_pmtu()
     - ipv4: icmp: convert to dev_net_rcu()
     - flow_dissector: use RCU protection to fetch dev_net()
     - ipv6: use RCU protection in ip6_default_advmss()
     - ndisc: use RCU protection in ndisc_alloc_skb()
     - neighbour: delete redundant judgment statements
     - neighbour: use RCU protection in __neigh_notify()
     - arp: use RCU protection in arp_xmit()
     - openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
     - ndisc: extend RCU protection in ndisc_send_skb()
     - ipv6: mcast: add RCU protection to mld_newpack()
     - [arm64] drm/v3d: Stop active perfmon if it is being destroyed
     - kdb: Do not assume write() callback available
     - [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
       dom0
     - iommu: Return right value in iommu_sva_bind_device() (CVE-2024-40945)
     - [arm64] tegra: Fix typo in Tegra234 dce-fabric compatible
     - mm: gup: fix infinite loop within __get_longterm_locked
     - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
       Driver Due to Race Condition (CVE-2024-50061)
     - nilfs2: do not output warnings when clearing dirty buffers
     - nilfs2: do not force clear folio if buffer is referenced
     - nilfs2: protect access to buffers with no active references
     - can: ems_pci: move ASIX AX99100 ids to pci_ids.h
     - serial: 8250_pci: add support for ASIX AX99100
     - parport_pc: add support for ASIX AX99100
     - net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice
       events
     - netdevsim: print human readable IP address
     - f2fs: fix to wait dio completion (CVE-2024-47726)
     - drm/amd/display: Add NULL pointer check for kzalloc (CVE-2024-42122)
     - [x86] i8253: Disable PIT timer 0 when not in use
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 32
   * [arm64] phy: rockchip: naneng-combphy: compatible reset with old DT
     (Closes: #1095745, #1098250, #1098354)
   * net: mana: Fix possible double free in error handling path (CVE-2024-42069)
     (Closes: #1099138)
   * net: mana: Fix RX buf alloc_size alignment and atomic op panic
     (CVE-2024-45001) (Closes: #1099138)
   * ptrace: Introduce exception_ip arch hook
   * mm/memory: Use exception ip to search exception tables
     (Closes: #1093200, #1087809, #1086028)
linux-signed-arm64 (6.1.128+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.128-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
     - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
     - bpf, sockmap: Fix race between element replace and close()
       (CVE-2024-56664)
     - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
       (CVE-2024-53128)
     - jbd2: increase IO priority for writing revoke records
     - jbd2: flush filesystem device before updating tail sequence
     - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
     - dm array: fix unreleased btree blocks on closing a faulty array cursor
     - dm array: fix cursor index when skipping across block boundaries
     - exfat: fix the infinite loop in exfat_readdir()
     - exfat: fix the infinite loop in __exfat_free_cluster()
     - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
       transitivity
     - net: 802: LLC+SNAP OID:PID lookup on start of skb data
     - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
     - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
     - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
     - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
     - cxgb4: Avoid removal of uninserted tid
     - ice: fix incorrect PHY settings for 100 GB/s
     - tls: Fix tls_sw_sendmsg error handling
     - Bluetooth: hci_sync: Fix not setting Random Address when required
     - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
     - netfilter: nf_tables: imbalance in flowtable binding
     - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
     - sched: sch_cake: add bounds checks to host bulk flow fairness counts
     - net/mlx5: Fix variable not being completed when function returns
     - ksmbd: fix a missing return value check bug
     - afs: Fix the maximum cell name length
     - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
     - dm thin: make get_first_thin use rcu-safe list first function
     - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
     - sctp: sysctl: rto_min/max: avoid using current->nsproxy
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
     - sctp: sysctl: udp_port: avoid using current->nsproxy
     - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
     - thermal: of: fix OF node leak in of_thermal_zone_find()
     - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
     - ACPI: resource: Add Asus Vivobook X1504VAP to
       irq1_level_low_skip_override[]
     - drm/amd/display: increase MAX_SURFACES to the value supported by hw
     - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
       2)
     - bpf: Add MEM_WRITE attribute
     - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
     - USB: serial: option: add MeiG Smart SRM815
     - USB: serial: option: add Neoway N723-EA support
     - usb-storage: Add max sectors quirk for Nokia 208
     - USB: serial: cp210x: add Phoenix Contact UPS Device
     - usb: dwc3: gadget: fix writing NYET threshold
     - topology: Keep the cpumask unchanged when printing cpumap
     - usb: gadget: u_serial: Disable ep before setting port to null to fix the
       crash caused by port being null
     - usb: dwc3-am62: Disable autosuspend during remove
     - USB: usblp: return error when setting unsupported protocol
     - USB: core: Disable LPM only for non-suspended ports
     - usb: fix reference leak in usb_new_device()
     - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
     - iio: light: vcnl4035: fix information leak in triggered buffer
     - iio: imu: kmx61: fix information leak in triggered buffer
     - iio: gyro: fxas21002c: Fix missing data update in trigger handler
     - iio: inkern: call iio_device_put() only on mapped devices
     - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
     - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
     - of/address: Add support for 3 address cell bus
     - of: address: Fix address translation when address-size is greater than 2
     - of: address: Remove duplicated functions
     - of: address: Store number of bus flag cells rather than bool
     - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
     - ocfs2: correct return value of ocfs2_local_free_info()
     - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
       (CVE-2024-57892)
     - drm: bridge: adv7511: use dev_err_probe in probe function
     - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
     - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
     - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
       conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
     - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
     - bpf: Fix bpf_sk_select_reuseport() memory leak
     - openvswitch: fix lockup on tx to unregistering netdev with carrier
     - pktgen: Avoid out-of-bounds access in get_imix_entries
     - net: add exit_batch_rtnl() method
     - gtp: use exit_batch_rtnl() method
     - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
     - gtp: Destroy device along with udp socket's netns dismantle.
     - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
     - net/mlx5: Fix RDMA TX steering prio
     - net/mlx5: Clear port select structure when fail to create
     - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
     - hwmon: (tmp513) Fix division of negative numbers
     - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
     - i2c: mux: demux-pinctrl: check initial mux selection, too
     - i2c: rcar: fix NACK handling when being a target
     - nvmet: propagate npwg topology
     - mac802154: check local interfaces before deleting sdata list
     - hfs: Sanity check the root record
     - fs: fix missing declaration of init_files
     - kheaders: Ignore silly-rename files
     - cachefiles: Parse the "secctx" immediately
     - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
       drivers
     - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
     - iomap: avoid avoid truncating 64-bit offset to 32 bits
     - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
       .poll()
     - [x86] asm: Make serialize() always_inline
     - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
     - zram: fix potential UAF of zram table
     - mptcp: be sure to send ack when mptcp-level window re-opens
     - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
     - vsock/virtio: discard packets if the transport changes
     - vsock/virtio: cancel close work in the destructor
     - vsock: reset socket state when de-assigning the transport
     - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
     - filemap: avoid truncating 64-bit offset to 32 bits
     - fs/proc: fix softlockup in __read_vmcore (part 2)
     - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
       (CVE-2024-36899)
     - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
     - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
     - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
     - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
     - hrtimers: Handle CPU state correctly on hotplug
     - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
     - Revert "PCI: Use preserve_config in place of pci_flags"
     - iio: imu: inv_icm42600: fix spi burst write not supported
     - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
     - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
       buffer (CVE-2024-57907)
     - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
       (CVE-2024-56608)
     - drm/amdgpu: fix usage slab after free (CVE-2024-56551)
     - block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
     - Revert "drm/amdgpu: rework resume handling for display (v2)"
       (Closes: #1094766)
     - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
     - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
     - Revert "regmap: detach regmap from dev on regmap_exit"
     - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
     - erofs: tidy up EROFS on-disk naming
     - erofs: handle NONHEAD !delta[1] lclusters gracefully
     - nfsd: add list_head nf_gc to struct nfsd_file
     - [x86] xen: fix SLS mitigation in xen_hypercall_iret()
     - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
     - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
       request
     - drm/amd/display: Use HW lock mgr for PSR1
     - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
     - regmap: detach regmap from dev on regmap_exit
     - ipv6: Fix soft lockups in fib6_select_path under high next hop churn
       (CVE-2024-56703)
     - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
     - xfs: bump max fsgeom struct version
     - xfs: hoist freeing of rt data fork extent mappings
     - xfs: prevent rt growfs when quota is enabled
     - xfs: rt stubs should return negative errnos when rt disabled
     - xfs: fix units conversion error in xfs_bmap_del_extent_delay
     - xfs: make sure maxlen is still congruent with prod when rounding down
     - xfs: introduce protection for drop nlink
     - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
     - xfs: allow read IO and FICLONE to run concurrently
     - xfs: factor out xfs_defer_pending_abort
     - xfs: abort intent items when recovery intents fail
     - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
     - xfs: up(ic_sema) if flushing data device fails
     - xfs: fix internal error from AGFL exhaustion
     - xfs: inode recovery does not validate the recovered inode
     - xfs: clean up dqblk extraction
     - xfs: dquot recovery does not validate the recovered dquot
     - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
     - xfs: respect the stable writes flag on the RT device
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
     - io_uring: fix waiters missing wake ups (Closes: #1093243)
     - net: sched: fix ets qdisc OOB Indexing
     - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
     - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
     - vfio/platform: check the bounds of read/write syscalls
     - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
       (CVE-2024-50304)
     - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
     - wifi: iwlwifi: add a few rate index validity checks
     - smb: client: fix UAF in async decryption (CVE-2024-50047)
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
     - Revert "usb: gadget: u_serial: Disable ep before setting port to null to
       fix the crash caused by port being null"
     - ALSA: usb-audio: Add delay quirk for USB Audio Device
     - Input: atkbd - map F23 key to support default copilot shortcut
     - Input: xpad - add unofficial Xbox 360 wireless receiver clone
     - Input: xpad - add support for wooting two he (arm)
     - smb: client: fix NULL ptr deref in crypto_aead_setkey()
     - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 31
   * [rt] Update to 6.1.127-rt48
linux-signed-arm64 (6.1.124+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.124-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124
     - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
     - selinux: ignore unknown extended permissions
     - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582)
     - tracing: Have process_string() also allow arrays
     - [x86] thunderbolt: Add support for Intel Lunar Lake
     - [x86] thunderbolt: Add support for Intel Panther Lake-M/P
     - [x86] thunderbolt: Don't display nvm_version unless upgrade supported
     - xhci: retry Stop Endpoint on buggy NEC controllers
     - usb: xhci: Limit Stop Endpoint retries
     - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
     - net: mctp: handle skb cleanup on sock_queue failures
     - RDMA/mlx5: Enforce same type port association for multiport RoCE
     - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
     - [arm64] RDMA/hns: Refactor mtr find
     - [arm64] RDMA/hns: Remove unused parameters and variables
     - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer
     - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path
     - [arm64] RDMA/hns: Fix missing flush CQE for DWQE
     - net: stmmac: platform: provide devm_stmmac_probe_config_dt()
     - net: stmmac: don't create a MDIO bus if unnecessary
     - net: stmmac: restructure the error path of stmmac_probe_config_dt()
     - net: fix memory leak in tcp_conn_request()
     - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices
     - ip_tunnel: annotate data-races around t->parms.link
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
     - net: Fix netns for ip_tunnel_init_flow()
     - netrom: check buffer length before accessing it
     - [x86] drm/i915/dg1: Fix power gate sequence.
     - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
       (Closes: #1092772)
     - net: llc: reset skb->transport_header
     - ALSA: usb-audio: US16x08: Initialize array before use
     - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak
     - net: wwan: t7xx: Fix FSM command timeout issue
     - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
     - net: restrict SO_REUSEPORT to inet sockets
     - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
     - af_packet: fix vlan_get_tci() vs MSG_PEEK
     - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
     - ila: serialize calls to nf_register_net_hooks()
     - btrfs: rename and export __btrfs_cow_block()
     - btrfs: fix use-after-free when COWing tree bock and tracing is enabled
       (CVE-2024-56759)
     - wifi: mac80211: wake the queues in case of failure in resume
     - btrfs: flush delalloc workers queue before stopping cleaner kthread during
       unmount
     - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
     - sound: usb: enable DSD output for ddHiFi TC44C
     - sound: usb: format: don't warn that raw DSD is unsupported
     - bpf: fix potential error return
     - ksmbd: retry iterate_dir in smb2_query_dir
     - net: usb: qmi_wwan: add Telit FE910C04 compositions
     - Bluetooth: hci_core: Fix sleeping function called from invalid context
     - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
     - usb: xhci: Avoid queuing redundant Stop Endpoint commands
     - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
     - modpost: fix the missed iteration for the max bit in do_input()
     - ALSA hda/realtek: Add quirk for Framework F111:000C
     - ALSA: seq: oss: Fix races at processing SysEx messages
     - kcov: mark in_softirq_really() as __always_inline
     - RDMA/uverbs: Prevent integer overflow issue
     - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
       locking
     - sky2: Add device ID 11ab:4373 for Marvell 88E8075
     - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
     - [arm64] drm: adv7511: Drop dsi single lane support
     - dt-bindings: display: adi,adv7533: Drop single lane support
     - mm/readahead: fix large folio support in async readahead
     - mm: vmscan: account for free pages to prevent infinite Loop in
       throttle_direct_reclaim()
     - mptcp: fix TCP options overflow.
     - mptcp: fix recvbuffer adjust on sleeping rcvmsg
     - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
     - zram: check comp is non-NULL before calling comp_destroy
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 30

linux-signed-i386 (6.1.129+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.129-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129
     - [powerpc*] book3s64/hugetlb: Fix disabling hugetlb when fadump is active
     - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
     - afs: Fix directory format encoding struct
     - fs: fix proc_handler for sysctl_nr_open
     - block: retry call probe after request_module in blk_request_module
     - nbd: don't allow reconnect after disconnect
     - pstore/blk: trivial typo fixes
     - nvme: Add error check for xa_store in nvme_get_effects_log
     - partitions: ldm: remove the initial kernel-doc notation
     - select: Fix unbalanced user_access_end()
     - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
     - sched/psi: Use task->psi_flags to clear in CPU migration
     - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
     - [arm64] drm/msm/dp: set safe_to_exit_level before printing it
     - [arm64,armhf] drm/etnaviv: Fix page property being used for non
       writecombine buffers
     - HID: core: Fix assumption that Resolution Multipliers must be in Logical
       Collections
     - drm/amdgpu: Fix potential NULL pointer dereference in
       atomctrl_get_smc_sclk_range_table
     - [arm64] drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters
       offset
     - [arm64] drm/rockchip: vop2: Fix the mixer alpha setup for layer 0
     - [arm64] drm/rockchip: vop2: Set YUV/RGB overlay mode
     - [arm64] drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config
     - [arm64] drm/rockchip: vop2: Fix the windows switch between different
       layers
     - [arm64] drm/rockchip: vop2: Check linear format for Cluster windows on
       rk3566/8
     - OPP: Rearrange entries in pm_opp.h
     - OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_indexed() APIs
     - OPP: Introduce dev_pm_opp_get_freq_indexed() API
     - OPP: Add dev_pm_opp_find_freq_exact_indexed()
     - OPP: Reuse dev_pm_opp_get_freq_indexed()
     - OPP: add index check to assert to avoid buffer overflow in _read_freq()
     - OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
     - genirq: Make handle_enforce_irqctx() unconditionally available
     - ipmi: ipmb: Add check devm_kasprintf() returned value
     - wifi: ath11k: Fix unexpected return buffer manager error for
       WCN6750/WCN6855
     - wifi: rtlwifi: do not complete firmware loading needlessly
     - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
     - wifi: rtlwifi: wait for firmware loading before releasing memory
     - wifi: rtlwifi: fix init_sw_vars leak when probe fails
     - wifi: rtlwifi: usb: fix workqueue leak when probe fails
     - wifi: wcn36xx: fix channel survey memory allocation size
     - net_sched: sch_sfq: annotate data-races around q->perturb_period
     - net_sched: sch_sfq: handle bigger packets
     - net_sched: sch_sfq: don't allow 1 packet limit
     - dt-bindings: mmc: controller: clarify the address-cells description
     - dt-bindings: leds: class-multicolor: Fix path to color definitions
     - wifi: rtlwifi: remove unused timer and related code
     - wifi: rtlwifi: remove unused dualmac control leftovers
     - wifi: rtlwifi: remove unused check_buddy_priv
     - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
     - wifi: rtlwifi: fix memory leaks and invalid access at probe error path
     - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
     - HID: multitouch: fix support for Goodix PID 0x01e9
     - regulator: dt-bindings: mt6315: Drop regulator-compatible property
     - ACPI: fan: cleanup resources in the error path of .probe()
     - cpupower: fix TSC MHz calculation
     - dt-bindings: mfd: bd71815: Fix rsense and typos
     - leds: netxbig: Fix an OF node reference leak in
       netxbig_leds_get_of_pdata()
     - inetpeer: remove create argument of inet_getpeer_v[46]()
     - inetpeer: remove create argument of inet_getpeer()
     - inetpeer: update inetpeer timestamp in inet_getpeer()
     - inetpeer: do not get a refcount in inet_getpeer()
     - [armhf] pwm: stm32-lp: Add check for clk_enable()
     - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
     - [arm64] clk: imx8mp: Fix clkout1/2 support
     - team: prevent adding a device which is already a team device lower
     - regulator: of: Implement the unwind path of of_regulator_match()
     - OPP: OF: Fix an OF node leak in _opp_add_static_v2()
     - [arm64] clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs
     - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding
       endpoint check
     - mfd: syscon: Remove extern from function prototypes
     - mfd: syscon: Add of_syscon_register_regmap() API
     - mfd: syscon: Use scoped variables with memory allocators to simplify error
       paths
     - mfd: syscon: Fix race in device_node_get_regmap()
     - samples/landlock: Fix possible NULL dereference in parse_path()
     - wifi: wlcore: fix unbalanced pm_runtime calls
     - wifi: mac80211: prohibit deactivating all links
     - wifi: mac80211: Fix common size calculation for ML element
     - net/smc: fix data error when recvmsg with MSG_PEEK flag
     - landlock: Handle weird files
     - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
     - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection.
     - wifi: mt76: mt7915: fix register mapping
     - cpufreq: ACPI: Fix max-frequency computation
     - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
     - wifi: cfg80211: adjust allocation of colocated AP data
     - net: let net.core.dev_weight always be non-zero
     - net: avoid race between device unregistration and ethnl ops
       (CVE-2025-21701)
     - net: sched: Disallow replacing of child qdisc from one parent to another
       (CVE-2025-21700)
     - netfilter: nft_flow_offload: update tcp state flags under lock
     - net: ethernet: ti: am65-cpsw: fix freeing IRQ in
       am65_cpsw_nuss_remove_tx_chns()
     - tcp_cubic: fix incorrect HyStart round start detection
     - net/rose: prevent integer overflows in rose_setsockopt()
     - libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is
       missing
     - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
     - libbpf: Fix segfault due to libelf functions not setting errno
     - [armhf] ASoC: sun4i-spdif: Add clock multiplier settings
     - crypto: hisilicon/sec2 - optimize the error return process
     - crypto: hisilicon/sec2 - fix for aead icv error
     - crypto: hisilicon/sec2 - fix for aead invalid authsize
     - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
     - padata: fix sysfs store callback check
     - ASoC: Intel: avs: Fix theoretical infinite loop
     - [armhf] pinctrl: stm32: set default gpio line names using pin names
     - [armhf] pinctrl: stm32: Add check for devm_kcalloc
     - [armhf] pinctrl: stm32: check devm_kasprintf() returned value
     - [armhf] pinctrl: stm32: Add check for clk_enable()
     - bpf: Send signals asynchronously if !preemptible
     - bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write
     - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31
       laptop
     - padata: fix UAF in padata_reorder
     - padata: add pd get/put refcnt helper
     - padata: avoid UAF for reorder_work
     - smb: client: fix oops due to unset link speed
     - [arm64] dts: mt8183: set DMIC one-wire mode on Damu
     - [arm64] dts: mediatek: mt8516: fix GICv2 range
     - [arm64] dts: mediatek: mt8516: fix wdt irq type
     - [arm64] dts: mediatek: mt8516: add i2c clock-div property
     - [arm64] dts: mediatek: mt8516: reserve 192 KiB for TF-A
     - RDMA/mlx4: Avoid false error about access to uninitialized gids array
     - rdma/cxgb4: Prevent potential integer overflow on 32bit
     - [arm64] dts: mediatek: mt8173-evb: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8192-asurada: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-cherry: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8195-demo: Drop regulator-compatible property
     - [arm64] dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
     - [arm64] dts: mediatek: mt8183: kenzo: Support second source touchscreen
     - [arm64] dts: mediatek: mt8183: willow: Support second source touchscreen
     - RDMA/srp: Fix error handling in srp_add_port
     - memory: tegra20-emc: fix an OF node reference bug in
       tegra_emc_find_node_by_ram_code()
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
       settings
     - [arm64] dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property
     - [arm64] dts: qcom: msm8996: Fix up USB3 interrupts
     - [arm64] dts: qcom: msm8994: Describe USB interrupts
     - [arm64] dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value
     - [arm64] dts: qcom: msm8916: correct sleep clock frequency
     - [arm64] dts: qcom: msm8994: correct sleep clock frequency
     - [arm64] dts: qcom: sc7280: correct sleep clock frequency
     - [arm64] dts: qcom: sm6125: correct sleep clock frequency
     - [arm64] dts: qcom: sm8250: correct sleep clock frequency
     - [arm64] dts: qcom: sm8350: correct sleep clock frequency
     - [arm64] dts: qcom: sm8450: correct sleep clock frequency
     - [arm64] dts: ti: k3-am62: Remove duplicate GICR reg
     - [arm64] dts: ti: k3-am62a: Remove duplicate GICR reg
     - [arm64] dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl
     - [arm64] dts: qcom: sc7180-idp: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel
     - [arm64] dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel
     - [arm64] dts: qcom: sc7180: Don't enable lpass clocks by default
     - [arm64] dts: qcom: sc7180: Drop redundant disable in mdp
     - [arm64] dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply
     - [arm64] dts: qcom: pm6150l: add temp sensor and thermal zone config
     - [arm64] dts: qcom: sc7180-*: Remove thermal zone polling delays
     - [arm64] dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone
     - [arm64] dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
       properties
     - [arm64] dts: qcom: sc8280xp: Fix up remoteproc register space sizes
     - [arm64] dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL
     - [arm64] dts: qcom: sdm845: Fix interrupt types of camss interrupts
     - [arm64] dts: qcom: sm8250: Fix interrupt types of camss interrupts
     - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
     - RDMA/mlx5: Fix indirect mkey ODP page count
     - of: reserved-memory: Do not make kmemleak ignore freed address
     - efi: sysfb_efi: fix W=1 warnings when EFI is not set
     - RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]"
     - iommufd/iova_bitmap: Fix shift-out-of-bounds in
       iova_bitmap_offset_to_index()
     - media: rc: iguanair: handle timeouts
     - media: lmedm04: Handle errors for lme2510_int_read
     - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
     - media: marvell: Add check for clk_enable()
     - media: i2c: imx412: Add missing newline to prints
     - media: i2c: ov9282: Correct the exposure offset
     - media: mipi-csis: Add check for clk_enable()
     - media: camif-core: Add check for clk_enable()
     - media: uvcvideo: Propagate buf->error to userspace
     - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
       void
     - mtd: hyperbus: hbmc-am654: fix an OF node reference leak
     - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
     - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
     - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
     - ocfs2: mark dquot as inactive if failed to start trans while releasing
       dquot
     - module: Extend the preempt disabled section in
       dereference_symbol_descriptor().
     - serial: 8250: Adjust the timeout for FIFO mode
     - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
     - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
     - tools/bootconfig: Fix the wrong format specifier
     - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
     - [armhf] dmaengine: ti: edma: fix OF node reference leaks in edma_driver
     - [arm64] rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
     - ubifs: skip dumping tnc tree when zroot is null
     - regulator: core: Add missing newline character
     - [arm64] net: hns3: fix oops when unload drivers paralleling
     - gpio: mxc: remove dead code after switch to DT-only
     - net: fec: implement TSO descriptor cleanup
     - ipmr: do not call mr_mfc_uses_dev() for unres entries
     - PM: hibernate: Add error handling for syscore_suspend()
     - iavf: allow changing VLAN state without calling PF
     - net: rose: fix timer races against user threads
     - net: netdevsim: try to close UDP port harness races
     - vxlan: Fix uninit-value in vxlan_vnifilter_dump()
     - net: davicom: fix UAF in dm9000_drv_remove
     - bgmac: reduce max frame size to support just MTU 1500
     - net: sh_eth: Fix missing rtnl lock in suspend/resume path
     - net: hsr: fix fill_frame_info() regression vs VLAN packets
     - genksyms: fix memory leak when the same symbol is added from source
     - genksyms: fix memory leak when the same symbol is read from *.symref file
     - [arm64] ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback
     - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
     - kconfig: add warn-unknown-symbols sanity check
     - kconfig: require a space after '#' for valid input
     - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
     - kconfig: deduplicate code in conf_read_simple()
     - kconfig: WERROR unmet symbol dependency
     - kconfig: fix memory leak in sym_warn_unmet_dep()
     - f2fs: Introduce linear search for dentries
     - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Closes: #1071562)
     - kbuild: switch from lz4c to lz4 for compression
     - netfilter: nf_tables: reject mismatching sum of field_len with set key
       length
     - nvme: fix metadata handling in nvme-passthrough
     - drm/amd/display: fix double free issue during amdgpu module unload
       (CVE-2024-49989)
     - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
     - net: usb: rtl8150: enable basic endpoint checking
     - usb: xhci: Fix NULL pointer dereference on certain command aborts
     - drivers/card_reader/rtsx_usb: Restore interrupt based detection
     - usb: gadget: f_tcm: Fix Get/SetInterface return value
     - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()
     - usb: dwc3: core: Defer the probe until USB power supply ready
     - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to
       PD_T_SENDER_RESPONSE
     - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR
       PPS
     - mptcp: consolidate suboption status
     - mptcp: handle fastopen disconnect correctly
     - remoteproc: core: Fix ida_free call while not allocated
     - media: uvcvideo: Fix double free in error path
     - usb: gadget: f_tcm: Don't free command immediately
     - staging: media: max96712: fix kernel oops when removing module
     - media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
     - btrfs: output the reason for open_ctree() failure
     - ptp: Properly handle compat ioctls
     - [s390x] Add '-std=gnu11' to decompressor and purgatory CFLAGS
     - [armhf] pinctrl: stm32: fix array read out of bound
     - btrfs: fix use-after-free when attempting to join an aborted transaction
     - [arm64] mm: Ensure adequate HUGE_MAX_HSTATE
     - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
     - btrfs: fix data race when accessing the inode's disk_i_size at
       btrfs_drop_extents()
     - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
     - sched: Don't try to catch up excess steal time.
     - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
     - [x86] amd_nb: Restrict init function to AMD-based systems
     - drm/virtio: New fence for every plane update
     - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
     - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
     - safesetid: check size of policy writes
     - tun: fix group permission check
     - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
     - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
     - tomoyo: don't emit warning in tomoyo_write_control()
     - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
     - HID: Wacom: Add PCI Wacom device support
     - net/mlx5: use do_aux_work for PHC overflow checks
     - wifi: brcmfmac: Check the return value of of_property_read_string_index()
     - wifi: iwlwifi: avoid memory leak
     - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
     - APEI: GHES: Have GHES honor the panic= setting
     - Bluetooth: MGMT: Fix slab-use-after-free Read in
       mgmt_remove_adv_monitor_sync
     - net: wwan: iosm: Fix hibernation by re-binding the driver around it
     - mmc: sdhci-msm: Correctly set the load for the regulator
     - tipc: re-order conditions in tipc_crypto_key_rcv()
     - [x86] kexec: Allocate PGD for x86_64 transition page tables separately
     - [arm64] iommu/arm-smmu-v3: Clean up more on probe failure
     - [x86] platform/x86: int3472: Check for adev == NULL
     - ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
     - ASoC: amd: Add ACPI dependency to fix build error
     - Input: allocate keycode for phone linking
     - [x86] platform/x86: acer-wmi: Ignore AC events
     - [powerpc*] KVM: PPC: e500: Mark "struct page" dirty in
       kvmppc_e500_shadow_map()
     - [powerpc*] KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
       mmu_lock
     - [powerpc*] KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
     - KVM: e500: always restore irqs
     - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
       void
     - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and
       in the error path of .probe()
     - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
     - net/ncsi: fix locking in Get MAC Address handling
     - gpio: xilinx: Convert to immutable irq_chip
     - gpio: xilinx: Convert gpio_lock to raw spinlock (CVE-2025-21684)
     - xfs: report realtime block quota limits on realtime directories
     - xfs: don't over-report free space or inodes in statvfs
     - nvme: handle connectivity loss in nvme_set_queue_count
     - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
     - gpu: drm_dp_cec: fix broken CEC adapter properties check
     - tg3: Disable tg3 PCIe AER on system reboot
     - udp: gso: do not drop small packets when PMTU reduces
     - gpio: pca953x: Improve interrupt support
     - net: atlantic: fix warning during hot unplug
     - net: rose: lock the socket in rose_bind()
     - [x86] xen: fix xen_hypercall_hvm() to not clobber %rbx (Closes: #1095435)
     - [x86] xen: add FRAME_END to xen_hypercall_hvm()
     - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
     - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
       (CVE-2025-21703)
     - tun: revert fix group permission check
     - net: sched: Fix truncation of offloaded action statistics
     - cpufreq: s3c64xx: Fix compilation warning
     - leds: lp8860: Write full EEPROM, not only half of it
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
     - drm/modeset: Handle tiled displays in pan_display_atomic.
     - smb: client: change lease epoch type from unsigned int to __u16
     - [s390x] futex: Fix FUTEX_OP_ANDN implementation
     - fs/proc: do_task_stat: Fix ESP not readable during coredump
     - binfmt_flat: Fix integer overflow bug on 32 bit systems
     - [arm64] drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
     - [arm64] dts: rockchip: increase gmac rx_delay on rk3399-puma
     - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
     - [s390x] KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
     - ksmbd: fix integer overflows on 32 bit systems
     - drm/amd/pm: Mark MM activity as unsupported
     - Revert "drm/amd/display: Use HW lock mgr for PSR1"
     - [x86] drm/i915/guc: Debug print LRC state entries only if the context is
       pinned
     - drm/komeda: Add check for komeda_get_layer_fourcc_list()
     - [x86] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
     - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
     - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
     - [arm64] clk: sunxi-ng: a100: enable MMC clock reparenting
     - [arm64] clk: qcom: clk-alpha-pll: fix alpha mode configuration
     - [arm64] clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
     - [arm64] clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
     - [arm64] clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
     - [arm64] clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
     - blk-cgroup: Fix class @block_class's subsystem refcount leakage
     - efi: libstub: Use '-std=gnu11' to fix build with GCC 15
     - scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
     - of: Correct child specifier used as input of the 2nd nexus node
     - of: Fix of_find_node_opts_by_path() handling of alias+path+options
     - of: reserved-memory: Fix using wrong number of cells to get property
       'alignment'
     - HID: hid-sensor-hub: don't use stale platform-data on remove
     - wifi: rtlwifi: rtl8821ae: Fix media status report
     - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
     - usb: gadget: f_tcm: Translate error to sense
     - usb: gadget: f_tcm: Decrement command ref count on cleanup
     - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
     - usb: gadget: f_tcm: Don't prepare BOT write request twice
     - ASoC: acp: Support microphone from Lenovo Go S
     - soc: qcom: socinfo: Avoid out of bounds read of serial number
     - serial: sh-sci: Drop __initdata macro for port_cfg
     - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
       in use
     - [mips*] Loongson64: remove ROM Size unit in boardinfo
     - [powerpc*] pseries/eeh: Fix get PE state translation
     - dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
     - dm-crypt: track tag_offset in convert_context
     - mips/math-emu: fix emulation of the prefx instruction (Closes: #1091858)
     - block: don't revert iter for -EIOCBQUEUED
     - Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
       (Closes: #1095764)
     - ALSA: hda/realtek: Enable headset mic on Positivo C6400
     - ALSA: hda: Fix headset detection failure due to unstable sort
     - [arm64] tegra: Fix Tegra234 PCIe interrupt-map
     - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
     - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
     - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
     - scsi: qla2xxx: Move FCE Trace buffer allocation to user control
     - scsi: storvsc: Set correct data length for sending SCSI command without
       payload
     - kbuild: Move -Wenum-enum-conversion to W=2
     - [x86] boot: Use '-std=gnu11' to fix build with GCC 15
     - [arm64] dts: qcom: sm6350: Fix ADSP memory length
     - [arm64] dts: qcom: sm6350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8350: Fix MPSS memory length
     - [arm64] dts: qcom: sm8450: Fix MPSS memory length
     - crypto: qce - fix priority to be less than ARMv8 CE
     - [arm64] tegra: Disable Tegra234 sce-fabric node
     - xfs: Add error handling for xfs_reflink_cancel_cow_range
     - ACPI: PRM: Remove unnecessary strict handler address checks
     - rv: Reset per-task monitors also for idle tasks
     - kfence: skip __GFP_THISNODE allocations on NUMA systems
     - media: ccs: Clean up parsed CCS static data on parse failure
     - iio: light: as73211: fix channel handling in only-color triggered buffer
     - soc: qcom: smem_state: fix missing of_node_put in error path
     - media: mc: fix endpoint iteration
     - media: ov5640: fix get_light_freq on auto
     - media: ccs: Fix CCS static data parsing for large block sizes
     - media: ccs: Fix cleanup order in ccs_probe()
     - media: uvcvideo: Fix event flags in uvc_ctrl_send_events
     - media: uvcvideo: Remove redundant NULL assignment
     - mm: kmemleak: fix upper boundary check for physical address objects
     - ata: libata-sff: Ensure that we cannot write outside the allocated buffer
     - crypto: qce - fix goto jump in error path
     - crypto: qce - unregister previously registered algos in error path
     - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
     - nvmem: core: improve range check for nvmem_cell_write()
     - io_uring/net: don't retry connect operation on EPOLLERR
     - vfio/platform: check the bounds of read/write syscalls
     - pnfs/flexfiles: retry getting layout segment for reads
     - ocfs2: fix incorrect CPU endianness conversion causing mount failure
     - ocfs2: handle a symlink read error correctly
     - nilfs2: fix possible int overflows in nilfs_fiemap()
     - mailbox: tegra-hsp: Clear mailbox before using message
     - NFC: nci: Add bounds checking in nci_hci_create_pipe()
     - i3c: master: Fix missing 'ret' assignment in set_speed()
     - irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
     - mtd: onenand: Fix uninitialized retlen in do_otp_read()
     - misc: fastrpc: Deregister device nodes properly in error scenarios
     - misc: fastrpc: Fix registered buffer page address
     - misc: fastrpc: Fix copy buffer page size
     - net/ncsi: wait for the last response to Deselect Package before
       configuring channel
     - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
     - rtla/osnoise: Distinguish missing workload option
     - rtla: Add trace_instance_stop
     - rtla/timerlat_hist: Stop timerlat tracer on signal
     - rtla/timerlat_top: Stop timerlat tracer on signal
     - [armhf] pinctrl: samsung: fix fwnode refcount cleanup if
       platform_get_irq_optional() fails
     - ptp: Ensure info->enable callback is always set
     - rtc: zynqmp: Fix optional clock name property
     - io_uring: fix multishots with selected buffers
     - io_uring: fix io_req_prep_async with provided buffers
     - io_uring/rw: commit provided buffer state on async
     - [mips*] ftrace: Declare ftrace_get_parent_ra_addr() as static
     - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
     - gpio: xilinx: remove excess kernel doc
     - ocfs2: check dir i_size in ocfs2_find_entry
     - cachefiles: Fix NULL pointer dereference in object->file (CVE-2024-56549)
     - mptcp: pm: only set fullmesh for subflow endp
     - mptcp: prevent excessive coalescing on receive
     - tty: xilinx_uartps: split sysrq handling
     - maple_tree: fix static analyser cppcheck issue
     - maple_tree: simplify split calculation
     - pps: Fix a use-after-free
     - Revert "btrfs: avoid monopolizing a core when activating a swap file"
     - btrfs: avoid monopolizing a core when activating a swap file
     - nfsd: clear acl_access/acl_default after releasing them
     - NFSD: fix hang in nfsd4_shutdown_callback (Closes: #1071562)
     - HID: multitouch: Add NULL check in mt_input_configured
     - HID: hid-thrustmaster: fix stack-out-of-bounds read in
       usb_check_int_endpoints()
     - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
     - vrf: use RCU protection in l3mdev_l3_out()
     - vxlan: check vxlan_vnigroup_init() return value
     - team: better TEAM_OPTION_TYPE_STRING validation
     - [arm64] cacheinfo: Avoid out-of-bounds write to cacheinfo array
     - cgroup: Remove steal time from usage_usec
     - xen/swiotlb: relax alignment requirements (Closes: #1093371, #1088159,
       #1087807)
     - xen: remove a confusing comment on auto-translated guest I/O
     - [x86] xen: allow larger contiguous memory regions in PV guests
       (Closes: #1093371, #1088159, #1087807)
     - fbdev: omap: use threaded IRQ for LCD DMA
     - media: cxd2841er: fix 64-bit division on gcc-9
     - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
     - PCI: switchtec: Add Microchip PCI100X device IDs
     - scsi: ufs: bsg: Set bsg_queue to NULL after removal
     - rtla/timerlat_hist: Abort event processing on second signal
     - rtla/timerlat_top: Abort event processing on second signal
     - vfio/pci: Enable iowrite64 and ioread64 for vfio pci
     - Grab mm lock before grabbing pt lock
     - [x86] mm/tlb: Only trim the mm_cpumask once a second
     - orangefs: fix a oob in orangefs_debug_write
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet 5V
     - batman-adv: fix panic during interface removal
     - batman-adv: Ignore neighbor throughput metrics in error case
     - batman-adv: Drop unmanaged ELP metric worker
     - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
     - [x86] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't
       in-kernel
     - [x86] KVM: nSVM: Enter guest mode before initializing nested NPT MMU
     - [x86] perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
     - usb: dwc3: Fix timeout issue during controller enter/exit from halt state
     - usb: roles: set switch registered flag early on
     - usb: gadget: udc: renesas_usb3: Fix compiler warning
     - usb: dwc2: gadget: remove of_node reference upon udc_stop
     - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
     - usb: core: fix pipe creation for get_bMaxPacketSize0
     - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
     - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
       (Closes: #1091517)
     - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
     - USB: hub: Ignore non-compliant devices with too many configs or interfaces
     - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
     - usb: cdc-acm: Check control transfer buffer size before access
       (CVE-2025-21704)
     - usb: cdc-acm: Fix handling of oversized fragments
     - USB: serial: option: add MeiG Smart SLM828
     - USB: serial: option: add Telit Cinterion FN990B compositions
     - USB: serial: option: fix Telit Cinterion FN990A name
     - USB: serial: option: drop MeiG Smart defines
     - can: ctucanfd: handle skb allocation failure
     - can: c_can: fix unbalanced runtime PM disable in error path
     - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
       length zero
     - efi: Avoid cold plugged memory for placing the kernel
     - cgroup: fix race between fork and cgroup.kill
     - serial: 8250: Fix fifo underflow on flush
     - gpiolib: acpi: Add a quirk for Acer Nitro ANV14
     - gpio: stmpe: Check return value of stmpe_reg_read in
       stmpe_gpio_irq_sync_unlock
     - partitions: mac: fix handling of bogus partition table
     - regmap-irq: Add missing kfree()
     - [arm64] Handle .ARM.attributes section in linker scripts
     - mmc: mtk-sd: Fix register settings for hs400(es) mode
     - btrfs: fix hole expansion when writing at an offset beyond EOF
     - clocksource: Use pr_info() for "Checking clocksource synchronization"
       message
     - clocksource: Use migrate_disable() to avoid calling get_random_u32() in
       atomic context
     - ipv4: add RCU protection to ip4_dst_hoplimit()
     - net: treat possible_net_t net pointer as an RCU one and add
       read_pnet_rcu()
     - net: add dev_net_rcu() helper
     - ipv4: use RCU protection in ipv4_default_advmss()
     - ipv4: use RCU protection in rt_is_expired()
     - ipv4: use RCU protection in inet_select_addr()
     - net: ipv4: Cache pmtu for all packet paths if multipath enabled
     - ipv4: use RCU protection in __ip_rt_update_pmtu()
     - ipv4: icmp: convert to dev_net_rcu()
     - flow_dissector: use RCU protection to fetch dev_net()
     - ipv6: use RCU protection in ip6_default_advmss()
     - ndisc: use RCU protection in ndisc_alloc_skb()
     - neighbour: delete redundant judgment statements
     - neighbour: use RCU protection in __neigh_notify()
     - arp: use RCU protection in arp_xmit()
     - openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
     - ndisc: extend RCU protection in ndisc_send_skb()
     - ipv6: mcast: add RCU protection to mld_newpack()
     - [arm64] drm/v3d: Stop active perfmon if it is being destroyed
     - kdb: Do not assume write() callback available
     - [x86] static-call: Remove early_boot_irqs_disabled check to fix Xen PVH
       dom0
     - iommu: Return right value in iommu_sva_bind_device() (CVE-2024-40945)
     - [arm64] tegra: Fix typo in Tegra234 dce-fabric compatible
     - mm: gup: fix infinite loop within __get_longterm_locked
     - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
       Driver Due to Race Condition (CVE-2024-50061)
     - nilfs2: do not output warnings when clearing dirty buffers
     - nilfs2: do not force clear folio if buffer is referenced
     - nilfs2: protect access to buffers with no active references
     - can: ems_pci: move ASIX AX99100 ids to pci_ids.h
     - serial: 8250_pci: add support for ASIX AX99100
     - parport_pc: add support for ASIX AX99100
     - net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice
       events
     - netdevsim: print human readable IP address
     - f2fs: fix to wait dio completion (CVE-2024-47726)
     - drm/amd/display: Add NULL pointer check for kzalloc (CVE-2024-42122)
     - [x86] i8253: Disable PIT timer 0 when not in use
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 32
   * [arm64] phy: rockchip: naneng-combphy: compatible reset with old DT
     (Closes: #1095745, #1098250, #1098354)
   * net: mana: Fix possible double free in error handling path (CVE-2024-42069)
     (Closes: #1099138)
   * net: mana: Fix RX buf alloc_size alignment and atomic op panic
     (CVE-2024-45001) (Closes: #1099138)
   * ptrace: Introduce exception_ip arch hook
   * mm/memory: Use exception ip to search exception tables
     (Closes: #1093200, #1087809, #1086028)
linux-signed-i386 (6.1.128+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.128-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
     - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
     - bpf, sockmap: Fix race between element replace and close()
       (CVE-2024-56664)
     - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
       (CVE-2024-53128)
     - jbd2: increase IO priority for writing revoke records
     - jbd2: flush filesystem device before updating tail sequence
     - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
     - dm array: fix unreleased btree blocks on closing a faulty array cursor
     - dm array: fix cursor index when skipping across block boundaries
     - exfat: fix the infinite loop in exfat_readdir()
     - exfat: fix the infinite loop in __exfat_free_cluster()
     - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
       transitivity
     - net: 802: LLC+SNAP OID:PID lookup on start of skb data
     - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
     - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
     - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
     - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
     - cxgb4: Avoid removal of uninserted tid
     - ice: fix incorrect PHY settings for 100 GB/s
     - tls: Fix tls_sw_sendmsg error handling
     - Bluetooth: hci_sync: Fix not setting Random Address when required
     - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
     - netfilter: nf_tables: imbalance in flowtable binding
     - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
     - sched: sch_cake: add bounds checks to host bulk flow fairness counts
     - net/mlx5: Fix variable not being completed when function returns
     - ksmbd: fix a missing return value check bug
     - afs: Fix the maximum cell name length
     - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
     - dm thin: make get_first_thin use rcu-safe list first function
     - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
     - sctp: sysctl: rto_min/max: avoid using current->nsproxy
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
     - sctp: sysctl: udp_port: avoid using current->nsproxy
     - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
     - thermal: of: fix OF node leak in of_thermal_zone_find()
     - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
     - ACPI: resource: Add Asus Vivobook X1504VAP to
       irq1_level_low_skip_override[]
     - drm/amd/display: increase MAX_SURFACES to the value supported by hw
     - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
       2)
     - bpf: Add MEM_WRITE attribute
     - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
     - USB: serial: option: add MeiG Smart SRM815
     - USB: serial: option: add Neoway N723-EA support
     - usb-storage: Add max sectors quirk for Nokia 208
     - USB: serial: cp210x: add Phoenix Contact UPS Device
     - usb: dwc3: gadget: fix writing NYET threshold
     - topology: Keep the cpumask unchanged when printing cpumap
     - usb: gadget: u_serial: Disable ep before setting port to null to fix the
       crash caused by port being null
     - usb: dwc3-am62: Disable autosuspend during remove
     - USB: usblp: return error when setting unsupported protocol
     - USB: core: Disable LPM only for non-suspended ports
     - usb: fix reference leak in usb_new_device()
     - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
     - iio: light: vcnl4035: fix information leak in triggered buffer
     - iio: imu: kmx61: fix information leak in triggered buffer
     - iio: gyro: fxas21002c: Fix missing data update in trigger handler
     - iio: inkern: call iio_device_put() only on mapped devices
     - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
     - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
     - of/address: Add support for 3 address cell bus
     - of: address: Fix address translation when address-size is greater than 2
     - of: address: Remove duplicated functions
     - of: address: Store number of bus flag cells rather than bool
     - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
     - ocfs2: correct return value of ocfs2_local_free_info()
     - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
       (CVE-2024-57892)
     - drm: bridge: adv7511: use dev_err_probe in probe function
     - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
     - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
     - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
       conditionals
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
     - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
     - bpf: Fix bpf_sk_select_reuseport() memory leak
     - openvswitch: fix lockup on tx to unregistering netdev with carrier
     - pktgen: Avoid out-of-bounds access in get_imix_entries
     - net: add exit_batch_rtnl() method
     - gtp: use exit_batch_rtnl() method
     - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
     - gtp: Destroy device along with udp socket's netns dismantle.
     - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
     - net/mlx5: Fix RDMA TX steering prio
     - net/mlx5: Clear port select structure when fail to create
     - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
     - hwmon: (tmp513) Fix division of negative numbers
     - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
     - i2c: mux: demux-pinctrl: check initial mux selection, too
     - i2c: rcar: fix NACK handling when being a target
     - nvmet: propagate npwg topology
     - mac802154: check local interfaces before deleting sdata list
     - hfs: Sanity check the root record
     - fs: fix missing declaration of init_files
     - kheaders: Ignore silly-rename files
     - cachefiles: Parse the "secctx" immediately
     - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
       drivers
     - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
     - iomap: avoid avoid truncating 64-bit offset to 32 bits
     - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
       .poll()
     - [x86] asm: Make serialize() always_inline
     - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
     - zram: fix potential UAF of zram table
     - mptcp: be sure to send ack when mptcp-level window re-opens
     - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
     - vsock/virtio: discard packets if the transport changes
     - vsock/virtio: cancel close work in the destructor
     - vsock: reset socket state when de-assigning the transport
     - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
     - filemap: avoid truncating 64-bit offset to 32 bits
     - fs/proc: fix softlockup in __read_vmcore (part 2)
     - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
       (CVE-2024-36899)
     - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
     - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
     - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
     - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
     - hrtimers: Handle CPU state correctly on hotplug
     - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
     - Revert "PCI: Use preserve_config in place of pci_flags"
     - iio: imu: inv_icm42600: fix spi burst write not supported
     - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
     - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
       buffer (CVE-2024-57907)
     - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
       (CVE-2024-56608)
     - drm/amdgpu: fix usage slab after free (CVE-2024-56551)
     - block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
     - Revert "drm/amdgpu: rework resume handling for display (v2)"
       (Closes: #1094766)
     - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
     - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
     - Revert "regmap: detach regmap from dev on regmap_exit"
     - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
     - erofs: tidy up EROFS on-disk naming
     - erofs: handle NONHEAD !delta[1] lclusters gracefully
     - nfsd: add list_head nf_gc to struct nfsd_file
     - [x86] xen: fix SLS mitigation in xen_hypercall_iret()
     - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
     - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
       request
     - drm/amd/display: Use HW lock mgr for PSR1
     - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
     - regmap: detach regmap from dev on regmap_exit
     - ipv6: Fix soft lockups in fib6_select_path under high next hop churn
       (CVE-2024-56703)
     - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
     - xfs: bump max fsgeom struct version
     - xfs: hoist freeing of rt data fork extent mappings
     - xfs: prevent rt growfs when quota is enabled
     - xfs: rt stubs should return negative errnos when rt disabled
     - xfs: fix units conversion error in xfs_bmap_del_extent_delay
     - xfs: make sure maxlen is still congruent with prod when rounding down
     - xfs: introduce protection for drop nlink
     - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
     - xfs: allow read IO and FICLONE to run concurrently
     - xfs: factor out xfs_defer_pending_abort
     - xfs: abort intent items when recovery intents fail
     - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
     - xfs: up(ic_sema) if flushing data device fails
     - xfs: fix internal error from AGFL exhaustion
     - xfs: inode recovery does not validate the recovered inode
     - xfs: clean up dqblk extraction
     - xfs: dquot recovery does not validate the recovered dquot
     - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
     - xfs: respect the stable writes flag on the RT device
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
     - io_uring: fix waiters missing wake ups (Closes: #1093243)
     - net: sched: fix ets qdisc OOB Indexing
     - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
     - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
     - vfio/platform: check the bounds of read/write syscalls
     - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
       (CVE-2024-50304)
     - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
     - wifi: iwlwifi: add a few rate index validity checks
     - smb: client: fix UAF in async decryption (CVE-2024-50047)
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
     - Revert "usb: gadget: u_serial: Disable ep before setting port to null to
       fix the crash caused by port being null"
     - ALSA: usb-audio: Add delay quirk for USB Audio Device
     - Input: atkbd - map F23 key to support default copilot shortcut
     - Input: xpad - add unofficial Xbox 360 wireless receiver clone
     - Input: xpad - add support for wooting two he (arm)
     - smb: client: fix NULL ptr deref in crypto_aead_setkey()
     - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 31
   * [rt] Update to 6.1.127-rt48
linux-signed-i386 (6.1.124+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.124-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.124
     - [x86] hyperv: Fix hv tsc page based sched_clock for hibernation
     - selinux: ignore unknown extended permissions
     - btrfs: fix use-after-free in btrfs_encoded_read_endio() (CVE-2024-56582)
     - tracing: Have process_string() also allow arrays
     - [x86] thunderbolt: Add support for Intel Lunar Lake
     - [x86] thunderbolt: Add support for Intel Panther Lake-M/P
     - [x86] thunderbolt: Don't display nvm_version unless upgrade supported
     - xhci: retry Stop Endpoint on buggy NEC controllers
     - usb: xhci: Limit Stop Endpoint retries
     - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
     - net: mctp: handle skb cleanup on sock_queue failures
     - RDMA/mlx5: Enforce same type port association for multiport RoCE
     - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
     - [arm64] RDMA/hns: Refactor mtr find
     - [arm64] RDMA/hns: Remove unused parameters and variables
     - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer
     - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path
     - [arm64] RDMA/hns: Fix missing flush CQE for DWQE
     - net: stmmac: platform: provide devm_stmmac_probe_config_dt()
     - net: stmmac: don't create a MDIO bus if unnecessary
     - net: stmmac: restructure the error path of stmmac_probe_config_dt()
     - net: fix memory leak in tcp_conn_request()
     - ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices
     - ip_tunnel: annotate data-races around t->parms.link
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
     - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
     - net: Fix netns for ip_tunnel_init_flow()
     - netrom: check buffer length before accessing it
     - [x86] drm/i915/dg1: Fix power gate sequence.
     - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
       (Closes: #1092772)
     - net: llc: reset skb->transport_header
     - ALSA: usb-audio: US16x08: Initialize array before use
     - [armel,armhf] net: mv643xx_eth: fix an OF node reference leak
     - net: wwan: t7xx: Fix FSM command timeout issue
     - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
     - net: restrict SO_REUSEPORT to inet sockets
     - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
     - af_packet: fix vlan_get_tci() vs MSG_PEEK
     - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
     - ila: serialize calls to nf_register_net_hooks()
     - btrfs: rename and export __btrfs_cow_block()
     - btrfs: fix use-after-free when COWing tree bock and tracing is enabled
       (CVE-2024-56759)
     - wifi: mac80211: wake the queues in case of failure in resume
     - btrfs: flush delalloc workers queue before stopping cleaner kthread during
       unmount
     - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
     - sound: usb: enable DSD output for ddHiFi TC44C
     - sound: usb: format: don't warn that raw DSD is unsupported
     - bpf: fix potential error return
     - ksmbd: retry iterate_dir in smb2_query_dir
     - net: usb: qmi_wwan: add Telit FE910C04 compositions
     - Bluetooth: hci_core: Fix sleeping function called from invalid context
     - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
     - usb: xhci: Avoid queuing redundant Stop Endpoint commands
     - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
     - modpost: fix the missed iteration for the max bit in do_input()
     - ALSA hda/realtek: Add quirk for Framework F111:000C
     - ALSA: seq: oss: Fix races at processing SysEx messages
     - kcov: mark in_softirq_really() as __always_inline
     - RDMA/uverbs: Prevent integer overflow issue
     - [armhf] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap
       locking
     - sky2: Add device ID 11ab:4373 for Marvell 88E8075
     - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
     - [arm64] drm: adv7511: Drop dsi single lane support
     - dt-bindings: display: adi,adv7533: Drop single lane support
     - mm/readahead: fix large folio support in async readahead
     - mm: vmscan: account for free pages to prevent infinite Loop in
       throttle_direct_reclaim()
     - mptcp: fix TCP options overflow.
     - mptcp: fix recvbuffer adjust on sleeping rcvmsg
     - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
     - zram: check comp is non-NULL before calling comp_destroy
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 30

linuxcnc (2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u1) bookworm; urgency=medium
 .
   [ CMorley ]
   * qtvcp -mdi_line: fix multi axes movement on single axis G0 MDI call
     (Closes: #1053251).
 .
   [ Petter Reinholdtsen ]
   * Added d/gbp.conf documenting branches used.

ltt-control (2.13.9-1+deb12u1) bookworm; urgency=medium
 .
   * Bookworm gbp branch config
   * Fix consumer crash on shutdown (Closes: #1090850)

lttng-modules (2.13.9-1+deb12u1) bookworm; urgency=medium
 .
   * Fix build on linux 5.10.0-33 from bullseye (Closes: #1095902)
   * [2f122b3] Bookworm gbp branch config
   * [91937e4] Add patch to fix build on Linux 5.10.220..5.11

mariadb (1:10.11.11-0+deb12u1) bookworm; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.11. Includes fixes for several defects
     as noted at https://mariadb.com/kb/en/mariadb-10-11-11-release-notes/ as
     well the following security issues:
     - CVE-2025-21490
   * This release includes upstream version 10.11.10, with fixes for regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-10-release-notes/
   * Includes fix for main.having_cond_pushdown test failure on s390x which also
     affected builds in Debian (https://jira.mariadb.org/browse/MDEV-34650)
   * Previous version 10.11.7 included fix for InnoDB hang (Closes: #1069895)
   * Include Debian packaging bugfixes done upstream:
     - MDEV-35907: debian-start script fails when using non-standard socket path
     - Set CAP_IPC_LOCK capability if possible
   * Update server trace to include new parameters and values. This includes now
     MariaDB client parameter 'quick-max-column-width' and new MariaDB Server
     parameters 'innodb-log-file-mmap' and 'optimizer-join-limit-pref-ratio'.
     Also the parameters 'innodb-lru-flush-size' and
     'innodb-purge-rseg-truncate-frequency' seems to have been removed, while
     'optimizer-adjust-secondary-key-costs' got new default values.
   * Update configuration traces to match innodb_log_file_mmap changes done in
     MDEV-35785
   * Update configuration traces with new query allocator values from MDEV-35750
   * Skip test main.mysqld--help-aria due to MDEV-34733
   * Include several restart/shutdown related fixes that have been in Debian
     unstable in MariaDB 11.4 for a long time, and which are likely needed to
     avoid occasional shutdown issues, in particular on upgrades (LP: #2034125)
     in both Debian and Ubuntu
     - Make SysV init more verbose in case of MariaDB start failures (Related: #1033234)
     - Limit check of running mysqld/mariadbd to system users (Closes: #1032047)
     - When shutting down 'mariadbd', fallback to 'mysqld'
   * Add Lintian overrides for new upstream documentation JavaScript files
   * Make d/watch more specific to circumvent bug in .10 vs .11 detection
 .
   [ Phil Dibowitz ]
   * Add some info on getting back to passwordless root (Closes: #1088133)
mariadb (1:10.11.9-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 10.11.9. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-9-release-notes/
   * This release includes upstream version 10.11.8, with fixes for regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/ as well
     as security issue:
     - CVE-2024-21096
   * Drop multiple patches dropped upstream, including PR#2541.
   * Remove libmariadb file no longer present in MariaDB Connector C v3.3
   * Update client program 'mariadb' trace to match new libmariadb v3.3
   * Update server trace to include new parameters and values from 10.11.7 and .8
   * Note that upstream dropped support for pmem as Red Hat does not support it,
     but we continue to use it in Debian Bookworm
   * Also note upstream updated the MariaDB Connector C library (libmariadb)
     from v3.2 to 3.3 in this stable maintenance release, but it does not cause
     any issues as the soname and list of public symbols continues to be exactly
     same as before
   * Update gdb.conf to be aligned with other branches and easier to maintain
   * Add NEWS item to explain new `mariadb-dump` option `--sandbox`
mariadb (1:10.11.8-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.8. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/ as well
     as security issues:
     - CVE-2024-21096
   * Add CMake flag to ignore libfmt exit code so cross-building works
   * Extend skip test list for latest failures in reproducible builds on armhf
   * Disable tests that fail on armhf when full test suite is run
   * Remove temporary exceptions for bugs that should by now be fixed
   * MDEV-31530 Localizations for Swahili language
   * Update Innotop to be compatible with MariaDB 11.x series
   * Replace use of trailing line `| \` with just `|` in Bash scripts
   * Remove libmariadb file no longer present in MariaDB Connector C v3.3
   * Replace autopkgtest smoke test dependency hack with arch list
   * Update client program 'mariadb' trace to match new libmariadb v3.3
     - New parameter 'sandbox' to fix a vulnerability and new mariadb-dump
       output that always has the sandbox header and is backwards incompatible
   * Update server trace to include new parameters innodb-log-spin-wait-delay
     and innodb-snapshot-isolation
   [ Michael Biebl ]
   * Ensure debconf database is purged after it has been used in postrm
 .
   [ Svante Signell ]
   * Make hurd-i386 build fully pass (Closes: #1069094)
mariadb (1:10.11.7-4) unstable; urgency=medium
 .
   [ Michael Biebl ]
   * Drop unnecessary mariadb-server.prerm (Closes: #1067491)
   * Rely on dh_installsystemd to stop the service in postrm
 .
   [ Otto Kekäläinen ]
   * Remove direct dependencies on libcurl4 (Closes: #1068403, #1068404)
   * Make tests compatible with OpenSSL 3.2.0
mariadb (1:10.11.7-3) unstable; urgency=medium
 .
   * Add 'dpkg-dev (>= 1.22.5)' to Build-Depends for time_t transition
     (Closes: #1065275)
mariadb (1:10.11.7-2) unstable; urgency=medium
 .
   [ Graham Inggs ]
   * Rename libraries for 64-bit time_t transition (Closes: #1062841)
 .
   [ Otto Kekäläinen ]
   * Salsa-CI: Adopt new libmariadbd19t64 library name in CI
   * Remove obsolete Lintian override:
     package-supports-alternative-init-but-no-init.d-script
   * Disable more tests not passing for sparc64 on Debian
   * Add patch to fix hurd-i386 build failure (Closes: #1063739)
   * Add patch to partially revert upstream c432c9ef (Closes: #1063738)
   * Disable table_value_constr failing on armhf on Launchpad
   * Backport patch for MDEV-32975 (collation fix for PHP connector)
mariadb (1:10.11.7-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.7. Includes fixes for several regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/
   * Add missing ${misc:Depends} to Depends for mariadb-server-10.5
   * Re-export upstream signing key without extra signatures
   * Remove field Priority on binary package mariadb-server-10.5 that duplicates
     source
   * Update debian/copyright for 2024
   * Delete test plugin pam_mariadb_mtr.so to keep mariadb-test-data clean
   * Clean away unused Lintian overrides
   * Remove unneeded CMAKE_SYSTEM_PROCESSOR from debian/rules
   * Add patch to skip building AUTH_SOCKET on Hurd (Related: #1006531)
   * Use Pre-Depends to ensure init-system-helpers is present
 .
   [ Michael Biebl ]
   * Install PAM module and systemd files into /usr (Closes: #1061348)
   * Install .service files via .install and let dh_installinit/dh_systemd
     generate the maintscript code
   * Switch to dh_installsystemd and debhelper compat 13
mariadb (1:10.11.6-2.1~exp1) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
mariadb (1:10.11.6-2) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * Make the transitional dummy package description explicit
   * Ensure 'clean' target works
   * Use upstream patch to fix subselect test regressions (Closes: #1059904)
   * Disable innodb_ext_key crashing on ppc64el (Related: #1059904)
   * Apply upstream patch to use RDTIME in RISC-V (Closes: #1060007)
mariadb (1:10.11.6-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.6. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/ as well
     as security issues:
     - CVE-2023-22084
   * Upstream MariaDB Server 10.11.6 included fix for fmtlib 10 compatibility
     (Closes: #1056387)
   * Drop STACK_DIRECTION customization as upstream CMake code now handles it
   * Update traces to match these changes in MariaDB 10.11.6:
     - New option 'ALL' to multiple parameters as a way to define that all
       possible values/options are selected
     - New variables log-slow-max-warnings, note-verbosity and
       optimizer-max-sel-args
     - Default value for innodb-purge-batch-size increased to 1000
     - Support for TLSv1.1 has been dropped
 .
   [ Guillem Jover ]
   * Remove tilegx support removed from dpkg 1.22.0 (Closes: #1056748)

monero (0.18.0.0+~0+20200826-1+deb12u1) bookworm; urgency=medium
 .
   * Backport CVE-2025-26819 fix
   * Use fully qualified names for epee (fix compilation fail)

mozc (2.28.4715.102+dfsg-2.2+deb12u1) bookworm; urgency=medium
 .
    * debian/patches/fcitx5-backport/:
     + e13338a41329f58e724801771f0cecf7338e24fb.patch: Backport fixes
       for fcitx icon names. (Closes: #1091829)
   * debian/fcitx-mozc-data.links: Also adjust file installation link
     accordingly following the patch.

ndcube (2.0.3-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   [ Ole Streicher ]
   * Ignore all Astropy warnings (Closes: #1055877)

nginx (1.22.1-9+deb12u1) bookworm; urgency=medium
 .
   * d/p/CVE-2025-23419.patch add, backport CVE-2025-23419 fix.

node-axios (1.2.1+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CSRF vulnerability (Closes: #1056099, CVE-2023-45857)
   * Fix potential vulnerability in URL when determining an origin
     (Closes: #1094731, CVE-2024-57965)

node-js-sdsl (4.1.4-2+deb12u1) bookworm; urgency=medium
 .
   * Backport fix for typescript. Closes: #1078889.

node-postcss (8.4.20+~cs8.0.23-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CVE-2023-44270 (Closes: #1053282)
     The vulnerability affects linters
     using PostCSS to parse external untrusted CSS.
     An attacker can prepare CSS in such a way that it will
     contains parts parsed by PostCSS as a CSS comment.
     After processing by PostCSS, it will be included in
     the PostCSS output in CSS nodes (rules, properties)
     despite being included in a comment.
   * Fix CVE-2024-55565:
     nanoid (aka Nano ID) a subcomponent of this package
     mishandles non-integer values that could lead to DoS
     by infinite loop.

node-recast (0.21.1-1+deb12u1) bookworm; urgency=medium
 .
   * Install undici-types for tests. Closes: #1078891.

node-redis (4.5.1+~1.1.2-1+deb12u1) bookworm; urgency=medium
 .
   * patch: fix NodeJS.Timeout type. Closes: #1078892.

node-rollup (3.15.0-1+deb12u1) bookworm; urgency=medium
 .
   * patch to fix tsc FTBFS. Closes: #1078895.

openafs (1.8.9-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * afs: Properly type afs_osi_suser cred arg
   * Theft of credentials in Unix client PAGs (CVE-2024-10394)
     (Closes: #1087406, #1087407)
   * Fileserver crash and possible information leak on StoreACL/FetchACL
     (CVE-2024-10396) (Closes: #1087406, #1087407)
   * Preallocated buffer overflows in XDR responses (CVE-2024-10397)
     (Closes: #1087406, #1087407)

openh264 (2.3.1+dfsg-3+deb12u2) bookworm; urgency=medium
 .
   * Fix Cisco download (Closes: #1099030)
openh264 (2.3.1+dfsg-3+deb12u1) bookworm-security; urgency=medium
 .
   * Let libopenh264-cisco7 install version 2.6.0
   * Backport CVE-2025-27091 fix (Closes: #1098470)

openjdk-17 (17.0.14+7-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for Bookworm
openjdk-17 (17.0.14~6ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.14 early access, build 6.
 .
   [ Pushkar Kulkarni ]
   * d/t/problems.csv: Update based on recent JTREG runs.
openjdk-17 (17.0.13+11-2) unstable; urgency=high
 .
   * Don't enable dtrace on POWER* architectures.

openjpeg2 (2.5.0-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2021-3575 (Closes: #989775)
   * CVE-2023-39327 (Closes: #1081908)
   * CVE-2024-56826 (Closes: #1092675)
   * CVE-2024-56827 (Closes: #1092675)

openssh (1:9.2p1-2+deb12u5) bookworm-security; urgency=medium
 .
   * CVE-2025-26465: Fix MitM in verify_host_key_callback.
   * Fix incorrect return values on a number of error paths.

pam-pkcs11 (0.6.12-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed possible authentication bypass: Don't return PAM_IGNORE
     (CVE-2025-24531) (Closes: #1095402)
   * fixed possible authentication bypass: Use signatures to verify
     authentication by default (CVE-2025-24032)
   * Update configuration files for the CVE-2025-24032 fix

pam-u2f (1.1.0-1.1+deb12u1) bookworm-security; urgency=high
 .
   * Start to backport the fixes for CVE-2025-23013 to debian stable
     (CVE-2025-23013)
   * Refactored the do_not_return_PAM_IGNORE patch for bookworm
     (CVE-2025-23013)

pdns-recursor (4.8.8-1+deb12u1) bookworm-security; urgency=medium
 .
   * Backport 4.9.8 patch for CVE-2024-25590 (Closes: #1083285)

php-nesbot-carbon (2.65.0-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2025-22145: Arbitrary file include in Carbon::setLocale
     (Closes: #1092680)

postgresql-15 (15.12-0+deb12u2) bookworm; urgency=medium
 .
   * Grab base.tar.zst from failing 010_client_untar test on mipsel.
postgresql-15 (15.12-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.12.
 .
     + Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane)
 .
       The changes made for CVE-2025-1094 had one serious oversight:
       PQescapeLiteral() and PQescapeIdentifier() failed to honor their string
       length parameter, instead always reading to the input string's trailing
       null.  This resulted in including unwanted text in the output, if the
       caller intended to truncate the string via the length parameter.  With
       very bad luck it could cause a crash due to reading off the end of
       memory.
 .
       In addition, modify all these quoting functions so that when invalid
       encoding is detected, an invalid sequence is substituted for just the
       first byte of the presumed character, not all of it.  This reduces the
       risk of problems if a calling application performs additional processing
       on the quoted string.
postgresql-15 (15.11-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 15.11.
 .
     + Harden PQescapeString and allied functions against invalidly-encoded
       input strings (Andres Freund, Noah Misch)
 .
       Data-quoting functions supplied by libpq now fully check the encoding
       validity of their input.  If invalid characters are detected, they
       report an error if possible.  For the ones that lack an error return
       convention, the output string is adjusted to ensure that the server will
       report invalid encoding and no intervening processing will be fooled by
       bytes that might happen to match single quote, backslash, etc.
 .
       The purpose of this change is to guard against SQL-injection attacks
       that are possible if one of these functions is used to quote crafted
       input.  There is no hazard when the resulting string is sent directly to
       a PostgreSQL server (which would check its encoding anyway), but there
       is a risk when it is passed through psql or other client-side code.
       Historically such code has not carefully vetted encoding, and in many
       cases it's not clear what it should do if it did detect such a problem.
 .
       This fix is effective only if the data-quoting function, the server, and
       any intermediate processing agree on the character encoding that's being
       used.  Applications that insert untrusted input into SQL commands should
       take special care to ensure that that's true.
 .
       Applications and drivers that quote untrusted input without using these
       libpq functions may be at risk of similar problems.  They should first
       confirm the data is valid in the encoding expected by the server.
 .
       The PostgreSQL Project thanks Stephen Fewer for reporting this problem.
       (CVE-2025-1094)

puma (5.6.5-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/patches/
    + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when
      parsing chunked transfer encoding bodies and zero-length
      Content-Length headers in a way that allowed HTTP request
      smuggling. (Closes: #1050079)
 .
    + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of
      chunk extensions. (Closes: #1060345)
 .
    + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber
      values set by intermediate proxies (such as X-Forwarded-For) by
      providing a underscore version of the same header.
      (Closes: #1082379)

python-pycdlib (1.12.0+ds1-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Run tests only if /tmp is in tmpfs, because otherwise they are
     known to fail. (Closes: #1002789).

rapiddisk (9.0.0-1+deb12u1) bookworm; urgency=medium
 .
   * QA upload.
   * Set Maintainer to Debian QA Group.  (See: #1091209)
   * Drop unused obsolete patches.
   * Cherry-pick upstream commits for supporting up to Linux 6.10.
     (Closes: #1069945, #1070418)
   * dkms.conf: Set BUILD_EXCLUSIVE_KERNEL_MIN="2.6.39" for using kstrto*().
   * Upload to bookworm.

redis (5:7.0.15-1~deb12u3) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-46981: LUA garbage collector code execution
   * CVE-2024-51741: DoS due to malformed ACL selectors
   * Closes: #1092370

rsync (3.2.7-1+deb12u2) bookworm-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
     (Closes: #1093089, #1093052)
 .
   [ Samuel Henrique ]
   * d/p/Fix_use-after-free_in_generator: New patch to fix UAF
rsync (3.2.7-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Some checksum buffer fixes. (CVE-2024-12084)
   * Another cast when multiplying integers. (CVE-2024-12084)
   * prevent information leak off the stack (CVE-2024-12085)
   * refuse fuzzy options when fuzzy not selected (CVE-2024-12086)
   * added secure_relative_open() (CVE-2024-12086)
   * receiver: use secure_relative_open() for basis file (CVE-2024-12086)
   * disallow ../ elements in relpath for secure_relative_open (CVE-2024-12086)
   * Refuse a duplicate dirlist. (CVE-2024-12087)
   * range check dir_ndx before use (CVE-2024-12087)
   * make --safe-links stricter (CVE-2024-12088)
   * fixed symlink race condition in sender (CVE-2024-12747)
   * raise protocol version to 32

rsyslog (8.2302.0-1+deb12u1) bookworm; urgency=medium
 .
   * Fix runConf NULL pointer reference.
     If rsyslogd hasn't fully parsed its configuration, runConf will be NULL.
     Receiving a SIGTERM at this point will trigger a segmentation fault.
     So check the pointer before referencing it to allow for a clean restart.
     Patch cherry-picked from upstream Git. (Closes: #1092450)
   * Switch debian-branch to debian/bookworm

runit-services (0.5.5~deb12u2) bookworm; urgency=medium
 .
   * dhclient: ship as disabled by default
     (Closes: #1086131)
   * NEWS: recommend to disable dhclient

seqan3 (3.2.0+ds-6+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Fix parallel tests. Closes: #1087373.

simgear (1:2020.3.16+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * New patch: check I/O rules when auto-constructing an SGPath from
     a Nasal scalar. Thanks to Florent Rougon <f.rougon@frougon.net>.
     (CVE-2025-0781)

snapcast (0.26.0+dfsg1-1+deb12u1) bookworm-security; urgency=medium
 .
   * Fix CVE-2023-36177
     - Remove RPC methods Stream.AddStream and Stream.RemoveStream.

spamassassin (4.0.1-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream maintenance release
     - Remove support for defunct SORBS internet service
     - Fix TCP fallback for large DNS query responses
   * Import upstream fix for DnsResolver.pm method deprecation warnings
     (Closes: #1041759)
   * spamassassin-maintenance: reload spamd only if it's running
     (Closes: #1028030)
   * sa-update: Import upstream fix to usage of deprecated function
     (Closes: #1039960)
   * Fix spamd: user_prefs include files are only read on the first scan (Closes: #1056001)
   * Run sa-update-hooks regardless of whether spamd is running (Closes: 1059744)
   * Be more explicit about exit codes in spamassassin-maint.sh
   * Remove a bashism in spamassassin-maint.sh
   * spamassassin-maint.sh: minor shell improvements
   * Refresh patch 10_change_config_paths
   * Remove patches that have been incorporated upstream
   * Fix systemd detection in cron script (Closes: #1067007)
   * Remove rules referencing the defunct SORBS DNSBLs (Closes: #1072663)
   * Incorporate upstream fix for PDFInfo.pm uninitialized value warnings
     (Closes: #1091683)
   * Restore phishstats.info support in Mail::SpamAssassin::Plugin::Phishing
   * ensure Debian CI jobs run in a bookworm environment
spamassassin (4.0.1~rc1-1) unstable; urgency=medium
 .
   * New upstream release snapshot
spamassassin (4.0.1~pre1-1) unstable; urgency=medium
 .
   * New upstream pre-release snapshot
   * Remove a bashism in spamassassin-maint.sh
   * spamassassin-maint.sh: minor shell improvements
   * Refresh patch 10_change_config_paths
   * Remove patches that have been incorporated upstream
spamassassin (4.0.0-8) unstable; urgency=medium
 .
   * Drop reference to obsolete syslog.target in spamd.service
   * Import upstream patch for bug 1056001 (Closes: #1056001)
   * autopkgtest: give spamd time to set its cmd name
spamassassin (4.0.0-7) unstable; urgency=medium
 .
   * Import upstream fix for DnsResolver.pm method deprecation warnings
     (Closes: #1041759)
   * spamassassin-maintenance: reload spamd only if it's running
     (Closes: #1028030)
   * sa-update: Import upstream fix to usage of deprecated function
     (Closes: #1039960)
   * Drop dependency on obsolete package lsb-base

sssd (2.8.2-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2023-3758: Due to a race condition flaw the GPO policy is not
     consistently applied for authenticated users. (Closes: #1070369)
   * Add d/.gitlab-ci.yml for Salsa CI.
   * Add d/.gitignore file to exclude d/p/*.patch from upstream gitignore(5)'d
     rules.

subversion (1.14.2-4+deb12u1) bookworm; urgency=medium
 .
   * Add salsa-ci config targeting bookworm
   * Backport fix for CVE-2024-46901
   * Backport test for CVE-2024-46901
   * Run davautocheck as part of the build time tests

sunpy (4.1.2-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   [ Ole Streicher ]
   * Ignore Astropy warnings (Closes: #1055892)

systemd (252.36-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.36

thunderbird (1:128.8.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.7.0esr-1) unstable; urgency=medium
 .
   * [6914065] Revert "d/rules: Move/rename third party Python modul temporarly"
     (Closes: #1093362)
   * [4a9ef4c] New upstream version 128.7.0esr
     Fixed CVE issues in upstream version 128.7 (MFSA 2025-10):
     CVE-2025-1009: Use-after-free in XSLT
     CVE-2025-1010: Use-after-free in Custom Highlight
     CVE-2025-1011: A bug in WebAssembly code generation could result in a
                    crash
     CVE-2025-1012: Use-after-free during concurrent delazification
     CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption
                     handling
     CVE-2025-1013: Potential opening of private browsing tabs in normal
                    browsing windows
     CVE-2025-1014: Certificate length was not properly checked
     CVE-2025-1015: Unsanitized address book fields
     CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email
     CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
                    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
                    and Thunderbird 128.7
     CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
                    Firefox ESR 128.7, and Thunderbird 128.7
thunderbird (1:128.7.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * [4a9ef4c] New upstream version 128.7.0esr
     Fixed CVE issues in upstream version 128.7 (MFSA 2025-10):
     CVE-2025-1009: Use-after-free in XSLT
     CVE-2025-1010: Use-after-free in Custom Highlight
     CVE-2025-1011: A bug in WebAssembly code generation could result in a
                    crash
     CVE-2025-1012: Use-after-free during concurrent delazification
     CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption
                     handling
     CVE-2025-1013: Potential opening of private browsing tabs in normal
                    browsing windows
     CVE-2025-1014: Certificate length was not properly checked
     CVE-2025-1015: Unsanitized address book fields
     CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email
     CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
                    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
                    and Thunderbird 128.7
     CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
                    Firefox ESR 128.7, and Thunderbird 128.7
thunderbird (1:128.6.0esr-1) unstable; urgency=medium
 .
   * [996cbfa] New upstream version 128.6.0esr
     Fixed CVE issues in upstream version 128.6 (MFSA 2025-05):
     CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack
     CVE-2025-0238: Use-after-free when breaking lines in text
     CVE-2025-0239: Alt-Svc ALPN validation failure when redirected
     CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module
     CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation
     CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
                    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19
                    and Thunderbird 128.6
     CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134,
                    Firefox ESR 128.6 and Thunderbird 128.6
   * [1d10b3c] rebuild patch queue from patch-queue branch
     obsolete patches (fixed upstream):
     fixes/Fix-python-virtual-environment-sysconfig-path-calculation.patch
thunderbird (1:128.6.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
 .
   [ Carsten Schoenert ]
   * [a6ed0c0] d/control: Switch to clang-16/llvm-16 (Closes: #1088615)
   * [2e9c2ff] d/rules: Extend PATH to use *llvm-16* environment
thunderbird (1:128.5.2esr-1) unstable; urgency=medium
 .
   * [e106dcb] New upstream version 128.5.2esr
     Fixed CVE issues in upstream version 128.5.2 (MFSA 2024-69):
     CVE-2024-50336: matrix-js-sdk has insufficient MXC URI validation which
                     could allow client-side path traversal
   * [248b546] rebuild patch queue from patch-queue branch
     added patches:
     fixes/Fix-python-virtual-environment-sysconfig-path-calculation.patch
thunderbird (1:128.5.0esr-1) unstable; urgency=medium
 .
   * [d21034a] New upstream version 128.5.0esr
     Fixed CVE issues in upstream version 128.5 (MFSA 2024-68):
     CVE-2024-11691: Memory corruption in Apple GPU drivers
     CVE-2024-11692: Select list elements could be shown over another site
     CVE-2024-11693: Download Protections were bypassed by .library-ms files on
                     Windows
     CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
     CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace
                     Characters
     CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
     CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation
                     Dialog
     CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition
                     on macOS
     CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Thunderbird 133,
                     Firefox ESR 128.5, and Thunderbird 128.5

tomcat10 (10.1.34-0+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * Backport 10.1.34 to bookworm to fix open CVE and improve HTTP/2
     functionality.
   * Fix CVE-2024-52316:
     Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is
     configured to use a custom Jakarta Authentication (formerly JASPIC)
     ServerAuthContext component which may throw an exception during the
     authentication process without explicitly setting an HTTP status to
     indicate failure, the authentication may not fail, allowing the user to
     bypass the authentication process. There are no known Jakarta
     Authentication components that behave in this way.
   * Fix CVE-2024-38286:
     Apache Tomcat, under certain configurations, allows an attacker to cause an
     OutOfMemoryError by abusing the TLS handshake process.
   * Fix CVE-2024-50379 / CVE-2024-56337:
     Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP
     compilation in Apache Tomcat permits an RCE on case insensitive file
     systems when the default servlet is enabled for write (non-default
     configuration).
     Some users may need additional configuration to fully mitigate
     CVE-2024-50379 depending on which version of Java they are using with
     Tomcat. For Debian 12 "bookworm" the system property sun.io.useCanonCaches
     must be explicitly set to false (it defaults to false). Most Debian users
     will not be affected because Debian uses case sensitive file systems by
     default.
   * Fix CVE-2024-34750:
     Improper Handling of Exceptional Conditions, Uncontrolled Resource
     Consumption vulnerability in Apache Tomcat. When processing an HTTP/2
     stream, Tomcat did not handle some cases of excessive HTTP headers
     correctly. This led to a miscounting of active HTTP/2 streams which in turn
     led to the use of an incorrect infinite timeout which allowed connections
     to remain open which should have been closed.
   * Fix CVE-2024-54677:
     Uncontrolled Resource Consumption vulnerability in the examples web
     application provided with Apache Tomcat leads to denial of service.
tomcat10 (10.1.33-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
tomcat10 (10.1.33-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
tomcat10 (10.1.31-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
tomcat10 (10.1.30-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
     - Depend on libbyte-buddy-java instead of libcglib-nodep-java
   * Fixed the taglibs tests
   * Fixed the database tests
   * No longer attempt to run the non compiled TestJNDIRealmIntegration test
tomcat10 (10.1.30-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
tomcat10 (10.1.25-2) unstable; urgency=medium
 .
   * Add the missing dependency on libeclipse-jdt-core-compiler-batch-java
     (Closes: #1078372)
tomcat10 (10.1.25-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
tomcat10 (10.1.25-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
tomcat10 (10.1.23-1) unstable; urgency=medium
 .
   * New upstream version 10.1.23
   * Refresh the patches.
   * Declare compliance with Debian Policy 4.7.0.
tomcat10 (10.1.20-1) unstable; urgency=high
 .
   * New upstream version 10.1.20.
     - Fix CVE-2024-24549: Denial of Service due to improper input validation
       vulnerability. (Closes: #1066878)
     - Fix CVE-2024-23672: Denial of Service via incomplete cleanup
       vulnerability. (Closes: #1066877)
   * Remove obsolete dependency on lsb-base from tomcat10 binary package.
tomcat10 (10.1.16-1) unstable; urgency=medium
 .
   * New upstream version 10.1.16.
     - Fix CVE-2023-46589: potential request smuggling. (Closes: #1057082)
tomcat10 (10.1.15-1) unstable; urgency=medium
 .
   [ Emmanuel Bourg ]
   * Build depend on the versionless tomcat-jakartaee-migration jar.
     (Closes: #1054705)
 .
   [ Markus Koschany ]
   * New upstream version 10.1.15.
tomcat10 (10.1.14-1) unstable; urgency=medium
 .
   * New upstream release
     - Refreshed the patches
tomcat10 (10.1.13-1) unstable; urgency=medium
 .
   * New upstream version 10.1.13.
   * Refresh the patches.
tomcat10 (10.1.10-1) unstable; urgency=medium
 .
   * New upstream version 10.1.10.
tomcat10 (10.1.9-1) experimental; urgency=medium
 .
   * New upstream version 10.1.9.
tomcat10 (10.1.8-1) experimental; urgency=medium
 .
   * New upstream version 10.1.8.
tomcat10 (10.1.7-1) experimental; urgency=medium
 .
   * New upstream version 10.1.7.

tzdata (2025a-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 2025a
     - Paraguay adopts permanent -03 starting spring 2024
     - No leap second on 2025-06-30
tzdata (2024b-6) unstable; urgency=medium
 .
   * Update debconf autopkgtest following the /etc/timezone change
   * Rework README.Debian. Explain how timezone are named, the split between
     the tzdata and tzdata-legacy packages, the difference between the 'posix'
     and 'right' version and the way to configure the timezone either
     interactively and programmatically (with and without systemd).
     (Closes: #498171, #602563, #848143)
   * Add a note in NEWS about the /etc/timezone deprecation
tzdata (2024b-5) unstable; urgency=medium
 .
   * Validate timezone using the debconf database instead of the zones files
   * Only mark debconf templates as unseen if the timezone can't be validated
   * Only create /etc/timezone if it already exists
tzdata (2024b-4) unstable; urgency=medium
 .
   * Update Catalan debconf translation.
     Thanks to Carles Pina i Estany <carles@pina.cat> (Closes: #1086485)
tzdata (2024b-3) unstable; urgency=medium
 .
   [ Aurelien Jarno ]
   * tzdata-legacy: bump Replaces: tzdata version to handle the
     Asia/Choibalsan move
 .
   [ Benjamin Drung ]
   * Update Indonesian debconf translation.
     Thanks to Andika Triwidada <andika@gmail.com> (Closes: #1084493)
   * Upstream obsoleted the System V names CET, CST6CDT, EET, EST*, HST, MET,
     MST*, PST8PDT, and WET. They are symlinks now. Move those zones to
     tzdata-legacy and update /etc/localtime on package update to the new names.
     Please use Etc/GMT* in case you want to avoid DST changes.
tzdata (2024b-2) unstable; urgency=medium
 .
   * Build timezones with zic -b 'fat' (Closes: #1084111)
tzdata (2024b-1) unstable; urgency=medium
 .
   * New upstream release (LP: #2079966):
     - Improve historical data for Mexico, Mongolia, and Portugal.
     - System V names are now obsolescent.
     - The main data form now uses %z.
     - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
   * Add autopkgtest test case for 2024b release
   * Update Asia/Choibalsan to Asia/Ulaanbaatar on upgrade and move
     Asia/Choibalsan to tzdata-legacy
   * Bump Standards-Version to 4.7.0
   * generate_debconf_templates: Work around AttributeError on icu import

vagrant (2.3.4+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Add patch 0008-Fix-the-default-vagrant-URL-for-pulling-boxes.patch:
     Work-around change introduced by Hashicorp that broke the public Vagrant
     registry with this version of Vagrant. Closes: #1092987

vim (2:9.0.1378-2+deb12u2) bookworm; urgency=high
 .
   * Drop test case from CVE-2023-2610.patch.
     This test was breaking the build on a number of architectures.
     The test was removed upstream for similar reasons.
     Thanks to James McCoy for reporting the problem.
 .
 vim (2:9.0.1378-2+deb12u1) bookworm; urgency=high
 .
   * Backport security fixes:
     - 9.0.1532: Crash when expanding "~" in substitute
       (Closes: #1035955, CVE-2023-2610)
     - 9.0.1848: buffer-overflow in vim_regsub_both() (CVE-2023-4738)
     - 9.0.1858: heap use after free in ins_compl_get_exp() (CVE-2023-4752)
     - 9.0.1873: heap-buffer-overflow in vim_regsub_both (CVE-2023-4781)
     - 9.0.1969: buffer-overflow in trunc_string()
       (Closes: #1053694, CVE-2023-5344)
     - 9.0.2142: stack-buffer-overflow in option callback functions
       (CVE-2024-22667)
     - 9.1.0697: heap-buffer-overflow in ins_typebuf (CVE-2024-43802)
     - 9.1.0764: use-after-free when closing a buffer
       (Closes: #1084806, CVE-2024-47814).
vim (2:9.0.1378-2+deb12u1) bookworm; urgency=high
 .
   * Backport security fixes:
     - 9.0.1532: Crash when expanding "~" in substitute
       (Closes: #1035955, CVE-2023-2610)
     - 9.0.1848: buffer-overflow in vim_regsub_both() (CVE-2023-4738)
     - 9.0.1858: heap use after free in ins_compl_get_exp() (CVE-2023-4752)
     - 9.0.1873: heap-buffer-overflow in vim_regsub_both (CVE-2023-4781)
     - 9.0.1969: buffer-overflow in trunc_string()
       (Closes: #1053694, CVE-2023-5344)
     - 9.0.2142: stack-buffer-overflow in option callback functions
       (CVE-2024-22667)
     - 9.1.0697: heap-buffer-overflow in ins_typebuf (CVE-2024-43802)
     - 9.1.0764: use-after-free when closing a buffer
       (Closes: #1084806, CVE-2024-47814).

webkit2gtk (2.46.6-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.5-1) unstable; urgency=medium
 .
   * New upstream release.

wget (1.21.3-1+deb12u1) bookworm; urgency=medium
 .
   * d/control: replace obsolete B-D pkg-config with pkgconf.
   * Backport patch to fix mishandling of semicolons in userinfo
     (closes: CVE-2024-38428).

xen (4.17.5+23-ga4e5191dc0-1+deb12u1) bookworm; urgency=medium
 .
   * Ignore lintian error not relevant for bookworm in salsa-ci.
   * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
     uncompressing the kernel) to allow direct kernel boot with kernels >=
     6.12 (Closes: #1092495).
 .
 xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium
 .
   * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains
     security fixes for the following issues:
     - x86: shadow stack vs exceptions from emulation stubs
       XSA-451 CVE-2023-46841
     - x86: Register File Data Sampling
       XSA-452 CVE-2023-28746
     - GhostRace: Speculative Race Conditions
       XSA-453 CVE-2024-2193
     - x86 HVM hypercalls may trigger Xen bug check
       XSA-454 CVE-2023-46842
     - x86: Incorrect logic for BTC/SRSO mitigations
       XSA-455 CVE-2024-31142
     - x86: Native Branch History Injection
       XSA-456 CVE-2024-2201
     - double unlock in x86 guest IRQ handling
       XSA-458 CVE-2024-31143
     - error handling in x86 IOMMU identity mapping
       XSA-460 CVE-2024-31145
     - PCI device pass-through with shared resources
       XSA-461 CVE-2024-31146
     - x86: Deadlock in vlapic_error()
       XSA-462 CVE-2024-45817
     - Deadlock in x86 HVM standard VGA handling
       XSA-463 CVE-2024-45818
     - libxl leaks data to PVH guests via ACPI tables
       XSA-464 CVE-2024-45819
   * Note that the following XSA are not listed, because...
     - XSA-457 and XSA-465 have patches for the Linux kernel.
     - XSA-459 is within Xapi which is not shipped by this package.
     - XSA-466 contains a documentation update that was only applied to the
       current development version of Xen
xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium
 .
   * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains
     security fixes for the following issues:
     - x86: shadow stack vs exceptions from emulation stubs
       XSA-451 CVE-2023-46841
     - x86: Register File Data Sampling
       XSA-452 CVE-2023-28746
     - GhostRace: Speculative Race Conditions
       XSA-453 CVE-2024-2193
     - x86 HVM hypercalls may trigger Xen bug check
       XSA-454 CVE-2023-46842
     - x86: Incorrect logic for BTC/SRSO mitigations
       XSA-455 CVE-2024-31142
     - x86: Native Branch History Injection
       XSA-456 CVE-2024-2201
     - double unlock in x86 guest IRQ handling
       XSA-458 CVE-2024-31143
     - error handling in x86 IOMMU identity mapping
       XSA-460 CVE-2024-31145
     - PCI device pass-through with shared resources
       XSA-461 CVE-2024-31146
     - x86: Deadlock in vlapic_error()
       XSA-462 CVE-2024-45817
     - Deadlock in x86 HVM standard VGA handling
       XSA-463 CVE-2024-45818
     - libxl leaks data to PVH guests via ACPI tables
       XSA-464 CVE-2024-45819
   * Note that the following XSA are not listed, because...
     - XSA-457 and XSA-465 have patches for the Linux kernel.
     - XSA-459 is within Xapi which is not shipped by this package.
     - XSA-466 contains a documentation update that was only applied to the
       current development version of Xen
xen (4.17.3+36-g54dacb5c02-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.17.3+36-g54dacb5c02, which also contains
     security fixes for the following issues:
     - x86: shadow stack vs exceptions from emulation stubs
       XSA-451 CVE-2023-46841
   * Properly incorporate NMU changes.
   * Pick upstream commit b33a5c5929 ("tools/xenstore/xenstored_control.c:
     correctly print time_t") to fix a FTBFS on armhf with 64 bits time_t.
     (Closes: #1065794)
xen (4.17.3+10-g091466ba55-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.  Closes: #1063270
xen (4.17.3+10-g091466ba55-1.1~exp2) experimental; urgency=medium
 .
   * debian/shuffle-binaries: handle rename of
     debian/libxenmiscV.install.vsn-in
xen (4.17.3+10-g091466ba55-1.1~exp1) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
xen (4.17.3+10-g091466ba55-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.17.3+10-g091466ba55, which also contains
     security fixes for the following issues:
     - arm32: The cache may not be properly cleaned/invalidated (take two)
       XSA-447 CVE-2023-46837
     - pci: phantom functions assigned to incorrect contexts
       XSA-449 CVE-2023-46839
     - VT-d: Failure to quarantine devices in !HVM builds
       XSA-450 CVE-2023-46840
   * Note that the following XSA are not listed, because...
     - XSA-448 has patches for the Linux kernel.
   * Compilation with Python 3.12 has been fixed in upstream commit 4000522008
     ("Only compile the hypervisor with -Wdeclaration-after-statement")
     (Closes: #1062048)

xorg-server (2:21.1.7-3+deb12u9) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Cursor: Refuse to free the root cursor (CVE-2025-26594)
   * dix: keep a ref to the rootCursor (CVE-2025-26594)
   * xkb: Fix buffer overflow in XkbVModMaskText() (CVE-2025-26595)
   * xkb: Fix computation of XkbSizeKeySyms (CVE-2025-26596)
   * xkb: Fix buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
   * Xi: Fix barrier device search (CVE-2025-26598)
   * composite: Handle failure to redirect in compRedirectWindow()
     (CVE-2025-26599)
   * composite: initialize border clip even when pixmap alloc fails
     (CVE-2025-26599)
   * dix: Dequeue pending events on frozen device on removal (CVE-2025-26600)
   * sync: Do not let sync objects uninitialized (CVE-2025-26601)
   * sync: Check values before applying changes (CVE-2025-26601)
   * sync: Do not fail SyncAddTriggerToSyncObject() (CVE-2025-26601)
   * sync: Apply changes last in SyncChangeAlarmAttributes() (CVE-2025-26601)
=======================================
Sat, 11 Jan 2025 - Debian 12.9 released
=======================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:38:10 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
btrfs-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
cdrom-core-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
cdrom-core-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
crc-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
crc-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
crypto-dm-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
crypto-dm-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
crypto-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
crypto-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
dasd-extra-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
dasd-extra-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
dasd-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
dasd-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
ext4-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
ext4-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
f2fs-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
f2fs-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
fat-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
fat-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
fuse-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
fuse-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
isofs-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
isofs-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
kernel-image-6.1.0-25-s390x-di |  6.1.106-3 | s390x
kernel-image-6.1.0-28-s390x-di |  6.1.119-1 | s390x
linux-headers-6.1.0-25-s390x |  6.1.106-3 | s390x
linux-headers-6.1.0-28-s390x |  6.1.119-1 | s390x
linux-image-6.1.0-25-s390x |  6.1.106-3 | s390x
linux-image-6.1.0-25-s390x-dbg |  6.1.106-3 | s390x
linux-image-6.1.0-28-s390x |  6.1.119-1 | s390x
linux-image-6.1.0-28-s390x-dbg |  6.1.119-1 | s390x
loop-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
loop-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
md-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
md-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
mtd-core-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
mtd-core-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
multipath-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
multipath-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
nbd-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
nbd-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
nic-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
nic-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
scsi-core-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
scsi-core-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
scsi-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
scsi-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
udf-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
udf-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x
xfs-modules-6.1.0-25-s390x-di |  6.1.106-3 | s390x
xfs-modules-6.1.0-28-s390x-di |  6.1.119-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:38:22 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
affs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
affs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
affs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
ata-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
ata-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
ata-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
ata-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
btrfs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
btrfs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
btrfs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
btrfs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
cdrom-core-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
cdrom-core-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
cdrom-core-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
cdrom-core-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
crc-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
crc-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
crc-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
crc-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
crypto-dm-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
crypto-dm-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
crypto-dm-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
crypto-dm-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
crypto-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
crypto-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
crypto-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
crypto-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
event-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
event-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
event-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
event-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
ext4-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
ext4-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
ext4-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
ext4-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
f2fs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
f2fs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
f2fs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
f2fs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
fat-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
fat-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
fat-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
fat-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
fb-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
fb-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
fb-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
fb-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
firewire-core-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
firewire-core-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
firewire-core-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
firewire-core-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
fuse-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
fuse-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
fuse-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
fuse-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
input-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
input-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
input-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
input-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
isofs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
isofs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
isofs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
isofs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
jfs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
jfs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
jfs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
jfs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
kernel-image-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
kernel-image-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
kernel-image-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
kernel-image-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
linux-headers-6.1.0-25-4kc-malta |  6.1.106-3 | mipsel
linux-headers-6.1.0-25-mips32r2el |  6.1.106-3 | mipsel
linux-headers-6.1.0-28-4kc-malta |  6.1.119-1 | mipsel
linux-headers-6.1.0-28-mips32r2el |  6.1.119-1 | mipsel
linux-image-6.1.0-25-4kc-malta |  6.1.106-3 | mipsel
linux-image-6.1.0-25-4kc-malta-dbg |  6.1.106-3 | mipsel
linux-image-6.1.0-25-mips32r2el |  6.1.106-3 | mipsel
linux-image-6.1.0-25-mips32r2el-dbg |  6.1.106-3 | mipsel
linux-image-6.1.0-28-4kc-malta |  6.1.119-1 | mipsel
linux-image-6.1.0-28-4kc-malta-dbg |  6.1.119-1 | mipsel
linux-image-6.1.0-28-mips32r2el |  6.1.119-1 | mipsel
linux-image-6.1.0-28-mips32r2el-dbg |  6.1.119-1 | mipsel
loop-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
loop-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
loop-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
loop-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
md-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
md-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
md-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
md-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
minix-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
minix-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
minix-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
minix-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
mmc-core-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
mmc-core-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
mmc-core-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
mmc-core-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
mmc-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
mmc-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
mmc-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
mmc-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
mouse-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
mouse-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
mouse-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
mouse-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
multipath-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
multipath-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
multipath-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
multipath-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nbd-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nbd-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nbd-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nbd-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nfs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nfs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nfs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nfs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nic-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nic-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nic-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nic-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nic-shared-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nic-shared-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nic-shared-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nic-shared-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nic-usb-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nic-usb-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nic-usb-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nic-usb-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
nic-wireless-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
nic-wireless-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
nic-wireless-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
nic-wireless-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
pata-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
pata-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
pata-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
pata-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
ppp-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
ppp-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
ppp-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
ppp-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
sata-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
sata-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
sata-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
sata-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
scsi-core-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
scsi-core-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
scsi-core-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
scsi-core-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
scsi-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
scsi-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
scsi-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
scsi-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
scsi-nic-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
scsi-nic-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
scsi-nic-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
scsi-nic-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
sound-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
sound-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
sound-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
sound-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
speakup-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
speakup-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
speakup-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
speakup-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
squashfs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
squashfs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
squashfs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
squashfs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
udf-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
udf-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
udf-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
udf-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
usb-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
usb-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
usb-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
usb-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
usb-serial-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
usb-serial-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
usb-serial-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
usb-serial-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
usb-storage-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
usb-storage-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
usb-storage-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
usb-storage-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel
xfs-modules-6.1.0-25-4kc-malta-di |  6.1.106-3 | mipsel
xfs-modules-6.1.0-25-mips32r2el-di |  6.1.106-3 | mipsel
xfs-modules-6.1.0-28-4kc-malta-di |  6.1.119-1 | mipsel
xfs-modules-6.1.0-28-mips32r2el-di |  6.1.119-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:38:33 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
ata-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
btrfs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
btrfs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
cdrom-core-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
cdrom-core-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
crc-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
crc-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
crypto-dm-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
crypto-dm-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
crypto-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
crypto-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
event-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
event-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
ext4-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
ext4-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
f2fs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
f2fs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
fancontrol-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
fancontrol-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
fat-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
fat-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
fb-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
fb-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
firewire-core-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
firewire-core-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
fuse-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
fuse-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
hypervisor-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
hypervisor-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
i2c-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
i2c-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
input-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
input-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
isofs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
isofs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
jfs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
jfs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
kernel-image-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
kernel-image-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
linux-headers-6.1.0-25-powerpc64le |  6.1.106-3 | ppc64el
linux-headers-6.1.0-28-powerpc64le |  6.1.119-1 | ppc64el
linux-image-6.1.0-25-powerpc64le |  6.1.106-3 | ppc64el
linux-image-6.1.0-25-powerpc64le-dbg |  6.1.106-3 | ppc64el
linux-image-6.1.0-28-powerpc64le |  6.1.119-1 | ppc64el
linux-image-6.1.0-28-powerpc64le-dbg |  6.1.119-1 | ppc64el
loop-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
loop-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
md-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
md-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
mouse-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
mouse-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
mtd-core-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
mtd-core-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
multipath-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
multipath-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
nbd-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
nbd-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
nic-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
nic-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
nic-shared-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
nic-shared-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
nic-usb-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
nic-usb-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
nic-wireless-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
nic-wireless-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
ppp-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
ppp-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
sata-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
sata-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
scsi-core-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
scsi-core-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
scsi-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
scsi-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
scsi-nic-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
scsi-nic-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
serial-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
serial-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
squashfs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
squashfs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
udf-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
udf-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
uinput-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
uinput-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
usb-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
usb-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
usb-serial-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
usb-serial-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
usb-storage-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
usb-storage-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el
xfs-modules-6.1.0-25-powerpc64le-di |  6.1.106-3 | ppc64el
xfs-modules-6.1.0-28-powerpc64le-di |  6.1.119-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:38:43 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-25-amd64 |  6.1.106-3 | amd64
linux-headers-6.1.0-25-cloud-amd64 |  6.1.106-3 | amd64
linux-headers-6.1.0-25-rt-amd64 |  6.1.106-3 | amd64
linux-headers-6.1.0-28-amd64 |  6.1.119-1 | amd64
linux-headers-6.1.0-28-cloud-amd64 |  6.1.119-1 | amd64
linux-headers-6.1.0-28-rt-amd64 |  6.1.119-1 | amd64
linux-image-6.1.0-25-amd64-dbg |  6.1.106-3 | amd64
linux-image-6.1.0-25-amd64-unsigned |  6.1.106-3 | amd64
linux-image-6.1.0-25-cloud-amd64-dbg |  6.1.106-3 | amd64
linux-image-6.1.0-25-cloud-amd64-unsigned |  6.1.106-3 | amd64
linux-image-6.1.0-25-rt-amd64-dbg |  6.1.106-3 | amd64
linux-image-6.1.0-25-rt-amd64-unsigned |  6.1.106-3 | amd64
linux-image-6.1.0-28-amd64-dbg |  6.1.119-1 | amd64
linux-image-6.1.0-28-amd64-unsigned |  6.1.119-1 | amd64
linux-image-6.1.0-28-cloud-amd64-dbg |  6.1.119-1 | amd64
linux-image-6.1.0-28-cloud-amd64-unsigned |  6.1.119-1 | amd64
linux-image-6.1.0-28-rt-amd64-dbg |  6.1.119-1 | amd64
linux-image-6.1.0-28-rt-amd64-unsigned |  6.1.119-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:38:52 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-25-arm64 |  6.1.106-3 | arm64
linux-headers-6.1.0-25-cloud-arm64 |  6.1.106-3 | arm64
linux-headers-6.1.0-25-rt-arm64 |  6.1.106-3 | arm64
linux-headers-6.1.0-28-arm64 |  6.1.119-1 | arm64
linux-headers-6.1.0-28-cloud-arm64 |  6.1.119-1 | arm64
linux-headers-6.1.0-28-rt-arm64 |  6.1.119-1 | arm64
linux-image-6.1.0-25-arm64-dbg |  6.1.106-3 | arm64
linux-image-6.1.0-25-arm64-unsigned |  6.1.106-3 | arm64
linux-image-6.1.0-25-cloud-arm64-dbg |  6.1.106-3 | arm64
linux-image-6.1.0-25-cloud-arm64-unsigned |  6.1.106-3 | arm64
linux-image-6.1.0-25-rt-arm64-dbg |  6.1.106-3 | arm64
linux-image-6.1.0-25-rt-arm64-unsigned |  6.1.106-3 | arm64
linux-image-6.1.0-28-arm64-dbg |  6.1.119-1 | arm64
linux-image-6.1.0-28-arm64-unsigned |  6.1.119-1 | arm64
linux-image-6.1.0-28-cloud-arm64-dbg |  6.1.119-1 | arm64
linux-image-6.1.0-28-cloud-arm64-unsigned |  6.1.119-1 | arm64
linux-image-6.1.0-28-rt-arm64-dbg |  6.1.119-1 | arm64
linux-image-6.1.0-28-rt-arm64-unsigned |  6.1.119-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:39:27 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
btrfs-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
cdrom-core-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
cdrom-core-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
crc-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
crc-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
crypto-dm-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
crypto-dm-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
crypto-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
crypto-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
event-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
event-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
ext4-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
ext4-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
f2fs-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
f2fs-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
fat-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
fat-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
fb-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
fb-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
fuse-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
fuse-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
input-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
input-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
ipv6-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
ipv6-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
isofs-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
isofs-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
jffs2-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
jffs2-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
jfs-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
jfs-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
kernel-image-6.1.0-25-marvell-di |  6.1.106-3 | armel
kernel-image-6.1.0-28-marvell-di |  6.1.119-1 | armel
leds-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
leds-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
linux-headers-6.1.0-25-marvell |  6.1.106-3 | armel
linux-headers-6.1.0-25-rpi |  6.1.106-3 | armel
linux-headers-6.1.0-28-marvell |  6.1.119-1 | armel
linux-headers-6.1.0-28-rpi |  6.1.119-1 | armel
linux-image-6.1.0-25-marvell |  6.1.106-3 | armel
linux-image-6.1.0-25-marvell-dbg |  6.1.106-3 | armel
linux-image-6.1.0-25-rpi |  6.1.106-3 | armel
linux-image-6.1.0-25-rpi-dbg |  6.1.106-3 | armel
linux-image-6.1.0-28-marvell |  6.1.119-1 | armel
linux-image-6.1.0-28-marvell-dbg |  6.1.119-1 | armel
linux-image-6.1.0-28-rpi |  6.1.119-1 | armel
linux-image-6.1.0-28-rpi-dbg |  6.1.119-1 | armel
loop-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
loop-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
md-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
md-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
minix-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
minix-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
mmc-core-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
mmc-core-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
mmc-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
mmc-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
mouse-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
mouse-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
mtd-core-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
mtd-core-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
mtd-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
mtd-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
multipath-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
multipath-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
nbd-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
nbd-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
nic-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
nic-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
nic-shared-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
nic-shared-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
nic-usb-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
nic-usb-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
ppp-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
ppp-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
sata-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
sata-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
scsi-core-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
scsi-core-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
squashfs-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
squashfs-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
udf-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
udf-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
uinput-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
uinput-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
usb-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
usb-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
usb-serial-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
usb-serial-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel
usb-storage-modules-6.1.0-25-marvell-di |  6.1.106-3 | armel
usb-storage-modules-6.1.0-28-marvell-di |  6.1.119-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:39:42 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
ata-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
btrfs-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
btrfs-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
cdrom-core-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
cdrom-core-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
crc-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
crc-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
crypto-dm-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
crypto-dm-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
crypto-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
crypto-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
efi-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
efi-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
event-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
event-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
ext4-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
ext4-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
f2fs-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
f2fs-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
fat-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
fat-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
fb-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
fb-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
fuse-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
fuse-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
i2c-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
i2c-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
input-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
input-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
isofs-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
isofs-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
jfs-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
jfs-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
kernel-image-6.1.0-25-armmp-di |  6.1.106-3 | armhf
kernel-image-6.1.0-28-armmp-di |  6.1.119-1 | armhf
leds-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
leds-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
linux-headers-6.1.0-25-armmp |  6.1.106-3 | armhf
linux-headers-6.1.0-25-armmp-lpae |  6.1.106-3 | armhf
linux-headers-6.1.0-25-rt-armmp |  6.1.106-3 | armhf
linux-headers-6.1.0-28-armmp |  6.1.119-1 | armhf
linux-headers-6.1.0-28-armmp-lpae |  6.1.119-1 | armhf
linux-headers-6.1.0-28-rt-armmp |  6.1.119-1 | armhf
linux-image-6.1.0-25-armmp |  6.1.106-3 | armhf
linux-image-6.1.0-25-armmp-dbg |  6.1.106-3 | armhf
linux-image-6.1.0-25-armmp-lpae |  6.1.106-3 | armhf
linux-image-6.1.0-25-armmp-lpae-dbg |  6.1.106-3 | armhf
linux-image-6.1.0-25-rt-armmp |  6.1.106-3 | armhf
linux-image-6.1.0-25-rt-armmp-dbg |  6.1.106-3 | armhf
linux-image-6.1.0-28-armmp |  6.1.119-1 | armhf
linux-image-6.1.0-28-armmp-dbg |  6.1.119-1 | armhf
linux-image-6.1.0-28-armmp-lpae |  6.1.119-1 | armhf
linux-image-6.1.0-28-armmp-lpae-dbg |  6.1.119-1 | armhf
linux-image-6.1.0-28-rt-armmp |  6.1.119-1 | armhf
linux-image-6.1.0-28-rt-armmp-dbg |  6.1.119-1 | armhf
loop-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
loop-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
md-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
md-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
mmc-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
mmc-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
mtd-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
mtd-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
multipath-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
multipath-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
nbd-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
nbd-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
nic-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
nic-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
nic-shared-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
nic-shared-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
nic-usb-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
nic-usb-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
nic-wireless-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
nic-wireless-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
pata-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
pata-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
ppp-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
ppp-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
sata-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
sata-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
scsi-core-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
scsi-core-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
scsi-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
scsi-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
scsi-nic-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
scsi-nic-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
sound-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
sound-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
speakup-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
speakup-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
squashfs-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
squashfs-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
udf-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
udf-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
uinput-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
uinput-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
usb-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
usb-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
usb-serial-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
usb-serial-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf
usb-storage-modules-6.1.0-25-armmp-di |  6.1.106-3 | armhf
usb-storage-modules-6.1.0-28-armmp-di |  6.1.119-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:39:54 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-25-686 |  6.1.106-3 | i386
linux-headers-6.1.0-25-686-pae |  6.1.106-3 | i386
linux-headers-6.1.0-25-rt-686-pae |  6.1.106-3 | i386
linux-headers-6.1.0-28-686 |  6.1.119-1 | i386
linux-headers-6.1.0-28-686-pae |  6.1.119-1 | i386
linux-headers-6.1.0-28-rt-686-pae |  6.1.119-1 | i386
linux-image-6.1.0-25-686-dbg |  6.1.106-3 | i386
linux-image-6.1.0-25-686-pae-dbg |  6.1.106-3 | i386
linux-image-6.1.0-25-686-pae-unsigned |  6.1.106-3 | i386
linux-image-6.1.0-25-686-unsigned |  6.1.106-3 | i386
linux-image-6.1.0-25-rt-686-pae-dbg |  6.1.106-3 | i386
linux-image-6.1.0-25-rt-686-pae-unsigned |  6.1.106-3 | i386
linux-image-6.1.0-28-686-dbg |  6.1.119-1 | i386
linux-image-6.1.0-28-686-pae-dbg |  6.1.119-1 | i386
linux-image-6.1.0-28-686-pae-unsigned |  6.1.119-1 | i386
linux-image-6.1.0-28-686-unsigned |  6.1.119-1 | i386
linux-image-6.1.0-28-rt-686-pae-dbg |  6.1.119-1 | i386
linux-image-6.1.0-28-rt-686-pae-unsigned |  6.1.119-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:40:20 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
affs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
affs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
affs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
ata-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
ata-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
ata-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
ata-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
btrfs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
btrfs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
btrfs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
btrfs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
cdrom-core-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
cdrom-core-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
cdrom-core-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
cdrom-core-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
crc-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
crc-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
crc-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
crc-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
crypto-dm-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
crypto-dm-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
crypto-dm-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
crypto-dm-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
crypto-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
crypto-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
crypto-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
crypto-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
event-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
event-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
event-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
event-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
ext4-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
ext4-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
ext4-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
ext4-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
f2fs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
f2fs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
f2fs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
f2fs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
fat-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
fat-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
fat-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
fat-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
fb-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
fb-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
fb-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
fb-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
firewire-core-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
firewire-core-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
firewire-core-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
firewire-core-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
fuse-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
fuse-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
fuse-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
fuse-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
input-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
input-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
input-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
input-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
isofs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
isofs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
isofs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
isofs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
jfs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
jfs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
jfs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
jfs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
kernel-image-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
kernel-image-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
kernel-image-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
kernel-image-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
linux-headers-6.1.0-25-5kc-malta |  6.1.106-3 | mips64el
linux-headers-6.1.0-25-mips64r2el |  6.1.106-3 | mips64el
linux-headers-6.1.0-28-5kc-malta |  6.1.119-1 | mips64el
linux-headers-6.1.0-28-mips64r2el |  6.1.119-1 | mips64el
linux-image-6.1.0-25-5kc-malta |  6.1.106-3 | mips64el
linux-image-6.1.0-25-5kc-malta-dbg |  6.1.106-3 | mips64el
linux-image-6.1.0-25-mips64r2el |  6.1.106-3 | mips64el
linux-image-6.1.0-25-mips64r2el-dbg |  6.1.106-3 | mips64el
linux-image-6.1.0-28-5kc-malta |  6.1.119-1 | mips64el
linux-image-6.1.0-28-5kc-malta-dbg |  6.1.119-1 | mips64el
linux-image-6.1.0-28-mips64r2el |  6.1.119-1 | mips64el
linux-image-6.1.0-28-mips64r2el-dbg |  6.1.119-1 | mips64el
loop-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
loop-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
loop-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
loop-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
md-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
md-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
md-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
md-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
minix-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
minix-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
minix-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
minix-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
mmc-core-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
mmc-core-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
mmc-core-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
mmc-core-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
mmc-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
mmc-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
mmc-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
mmc-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
mouse-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
mouse-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
mouse-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
mouse-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
multipath-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
multipath-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
multipath-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
multipath-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nbd-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nbd-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nbd-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nbd-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nfs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nfs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nfs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nfs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nic-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nic-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nic-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nic-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nic-shared-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nic-shared-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nic-shared-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nic-shared-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nic-usb-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nic-usb-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nic-usb-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nic-usb-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
nic-wireless-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
nic-wireless-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
nic-wireless-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
nic-wireless-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
pata-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
pata-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
pata-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
pata-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
ppp-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
ppp-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
ppp-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
ppp-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
sata-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
sata-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
sata-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
sata-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
scsi-core-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
scsi-core-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
scsi-core-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
scsi-core-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
scsi-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
scsi-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
scsi-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
scsi-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
scsi-nic-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
scsi-nic-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
scsi-nic-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
scsi-nic-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
sound-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
sound-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
sound-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
sound-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
speakup-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
speakup-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
speakup-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
speakup-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
squashfs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
squashfs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
squashfs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
squashfs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
udf-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
udf-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
udf-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
udf-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
usb-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
usb-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
usb-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
usb-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
usb-serial-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
usb-serial-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
usb-serial-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
usb-serial-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
usb-storage-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
usb-storage-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
usb-storage-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
usb-storage-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el
xfs-modules-6.1.0-25-5kc-malta-di |  6.1.106-3 | mips64el
xfs-modules-6.1.0-25-mips64r2el-di |  6.1.106-3 | mips64el
xfs-modules-6.1.0-28-5kc-malta-di |  6.1.119-1 | mips64el
xfs-modules-6.1.0-28-mips64r2el-di |  6.1.119-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:41:00 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
affs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
affs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
affs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
ata-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
ata-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
ata-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
ata-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
btrfs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
btrfs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
btrfs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
btrfs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
cdrom-core-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
cdrom-core-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
crc-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
crc-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
crc-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
crc-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
crypto-dm-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
crypto-dm-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
crypto-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
crypto-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
crypto-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
crypto-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
event-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
event-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
event-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
event-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
ext4-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
ext4-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
ext4-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
ext4-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
f2fs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
f2fs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
f2fs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
f2fs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
fat-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
fat-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
fat-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
fat-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
fb-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
fb-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
fb-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
fb-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
firewire-core-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
firewire-core-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
firewire-core-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
firewire-core-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
fuse-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
fuse-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
fuse-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
fuse-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
input-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
input-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
input-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
input-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
isofs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
isofs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
isofs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
isofs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
jfs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
jfs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
jfs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
jfs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
kernel-image-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
kernel-image-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
kernel-image-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
kernel-image-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
linux-headers-6.1.0-25-loongson-3 |  6.1.106-3 | mips64el, mipsel
linux-headers-6.1.0-25-octeon |  6.1.106-3 | mips64el, mipsel
linux-headers-6.1.0-28-loongson-3 |  6.1.119-1 | mips64el, mipsel
linux-headers-6.1.0-28-octeon |  6.1.119-1 | mips64el, mipsel
linux-image-6.1.0-25-loongson-3 |  6.1.106-3 | mips64el, mipsel
linux-image-6.1.0-25-loongson-3-dbg |  6.1.106-3 | mips64el, mipsel
linux-image-6.1.0-25-octeon |  6.1.106-3 | mips64el, mipsel
linux-image-6.1.0-25-octeon-dbg |  6.1.106-3 | mips64el, mipsel
linux-image-6.1.0-28-loongson-3 |  6.1.119-1 | mips64el, mipsel
linux-image-6.1.0-28-loongson-3-dbg |  6.1.119-1 | mips64el, mipsel
linux-image-6.1.0-28-octeon |  6.1.119-1 | mips64el, mipsel
linux-image-6.1.0-28-octeon-dbg |  6.1.119-1 | mips64el, mipsel
loop-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
loop-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
loop-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
loop-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
md-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
md-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
md-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
md-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
minix-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
minix-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
minix-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
minix-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
mmc-core-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
mmc-core-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
mmc-core-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
mmc-core-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
mmc-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
mmc-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
mmc-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
mmc-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
mouse-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
mouse-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
mouse-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
mouse-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
multipath-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
multipath-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
multipath-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
multipath-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nbd-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nbd-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nbd-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nbd-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nfs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nfs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nfs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nfs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nic-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nic-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nic-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nic-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nic-shared-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nic-shared-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nic-shared-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nic-shared-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nic-usb-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nic-usb-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nic-usb-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nic-usb-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
nic-wireless-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
nic-wireless-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
pata-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
pata-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
pata-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
pata-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
ppp-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
ppp-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
ppp-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
ppp-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
sata-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
sata-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
sata-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
sata-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
scsi-core-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
scsi-core-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
scsi-core-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
scsi-core-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
scsi-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
scsi-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
scsi-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
scsi-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
scsi-nic-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
scsi-nic-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
sound-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
sound-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
sound-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
sound-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
speakup-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
speakup-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
speakup-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
speakup-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
squashfs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
squashfs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
squashfs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
squashfs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
udf-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
udf-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
udf-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
udf-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
usb-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
usb-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
usb-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
usb-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
usb-serial-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
usb-serial-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
usb-serial-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
usb-serial-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
usb-storage-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
usb-storage-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
usb-storage-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
usb-storage-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel
xfs-modules-6.1.0-25-loongson-3-di |  6.1.106-3 | mips64el, mipsel
xfs-modules-6.1.0-25-octeon-di |  6.1.106-3 | mips64el, mipsel
xfs-modules-6.1.0-28-loongson-3-di |  6.1.119-1 | mips64el, mipsel
xfs-modules-6.1.0-28-octeon-di |  6.1.119-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:41:18 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
acpi-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
ata-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
ata-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
btrfs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
btrfs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
cdrom-core-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
cdrom-core-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
crc-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
crc-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
crypto-dm-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
crypto-dm-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
crypto-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
crypto-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
efi-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
efi-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
event-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
event-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
ext4-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
ext4-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
f2fs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
f2fs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
fat-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
fat-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
fb-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
fb-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
firewire-core-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
firewire-core-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
fuse-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
fuse-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
i2c-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
i2c-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
input-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
input-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
isofs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
isofs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
jfs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
jfs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
kernel-image-6.1.0-25-amd64-di |  6.1.106-3 | amd64
kernel-image-6.1.0-28-amd64-di |  6.1.119-1 | amd64
linux-image-6.1.0-25-amd64 |  6.1.106-3 | amd64
linux-image-6.1.0-25-cloud-amd64 |  6.1.106-3 | amd64
linux-image-6.1.0-25-rt-amd64 |  6.1.106-3 | amd64
linux-image-6.1.0-28-amd64 |  6.1.119-1 | amd64
linux-image-6.1.0-28-cloud-amd64 |  6.1.119-1 | amd64
linux-image-6.1.0-28-rt-amd64 |  6.1.119-1 | amd64
loop-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
loop-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
md-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
md-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
mmc-core-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
mmc-core-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
mmc-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
mmc-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
mouse-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
mouse-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
mtd-core-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
mtd-core-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
multipath-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
multipath-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nbd-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nbd-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nic-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nic-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nic-pcmcia-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nic-pcmcia-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nic-shared-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nic-shared-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nic-usb-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nic-usb-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
nic-wireless-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
nic-wireless-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
pata-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
pata-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
pcmcia-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
pcmcia-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
pcmcia-storage-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
pcmcia-storage-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
ppp-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
ppp-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
rfkill-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
rfkill-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
sata-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
sata-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
scsi-core-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
scsi-core-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
scsi-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
scsi-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
scsi-nic-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
scsi-nic-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
serial-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
serial-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
sound-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
sound-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
speakup-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
speakup-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
squashfs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
squashfs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
udf-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
udf-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
uinput-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
uinput-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
usb-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
usb-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
usb-serial-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
usb-serial-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
usb-storage-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
usb-storage-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64
xfs-modules-6.1.0-25-amd64-di |  6.1.106-3 | amd64
xfs-modules-6.1.0-28-amd64-di |  6.1.119-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:41:36 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
ata-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
btrfs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
btrfs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
cdrom-core-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
cdrom-core-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
crc-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
crc-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
crypto-dm-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
crypto-dm-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
crypto-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
crypto-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
efi-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
efi-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
event-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
event-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
ext4-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
ext4-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
f2fs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
f2fs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
fat-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
fat-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
fb-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
fb-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
fuse-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
fuse-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
i2c-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
i2c-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
input-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
input-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
isofs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
isofs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
jfs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
jfs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
kernel-image-6.1.0-25-arm64-di |  6.1.106-3 | arm64
kernel-image-6.1.0-28-arm64-di |  6.1.119-1 | arm64
leds-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
leds-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
linux-image-6.1.0-25-arm64 |  6.1.106-3 | arm64
linux-image-6.1.0-25-cloud-arm64 |  6.1.106-3 | arm64
linux-image-6.1.0-25-rt-arm64 |  6.1.106-3 | arm64
linux-image-6.1.0-28-arm64 |  6.1.119-1 | arm64
linux-image-6.1.0-28-cloud-arm64 |  6.1.119-1 | arm64
linux-image-6.1.0-28-rt-arm64 |  6.1.119-1 | arm64
loop-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
loop-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
md-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
md-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
mmc-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
mmc-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
mtd-core-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
mtd-core-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
multipath-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
multipath-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
nbd-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
nbd-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
nic-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
nic-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
nic-shared-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
nic-shared-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
nic-usb-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
nic-usb-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
nic-wireless-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
nic-wireless-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
ppp-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
ppp-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
sata-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
sata-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
scsi-core-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
scsi-core-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
scsi-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
scsi-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
scsi-nic-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
scsi-nic-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
sound-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
sound-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
speakup-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
speakup-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
squashfs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
squashfs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
udf-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
udf-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
uinput-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
uinput-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
usb-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
usb-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
usb-serial-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
usb-serial-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
usb-storage-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
usb-storage-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64
xfs-modules-6.1.0-25-arm64-di |  6.1.106-3 | arm64
xfs-modules-6.1.0-28-arm64-di |  6.1.119-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:42:08 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-25-686-di |  6.1.106-3 | i386
acpi-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
acpi-modules-6.1.0-28-686-di |  6.1.119-1 | i386
acpi-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
ata-modules-6.1.0-25-686-di |  6.1.106-3 | i386
ata-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
ata-modules-6.1.0-28-686-di |  6.1.119-1 | i386
ata-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
btrfs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
btrfs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
btrfs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
btrfs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
cdrom-core-modules-6.1.0-25-686-di |  6.1.106-3 | i386
cdrom-core-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
cdrom-core-modules-6.1.0-28-686-di |  6.1.119-1 | i386
cdrom-core-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
crc-modules-6.1.0-25-686-di |  6.1.106-3 | i386
crc-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
crc-modules-6.1.0-28-686-di |  6.1.119-1 | i386
crc-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
crypto-dm-modules-6.1.0-25-686-di |  6.1.106-3 | i386
crypto-dm-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
crypto-dm-modules-6.1.0-28-686-di |  6.1.119-1 | i386
crypto-dm-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
crypto-modules-6.1.0-25-686-di |  6.1.106-3 | i386
crypto-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
crypto-modules-6.1.0-28-686-di |  6.1.119-1 | i386
crypto-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
efi-modules-6.1.0-25-686-di |  6.1.106-3 | i386
efi-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
efi-modules-6.1.0-28-686-di |  6.1.119-1 | i386
efi-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
event-modules-6.1.0-25-686-di |  6.1.106-3 | i386
event-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
event-modules-6.1.0-28-686-di |  6.1.119-1 | i386
event-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
ext4-modules-6.1.0-25-686-di |  6.1.106-3 | i386
ext4-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
ext4-modules-6.1.0-28-686-di |  6.1.119-1 | i386
ext4-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
f2fs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
f2fs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
f2fs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
f2fs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
fat-modules-6.1.0-25-686-di |  6.1.106-3 | i386
fat-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
fat-modules-6.1.0-28-686-di |  6.1.119-1 | i386
fat-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
fb-modules-6.1.0-25-686-di |  6.1.106-3 | i386
fb-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
fb-modules-6.1.0-28-686-di |  6.1.119-1 | i386
fb-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
firewire-core-modules-6.1.0-25-686-di |  6.1.106-3 | i386
firewire-core-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
firewire-core-modules-6.1.0-28-686-di |  6.1.119-1 | i386
firewire-core-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
fuse-modules-6.1.0-25-686-di |  6.1.106-3 | i386
fuse-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
fuse-modules-6.1.0-28-686-di |  6.1.119-1 | i386
fuse-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
i2c-modules-6.1.0-25-686-di |  6.1.106-3 | i386
i2c-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
i2c-modules-6.1.0-28-686-di |  6.1.119-1 | i386
i2c-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
input-modules-6.1.0-25-686-di |  6.1.106-3 | i386
input-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
input-modules-6.1.0-28-686-di |  6.1.119-1 | i386
input-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
isofs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
isofs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
isofs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
isofs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
jfs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
jfs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
jfs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
jfs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
kernel-image-6.1.0-25-686-di |  6.1.106-3 | i386
kernel-image-6.1.0-25-686-pae-di |  6.1.106-3 | i386
kernel-image-6.1.0-28-686-di |  6.1.119-1 | i386
kernel-image-6.1.0-28-686-pae-di |  6.1.119-1 | i386
linux-image-6.1.0-25-686 |  6.1.106-3 | i386
linux-image-6.1.0-25-686-pae |  6.1.106-3 | i386
linux-image-6.1.0-25-rt-686-pae |  6.1.106-3 | i386
linux-image-6.1.0-28-686 |  6.1.119-1 | i386
linux-image-6.1.0-28-686-pae |  6.1.119-1 | i386
linux-image-6.1.0-28-rt-686-pae |  6.1.119-1 | i386
loop-modules-6.1.0-25-686-di |  6.1.106-3 | i386
loop-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
loop-modules-6.1.0-28-686-di |  6.1.119-1 | i386
loop-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
md-modules-6.1.0-25-686-di |  6.1.106-3 | i386
md-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
md-modules-6.1.0-28-686-di |  6.1.119-1 | i386
md-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
mmc-core-modules-6.1.0-25-686-di |  6.1.106-3 | i386
mmc-core-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
mmc-core-modules-6.1.0-28-686-di |  6.1.119-1 | i386
mmc-core-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
mmc-modules-6.1.0-25-686-di |  6.1.106-3 | i386
mmc-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
mmc-modules-6.1.0-28-686-di |  6.1.119-1 | i386
mmc-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
mouse-modules-6.1.0-25-686-di |  6.1.106-3 | i386
mouse-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
mouse-modules-6.1.0-28-686-di |  6.1.119-1 | i386
mouse-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
mtd-core-modules-6.1.0-25-686-di |  6.1.106-3 | i386
mtd-core-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
mtd-core-modules-6.1.0-28-686-di |  6.1.119-1 | i386
mtd-core-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
multipath-modules-6.1.0-25-686-di |  6.1.106-3 | i386
multipath-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
multipath-modules-6.1.0-28-686-di |  6.1.119-1 | i386
multipath-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nbd-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nbd-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nbd-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nbd-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nic-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nic-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nic-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nic-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nic-pcmcia-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nic-pcmcia-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nic-pcmcia-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nic-pcmcia-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nic-shared-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nic-shared-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nic-shared-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nic-shared-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nic-usb-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nic-usb-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nic-usb-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nic-usb-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
nic-wireless-modules-6.1.0-25-686-di |  6.1.106-3 | i386
nic-wireless-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
nic-wireless-modules-6.1.0-28-686-di |  6.1.119-1 | i386
nic-wireless-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
pata-modules-6.1.0-25-686-di |  6.1.106-3 | i386
pata-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
pata-modules-6.1.0-28-686-di |  6.1.119-1 | i386
pata-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
pcmcia-modules-6.1.0-25-686-di |  6.1.106-3 | i386
pcmcia-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
pcmcia-modules-6.1.0-28-686-di |  6.1.119-1 | i386
pcmcia-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
pcmcia-storage-modules-6.1.0-25-686-di |  6.1.106-3 | i386
pcmcia-storage-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
pcmcia-storage-modules-6.1.0-28-686-di |  6.1.119-1 | i386
pcmcia-storage-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
ppp-modules-6.1.0-25-686-di |  6.1.106-3 | i386
ppp-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
ppp-modules-6.1.0-28-686-di |  6.1.119-1 | i386
ppp-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
rfkill-modules-6.1.0-25-686-di |  6.1.106-3 | i386
rfkill-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
rfkill-modules-6.1.0-28-686-di |  6.1.119-1 | i386
rfkill-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
sata-modules-6.1.0-25-686-di |  6.1.106-3 | i386
sata-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
sata-modules-6.1.0-28-686-di |  6.1.119-1 | i386
sata-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
scsi-core-modules-6.1.0-25-686-di |  6.1.106-3 | i386
scsi-core-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
scsi-core-modules-6.1.0-28-686-di |  6.1.119-1 | i386
scsi-core-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
scsi-modules-6.1.0-25-686-di |  6.1.106-3 | i386
scsi-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
scsi-modules-6.1.0-28-686-di |  6.1.119-1 | i386
scsi-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
scsi-nic-modules-6.1.0-25-686-di |  6.1.106-3 | i386
scsi-nic-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
scsi-nic-modules-6.1.0-28-686-di |  6.1.119-1 | i386
scsi-nic-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
serial-modules-6.1.0-25-686-di |  6.1.106-3 | i386
serial-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
serial-modules-6.1.0-28-686-di |  6.1.119-1 | i386
serial-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
sound-modules-6.1.0-25-686-di |  6.1.106-3 | i386
sound-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
sound-modules-6.1.0-28-686-di |  6.1.119-1 | i386
sound-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
speakup-modules-6.1.0-25-686-di |  6.1.106-3 | i386
speakup-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
speakup-modules-6.1.0-28-686-di |  6.1.119-1 | i386
speakup-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
squashfs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
squashfs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
squashfs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
squashfs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
udf-modules-6.1.0-25-686-di |  6.1.106-3 | i386
udf-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
udf-modules-6.1.0-28-686-di |  6.1.119-1 | i386
udf-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
uinput-modules-6.1.0-25-686-di |  6.1.106-3 | i386
uinput-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
uinput-modules-6.1.0-28-686-di |  6.1.119-1 | i386
uinput-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
usb-modules-6.1.0-25-686-di |  6.1.106-3 | i386
usb-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
usb-modules-6.1.0-28-686-di |  6.1.119-1 | i386
usb-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
usb-serial-modules-6.1.0-25-686-di |  6.1.106-3 | i386
usb-serial-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
usb-serial-modules-6.1.0-28-686-di |  6.1.119-1 | i386
usb-serial-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
usb-storage-modules-6.1.0-25-686-di |  6.1.106-3 | i386
usb-storage-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
usb-storage-modules-6.1.0-28-686-di |  6.1.119-1 | i386
usb-storage-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386
xfs-modules-6.1.0-25-686-di |  6.1.106-3 | i386
xfs-modules-6.1.0-25-686-pae-di |  6.1.106-3 | i386
xfs-modules-6.1.0-28-686-di |  6.1.119-1 | i386
xfs-modules-6.1.0-28-686-pae-di |  6.1.119-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:42:33 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-25-common |  6.1.106-3 | all
linux-headers-6.1.0-25-common-rt |  6.1.106-3 | all
linux-headers-6.1.0-28-common |  6.1.119-1 | all
linux-headers-6.1.0-28-common-rt |  6.1.119-1 | all
linux-support-6.1.0-25 |  6.1.106-3 | all
linux-support-6.1.0-28 |  6.1.119-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:29:38 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

       hv3 | 3.0~fossil20110109-8 | all
  tk-html3 | 3.0~fossil20110109-8 | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
Closed bugs: 1088261

------------------- Reason -------------------
RoQA; unmaintained; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 11 Jan 2025 09:30:25 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

      criu |   3.17.1-2 | armhf
Closed bugs: 1088282

------------------- Reason -------------------
RoM; fails to build on arm64 host
----------------------------------------------
=========================================================================
allow-html-temp (10.0.4-1~deb12u1) bookworm; urgency=medium
 .
   * Prepared for uploading to bookworm proposed update
allow-html-temp (9.0.0-2) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [9461d49] Fixed d/watch
allow-html-temp (9.0.0-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [f6b9b32] New upstream version 9.0.0
   * [187f994] Bumped thunderbird version to 115 and limit it to 119
   * [2662398] Bumped standard version to recent one - no changes needed
   * [82471ba] Fixed max version of thunderbird

ansible-core (2.14.18-0+deb12u2) bookworm; urgency=medium
 .
   * Update integration test dependencies
   * Update integration test restrictions
ansible-core (2.14.18-0+deb12u1) bookworm; urgency=medium
 .
   [ Lee Garrett ]
   * New stable bugfix release
   * Add integration tests to autopkgtest
   * Fix CVE-2024-11079: This vulnerability allows attackers to bypass unsafe
     content protections using the hostvars object to reference and execute
     templated content. This issue can lead to arbitrary code execution if remote
     data or module outputs are improperly templated within playbooks.
 .
   [ Bastien Roucariès ]
   * Fix CVE-2024-8775: A flaw was found in Ansible,
     where sensitive information stored in Ansible Vault files can be exposed in
     plaintext during the execution of a playbook. This occurs when using tasks
     such as include_vars to load vaulted variables without setting the no_log:
     true parameter, resulting in sensitive data being printed in the playbook
     output or logs. This can lead to the unintentional disclosure of secrets
     like passwords or API keys, compromising security and potentially allowing
     unauthorized access or actions. (Closes: #1082851)
   * Fix CVE-2024-9902: A flaw was found in Ansible.
     The ansible-core `user` module can allow an unprivileged user to silently
     create or replace the contents of any file on any system path and take
     ownership of it when a privileged user executes the `user` module against
     the unprivileged user's home directory. If the unprivileged user has
     traversal permissions on the directory containing the exploited target file,
     they retain full control over the contents of the file as its owner.

audiofile (0.3.6-5+deb12u1) bookworm; urgency=medium
 .
   * CVE-2022-24599 (Closes: #1008017)
   * CVE-2019-13147 (Closes: #931343)

avahi (0.8-10+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
 .
   [ Michael Biebl ]
   * core: make sure there is rdata to process before parsing it.
     Patch cherry-picked from upstream Git.
     (CVE-2023-38472, Closes: #1054879)
   * core: reject overly long TXT resource records.
     Patches cherry-picked from upstream Git.
     (CVE-2023-38469, Closes: #1054876)
   * Ensure each label is at least one byte long.
     Patch cherry-picked from upstream Git.
     (CVE-2023-38470, Closes: #1054877)
   * core: extract host name using avahi_unescape_label()
     Patch cherry-picked from upstream Git.
     (CVE-2023-38471, Closes: #1054878)
   * common: derive alternative host name from its unescaped version.
     Patch cherry-picked from upstream Git.
     (CVE-2023-38473, Closes: #1054880)
   * Fix browsing when invalid services present.
     See https://github.com/lathiat/avahi/issues/212

base-files (12.4+deb12u9) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.9, for Debian 12.9 point release.

bochs (2.7+dfsg-4+deb12u1) bookworm; urgency=medium
 .
   * Build the BIOS images for 386 CPUs rather than the compiler’s 32-bit
     default. Closes: #1082917.

ceph (16.2.15+ds-0+deb12u1) bookworm-security; urgency=medium
 .
   * Adding myself to uploaders.
   * Updating watch file for ceph 16.
   * Merging upstream version 16.2.15:
     - 16.2.12: Fix rgw bucket validation against POST policies
       [CVE-2023-43040]
   * Refreshing 32bit-fixes.patch.
   * Removing bug1917414.patch, included upstream.
   * Removing patches for CVE-2022-3650, included upstream.
   * Cherry-picking patch from upstream to fix authentication bypass in rgw
     (Closes: #1088993) [CVE-2024-48916].
ceph (16.2.11+ds-5.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.  Closes: #1062065
ceph (16.2.11+ds-5) unstable; urgency=high
 .
   * CVE-2023-43040: security issue with RGW with improperly verified POST keys.
     Applied upstream fix: rgw: Fix bucket validation against POST policies
     (Closes: #1053690).
ceph (16.2.11+ds-4) unstable; urgency=medium
 .
   * [5e0eaf6] Add -latomic for riscv.
   * [44ebe5f] Modify fix-CheckCxxAtomic-riscv64.patch so that it works as
     expected.
ceph (16.2.11+ds-3) unstable; urgency=medium
 .
   * Fix gcc-13 FTBFS. (Closes: #1037602):
     - fix-gcc-13-issue.patch (thanks to Bo YU).
     - Add -fpermissive to DEB_CXXFLAGS_MAINT_APPEND.
     - include-cstdint-in-subsys_types.h.patch.
   * Fix debian/calc-max-parallel.sh to allow building on more core on
     (very) big systems.

chromium (131.0.6778.139-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-12381: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-12382: Use after free in Translate. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
   * (Temporarily?) switch from llvm's libc++ to gcc's libstdc++ to
     simplify the prior clang-16/19 upgrades.
   * d/patches:
     - fixes/bindgen.patch: refresh.
     - upstream/dawn-strlen.patch: add gcc-specific build fix.
     - upstream/ink-isfinite.patch: add gcc-specific build fix.
     - upstream/webrtc-optional.patch: add gcc-specific build fix.
     - upstream/variant.patch: add gcc-specific build fixes.
     - upstream/array.patch: add gcc-specific build fix.
     - fixes/absl-optional.patch: re-introduce clang/gcc build workaround.
     - upstream/mrc-copy-op.patch: add gcc-specific build fix.
     - fixes/font-gc-asan.patch: add a better workaround for bad font-gc
       behavior under libstdc++. This is self-contained and small, unlike
       the prior reverts of the switch to font garbage collection.
     - bookworm/constexpr.patch: re-enable (and refresh) build fix
       specifically for gcc 12.
     - bookworm/constexpr2.patch: re-enable build fix for gcc 12.
     - bookworm/bubble-contents.patch: re-enable build fix for gcc 12.
 .
   [ Nathan Teodosio ]
   * Simplify fixes/bindgen.patch so it doesn't need frequent rebasing.
 .
   [ Daniel Richard G. ]
   * d/copyright: Expand list of Files-Excluded: entries.
   * d/rules: Various updates to get-orig-source rule, including use of
     grep-dctrl(1) and the LASTCHANGE.committime timestamp.
   * d/scripts/check-upstream: Avoid issues with inaccurate $(pwd) value and
     spaces in filenames, and print all errors instead of only the first one.
chromium (131.0.6778.108-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-12053: Type Confusion in V8.
       Reported by gal1ium and chluo.
chromium (131.0.6778.108-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-12053: Type Confusion in V8.
       Reported by gal1ium and chluo.
   * Switch to clang-19 from clang-16 (closes: #1088162, #1088974).
chromium (131.0.6778.85-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-11110: Inappropriate implementation in Blink.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2024-11111: Inappropriate implementation in Autofill.
       Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India).
     - CVE-2024-11112: Use after free in Media. Reported by
       Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of
       360 Vulnerability Research Institute.
     - CVE-2024-11113: Use after free in Accessibility.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-11114: Inappropriate implementation in Views.
       Reported by Micky.
     - CVE-2024-11115: Insufficient policy enforcement in Navigation.
       Reported by mastersplinter.
     - CVE-2024-11116: Inappropriate implementation in Paint.
       Reported by Thomas Orlita.
     - CVE-2024-11117: Inappropriate implementation in FileSystem.
       Reported by Ameen Basha M K.
     - CVE-2024-11395: Type Confusion in V8. Reported by Anonymous.
   * d/patches:
     - upstream/wayland-gbm-pixmap.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/freetype.patch: add new patch to fix missing
       enable_freetype arg declaration.
     - fixes/updater-test.patch: add simple build fix for deleted
       third_party/updater/.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - workarounds/HACK-debian-clang-disable-pa-musttail.patch: Work around
       additional upstream musttail definitions
     - workarounds/HACK-debian-clang-disable-base-musttail.patch: Refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
chromium (131.0.6778.85-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-11110: Inappropriate implementation in Blink.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2024-11111: Inappropriate implementation in Autofill.
       Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India).
     - CVE-2024-11112: Use after free in Media. Reported by
       Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of
       360 Vulnerability Research Institute.
     - CVE-2024-11113: Use after free in Accessibility.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-11114: Inappropriate implementation in Views.
       Reported by Micky.
     - CVE-2024-11115: Insufficient policy enforcement in Navigation.
       Reported by mastersplinter.
     - CVE-2024-11116: Inappropriate implementation in Paint.
       Reported by Thomas Orlita.
     - CVE-2024-11117: Inappropriate implementation in FileSystem.
       Reported by Ameen Basha M K.
     - CVE-2024-11395: Type Confusion in V8. Reported by Anonymous.
   * d/patches:
     - upstream/wayland-gbm-pixmap.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/freetype.patch: add new patch to fix missing
       enable_freetype arg declaration.
     - fixes/updater-test.patch: add simple build fix for deleted
       third_party/updater/.
     - upstream/stack-header.patch: drop, merged upstream.
     - bookworm/clang16.patch: refresh.
     - bookworm/bubble-contents.patch: refresh.
     - bookworm/constexpr.patch: refresh.
     - bookworm/gn-absl.patch: add a few more places where libs needed to
       be made visible.
     - bookworm/gn-funcs.patch: add another deletion of newer gn
       features.
     - bookworm/constexpr-assert.patch: add patch to work around more
       clang-16 constexpr bugs; this time a fun one with branching
       optimizations. Whee!
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - workarounds/HACK-debian-clang-disable-pa-musttail.patch: Work around
       additional upstream musttail definitions
     - workarounds/HACK-debian-clang-disable-base-musttail.patch: Refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
chromium (130.0.6723.116-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-10826: Use after free in Family Experiences.
       Reported by Anonymous.
     - CVE-2024-10827: Use after free in Serial. Reported by Anonymous.
chromium (130.0.6723.116-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-10826: Use after free in Family Experiences.
       Reported by Anonymous.
     - CVE-2024-10827: Use after free in Serial. Reported by Anonymous.
 .
 chromium (130.0.6723.91-2) unstable; urgency=high
 .
   * d/patches/fixes/armhf-timespec.patch: add patch to fix armhf FTBFS.
chromium (130.0.6723.91-2) unstable; urgency=high
 .
   * d/patches/fixes/armhf-timespec.patch: add patch to fix armhf FTBFS.
chromium (130.0.6723.91-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-10487: Out of bounds write in Dawn.
       Reported by Apple Security Engineering and Architecture (SEAR).
     - CVE-2024-10488: Use after free in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).

cpuinfo (0.0~git20220617.082deff-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Ignore exit status of dh_auto_test, allowing the package to be
     built on systems where the CPU is not recognized. Closes: #1086649.

criu (3.17.1-2+deb12u1) bookworm; urgency=medium
 .
   * cr-restore: rseq: dynamically handle *libc with rseq (Closes: #1081683)
   * cr-restore: rseq: use glibc-specific way to unregister only as fallback

debian-installer (20230607+deb12u9) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-29.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u9) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u9, from bookworm-proposed-updates.

debian-security-support (1:12+2024.12.22) bookworm; urgency=medium
 .
   [ Salvatore Bonaccorso ]
   * Mark src:vte as limited supported in Debian bookworm and above.
     Thanks to Simon McVittie. Closes: #1082885.
 .
   [ Holger Levsen ]
   * Add intel-mediasdk to security-support-ended.deb12. Closes: #1087718.
   * Add tiles to security-support-limited. Closes: #1057343.
   * Add jython to security-support-limited.
   * Drop openjdk-21 from security-support-limited. Closes: #1079693.
   * Drop debian/.gitlab-ci.yml
   * Drop spurios comma after Maintainer field, thanks buxy.

debootstrap (1.0.128+nmu2+deb12u2) bookworm; urgency=medium
 .
   * Do not pull in usr-is-merged in trixie/sid (Closes: #1091649)

dnsmasq (2.90-4~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport to bookworm, fixing:
     - CVE-2023-28450 - Reduce default maximum EDNS.0 UDP packet size due to DNS
       Flag Day 2020
     - CVE-2023-50387, CVE-2023-50868 - DNSSEC validation CPU exhaustion
       ("Keytrap")
dnsmasq (2.90-3) unstable; urgency=medium
 .
   * Update d/control:
     - Add passwd to Depends of dnsmasq-base(-lua) (closes: #1064518).
     - Update the Vcs-* fields (closes: #1065347).
     - Fix lintian issue build-depends-on-obsolete-package.
     - Add myself as uploader.
   * Update d/copyright:
     - Fix lintian issue missing-field-in-dep5-copyright.
   * Add missing CVE number to the 2.90-1 change log.
dnsmasq (2.90-2) unstable; urgency=medium
 .
   [ Sven Geuer ]
   * Relax limits imposed by d/t/functions.d/ip-addr.patterns to allow for
     successful tests on ci.debian.net.
dnsmasq (2.90-1) unstable; urgency=medium
 .
   [ Simon Kelley ]
   * New upstream. (closes: #1033165)
   * Move hard-coding of Lua version from the upstream Makefile
     to  d/rules.
   * Security fixes for Keytrap - DNSSEC validation CPU exhaustion.
     CVE-2023-50387 and CVE-2023-50868
   [ Sven Geuer ]
   * Introduce autokpgtests per d/tests/* (closes: #1034135).
   * Switch to dpkg-source 3.0 (quilt) format (closes: #1007041).
   * doc.html: Add patch to eliminate privacy breaches leaving the Donations
     paragraph as untouched as possible.
   * Prepend dnsmasq. to default, init, preinst, postinst, prerm, postrm.
   * Rename d/systemd.service to d/dnsmasq.service.
   * Rename d/systemd@.service to d/dnsmasq@.service.
   * Refactor d/rules to use the DH sequencer and fix major lintian issues
     (closes: #844989, #1040923, #1063551).
     Modified files:
     - d/rules
         Complete rewrite making use of debhelper and its tools, fixes lintian
         warning debian-rules-sets-dpkg-architecture-variable.
     - d/control
         Build-Depends, Pre-Depends, Depends added or changed as needed, lintian
         error depends-on-obsolete-package fixed.
     - d/dnsmasq.default
         ENABLED removed and comment changed to fix lintian error
         init.d-script-should-always-start-service.
     - d/dnsmasq.init
         Remove handling of obsolete ENABLED flag.
         Extract code used with System-V-style init and systemd into
         d/init-system-common, extract code used with systemd only
         into d/systemd-helper. This fixes lintian warning
         systemd-service-file-wraps-init-script.
         Drop workaround for hypothetically non-existent file
         /lib/lsb/init-functions, it has been around for more than a decade.
     - d/dnsmasq.service, d/dnsmasq@.service
         Adapt these files to make use of init-system-common and systemd-helper.
     - d/dnsmasq.{post,pre}{inst,rm}
         Rely mostly on the script snippets created by the DH tools to get
         things done, implicitly fixes the lintian warnings
         maintainer-script-should-not-use-dpkg-maintscript-helper and
         command-with-path-in-maintainer-script.
     - d/resolvconf*
         Change file mode bits to 0755, the installed files need it
     New files:
     - d/dnsmasq.{install,links,maintscript}
     - d/dnsmasq-base.{dirs,docs,install}
     - d/dnsmasq-base-lua.{dirs,docs,install,links}
     - d/dnsmasq-utils.{install,manpages}
         The DH tools use these to install what was scripted explicitly
         in the previous version of the d/rules file,
         lintian warning dbus-policy-in-etc fixed
     - d/init-system-common
     - d/systemd-helper
         These files contain slightly modified code formerly part of in
         d/dnsmasq.init.
     Deleted files:
     - d/*conffiles
     - d/lintian-override
     - d/installed-marker
         These are not in use anymore.
   * Deal with a removed conffile and changed links.
     Modified files:
     - d/dnsmasq-base.{postinst,postrm}
     New files:
     - d/dnsmasq-base.maintscript
     - d/dnsmasq-base-lua.maintscript
   * Add watch file and upstream's signing key.
     New files:
     - d/watch
     - d/u/signing-key.asc
   * Remove dependency on package adduser.
     Modified files:
     - d/control
     - d/dnsmasq.post{inst,rm}
   * Refactor d/copyright to comply with DEP 5 (closes: #966505).
   * Remove trailing whitespace from various files under debian/.
   * Bump Standards-Version to 4.6.2.
   * Specify Rules-Requires-Root.
   * Update http:// to https:// with Homepage, Vcs-Git and Vcs-Browser.
   * Introduce d/u/metadata.
   * Fix lintian issue duplicate-short-description.
   * Fix lintian issue capitalization-error-in-description.
   * Bump Lua version to 5.4 (closes: #1050750).
     Modified files:
     - d/control
     - d/t/functions.d/log.patterns

dpdk (22.11.7-1~deb12u1) bookworm-security; urgency=medium
 .
   * Update upstream source from tag 'upstream/22.11.7'
     Fixes rx checksum calculation in virtio driver (CVE-2024-11614)

eas4tbsync (4.11-1~deb12u1) bookworm; urgency=medium
 .
   * [6c3dc26] Merge branch 'debian/sid' into debian/bookworm
   * Prepared for release in bookworm (proposed-updates)
eas4tbsync (4.8-1) unstable; urgency=medium
 .
   * [cf34002] New upstream version 4.8
   * [8bc063a] Bump standard version - no changes needed;
               bump version of dependency
   * [4c2fbdd] Bump year in d/copyright
eas4tbsync (4.7-1) unstable; urgency=medium
 .
   * [a18dc06] Changed compression for tar.gz
   * [4286976] New upstream version 4.7
   *     Removed double entries in the version before

espeak-ng (1.51+dfsg-10+deb12u2) bookworm; urgency=medium
 .
   * patches/espeak-stdin: Fix dropping last byte of stdin input.

fastnetmon (1.2.4-2+deb12u1) bookworm-security; urgency=medium
 .
   [ Moritz Mühlenhoff ]
   * Fixes CVE-2024-56073: Zero-length templates for Netflow v9 allow remote
     attackers to cause a denial of service (divide-by-zero error and
     application crash).
     Closes: #1090387
   * Fixes CVE-2024-56072: The sFlow v5 plugin allows remote attackers to cause
     a denial of service (application crash) via a crafted packet that
     specifies many sFlow samples.
     Closes: #1090388

firefox-esr (128.5.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-64, also known as:
     CVE-2024-11691, CVE-2024-11692, CVE-2024-11694, CVE-2024-11695,
     CVE-2024-11696, CVE-2024-11697, CVE-2024-11699.
firefox-esr (128.4.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-56, also known as:
     CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,
     CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465,
     CVE-2024-10466, CVE-2024-10467.
firefox-esr (128.4.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-56, also known as:
     CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,
     CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465,
     CVE-2024-10466, CVE-2024-10467.
firefox-esr (128.3.1esr-2) unstable; urgency=medium
 .
   * debian/rules: Exclude -g from CXXFLAGS too. It's handled by the upstream
     build system, and leaving it there breaks the build on 32-bits platforms
     because the debug info is just too large to handle for the address space.
     That's how it was before the changes in 128.3.1esr-1 anyways.
firefox-esr (128.3.1esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-51, also known as CVE-2024-9680.
 .
   * debian/rules: Get CXXFLAGS from dpkg-buildflags directly instead of
     deriving it from CFLAGS.
   * debian/control*: Remove build dependency on yasm.
   * debian/browser.lintian-overrides.in: Adjust lintian overrides for
     the lintian version in unstable.

geoclue-2.0 (2.6.0-2+deb12u1) bookworm; urgency=medium
 .
   * Switch to beaconDB instead of the new retired MLS (Closes: #1074427)
   * d/README.Debian: Update the README to explicitly state we are using beaconDB
   * Add SSID to queries, cherry-picked from upstream for beaconDB

ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Check for overflow validating format string (CVE-2024-46953)
   * Fix filenameforall completion cleanup
   * Don't leave a dangling pointer on the stack
   * PostScript interpreter - Null dangling references on stack
   * PostScript interpreter - fix buffer length check (CVE-2024-46956)
   * PS interpreter review colour code for stack pointers
   * PS interpreter - check Indexed colour space index (CVE-2024-46955)
   * PS interpreter - check the type of the Pattern Implementation
     (CVE-2024-46951)
   * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952)

glib2.0 (2.74.6-2+deb12u5) bookworm; urgency=medium
 .
   * d/p/gsocks4aproxy-Fix-a-single-byte-buffer-overflow-in-connec.patch:
     Fix a buffer overflow when configured to use a SOCKS4a proxy with a
     very long username (CVE-2024-52533, Closes: #1087419)

gnuchess (6.2.7-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2021-30184 (Closes: #1070372)
   * Add missing build dep on help2man

grml-rescueboot (0.5.2+deb12u1) bookworm; urgency=medium
 .
   * update-grml-rescueboot: remove -a (bitwidth) flag
   * update-grml-rescueboot: support new ISO names and archs (Closes: #1091702)
   * update-grml-rescueboot: rename isotype to grmlflavor
   * update-grml-rescueboot: use grmlflavor in version regex
   * Add NEWS entry about i386

gsl (2.7.1+dfsg-5+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2020-35357: buffer overflow when calculating the quantile value
     (Closes: #1052655)

gst-plugins-base1.0 (1.22.0-3+deb12u4) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * id3v2: Don't try parsing extended header if not enough data is available
     (CVE-2024-47542)
gst-plugins-base1.0 (1.22.0-3+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2024-47538 CVE-2024-47541 CVE-2024-47600 CVE-2024-47607
     CVE-2024-47615 CVE-2024-47835

gst-plugins-good1.0 (1.22.0-5+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * qtdemux: Avoid integer overflow when parsing Theora extension
     (CVE-2024-47606, GHSL-2024-166)
   * jpegdec: Directly error out on negotiation failures (CVE-2024-47599,
     GHSL-2024-247)
   * gdkpixbufdec: Check if initializing the video info actually succeeded
     (CVE-2024-47613, GHSL-2024-118)
   * wavparse: Check for short reads when parsing headers in pull mode
     (CVE-2024-47778, GHSL-2024-258, CVE-2024-47776, GHSL-2024-260)
   * wavparse: Make sure enough data for the tag list tag is available before
     parsing (CVE-2024-47778, GHSL-2024-258)
   * wavparse: Fix parsing of acid chunk
   * wavparse: Check that at least 4 bytes are available before parsing cue
     chunks
   * wavparse: Check that at least 32 bytes are available before parsing smpl
     chunks (CVE-2024-47777, GHSL-2024-259)
   * wavparse: Fix clipping of size to the file size (CVE-2024-47776,
     GHSL-2024-260)
   * wavparse: Check size before reading ds64 chunk (CVE-2024-47775,
     GHSL-2024-261)
   * avisubtitle: Fix size checks and avoid overflows when checking sizes
     (CVE-2024-47774, GHSL-2024-262)
   * matroskademux: Only unmap GstMapInfo in WavPack header extraction error
     paths if previously mapped (CVE-2024-47540, GHSL-2024-197)
   * matroskademux: Fix off-by-one when parsing multi-channel WavPack
   * matroskademux: Check for big enough WavPack codec private data before
     accessing it (CVE-2024-47602, GHSL-2024-250)
   * matroskademux: Don't take data out of an empty adapter when processing
     WavPack frames (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over laces directly when postprocessing the frame
     fails (CVE-2024-47601, GHSL-2024-249)
   * matroskademux: Skip over zero-sized Xiph stream headers (CVE-2024-47603,
     GHSL-2024-251)
   * matroskademux: Put a copy of the codec data into the A_MS/ACM caps
     (CVE-2024-47834, GHSL-2024-280)
   * qtdemux: Fix integer overflow when allocating the samples table for
     fragmented MP4 (CVE-2024-47537, GHSL-2024-094, GHSL-2024-237,
     GHSL-2024-241)
   * qtdemux: Fix debug output during trun parsing
   * qtdemux: Don't iterate over all trun entries if none of the flags are set
   * qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
     (CVE-2024-47598, GHSL-2024-246)
   * qtdemux: Make sure only an even number of bytes is processed when handling
     CEA608 data (CVE-2024-47539, GHSL-2024-195)
   * qtdemux: Make sure enough data is available before reading wave header
     node (CVE-2024-47543, GHSL-2024-236)
   * qtdemux: Fix length checks and offsets in stsd entry parsing
     (CVE-2024-47545, GHSL-2024-242)
   * qtdemux: Fix error handling when parsing cenc sample groups fails
     (CVE-2024-47544, GHSL-2024-238, GHSL-2024-239, GHSL-2024-240)
   * qtdemux: Make sure there are enough offsets to read when parsing samples
     (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Actually handle errors returns from various functions instead of
     ignoring them (CVE-2024-47597, GHSL-2024-245)
   * qtdemux: Check for invalid atom length when extracting Closed Caption data
     (CVE-2024-47546, GHSL-2024-243)
   * qtdemux: Add size check for parsing SMI / SEQH atom (CVE-2024-47596,
     GHSL-2024-244)

gstreamer1.0 (1.22.0-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * allocator: Avoid integer overflow when allocating sysmem (CVE-2024-47606)

guix (1.4.0-3+deb12u2) bookworm-security; urgency=medium
 .
   * debian/patches: Add patches to fix Build User Takeover Vulnerability.

gunicorn (20.1.0-6+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-1135: HTTP Request Smuggling (Closes: #1069126)

icinga2 (2.13.6-2+deb12u2) bookworm; urgency=medium
 .
   * Team upload.
   * Add upstream patch to fix CVE-2024-49369.
     (closes: #1087384)

intel-microcode (3.20241112.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm
   * All trixie-only changes (from 3.20240813.2) are reverted on this branch
 .
 intel-microcode (3.20241112.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20241112 (closes: #1086483)
     - Mitigations for INTEL-SA-01101 (CVE-2024-21853)
       Improper Finite State Machines (FSMs) in the Hardware logic in some
       4th and 5th Generation Intel Xeon Processors may allow an authorized
       user to potentially enable denial of service via local access.
     - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
       Potential security vulnerabilities in some Intel Xeon processors
       using Intel SGX may allow escalation of privilege.  Intel disclosed
       that some processor models were already fixed by a previous
       microcode update.
     - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
       Improper finite state machines (FSMs) in hardware logic in some
       Intel Processors may allow an privileged user to potentially enable a
       denial of service via local access.
     - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
       A potential security vulnerability in the Running Average Power Limit
       (RAPL) interface for some Intel Processors may allow information
       disclosure.  Added mitigations for more processor models.
   * Updated Microcodes:
     sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
     sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
     sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
     sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
     sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
     sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
     sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
     sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
     sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
     sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
     sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
   * source: update symlinks to reflect id of the latest release, 20241112
   * Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
     INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
     and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
     some processor models.
 .
 intel-microcode (3.20241029.1) UNRELEASED; urgency=medium
 .
   * New upstream microcode datafile 20241029
     - Not relevant for operating system microcode updates
     - Only when loaded from firmware, this update fixes the critical,
       potentially hardware-damaging errata RPL061: Incorrect Internal
       Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
       processors.
   * Updated Microcodes:
     sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
intel-microcode (3.20240910.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240910 (closes: #1081363)
     - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
       A potential security vulnerability in the Running Average Power Limit
       (RAPL) interface for some Intel Processors may allow information
       disclosure.
     - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
       A potential security vulnerability in some Intel Processors may allow
       denial of service.
     - Fixes for unspecified functional issues on several processor models
     - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
       FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
       THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
       THROUGH THE FIT TABLE IN FIRMWARE.  Contact your system vendor for a
       firmware update that includes the appropriate microcode update for
       your processor.
   * Updated Microcodes:
     sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
     sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
     sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
     sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
     sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
     sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
     sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
   * Update changelog for 3.20240813.1 with new information
   * Update changelog for 3.20240514.1 with new information
   * source: update symlinks to reflect id of the latest release, 20240910

jinja2 (3.1.2-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-22195: HTML attribute injection (Closes: #1060748)
   * CVE-2024-34064: HTML attribute injection (Closes: #1070712)

lemonldap-ng (2.16.1+ds-deb12u4) bookworm; urgency=medium
 .
   * Fix authentication privilege (Closes: CVE-2024-52946)
   * Fix XSS in "Upgrade" plugin (Closes: CVE-2024-52947)

libarchive (3.6.2-1+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * rar4 reader: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
     (Closes: #1086155)

libebml (1.4.4-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2023-52339 (Integer overflow in MemIOCallback::read)

libmodule-scandeps-perl (1.31-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * use three-argument open() (CVE-2024-10224)
   * replace 'eval "..."' constructs (CVE-2024-10224)
   * fix parsing of "use if ..."

libpgjava (42.5.5-0+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2024-1597: SQL Injection via line comment generation

libsoup2.4 (2.74.3-1+deb12u1) bookworm; urgency=high
 .
   * Backport upstream fixes for
     - CVE-2024-52530: HTTP request smuggling with null bytes at the end of
       header names (Closes: #1088812)
     - CVE-2024-52531: buffer overflow in soup_header_parse_param_list_strict
       (Closes: #1089240)
     - CVE-2024-52532: infinite loop / potential DoS in reading certain
       data from WebSocket clients (Closes: #1089238).

libxstream-java (1.4.20-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix CVE-2024-47072: XStream is vulnerable to a
     Denial of Service attack due to stack overflow
     from a manipulated binary input stream.
     (Closes: #1087274)

linux (6.1.123-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
     - [x86] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated
       codec
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet
     - [x86] ASoC: Intel: sst: Support LPE0F28 ACPI HID
     - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
     - mac80211: fix user-power when emulating chanctx
     - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
     - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
     - bpf: fix filed access without lock
     - net: usb: qmi_wwan: add Quectel RG650V
     - soc: qcom: Add check devm_kasprintf() returned value
     - regulator: rk808: Add apply_bit for BUCK3 on RK809
     - [x86] platform/x86: dell-smbios-base: Extends support to Alienware
       products
     - [x86] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
     - tools/lib/thermal: Remove the thermal.h soft link when doing make clean
     - can: j1939: fix error in J1939 documentation.
     - [x86] platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing
       incorrect fan speed
     - [x86] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14
       Gen 6
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_mclk_round_rate()
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_get_clk_div()
     - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
       strict
     - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
     - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
     - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
     - [armel,armhf] 9420/1: smp: Fix SMP for xip kernels
     - ipmr: Fix access to mfc_cache_list without lock held
     - closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)
     - net: fix crash when config small gso_max_size/gso_ipv4_max_size
       (CVE-2024-50258)
     - serial: sc16is7xx: fix invalid FIFO access with special register set
       (CVE-2024-44950)
     - cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
     - fpga: bridge: add owner module and take its refcount (CVE-2024-36479)
     - fpga: manager: add owner module and take its refcount (CVE-2024-37021)
     - drm/amd/display: Add NULL check for function pointer in
       dcn32_set_output_transfer_func (CVE-2024-49909)
     - drm/amd/display: Check null-initialized variables (CVE-2024-49898)
     - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
     - Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (CVE-2024-49951)
     - fbdev: efifb: Register sysfs groups through driver core (CVE-2024-49925)
     - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
     - wifi: rtw89: avoid to add interface to list twice when SER
       (CVE-2024-49939)
     - drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899)
     - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
     - [x86] barrier: Do not serialize MSR accesses on AMD
     - [s390x] cio: Do not unregister the subchannel based on DNV
     - brd: defer automatic disk creation until module initialization succeeds
     - ext4: make 'abort' mount option handling standard
     - ext4: avoid remount errors with 'abort' mount option
     - [mips*] asm: fix warning when disabling MIPS_FP_SUPPORT
     - initramfs: avoid filename buffer overrun (CVE-2024-53142)
     - nvme-pci: fix freeing of the HMB descriptor table
     - [arm64] acpi/arm64: Adjust error handling procedure in
       gtdt_parse_timer_block()
     - cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
     - netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
     - block: fix bio_split_rw_at to take zone_write_granularity into account
     - [s390x] syscalls: Avoid creation of arch/arch/ directory
     - hfsplus: don't query the device logical block size multiple times
     - nvme-pci: reverse request order in nvme_queue_rqs
     - virtio_blk: reverse request order in virtio_queue_rqs
     - crypto: caam - Fix the pointer passed to caam_qi_shutdown()
     - firmware: google: Unregister driver_info on failure
     - EDAC/bluefield: Fix potential integer overflow
     - [x86] crypto: qat - remove faulty arbiter config reset
     - thermal: core: Initialize thermal zones before registering them
     - EDAC/fsl_ddr: Fix bad bit shift operations
     - crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
       return -EBUSY
     - crypto: cavium - Fix the if condition to exit loop after timeout
     - crypto: hisilicon/qm - disable same error report before resetting
     - EDAC/igen6: Avoid segmentation fault on module unload
     - crypto: inside-secure - Fix the return value of
       safexcel_xcbcmac_cra_init()
     - doc: rcu: update printed dynticks counter bits
     - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
     - ACPI: CPPC: Fix _CPC register setting issue
     - crypto: caam - add error check to caam_rsa_set_priv_key_form
     - crypto: bcm - add error check in the ahash_hmac_init function
     - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
     - tools/lib/thermal: Make more generic the command encoding function
     - thermal/lib: Fix memory leak on error in thermal_genl_auto()
     - time: Fix references to _msecs_to_jiffies() handling of values
     - seqlock/latch: Provide raw_read_seqcount_latch_retry()
     - clocksource/drivers:sp804: Make user selectable
     - clocksource/drivers/timer-ti-dm: Fix child node refcount handling
     - spi: spi-fsl-lpspi: downgrade log level for pio mode
     - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
     - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
     - microblaze: Export xmb_manager functions
     - [arm64] dts: mt8195: Fix dtbs_check error for infracfg_ao node
     - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
     - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
     - mmc: mmc_spi: drop buggy snprintf()
     - tpm: fix signed/unsigned bug when checking event logs
     - [arm64] dts: mt8183: krane: Fix the address of eeprom at i2c4
     - [arm64] dts: mt8183: kukui: Fix the address of eeprom at i2c4
     - [arm64] dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
       trackpad
     - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
     - cgroup/bpf: only cgroup v2 can be attached by bpf programs
     - [arm64] dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
     - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
     - [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
     - pmdomain: ti-sci: Add missing of_node_put() for args.np
     - regmap: irq: Set lockdep class for hierarchical IRQ domains
     - [arm64] dts: mt8183: jacuzzi: Move panel under aux-bus
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
       regulators
     - [arm64] firmware: arm_scpi: Check the DVFS OPP count returned by the
       firmware
     - venus: venc: add handling for VIDIOC_ENCODER_CMD
     - media: venus: provide ctx queue lock for ioctl synchronization
     - media: atomisp: Add check for rgby_data memory allocation failure
     - [x86] platform/x86: panasonic-laptop: Return errno correctly in show
       callback
     - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
     - [arm64,armhf] drm/vc4: hvs: Don't write gamma luts on 2711
     - [arm64,armhf] drm/vc4: hdmi: Avoid hang with debug registers when
       suspended
     - [arm64,armhf] drm/vc4: hvs: Fix dlist debug not resetting the next entry
       pointer
     - [arm64,armhf] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
       function
     - [arm64,armhf] drm/vc4: hvs: Correct logic on stopping an HVS channel
     - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
     - drm/omap: Fix possible NULL dereference
     - drm/omap: Fix locking in omap_gem_new_dmabuf()
     - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
     - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/v3d: Address race-condition in MMU flush
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
     - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
     - ASoC: fsl_micfil: fix regmap_write_bits usage
     - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
     - drm/bridge: anx7625: Drop EDID cache on bridge power off
     - libbpf: Fix output .symtab byte-order during linking
     - bpf: Fix the xdp_adjust_tail sample prog issue
     - libbpf: fix sym_is_subprog() logic for weak global subprogs
     - libbpf: never interpret subprogs in .text as entry programs
     - netdevsim: copy addresses for both in and out paths
     - drm/bridge: tc358767: Fix link properties discovery
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_config_scan()
     - drm: fsl-dcu: enable PIXCLK on LS1021A
     - [arm64,armhf] drm/panfrost: Remove unused id_mask from struct
       panfrost_model
     - [arm64] bpf, arm64: Remove garbage frame for struct_ops trampoline
     - [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/msm/gpu: Add devfreq tuning debugfs
     - [arm64] drm/msm/gpu: Bypass PM QoS constraint for idle clamp
     - [arm64] drm/msm/gpu: Check the status of registration to PM QoS
     - [arm64,armhf] drm/etnaviv: Request pages from DMA32 zone on
       addressing_limited
     - [arm64,armhf] drm/etnaviv: fix power register offset on GC300
     - [arm64,armhf] drm/etnaviv: hold GPU lock across perfmon sampling
     - wifi: wfx: Fix error handling in wfx_core_init()
     - [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
       _dpu_core_perf_calc_clk()
     - netfilter: nf_tables: skip transaction if update object is not implemented
     - netfilter: nf_tables: must hold rcu read lock while iterating object type
       list
     - netlink: typographical error in nlmsg_type constants definition
     - bpf, sockmap: Several fixes to bpf_msg_push_data
     - bpf, sockmap: Several fixes to bpf_msg_pop_data
     - bpf, sockmap: Fix sk_msg_reset_curr
     - sock_diag: add module pointer to "struct sock_diag_handler"
     - sock_diag: allow concurrent operations
     - sock_diag: allow concurrent operation in sock_diag_rcv_msg()
     - net: use unrcu_pointer() helper
     - ipv6: release nexthop on device removal
     - net: rfkill: gpio: Add check for clk_enable()
     - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
     - ALSA: us122l: Use snd_card_free_when_closed() at disconnection
     - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
     - ALSA: 6fire: Release resources at card release
     - Bluetooth: fix use-after-free in device_for_each_child()
     - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
     - wireguard: selftests: load nf_conntrack if not present
     - bpf: fix recursive lock when verdict program return SK_PASS
     - unicode: Fix utf8_load() error path
     - trace/trace_event_perf: remove duplicate samples on the first tracepoint
       event
     - pinctrl: zynqmp: drop excess struct member description
     - [powerpc*] vdso: Flag VDSO64 entry points as functions
     - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
     - mfd: da9052-spi: Change read-mask to write-mask
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
     - cpufreq: loongson2: Unregister platform_driver on failure
     - [powerpc*] fadump: Refactor and prepare fadump_cma_init for late init
     - [powerpc*] fadump: Move fadump_cma_init to setup_arch() after
       initmem_init()
     - memory: renesas-rpc-if: Improve Runtime PM handling
     - memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*()
     - memory: renesas-rpc-if: Remove Runtime PM wrappers
     - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void
     - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
     - mtd: rawnand: atmel: Fix possible memory leak
     - [powerpc*] mm/fault: Fix kfence page fault reporting
     - [powerpc*] pseries: Fix dtl_access_lock to be a rw_semaphore
     - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
     - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
     - [arm64] RDMA/hns: Fix an AEQE overflow error caused by untimely update of
       eq_db_ci
     - [arm64] RDMA/hns: Add clear_hem return value to log
     - [arm64] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
     - [arm64] RDMA/hns: Remove unnecessary QP type checks
     - [arm64] RDMA/hns: Fix cpu stuck caused by printings during reset
     - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
     - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
     - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
     - clk: imx: lpcg-scu: SW workaround for errata (e10858)
     - clk: imx: fracn-gppll: correct PLL initialization flow
     - clk: imx: fracn-gppll: fix pll power up
     - clk: imx: clk-scu: fix clk enable state save and restore
     - [amd64] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
     - [amd64] iommu/vt-d: Fix checks and print in pgtable_walk()
     - mfd: rt5033: Fix missing regmap_del_irq_chip()
     - fs/proc/kcore.c: fix coccinelle reported ERROR instances
     - scsi: bfa: Fix use-after-free in bfad_im_module_exit()
     - scsi: fusion: Remove unused variable 'rc'
     - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
     - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
     - [arm64] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
     - [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
     - ocfs2: fix uninitialized value in ocfs2_file_read_iter()
     - dax: delete a stale directory pmem
     - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
     - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
       doorbells
     - [powerpc*] sstep: make emulate_vsx_load and emulate_vsx_store static
     - [powerpc*] kexec: Fix return of uninitialized variable
     - fbdev/sh7760fb: Alloc DMA memory from hardware device
     - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
     - clk: clk-apple-nco: Add NULL check in applnco_probe
     - dt-bindings: clock: axi-clkgen: include AXI clk
     - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
     - pinctrl: k210: Undef K210_PC_DEFAULT
     - smb: cached directories can be more than root file handle
     - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
     - perf cs-etm: Don't flush when packet_queue fills up
     - PCI: Fix reset_method_store() memory leak
     - perf stat: Close cork_fd when create_perf_stat_counter() failed
     - perf stat: Fix affinity memory leaks on error path
     - f2fs: compress: fix inconsistent update of i_blocks in
       release_compress_blocks and reserve_compress_blocks
     - f2fs: fix to account dirty data in __get_secs_required()
     - perf probe: Fix libdw memory leak
     - perf probe: Correct demangled symbols in C++ program
     - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
     - PCI: cpqphp: Fix PCIBIOS_* return value confusion
     - perf ftrace latency: Fix unit on histogram first entry when using
       --use-nsec
     - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
     - f2fs: remove struct segment_allocation default_salloc_ops
     - f2fs: open code allocate_segment_by_default
     - f2fs: remove the unused flush argument to change_curseg
     - f2fs: check curseg->inited before write_sum_page in change_curseg
     - f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
       GC_URGENT_MID
     - f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
       inode
     - perf trace: avoid garbage when not printing a trace event's arguments
     - svcrdma: Address an integer overflow
     - perf trace: Do not lose last events in a race
     - perf trace: Avoid garbage when not printing a syscall's arguments
     - remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk
     - remoteproc: qcom: pas: add minidump_id to SM8350 resources
     - rpmsg: glink: Fix GLINK command prefix
     - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
     - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
     - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
     - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
     - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
     - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
     - NFSD: Fix nfsd4_shutdown_copy()
     - hwmon: (tps23861) Fix reporting of negative temperatures
     - vdpa/mlx5: Fix suboptimal range on iotlb iteration
     - vfio/pci: Properly hide first-in-list PCIe extended capability
     - fs_parser: update mount_api doc to match function signature
     - power: supply: core: Remove might_sleep() from power_supply_put()
     - power: supply: bq27xxx: Fix registers of bq27426
     - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
     - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
     - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
     - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
       configuration
     - [s390x] iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
     - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
     - net: mdio-ipq4019: add missing error check
     - marvell: pxa168_eth: fix call balance of pep->clk handling routines
     - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
     - spi: atmel-quadspi: Fix register name in verbose logging function
     - net: hsr: fix hsr_init_sk() vs network/transport headers.
     - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
     - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
     - crypto: api - Add crypto_tfm_get
     - crypto: api - Add crypto_clone_tfm
     - llc: Improve setsockopt() handling of malformed user input
     - rxrpc: Improve setsockopt() handling of malformed user input
     - tcp: Fix use-after-free of nreq in reqsk_timer_handler().
     - ip6mr: fix tables suspicious RCU usage
     - ipmr: fix tables suspicious RCU usage
     - iio: light: al3010: Fix an error handling path in al3010_probe()
     - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
     - usb: yurex: make waiting on yurex_write interruptible
     - USB: chaoskey: fail open after removal
     - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
     - misc: apds990x: Fix missing pm_runtime_disable()
     - counter: stm32-timer-cnt: Add check for clk_enable()
     - counter: ti-ecap-capture: Add check for clk_enable()
     - ALSA: hda/realtek: Update ALC256 depop procedure
     - apparmor: fix 'Do simple duplicate message elimination'
     - [x86] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
     - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
       devm_pm_runtime_enable()
     - fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)
     - ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)
     - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata
       paths (CVE-2024-49891)
     - xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
     - xen: Fix the issue of resource not being properly released in
       xenbus_dev_probe()
     - ALSA: usb-audio: Fix out of bounds reads when finding clock sources
     - usb: ehci-spear: fix call balance of sehci clk handling routines
     - media: aspeed: Fix memory overwrite if timing is 1600x900 (CVE-2023-52916)
     - wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929)
     - drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in
       dcn30_init_hw (CVE-2024-49917)
     - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
       (CVE-2024-49915)
     - drm/amd/display: Add NULL check for function pointer in
       dcn20_set_output_transfer_func (CVE-2024-49911)
     - drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897)
     - rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()
     - btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
       (CVE-2024-35956)
     - [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
       enumerated
     - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
       devices
     - Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as
       disabled"
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN
     - [powerpc*] move the ARCH_DMA_MINALIGN definition to asm/cache.h
     - dma: allow dma_get_cache_alignment() to be overridden by the arch code
     - [x86] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
     - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
     - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
     - ext4: fix FS_IOC_GETFSMAP handling
     - jfs: xattr: check invalid xattr size more strictly
     - [x86] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen
       5 21MES00B00
     - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
     - [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
     - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
     - [x86] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf
       SPTE
     - [powerpc*] pseries: Fix KVM guest detection for disabling hardlockup
       detector
     - [arm64] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
     - [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
       status
     - PCI: Fix use-after-free of slot->bus on hot remove
     - fsnotify: fix sending inotify event with unexpected filename
     - comedi: Flush partial mappings in error case
     - apparmor: test: Fix memory leak for aa_unpack_strdup()
     - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
     - locking/lockdep: Avoid creating new name string literals in
       lockdep_set_subclass()
     - pinctrl: qcom: spmi: fix debugfs drive strength
     - dt-bindings: iio: dac: ad3552r: fix maximum spi speed
     - exfat: fix uninit-value in __exfat_get_dentry_set
     - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
     - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
     - driver core: bus: Fix double free in driver API bus_register()
       (CVE-2024-50055)
     - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
       failures
     - wifi: brcmfmac: release 'root' node in all execution paths
     - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
     - serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
     - gpio: exar: set value when external pull-up or pull-down is present
     - netfilter: ipset: add missing range check in bitmap_ip_uadt
       (CVE-2024-53141)
     - spi: Fix acpi deferred irq probe
     - mtd: spi-nor: core: replace dummy buswidth from addr to data
     - cpufreq: mediatek-hw: Fix wrong return value in
       mtk_cpufreq_get_cpu_power()
     - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
     - ubi: wl: Put source PEB into correct list if trying locking LEB failed
     - dt-bindings: serial: rs485: Fix rs485-rts-delay property
     - serial: 8250_fintek: Add support for F81216E
     - serial: 8250: omap: Move pm_runtime_get_sync
     - ublk: fix ublk_ch_mmap() for 64K page size
     - [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
     - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
     - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
     - media: wl128x: Fix atomicity violation in fmc_send_cmd()
     - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
     - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
     - ALSA: pcm: Add sanity NULL check for the default mmap fault handler
     - ALSA: hda/realtek: Update ALC225 depop procedure
     - ALSA: hda/realtek: Set PCBeep to default value for ALC274
     - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
     - ALSA: hda/realtek: Apply quirk for Medion E15433
     - smb3: request handle caching when caching directories
     - usb: musb: Fix hardware lockup on first Rx endpoint request
     - usb: dwc3: gadget: Fix checking for number of TRBs left
     - usb: dwc3: gadget: Fix looping of queued SG entries
     - ublk: fix error code for unsupported command
     - lib: string_helpers: silence snprintf() output truncation warning
     - ipc: fix memleak if msg_init_ns failed in create_ipc_ns
     - NFSD: Prevent a potential integer overflow
     - SUNRPC: make sure cache entry active before cache_show
     - NFSv4.0: Fix a use-after-free problem in the asynchronous open()
     - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
     - rtc: abx80x: Fix WDT bit position of the status register
     - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
     - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
     - ubifs: Correct the total block count by deducting journal reservation
     - ubi: fastmap: Fix duplicate slab cache names while attaching
     - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
     - jffs2: fix use of uninitialized variable
     - rtc: rzn1: fix BCD to rtc_time conversion errors
     - block: return unsigned int from bdev_io_min
     - 9p/xen: fix init sequence
     - 9p/xen: fix release of IRQ
     - [arm64] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
     - [arm64] perf/arm-cmn: Ensure port and device id bits are set properly
     - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
     - modpost: remove incorrect code in do_eisa_entry()
     - nfs: ignore SB_RDONLY when mounting nfs
     - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
     - xfs: remove unknown compat feature check in superblock write validation
     - quota: flush quota_release_work upon quota writeback
     - btrfs: don't loop for nowait writes when checking for cross references
     - btrfs: add might_sleep() annotations
     - btrfs: add a sanity check for btrfs root in btrfs_search_slot()
     - btrfs: ref-verify: fix use-after-free after invalid ref action
     - [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
     - [arm64] dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
     - media: amphion: Set video drvdata before register video device
     - media: imx-jpeg: Set video drvdata before register video device
     - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
     - [arm64] dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
     - media: i2c: tc358743: Fix crash in the probe error path when using polling
     - media: imx-jpeg: Ensure power suppliers be suspended before detach them
     - media: ts2020: fix null-ptr-deref in ts2020_probe()
     - media: platform: exynos4-is: Fix an OF node reference leak in
       fimc_md_is_isp_available
     - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
     - media: platform: allegro-dvt: Fix possible memory leak in
       allocate_buffers_internal()
     - media: uvcvideo: Stop stream during unregister
     - media: uvcvideo: Require entities to have a non-zero unique ID
     - ovl: Filter invalid inodes with missing lookup function
     - maple_tree: refine mas_store_root() on storing NULL
     - ftrace: Fix regression with module command in stack_trace_filter
     - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
     - [arm64,armhf] iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated
       tables
     - leds: lp55xx: Remove redundant test for invalid channel number
     - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
     - ad7780: fix division by zero in ad7780_write_raw()
     - [armel,armhf] 9429/1: ioremap: Sync PGDs for VMALLOC shadow
     - [s390x] entry: Mark IRQ entries to fix stack depot warnings
     - [armel,armhf] 9430/1: entry: Do a dummy read from VMAP shadow
     - [armel,armhf] 9431/1: mm: Pair atomic_set_release() with _read_acquire()
     - ceph: extract entity name from device id
     - util_macros.h: fix/rework find_closest() macros
     - scsi: ufs: exynos: Fix hibern8 notify callbacks
     - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
     - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
     - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
     - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
     - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
       iov_iter_zero
     - thermal: int3400: Fix reading of current_uuid for active policy
     - ovl: properly handle large files in ovl_security_fileattr
     - dm thin: Add missing destroy_work_on_stack()
     - PCI: rockchip-ep: Fix address translation unit programming
     - nfsd: make sure exp active before svc_export_show
     - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
     - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
     - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
     - [powerpc*] Fix stack protector Kconfig test for clang
     - [powerpc*] Adjust adding stack protector flags to KBUILD_CLAGS for clang
     - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
       walk_down_proc()
     - drm/sti: avoid potential dereference of error pointers in
       sti_hqvdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers in
       sti_gdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers
     - [arm64,armhf] drm/etnaviv: flush shader L1 cache after user commandstream
     - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
       v13.0.7
     - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
     - watchdog: apple: Actually flush writes after requesting watchdog restart
     - watchdog: mediatek: Make sure system reset gets asserted in
       mtk_wdt_restart()
     - can: gs_usb: remove leading space from goto labels
     - can: gs_usb: gs_usb_probe(): align block comment
     - can: gs_usb: uniformly use "parent" as variable name for struct gs_usb
     - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
     - can: gs_usb: add usb endpoint address detection at driver probe step
     - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
       fails
     - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
       NULL
     - can: hi311x: hi3110_can_ist(): fix potential use-after-free
     - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
     - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
     - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
     - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
     - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
     - netfilter: x_tables: fix LED ID check in led_tg_check()
     - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
     - ptp: convert remaining drivers to adjfine interface
     - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
     - net/sched: tbf: correct backlog statistic for GSO packets
     - net: hsr: avoid potential out-of-bound access in fill_frame_info()
     - can: j1939: j1939_session_new(): fix skb reference counting
     - net-timestamp: make sk_tskey more predictable in error path
     - net/ipv6: release expired exception dst cached in socket
     - dccp: Fix memory leak in dccp_feat_change_recv
     - tipc: Fix use-after-free of kernel socket in cleanup_bearer().
     - net/smc: fix LGR and link use-after-free issue
     - net/qed: allow old cards not supporting "num_images" to work
     - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
     - ixgbe: downgrade logging of unsupported VF API version to debug
     - igb: Fix potential invalid memory access in igb_init_module()
     - net: sched: fix erspan_opt settings in cls_flower
     - netfilter: ipset: Hold module reference while requesting a module
     - netfilter: nft_set_hash: skip duplicated elements pending gc run
     - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
     - geneve: do not assume mac header is set in geneve_xmit_skb()
     - net/mlx5e: Remove workaround to avoid syndrome for internal port
     - [arm64] KVM: arm64: Change kvm_handle_mmio_return() return polarity
     - [arm64] KVM: arm64: Don't retire aborted MMIO instruction
     - gpio: grgpio: use a helper variable to store the address of ofdev->dev
     - gpio: grgpio: Add NULL check in grgpio_probe
     - serial: amba-pl011: Use port lock wrappers
     - serial: amba-pl011: Fix RX stall when DMA is used
     - usb: dwc3: gadget: Rewrite endpoint allocation flow
     - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
     - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
     - [powerpc*] vdso: Skip objtool from running on VDSO files
     - [powerpc*] vdso: Remove unused '-s' flag from ASFLAGS
     - [powerpc*] vdso: Improve linker flags
     - [powerpc*] vdso: Remove an unsupported flag from vgettimeofday-32.o with
       clang
     - [powerpc*] vdso: Include CLANG_FLAGS explicitly in ldflags-y
     - [powerpc*] vdso: Refactor CFLAGS for CVDSO build
     - [powerpc*] vdso: Drop -mstack-protector-guard flags in 32-bit files with
       clang
     - ntp: Remove invalid cast in time offset math
     - driver core: fw_devlink: Improve logs for cycle detection
     - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
     - driver core: fw_devlink: Stop trying to optimize cycle detection logic
     - i3c: Make i3c_master_unregister() return void
     - i3c: master: add enable(disable) hot join in sys entry
     - i3c: master: svc: add hot join support
     - i3c: master: fix kernel-doc check warning
     - i3c: master: support to adjust first broadcast address speed
     - i3c: master: svc: use slow speed for first broadcast address
     - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable
       counter
     - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
     - i3c: master: Extend address status bit to 4 and add
       I3C_ADDR_SLOT_EXT_DESIRED
     - i3c: master: Fix dynamic address leak when 'assigned-address' is present
     - PCI: endpoint: Use a separate lock for protecting epc->pci_epf list
     - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
     - device property: Constify device child node APIs
     - device property: Add cleanup.h based fwnode_handle_put() scope based
       cleanup.
     - device property: Introduce device_for_each_child_node_scoped()
     - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
       paths
     - drm/bridge: it6505: update usleep_range for RC circuit charge time
     - drm/bridge: it6505: Fix inverted reset polarity
     - xsk: always clear DMA mapping information when unmapping the pool
     - bpftool: Remove asserts from JIT disassembler
     - bpftool: fix potential NULL pointer dereferencing in prog_dump()
     - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
     - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
     - ALSA: usb-audio: Notify xrun for low-latency mode
     - tools: Override makefile ARCH variable if defined, but empty
     - spi: mpc52xx: Add cancel_work_sync before module remove
     - scsi: scsi_debug: Fix hrtimer support for ndelay
     - [arm64] drm/v3d: Enable Performance Counters before clearing them
     - ocfs2: free inode when ocfs2_get_init_inode() fails
     - scatterlist: fix incorrect func name in kernel-doc
     - iio: magnetometer: yas530: use signed integer type for clamp limits
     - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
     - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
     - bpf: Handle in-place update for full LPM trie correctly
     - bpf: Fix exact match conditions in trie_get_next_key()
     - mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
       (CVE-2024-53105)
     - HID: wacom: fix when get product name maybe null pointer
     - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
     - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
     - watchdog: rti: of: honor timeout-sec property
     - can: dev: can_set_termination(): allow sleeping GPIOs
     - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E
       6.
     - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
     - [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
       ASIDs
     - [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
     - ALSA: usb-audio: add mixer mapping for Corsair HS80
     - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
     - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
     - scsi: qla2xxx: Fix abort in bsg timeout
     - scsi: qla2xxx: Fix NVMe and NPIV connect issue
     - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
     - scsi: qla2xxx: Fix use after free on unload
     - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
     - scsi: ufs: core: sysfs: Prevent div by zero
     - scsi: ufs: core: Add missing post notify for power mode change
     - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
     - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
     - drm/dp_mst: Fix MST sideband message body length check
     - drm/dp_mst: Verify request type in the corresponding down message reply
     - drm/dp_mst: Fix resetting msg rx state after topology removal
     - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
     - modpost: Add .irqentry.text to OTHER_SECTIONS
     - bpf: fix OOB devmap writes when deleting elements
     - dma-buf: fix dma_fence_array_signaled v4
     - dma-fence: Fix reference leak on fence merge failure path
     - dma-fence: Use kernel's sort for merging fences
     - xsk: fix OOB map writes when deleting elements
     - regmap: detach regmap from dev on regmap_exit
     - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
       tablet
     - mmc: core: Further prevent card detect during shutdown
     - ocfs2: update seq_file index in ocfs2_dlm_seq_next
     - lib: stackinit: hide never-taken branch from compiler
     - [arm64] iommu/arm-smmu: Defer probe of clients after smmu device bound
     - epoll: annotate racy check
     - [s390x] cpum_sf: Handle CPU hotplug remove during sampling
     - btrfs: avoid unnecessary device path update for the same device
     - btrfs: do not clear read-only when adding sprout device
     - [x86] perf/x86/amd: Warn only on new bits set
     - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
     - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
     - mmc: core: Add SD card quirk for broken poweroff notification
     - soc: imx8m: Probe the SoC driver as platform driver
     - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
     - [arm64,armhf] drm/vc4: hdmi: Avoid log spam for audio start failure
     - [arm64,armhf] drm/vc4: hvs: Set AXI panic modes for the HVS
     - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
     - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
     - drm/bridge: it6505: Enable module autoloading
     - drm/mcde: Enable module autoloading
     - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
     - drm/display: Fix building with GCC 15
     - r8169: don't apply UDP padding quirk on RTL8126A
     - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
     - net: ethernet: fs_enet: Use %pa to format resource_size_t
     - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
     - af_packet: avoid erroring out after sock_init_data() in packet_create()
     - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
       l2cap_sock_create()
     - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
       rfcomm_sock_alloc()
     - net: af_can: do not leave a dangling sk pointer in can_create()
     - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
     - net: inet: do not leave a dangling sk pointer in inet_create()
     - net: inet6: do not leave a dangling sk pointer in inet6_create()
     - wifi: ath5k: add PCI ID for SX76X
     - wifi: ath5k: add PCI ID for Arcadyan devices
     - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
     - net: sfp: change quirks for Alcatel Lucent G-010S-P
     - drm/sched: memset() 'job' in drm_sched_job_init()
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
     - drm/amdgpu: Dereference the ATCS ACPI buffer
     - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
     - dma-debug: fix a possible deadlock on radix_lock
     - jfs: array-index-out-of-bounds fix in dtReadFirst
     - jfs: fix shift-out-of-bounds in dbSplit
     - jfs: fix array-index-out-of-bounds in jfs_readdir
     - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
     - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
     - ALSA: usb-audio: Make mic volume workarounds globally applicable
     - drm/amdgpu: set the right AMDGPU sg segment limitation
     - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
     - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
       brcmf_sdiod_sglist_rw()
     - dsa: qca8k: Use nested lock to avoid splat
     - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
     - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
     - ASoC: hdmi-codec: reorder channel allocation list
     - rocker: fix link status detection in rocker_carrier_init()
     - net/neighbor: clear error in case strict check is not set
     - netpoll: Use rcu_access_pointer() in __netpoll_setup
     - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
     - tracing/ftrace: disable preemption in syscall probe
     - tracing: Use atomic64_inc_return() in trace_clock_counter()
     - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
     - scsi: hisi_sas: Add cond_resched() for no forced preemption model
     - scsi: ufs: core: Make DMA mask configuration more flexible
     - leds: class: Protect brightness_show() with led_cdev->led_access mutex
     - scsi: st: Don't modify unknown block number in MTIOCGET
     - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
     - pinctrl: qcom-pmic-gpio: add support for PM8937
     - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
     - nvdimm: rectify the illogical code within nd_dax_probe()
     - smb: client: memcpy() with surrounding object base address
     - verification/dot2: Improve dot parser robustness
     - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
     - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
     - PCI: Detect and trust built-in Thunderbolt chips
     - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
     - PCI: Add ACS quirk for Wangxun FF5xxx NICs
     - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
       avoid deadlock
     - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
     - iio: light: ltr501: Add LTER0303 to the supported devices
     - [x86] ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen
       6 21M1CTO1WW (Closes: #1087673)
     - [powerpc*] prom_init: Fixup missing powermac #size-cells
     - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
     - rtc: cmos: avoid taking rtc_lock for extended period of time
     - serial: 8250_dw: Add Sophgo SG2044 quirk
     - io_uring/tctx: work around xa_store() allocation error issue
     - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
     - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
       turning busy
     - sched/core: Prevent wakeup of ksoftirqd during idle load balance
     - btrfs: fix missing snapshot drew unlock when root is dead during swap
       activation
     - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
     - Revert "unicode: Don't special case ignorable code points"
     - vfio/mlx5: Align the page tracking max message size with the device
       capability
     - udf: Fold udf_getblk() into udf_bread()
     - [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
     - [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
     - [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
     - [x86] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn
       from kvm_faultin_pfn()
     - jffs2: Prevent rtime decompress memory corruption
     - jffs2: Fix rtime decompressor
     - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
     - io_uring: wake up optimisations
     - xhci: dbc: Fix STALL transfer event handling
     - mmc: mtk-sd: Fix error handle of probe function
     - drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
     - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
       volume"
     - Revert "drm/amdgpu: add missing size check in
       amdgpu_debugfs_gprwave_read()"
     - gve: Fixes for napi_poll when budget is 0
     - [arm64] sve: Discard stale CPU state when handling SVE traps
       (CVE-2024-50275)
     - [arm64] smccc: Remove broken support for SMCCCv1.3 SVE discard hint
     - [x86] ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
     - mm: call the security_mmap_file() LSM hook in remap_file_pages()
     - bpf: Fix helper writes to read-only maps (CVE-2024-49861)
     - net: Move {l,t,d}stats allocation to core and convert veth & vrf
     - bpf: Fix dev's rx stats for bpf_redirect_peer traffic
     - veth: Use tstats per-CPU traffic counters
     - drm/ttm: Make sure the mapped tt pages are decrypted when needed
     - drm/ttm: Print the memory decryption status just once
     - drm/amdgpu: rework resume handling for display (v2)
     - usb: dwc3: ep0: Don't reset resource alloc flag
     - serial: amba-pl011: fix build regression
     - i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
     - i3c: master: svc: fix possible assignment of the same address to two
       devices
     - PM / devfreq: Fix build issues with devfreq disabled
     - [arm64] drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed
     - fs/ntfs3: Sequential field availability check in mi_enum_attr()
     - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master
       Driver Due to Race Condition
     - Bluetooth: MGMT: Fix possible deadlocks
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.121
     - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
     - ksmbd: fix racy issue from session lookup and expire
     - tcp: check space before adding MPTCP SYN options
     - blk-cgroup: Fix UAF in blkcg_unpin_online()
     - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
     - usb: host: max3421-hcd: Correctly abort a USB request.
     - ata: sata_highbank: fix OF node reference leak in
       highbank_initialize_phys()
     - usb: dwc2: Fix HCD resume
     - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
     - usb: dwc2: Fix HCD port connection race
     - usb: ehci-hcd: fix call balance of clocks handling routines
     - usb: typec: anx7411: fix fwnode_handle reference leak
     - usb: typec: anx7411: fix OF node reference leaks in
       anx7411_typec_switch_probe()
     - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
       accessing null pointer
     - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
     - [x86] drm/i915: Fix memory leak by correcting cache object name in error
       handler
     - xfs: update btree keys correctly when _insrec splits an inode root block
     - xfs: don't drop errno values when we fail to ficlone the entire range
     - xfs: return from xfs_symlink_verify early on V4 filesystems
     - xfs: fix scrub tracepoints when inode-rooted btrees are involved
     - xfs: only run precommits once per transaction object
     - bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
     - bpf, sockmap: Fix update element with same
     - smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
       (Closes: #1088733)
     - exfat: support dynamic allocate bh for exfat_entry_set_cache
     - exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
     - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
     - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters()
     - wifi: mac80211: fix station NSS capability initialization order
     - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
     - amdgpu/uvd: get ring reference from rq scheduler
     - batman-adv: Do not send uninitialized TT changes
     - batman-adv: Remove uninitialized data in full table TT response
     - batman-adv: Do not let TT changes list grows indefinitely
     - tipc: fix NULL deref in cleanup_bearer()
     - net/mlx5: DR, prevent potential error pointer dereference
     - ptp: kvm: Use decrypted memory in confidential guest on x86
     - [x86] ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
       kvm_arch_ptp_init()
     - net: lapb: increase LAPB_HEADER_LEN
     - net: defer final 'struct net' free in netns dismantle
     - [arm64] net: mscc: ocelot: fix memory leak on
       ocelot_port_add_txtstamp_skb()
     - [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
       skb
     - [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
       ocelot_port->tx_skbs.lock are IRQ-safe
     - [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
       transmission
     - [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
     - [armhf] spi: aspeed: Fix an error handling path in
       aspeed_spi_[read|write]_user()
     - net: sparx5: fix FDMA performance issue
     - net: sparx5: fix the maximum frame length register
     - ACPI: resource: Fix memory resource type union access
     - cxgb4: use port number to set mac addr
     - qca_spi: Fix clock speed for multiple QCA7000
     - qca_spi: Make driver probing reliable
     - ASoC: amd: yc: Fix the wrong return value
     - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
     - net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
     - net/sched: netem: account for backlog updates from child qdisc
     - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - ACPICA: events/evxfregn: don't release the ContextMutex that was never
       acquired
     - Bluetooth: iso: Fix recursive locking warning
     - Bluetooth: SCO: Add support for 16 bits transparent voice setting
     - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
     - bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
     - tracing/kprobes: Skip symbol counting logic for module symbols in
       create_local_trace_kprobe()
     - xen/netfront: fix crash when removing device (CVE-2024-53240)
     - [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
     - [x86] objtool/x86: allow syscall instruction (CVE-2024-53241)
     - [x86] static-call: provide a way to do very early static-call updates
       (CVE-2024-53241)
     - [x86] xen: don't do PV iret hypercall through hypercall page
       (CVE-2024-53241)
     - [x86] xen: add central hypercall functions (CVE-2024-53241)
     - [x86] xen: use new hypercall functions instead of hypercall page
       (CVE-2024-53241)
     - [x86] xen: remove hypercall page (CVE-2024-53241)
     - ALSA: usb-audio: Fix a DMA to stack memory bug
     - [x86] static-call: fix 32-bit build
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
     - net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
     - PCI/AER: Disable AER service on suspend
     - PCI: Use preserve_config in place of pci_flags
     - PCI: vmd: Create domain symlink before pci_bus_add_devices()
     - usb: cdns3: Add quirk flag to enable suspend residency
     - [x86] ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
     - [x86] ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C
     - PCI: Add ACS quirk for Broadcom BCM5760X NIC
     - [arm64,armhf] usb: dwc2: gadget: Don't write invalid mapped sg entries
       into dma_desc with iommu enabled
     - PCI: Introduce pci_resource_n()
     - [x86] platform/x86: p2sb: Make p2sb_get_devfn() return void
     - [x86] p2sb: Factor out p2sb_read_from_cache()
     - [x86] p2sb: Introduce the global flag p2sb_hidden_by_bios
     - [x86] p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
     - [x86] p2sb: Do not scan and remove the P2SB device when it is unhidden
     - i2c: pnx: Fix timeout in wait functions
     - cxl/region: Fix region creation for greater than x2 switches
     - net/smc: protect link down work from execute after lgr freed
       (CVE-2024-56718)
     - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
     - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
       msg
     - net/smc: check smcd_v2_ext_offset when receiving proposal msg
     - net/smc: check return value of sock_recvmsg when draining clc data
     - [arm64] net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
       ocelot_ifh_set_basic()
     - ionic: Fix netdev notifier unregister on failure (CVE-2024-56715)
     - ionic: use ee->offset when returning sprom data
     - net: hinic: Fix cleanup in create_rxqs/txqs()
     - net: ethernet: bgmac-platform: fix an OF node reference leak
     - netfilter: ipset: Fix for recursive locking warning
     - net: mdiobus: fix an OF node reference leak
     - [arm64,armhf] mmc: sdhci-tegra: Remove
       SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
     - [x86] KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
     - i2c: riic: Always round-up when calculating bus period
     - efivarfs: Fix error on non-existent file
     - USB: serial: option: add TCL IK512 MBIM & ECM
     - USB: serial: option: add MeiG Smart SLM770A
     - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
     - USB: serial: option: add MediaTek T7XX compositions
     - USB: serial: option: add Telit FE910C04 rmnet compositions
     - [x86] thunderbolt: Improve redrive mode handling
     - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
     - drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
     - [x86] i915/guc: Reset engine utilization buffer before registration
     - [x86] i915/guc: Ensure busyness counter increases motonically
     - [x86] i915/guc: Accumulate active runtime on gt reset
     - drm/amdgpu: don't access invalid sched
     - hwmon: (tmp513) Don't use "proxy" headers
     - hwmon: (tmp513) Simplify with dev_err_probe()
     - hwmon: (tmp513) Use SI constants from units.h
     - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
       Registers
     - hwmon: (tmp513) Fix Current Register value interpretation
     - hwmon: (tmp513) Fix interpretation of values of Temperature Result and
       Limit Registers
     - zram: refuse to use zero sized block device as backing device
     - zram: fix uninitialized ZRAM not releasing backing device
     - btrfs: tree-checker: reject inline extent items with 0 ref count
     - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
     - [x86] KVM: x86: Play nice with protected guests in
       complete_hypercall_exit()
     - tracing: Fix test_event_printk() to process entire print argument
     - tracing: Add missing helper functions in event pointer dereference check
     - tracing: Add "%s" check in test_event_printk()
     - io_uring: Fix registered ring file refcount leak
     - io_uring: check if iowq is killed before queuing (CVE-2024-56709)
     - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
     - of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
     - of/irq: Fix using uninitialized variable @addr_len in API
       of_irq_parse_one()
     - nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
     - nilfs2: prevent use of deleted inode
     - of: Fix error path in of_parse_phandle_with_args_map()
     - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
     - ceph: validate snapdirname option length when mounting
     - udf: Fix directory iteration for longer tail extents (Closes: #1089698)
     - epoll: Add synchronous wakeup support for ep_poll_callback
     - io_uring/rw: split io_read() into a helper
     - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
     - io_uring/rw: avoid punting to io-wq directly
     - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
     - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
     - mm/vmstat: fix a W=1 clang compiler warning
     - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
     - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
     - bpf: Check negative offsets in __bpf_skb_min_len()
     - nfsd: restore callback functionality for NFSv4.0
     - mtd: diskonchip: Cast an operand to prevent potential overflow
     - [arm64] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
     - phy: core: Fix an OF node refcount leakage in _of_phy_get()
     - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
     - phy: core: Fix that API devm_phy_put() fails to release the phy
     - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
       unregister the phy provider
     - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
     - phy: usb: Toggle the PHY power during init
     - [arm64] phy: rockchip: naneng-combphy: fix phy reset
     - [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
     - [x86] dmaengine: dw: Select only supported masters for ACPI devices
     - [powerpc*] pseries/vas: Add close() callback in vas_vm_ops struct
     - stddef: make __struct_group() UAPI C++-friendly
     - tracing/kprobe: Make trace_kprobe's module callback called after
       jump_label update
     - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
     - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
     - scsi: megaraid_sas: Fix for a potential deadlock
     - ALSA: hda/conexant: fix Z60MR100 startup pop issue
     - smb: server: Fix building with GCC 15
     - regmap: Use correct format specifier for logging range errors
     - [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
     - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
       load time
     - scsi: storvsc: Do not flag MAINTENANCE_IN return of
       SRB_STATUS_DATA_OVERRUN as an error
     - drm/dp_mst: Ensure mst_primary pointer is valid in
       drm_dp_mst_handle_up_req()
     - virtio-blk: don't keep queue frozen during system suspend
     - blk-mq: register cpuhp callback after hctx is added to xarray table
     - vmalloc: fix accounting with i915
     - [mips*] mipsregs: Set proper ISA level for virt extensions
     - net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)
     - bpf: Check validity of link->type in bpf_link_show_fdinfo()
       (CVE-2024-53099)
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
     - ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
     - pmdomain: core: Add missing put_device()
     - sched/core: Report correct state for TASK_IDLE | TASK_FREEZABLE
     - freezer, sched: Report frozen tasks as 'D' instead of 'R'
     - tracing: Constify string literal data member in struct trace_event_call
     - tracing: Prevent bad count for tracing_cpumask_write
     - io_uring/sqpoll: fix sqpoll error handling races
     - i2c: microchip-core: actually use repeated sends
     - i2c: imx: add imx7d compatible string for applying erratum ERR007805
     - i2c: microchip-core: fix "ghost" detections
     - power: supply: gpio-charger: Fix set charge current limits
     - btrfs: avoid monopolizing a core when activating a swap file
     - btrfs: sysfs: fix direct super block member reads
     - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
       (CVE-2024-50121)
     - Revert "rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()"
     - ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
 .
   [ Salvatore Bonaccorso ]
   * d/salsa-ci.yml: Suppress aliased-location lintian errors
   * debian/salsa-ci.yml: Include run of .build-after-script from common
     pipeline.
   * debian/salsa-ci.yml: Reference .build-after-script from after_script
     section
   * Revert "[x86] Revert "x86: Increase brk randomness entropy for 64-bit
     systems""
     The root cause for the segfaults were actually in qemu, which re-enables
     --static-pie linking for qemu-user-static binaries. It was disabled by
     mistake in qemu versions in Debian. Details in #1087822 and #1053101.
   * Bump ABI to 29
   * [rt] Update to 6.1.120-rt47
linux (6.1.119-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116
     - cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format
     - cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012)
     - mm: remove kern_addr_valid() completely
     - fs/proc/kcore: avoid bounce buffer for ktext data
     - fs/proc/kcore: convert read_kcore() to read_kcore_iter()
     - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions
     - fs/proc/kcore.c: allow translation of physical memory addresses
     - cgroup: Fix potential overflow issue when checking max_depth
     - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
       (Closes: #1062421)
     - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
     - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
     - wifi: ath11k: Fix invalid ring usage in full monitor mode
     - wifi: brcm80211: BRCM_TRACING should depend on TRACING
     - RDMA/cxgb4: Dump vendor specific QP details
     - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
     - RDMA/bnxt_re: synchronize the qp-handle table array
     - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
     - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
       (CVE-2024-53059)
     - [armel,armhf] ASoC: cs42l51: Fix some error handling paths in
       cs42l51_probe()
     - macsec: Fix use-after-free while sending the offloading packet
       (CVE-2024-50261)
     - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
       (CVE-2024-53058)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
       (CVE-2024-53042)
     - gtp: allow -1 to be specified as file description from userspace
     - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
     - netdevsim: Add trailing zero to terminate the string in
       nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
     - bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
     - netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
     - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
       (CVE-2024-50256)
     - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
       (CVE-2024-50255)
     - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
     - netfilter: nft_payload: sanitize offset and length before calling
       skb_checksum() (CVE-2024-50251)
     - iomap: convert iomap_unshare_iter to use large folios
     - iomap: improve shared block detection in iomap_unshare_iter
     - iomap: don't bother unsharing delalloc extents
     - iomap: share iomap_unshare_iter predicate code with fsdax
     - fsdax: remove zeroing code from dax_unshare_iter
     - fsdax: dax_unshare_iter needs to copy entire blocks (CVE-2024-50250)
     - iomap: turn iomap_want_unshare_iter into an inline function
     - compiler-gcc: be consistent with underscores use for `no_sanitize`
     - compiler-gcc: remove attribute support check for `__no_sanitize_address__`
     - afs: Automatically generate trace tag enums
     - afs: Fix missing subdir edit when renamed between parent dirs
     - ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
     - fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
     - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
     - fs/ntfs3: Stale inode instead of bad
     - fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
     - fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
     - scsi: scsi_transport_fc: Allow setting rport state to current state
     - net: amd: mvme147: Fix probe banner message
     - NFS: remove revoked delegation from server's delegation list
     - misc: sgi-gru: Don't disable preemption in GRU driver
     - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
     - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
     - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
     - USB: gadget: dummy-hcd: Fix "task hung" problem
     - ALSA: usb-audio: Add quirks for Dell WD19 dock
     - usbip: tools: Fix detach_port() invalid port error path
     - usb: phy: Fix API devm_usb_put_phy() can not release the phy
     - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
     - xhci: Fix Link TRB DMA in command ring stopped completion event
     - xhci: Use pm_runtime_get to prevent RPM on unsupported systems
     - Revert "driver core: Fix uevent_show() vs driver detach race"
     - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
       (CVE-2024-50237)
     - wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
     - wifi: cfg80211: clear wdev->cqm_config pointer on free (CVE-2024-50235)
     - wifi: iwlegacy: Clear stale interrupts before resuming device
       (CVE-2024-50234)
     - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
       (CVE-2024-50232)
     - iio: light: veml6030: fix microlux value calculation
     - nilfs2: fix potential deadlock with newly created symlinks
       (CVE-2024-50229)
     - block: fix sanity checks in blk_rq_map_user_bvec
     - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
       (CVE-2024-53054)
     - ALSA: hda/realtek: Limit internal Mic boost on Dell platform
     - cxl/acpi: Move rescan to the workqueue
     - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
     - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
     - mm/page_alloc: treat RT tasks similar to __GFP_HIGH
     - mm/page_alloc: explicitly record high-order atomic allocations in
       alloc_flags
     - mm/page_alloc: explicitly define what alloc flags deplete min reserves
     - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
       accesses reserves
     - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
     - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
     - mctp i2c: handle NULL header address (CVE-2024-53043)
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1
     - nvmet-auth: assign dh_key to NULL after kfree_sensitive (CVE-2024-50215)
     - io_uring: rename kiocb_end_write() local helper
     - fs: create kiocb_{start,end}_write() helpers
     - io_uring: use kiocb_{start,end}_write() helpers
     - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
       (CVE-2024-53052)
     - mm: migrate: try again if THP split is failed due to page refcnt
     - migrate: convert unmap_and_move() to use folios
     - migrate: convert migrate_pages() to use folios
     - mm/migrate.c: stop using 0 as NULL pointer
     - migrate_pages: organize stats with struct migrate_pages_stats
     - migrate_pages: separate hugetlb folios migration
     - migrate_pages: restrict number of pages to migrate in batch
     - migrate_pages: split unmap_and_move() to _unmap() and _move()
     - vmscan,migrate: fix page count imbalance on node stats when demoting pages
     - io_uring: always lock __io_cqring_overflow_flush (Closes: #1087602)
     - [x86] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
     - wifi: mac80211: fix NULL dereference at band check in starting tx ba
       session (CVE-2024-43911)
     - nilfs2: fix kernel bug due to missing clearing of checked flag
       (CVE-2024-50230)
     - wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055)
     - mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228)
     - mtd: spi-nor: winbond: fix w25q128 regression
     - drm/amd/display: Add null checks for 'stream' and 'plane' before
       dereferencing (CVE-2024-43904)
     - drm/amd/display: Skip on writeback when it's not applicable
       (CVE-2024-36914)
     - vt: prevent kernel-infoleak in con_font_get()
     - mm: avoid gcc complaint about pointer casting
     - migrate_pages_batch: fix statistics for longterm pin retry
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
     - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
     - [arm64] dts: rockchip: Fix rt5651 compatible value on
       rk3399-sapphire-excavator
     - [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
     - [arm64] dts: rockchip: Fix wakeup prop names on PineNote BT node
     - [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
     - [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
     - [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
     - [arm64] dts: imx8qm: Fix VPU core alias name
     - [arm64] dts: imx8qxp: Add VPU subsystem file
     - [arm64] dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
     - [arm64] dts: imx8mp: correct sdhc ipg clk
     - [armhf] ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
     - HID: core: zero-initialize the report buffer (CVE-2024-50302)
     - [x86] platform/x86/amd/pmc: Detect when STB is not available
       (CVE-2024-53072)
     - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
     - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
     - NFSv3: handle out-of-order write replies.
     - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
     - security/keys: fix slab-out-of-bounds in key_task_permission
       (CVE-2024-50301)
     - [arm64] net: enetc: set MAC address to the VF net_device
     - sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
     - can: c_can: fix {rx,tx}_errors statistics
     - ice: change q_index variable type to s16 to store -1 value
     - i40e: fix race condition by adding filter's intermediate sync state
       (CVE-2024-53088)
     - [arm64] net: hns3: fix kernel crash when uninstalling driver
       (CVE-2024-50296)
     - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
     - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
     - virtio_net: Add hash_key_length check (CVE-2024-53082)
     - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
     - media: stb0899_algo: initialize cfr before using it
     - media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
     - media: dvb_frontend: don't play tricks with underflow values
     - media: adv7604: prevent underflow condition when reporting colorspace
     - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
     - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
     - [armhf] ASoC: stm32: spdifrx: fix dma channel release in
       stm32_spdifrx_remove
     - media: ar0521: don't overflow when checking PLL values (CVE-2024-53081)
     - media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
     - media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
     - media: pulse8-cec: fix data timestamp at pulse8_setup()
     - media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
     - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
     - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
     - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when
       switching CAN modes
     - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
       (CVE-2024-50286)
     - ksmbd: Fix the missing xa_store error check (CVE-2024-50284)
     - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp (CVE-2024-50283)
     - pwm: imx-tpm: Use correct MODULO value for EPWM mode
     - drm/amdgpu: Adjust debugfs eviction and IB access permissions
     - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
       (CVE-2024-50282)
     - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
       (CVE-2024-53060)
     - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
     - dm cache: correct the number of origin blocks to match the target length
     - dm cache: fix flushing uninitialized delayed_work on cache_ctr error
       (CVE-2024-50280)
     - dm cache: fix out-of-bounds access to the dirty bitset when resizing
       (CVE-2024-50279)
     - dm cache: optimize dirty bit checking with find_next_bit when resizing
     - dm cache: fix potential out-of-bounds access on the first resume
       (CVE-2024-50278)
     - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
       overflow
     - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
     - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
     - nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
     - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
     - net: vertexcom: mse102x: Fix possible double free of TX skb
       (CVE-2024-50276)
     - mptcp: use sock_kfree_s instead of kfree
     - btrfs: reinitialize delayed ref list after deleting it from the list
       (CVE-2024-50273)
     - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
       (CVE-2024-38540)
     - Revert "wifi: mac80211: fix RCU list iterations"
     - net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
     - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
       uvc_parse_format
     - filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
     - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
     - signal: restore the override_rlimit logic (CVE-2024-50271)
     - usb: musb: sunxi: Fix accessing an released usb phy (CVE-2024-50269)
     - usb: dwc3: fix fault at system suspend if device was already runtime
       suspended
     - usb: typec: fix potential out of bounds in
       ucsi_ccg_update_set_new_cam_cmd()
     - USB: serial: io_edgeport: fix use after free in debug printk
       (CVE-2024-50267)
     - USB: serial: qcserial: add support for Sierra Wireless EM86xx
     - USB: serial: option: add Fibocom FG132 0x0112 composition
     - USB: serial: option: add Quectel RG650V
     - irqchip/gic-v3: Force propagation of the active state with a read-back
     - ocfs2: remove entry once instead of null-ptr-dereference in
       ocfs2_xa_remove()
     - ucounts: fix counter leak in inc_rlimit_get_ucounts()
     - [x86] ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
     - net: sched: use RCU read-side critical section in taprio_dump()
       (CVE-2024-50126)
     - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
     - vsock/virtio: Initialization of the dangling pointer occurring in
       vsk->trans
     - media: amphion: Fix VPU core alias name
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.118
     - Revert "Bluetooth: fix use-after-free in accessing skb after sending it"
     - Revert "Bluetooth: hci_sync: Fix overwriting request callback"
     - Revert "Bluetooth: af_bluetooth: Fix deadlock"
     - Revert "Bluetooth: hci_core: Fix possible buffer overflow"
     - Revert "Bluetooth: hci_conn: Consolidate code for aborting connections"
       (Closes: #1086447)
     - 9p: Avoid creating multiple slab caches with the same name
     - nvme: tcp: avoid race between queue_lock lock and destroy
     - block: Fix elevator_get_default() checking for NULL q->tag_set
     - HID: multitouch: Add support for B2402FVA track point
     - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
     - nvme: disable CC.CRIME (NVME_CC_CRIME)
     - bpf: use kvzmalloc to allocate BPF verifier environment
     - crypto: api - Fix liveliness check in crypto_alg_tested
     - [arm*] crypto: marvell/cesa - Disable hash algorithms
     - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
     - drm/vmwgfx: Limit display layout ioctl array size to
       VMWGFX_NUM_DISPLAY_UNITS
     - nvme-multipath: defer partition scanning (CVE-2024-53093)
     - [powerpc*] powernv: Free name on error in opal_event_init()
     - nvme: make keep-alive synchronous operation
     - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
     - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
     - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
     - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
     - md/raid10: improve code of mrdev in raid10_sync_request
     - io_uring: fix possible deadlock in io_register_iowq_max_workers()
       (CVE-2024-41080)
     - uprobes: encapsulate preparation of uprobe args buffer
     - uprobe: avoid out-of-bounds memory access of fetching args
       (CVE-2024-50067)
     - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (CVE-2024-49991)
     - ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
     - Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950)
     - mm: krealloc: Fix MTE false alarm in __do_krealloc
     - [x86] platform/x86: x86-android-tablets: Fix use after free on
       platform_device_register() errors (CVE-2024-49986)
     - fs/ntfs3: Fix general protection fault in run_is_mapped_full
       (CVE-2024-50243)
     - 9p: fix slab cache name creation for real
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119
     - netlink: terminate outstanding dump on socket close
     - [arm64,armhf] drm/rockchip: vop: Fix a dereferenced before check warning
     - mptcp: error out earlier on disconnect
     - net/mlx5: fs, lock FTE when checking if active
     - net/mlx5e: kTLS, Fix incorrect page refcounting
     - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
     - virtio/vsock: Fix accept_queue memory leak
     - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS
     - Bluetooth: hci_core: Fix calling mgmt_device_connected
     - net/sched: cls_u32: replace int refcounts with proper refcounts
     - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for
       hnodes.
     - bonding: add ns target multicast address to slave device
     - [armel,armhf] 9419/1: mm: Fix kernel memory mapping for xip kernels
     - [x86] mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
     - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
     - ocfs2: uncache inode which has failed entering the group
     - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
     - ima: fix buffer overrun in ima_eventdigest_init_common
     - [x86] KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID
       disabled
     - [x86] KVM: x86: Unconditionally set irr_pending when updating APICv state
     - [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
       CONFIG_BROKEN
     - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
     - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
     - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
     - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
     - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
     - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
     - mmc: sunxi-mmc: Fix A100 compatible description
     - drm/bridge: tc358768: Fix DSI command tx
     - drm/amd: Fix initialization mistake for NBIO 7.7.0
     - staging: vchiq_arm: Get the rid off struct vchiq_2835_state
     - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
     - fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
     - Bluetooth: ISO: Fix not validating setsockopt user input (CVE-2024-35964)
     - lib/buildid: Fix build ID parsing logic
     - cxl/pci: fix error code in __cxl_hdm_decode_init()
     - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
     - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
     - NFSD: Async COPY result needs to return a write verifier
     - NFSD: Limit the number of concurrent async COPY operations
       (CVE-2024-49974)
     - NFSD: Initialize struct nfsd4_copy earlier
     - NFSD: Never decrement pending_async_copies on error
     - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
     - mptcp: define more local variables sk
     - mptcp: add userspace_pm_lookup_addr_by_id helper
     - mptcp: update local address flags when setting it
     - mptcp: hold pm lock when deleting entry
     - mptcp: drop lookup_by_id in lookup_addr
     - mptcp: pm: use _rcu variant under rcu_read_lock
     - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (CVE-2024-26954)
     - ksmbd: fix potencial out-of-bounds when buffer offset is invalid
       (CVE-2024-26952)
     - net: add copy_safe_from_sockptr() helper
     - nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
     - fs/9p: fix uninitialized values during inode evict (CVE-2024-36923)
     - ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322)
     - net/sched: taprio: extend minimum interval restriction to entire cycle too
       (CVE-2024-36244)
     - net: fec: remove .ndo_poll_controller to avoid deadlocks (CVE-2024-38553)
     - mm: revert "mm: shmem: fix data-race in shmem_getattr()"
     - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
     - mm: unconditionally close VMAs on error
     - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
     - mm: resolve faulty mmap_region() error path behaviour
     - drm/amd: check num of link levels when update pcie param (CVE-2023-52812)
     - char: xillybus: Prevent use-after-free due to race condition
       (CVE-2022-45888)
     - null_blk: Remove usage of the deprecated ida_simple_xx() API
     - null_blk: fix null-ptr-dereference while configuring 'power' and
       'submit_queues' (CVE-2024-36478)
     - null_blk: Fix return value of nullb_device_power_store()
     - parisc: fix a possible DMA corruption (CVE-2024-44949)
     - char: xillybus: Fix trivial bug with mutex
     - net: Make copy_safe_from_sockptr() match documentation
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 28
   * [x86] Revert "x86: Increase brk randomness entropy for 64-bit systems"
     (Closes: #1085762)

linux-signed-amd64 (6.1.123+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.123-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
     - [x86] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated
       codec
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet
     - [x86] ASoC: Intel: sst: Support LPE0F28 ACPI HID
     - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
     - mac80211: fix user-power when emulating chanctx
     - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
     - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
     - bpf: fix filed access without lock
     - net: usb: qmi_wwan: add Quectel RG650V
     - soc: qcom: Add check devm_kasprintf() returned value
     - regulator: rk808: Add apply_bit for BUCK3 on RK809
     - [x86] platform/x86: dell-smbios-base: Extends support to Alienware
       products
     - [x86] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
     - tools/lib/thermal: Remove the thermal.h soft link when doing make clean
     - can: j1939: fix error in J1939 documentation.
     - [x86] platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing
       incorrect fan speed
     - [x86] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14
       Gen 6
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_mclk_round_rate()
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_get_clk_div()
     - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
       strict
     - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
     - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
     - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
     - [armel,armhf] 9420/1: smp: Fix SMP for xip kernels
     - ipmr: Fix access to mfc_cache_list without lock held
     - closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)
     - net: fix crash when config small gso_max_size/gso_ipv4_max_size
       (CVE-2024-50258)
     - serial: sc16is7xx: fix invalid FIFO access with special register set
       (CVE-2024-44950)
     - cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
     - fpga: bridge: add owner module and take its refcount (CVE-2024-36479)
     - fpga: manager: add owner module and take its refcount (CVE-2024-37021)
     - drm/amd/display: Add NULL check for function pointer in
       dcn32_set_output_transfer_func (CVE-2024-49909)
     - drm/amd/display: Check null-initialized variables (CVE-2024-49898)
     - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
     - Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (CVE-2024-49951)
     - fbdev: efifb: Register sysfs groups through driver core (CVE-2024-49925)
     - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
     - wifi: rtw89: avoid to add interface to list twice when SER
       (CVE-2024-49939)
     - drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899)
     - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
     - [x86] barrier: Do not serialize MSR accesses on AMD
     - [s390x] cio: Do not unregister the subchannel based on DNV
     - brd: defer automatic disk creation until module initialization succeeds
     - ext4: make 'abort' mount option handling standard
     - ext4: avoid remount errors with 'abort' mount option
     - [mips*] asm: fix warning when disabling MIPS_FP_SUPPORT
     - initramfs: avoid filename buffer overrun (CVE-2024-53142)
     - nvme-pci: fix freeing of the HMB descriptor table
     - [arm64] acpi/arm64: Adjust error handling procedure in
       gtdt_parse_timer_block()
     - cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
     - netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
     - block: fix bio_split_rw_at to take zone_write_granularity into account
     - [s390x] syscalls: Avoid creation of arch/arch/ directory
     - hfsplus: don't query the device logical block size multiple times
     - nvme-pci: reverse request order in nvme_queue_rqs
     - virtio_blk: reverse request order in virtio_queue_rqs
     - crypto: caam - Fix the pointer passed to caam_qi_shutdown()
     - firmware: google: Unregister driver_info on failure
     - EDAC/bluefield: Fix potential integer overflow
     - [x86] crypto: qat - remove faulty arbiter config reset
     - thermal: core: Initialize thermal zones before registering them
     - EDAC/fsl_ddr: Fix bad bit shift operations
     - crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
       return -EBUSY
     - crypto: cavium - Fix the if condition to exit loop after timeout
     - crypto: hisilicon/qm - disable same error report before resetting
     - EDAC/igen6: Avoid segmentation fault on module unload
     - crypto: inside-secure - Fix the return value of
       safexcel_xcbcmac_cra_init()
     - doc: rcu: update printed dynticks counter bits
     - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
     - ACPI: CPPC: Fix _CPC register setting issue
     - crypto: caam - add error check to caam_rsa_set_priv_key_form
     - crypto: bcm - add error check in the ahash_hmac_init function
     - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
     - tools/lib/thermal: Make more generic the command encoding function
     - thermal/lib: Fix memory leak on error in thermal_genl_auto()
     - time: Fix references to _msecs_to_jiffies() handling of values
     - seqlock/latch: Provide raw_read_seqcount_latch_retry()
     - clocksource/drivers:sp804: Make user selectable
     - clocksource/drivers/timer-ti-dm: Fix child node refcount handling
     - spi: spi-fsl-lpspi: downgrade log level for pio mode
     - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
     - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
     - microblaze: Export xmb_manager functions
     - [arm64] dts: mt8195: Fix dtbs_check error for infracfg_ao node
     - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
     - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
     - mmc: mmc_spi: drop buggy snprintf()
     - tpm: fix signed/unsigned bug when checking event logs
     - [arm64] dts: mt8183: krane: Fix the address of eeprom at i2c4
     - [arm64] dts: mt8183: kukui: Fix the address of eeprom at i2c4
     - [arm64] dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
       trackpad
     - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
     - cgroup/bpf: only cgroup v2 can be attached by bpf programs
     - [arm64] dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
     - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
     - [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
     - pmdomain: ti-sci: Add missing of_node_put() for args.np
     - regmap: irq: Set lockdep class for hierarchical IRQ domains
     - [arm64] dts: mt8183: jacuzzi: Move panel under aux-bus
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
       regulators
     - [arm64] firmware: arm_scpi: Check the DVFS OPP count returned by the
       firmware
     - venus: venc: add handling for VIDIOC_ENCODER_CMD
     - media: venus: provide ctx queue lock for ioctl synchronization
     - media: atomisp: Add check for rgby_data memory allocation failure
     - [x86] platform/x86: panasonic-laptop: Return errno correctly in show
       callback
     - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
     - [arm64,armhf] drm/vc4: hvs: Don't write gamma luts on 2711
     - [arm64,armhf] drm/vc4: hdmi: Avoid hang with debug registers when
       suspended
     - [arm64,armhf] drm/vc4: hvs: Fix dlist debug not resetting the next entry
       pointer
     - [arm64,armhf] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
       function
     - [arm64,armhf] drm/vc4: hvs: Correct logic on stopping an HVS channel
     - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
     - drm/omap: Fix possible NULL dereference
     - drm/omap: Fix locking in omap_gem_new_dmabuf()
     - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
     - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/v3d: Address race-condition in MMU flush
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
     - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
     - ASoC: fsl_micfil: fix regmap_write_bits usage
     - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
     - drm/bridge: anx7625: Drop EDID cache on bridge power off
     - libbpf: Fix output .symtab byte-order during linking
     - bpf: Fix the xdp_adjust_tail sample prog issue
     - libbpf: fix sym_is_subprog() logic for weak global subprogs
     - libbpf: never interpret subprogs in .text as entry programs
     - netdevsim: copy addresses for both in and out paths
     - drm/bridge: tc358767: Fix link properties discovery
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_config_scan()
     - drm: fsl-dcu: enable PIXCLK on LS1021A
     - [arm64,armhf] drm/panfrost: Remove unused id_mask from struct
       panfrost_model
     - [arm64] bpf, arm64: Remove garbage frame for struct_ops trampoline
     - [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/msm/gpu: Add devfreq tuning debugfs
     - [arm64] drm/msm/gpu: Bypass PM QoS constraint for idle clamp
     - [arm64] drm/msm/gpu: Check the status of registration to PM QoS
     - [arm64,armhf] drm/etnaviv: Request pages from DMA32 zone on
       addressing_limited
     - [arm64,armhf] drm/etnaviv: fix power register offset on GC300
     - [arm64,armhf] drm/etnaviv: hold GPU lock across perfmon sampling
     - wifi: wfx: Fix error handling in wfx_core_init()
     - [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
       _dpu_core_perf_calc_clk()
     - netfilter: nf_tables: skip transaction if update object is not implemented
     - netfilter: nf_tables: must hold rcu read lock while iterating object type
       list
     - netlink: typographical error in nlmsg_type constants definition
     - bpf, sockmap: Several fixes to bpf_msg_push_data
     - bpf, sockmap: Several fixes to bpf_msg_pop_data
     - bpf, sockmap: Fix sk_msg_reset_curr
     - sock_diag: add module pointer to "struct sock_diag_handler"
     - sock_diag: allow concurrent operations
     - sock_diag: allow concurrent operation in sock_diag_rcv_msg()
     - net: use unrcu_pointer() helper
     - ipv6: release nexthop on device removal
     - net: rfkill: gpio: Add check for clk_enable()
     - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
     - ALSA: us122l: Use snd_card_free_when_closed() at disconnection
     - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
     - ALSA: 6fire: Release resources at card release
     - Bluetooth: fix use-after-free in device_for_each_child()
     - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
     - wireguard: selftests: load nf_conntrack if not present
     - bpf: fix recursive lock when verdict program return SK_PASS
     - unicode: Fix utf8_load() error path
     - trace/trace_event_perf: remove duplicate samples on the first tracepoint
       event
     - pinctrl: zynqmp: drop excess struct member description
     - [powerpc*] vdso: Flag VDSO64 entry points as functions
     - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
     - mfd: da9052-spi: Change read-mask to write-mask
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
     - cpufreq: loongson2: Unregister platform_driver on failure
     - [powerpc*] fadump: Refactor and prepare fadump_cma_init for late init
     - [powerpc*] fadump: Move fadump_cma_init to setup_arch() after
       initmem_init()
     - memory: renesas-rpc-if: Improve Runtime PM handling
     - memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*()
     - memory: renesas-rpc-if: Remove Runtime PM wrappers
     - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void
     - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
     - mtd: rawnand: atmel: Fix possible memory leak
     - [powerpc*] mm/fault: Fix kfence page fault reporting
     - [powerpc*] pseries: Fix dtl_access_lock to be a rw_semaphore
     - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
     - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
     - [arm64] RDMA/hns: Fix an AEQE overflow error caused by untimely update of
       eq_db_ci
     - [arm64] RDMA/hns: Add clear_hem return value to log
     - [arm64] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
     - [arm64] RDMA/hns: Remove unnecessary QP type checks
     - [arm64] RDMA/hns: Fix cpu stuck caused by printings during reset
     - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
     - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
     - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
     - clk: imx: lpcg-scu: SW workaround for errata (e10858)
     - clk: imx: fracn-gppll: correct PLL initialization flow
     - clk: imx: fracn-gppll: fix pll power up
     - clk: imx: clk-scu: fix clk enable state save and restore
     - [amd64] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
     - [amd64] iommu/vt-d: Fix checks and print in pgtable_walk()
     - mfd: rt5033: Fix missing regmap_del_irq_chip()
     - fs/proc/kcore.c: fix coccinelle reported ERROR instances
     - scsi: bfa: Fix use-after-free in bfad_im_module_exit()
     - scsi: fusion: Remove unused variable 'rc'
     - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
     - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
     - [arm64] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
     - [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
     - ocfs2: fix uninitialized value in ocfs2_file_read_iter()
     - dax: delete a stale directory pmem
     - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
     - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
       doorbells
     - [powerpc*] sstep: make emulate_vsx_load and emulate_vsx_store static
     - [powerpc*] kexec: Fix return of uninitialized variable
     - fbdev/sh7760fb: Alloc DMA memory from hardware device
     - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
     - clk: clk-apple-nco: Add NULL check in applnco_probe
     - dt-bindings: clock: axi-clkgen: include AXI clk
     - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
     - pinctrl: k210: Undef K210_PC_DEFAULT
     - smb: cached directories can be more than root file handle
     - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
     - perf cs-etm: Don't flush when packet_queue fills up
     - PCI: Fix reset_method_store() memory leak
     - perf stat: Close cork_fd when create_perf_stat_counter() failed
     - perf stat: Fix affinity memory leaks on error path
     - f2fs: compress: fix inconsistent update of i_blocks in
       release_compress_blocks and reserve_compress_blocks
     - f2fs: fix to account dirty data in __get_secs_required()
     - perf probe: Fix libdw memory leak
     - perf probe: Correct demangled symbols in C++ program
     - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
     - PCI: cpqphp: Fix PCIBIOS_* return value confusion
     - perf ftrace latency: Fix unit on histogram first entry when using
       --use-nsec
     - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
     - f2fs: remove struct segment_allocation default_salloc_ops
     - f2fs: open code allocate_segment_by_default
     - f2fs: remove the unused flush argument to change_curseg
     - f2fs: check curseg->inited before write_sum_page in change_curseg
     - f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
       GC_URGENT_MID
     - f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
       inode
     - perf trace: avoid garbage when not printing a trace event's arguments
     - svcrdma: Address an integer overflow
     - perf trace: Do not lose last events in a race
     - perf trace: Avoid garbage when not printing a syscall's arguments
     - remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk
     - remoteproc: qcom: pas: add minidump_id to SM8350 resources
     - rpmsg: glink: Fix GLINK command prefix
     - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
     - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
     - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
     - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
     - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
     - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
     - NFSD: Fix nfsd4_shutdown_copy()
     - hwmon: (tps23861) Fix reporting of negative temperatures
     - vdpa/mlx5: Fix suboptimal range on iotlb iteration
     - vfio/pci: Properly hide first-in-list PCIe extended capability
     - fs_parser: update mount_api doc to match function signature
     - power: supply: core: Remove might_sleep() from power_supply_put()
     - power: supply: bq27xxx: Fix registers of bq27426
     - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
     - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
     - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
     - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
       configuration
     - [s390x] iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
     - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
     - net: mdio-ipq4019: add missing error check
     - marvell: pxa168_eth: fix call balance of pep->clk handling routines
     - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
     - spi: atmel-quadspi: Fix register name in verbose logging function
     - net: hsr: fix hsr_init_sk() vs network/transport headers.
     - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
     - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
     - crypto: api - Add crypto_tfm_get
     - crypto: api - Add crypto_clone_tfm
     - llc: Improve setsockopt() handling of malformed user input
     - rxrpc: Improve setsockopt() handling of malformed user input
     - tcp: Fix use-after-free of nreq in reqsk_timer_handler().
     - ip6mr: fix tables suspicious RCU usage
     - ipmr: fix tables suspicious RCU usage
     - iio: light: al3010: Fix an error handling path in al3010_probe()
     - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
     - usb: yurex: make waiting on yurex_write interruptible
     - USB: chaoskey: fail open after removal
     - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
     - misc: apds990x: Fix missing pm_runtime_disable()
     - counter: stm32-timer-cnt: Add check for clk_enable()
     - counter: ti-ecap-capture: Add check for clk_enable()
     - ALSA: hda/realtek: Update ALC256 depop procedure
     - apparmor: fix 'Do simple duplicate message elimination'
     - [x86] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
     - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
       devm_pm_runtime_enable()
     - fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)
     - ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)
     - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata
       paths (CVE-2024-49891)
     - xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
     - xen: Fix the issue of resource not being properly released in
       xenbus_dev_probe()
     - ALSA: usb-audio: Fix out of bounds reads when finding clock sources
     - usb: ehci-spear: fix call balance of sehci clk handling routines
     - media: aspeed: Fix memory overwrite if timing is 1600x900 (CVE-2023-52916)
     - wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929)
     - drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in
       dcn30_init_hw (CVE-2024-49917)
     - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
       (CVE-2024-49915)
     - drm/amd/display: Add NULL check for function pointer in
       dcn20_set_output_transfer_func (CVE-2024-49911)
     - drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897)
     - rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()
     - btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
       (CVE-2024-35956)
     - [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
       enumerated
     - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
       devices
     - Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as
       disabled"
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN
     - [powerpc*] move the ARCH_DMA_MINALIGN definition to asm/cache.h
     - dma: allow dma_get_cache_alignment() to be overridden by the arch code
     - [x86] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
     - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
     - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
     - ext4: fix FS_IOC_GETFSMAP handling
     - jfs: xattr: check invalid xattr size more strictly
     - [x86] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen
       5 21MES00B00
     - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
     - [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
     - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
     - [x86] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf
       SPTE
     - [powerpc*] pseries: Fix KVM guest detection for disabling hardlockup
       detector
     - [arm64] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
     - [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
       status
     - PCI: Fix use-after-free of slot->bus on hot remove
     - fsnotify: fix sending inotify event with unexpected filename
     - comedi: Flush partial mappings in error case
     - apparmor: test: Fix memory leak for aa_unpack_strdup()
     - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
     - locking/lockdep: Avoid creating new name string literals in
       lockdep_set_subclass()
     - pinctrl: qcom: spmi: fix debugfs drive strength
     - dt-bindings: iio: dac: ad3552r: fix maximum spi speed
     - exfat: fix uninit-value in __exfat_get_dentry_set
     - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
     - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
     - driver core: bus: Fix double free in driver API bus_register()
       (CVE-2024-50055)
     - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
       failures
     - wifi: brcmfmac: release 'root' node in all execution paths
     - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
     - serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
     - gpio: exar: set value when external pull-up or pull-down is present
     - netfilter: ipset: add missing range check in bitmap_ip_uadt
       (CVE-2024-53141)
     - spi: Fix acpi deferred irq probe
     - mtd: spi-nor: core: replace dummy buswidth from addr to data
     - cpufreq: mediatek-hw: Fix wrong return value in
       mtk_cpufreq_get_cpu_power()
     - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
     - ubi: wl: Put source PEB into correct list if trying locking LEB failed
     - dt-bindings: serial: rs485: Fix rs485-rts-delay property
     - serial: 8250_fintek: Add support for F81216E
     - serial: 8250: omap: Move pm_runtime_get_sync
     - ublk: fix ublk_ch_mmap() for 64K page size
     - [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
     - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
     - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
     - media: wl128x: Fix atomicity violation in fmc_send_cmd()
     - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
     - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
     - ALSA: pcm: Add sanity NULL check for the default mmap fault handler
     - ALSA: hda/realtek: Update ALC225 depop procedure
     - ALSA: hda/realtek: Set PCBeep to default value for ALC274
     - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
     - ALSA: hda/realtek: Apply quirk for Medion E15433
     - smb3: request handle caching when caching directories
     - usb: musb: Fix hardware lockup on first Rx endpoint request
     - usb: dwc3: gadget: Fix checking for number of TRBs left
     - usb: dwc3: gadget: Fix looping of queued SG entries
     - ublk: fix error code for unsupported command
     - lib: string_helpers: silence snprintf() output truncation warning
     - ipc: fix memleak if msg_init_ns failed in create_ipc_ns
     - NFSD: Prevent a potential integer overflow
     - SUNRPC: make sure cache entry active before cache_show
     - NFSv4.0: Fix a use-after-free problem in the asynchronous open()
     - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
     - rtc: abx80x: Fix WDT bit position of the status register
     - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
     - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
     - ubifs: Correct the total block count by deducting journal reservation
     - ubi: fastmap: Fix duplicate slab cache names while attaching
     - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
     - jffs2: fix use of uninitialized variable
     - rtc: rzn1: fix BCD to rtc_time conversion errors
     - block: return unsigned int from bdev_io_min
     - 9p/xen: fix init sequence
     - 9p/xen: fix release of IRQ
     - [arm64] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
     - [arm64] perf/arm-cmn: Ensure port and device id bits are set properly
     - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
     - modpost: remove incorrect code in do_eisa_entry()
     - nfs: ignore SB_RDONLY when mounting nfs
     - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
     - xfs: remove unknown compat feature check in superblock write validation
     - quota: flush quota_release_work upon quota writeback
     - btrfs: don't loop for nowait writes when checking for cross references
     - btrfs: add might_sleep() annotations
     - btrfs: add a sanity check for btrfs root in btrfs_search_slot()
     - btrfs: ref-verify: fix use-after-free after invalid ref action
     - [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
     - [arm64] dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
     - media: amphion: Set video drvdata before register video device
     - media: imx-jpeg: Set video drvdata before register video device
     - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
     - [arm64] dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
     - media: i2c: tc358743: Fix crash in the probe error path when using polling
     - media: imx-jpeg: Ensure power suppliers be suspended before detach them
     - media: ts2020: fix null-ptr-deref in ts2020_probe()
     - media: platform: exynos4-is: Fix an OF node reference leak in
       fimc_md_is_isp_available
     - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
     - media: platform: allegro-dvt: Fix possible memory leak in
       allocate_buffers_internal()
     - media: uvcvideo: Stop stream during unregister
     - media: uvcvideo: Require entities to have a non-zero unique ID
     - ovl: Filter invalid inodes with missing lookup function
     - maple_tree: refine mas_store_root() on storing NULL
     - ftrace: Fix regression with module command in stack_trace_filter
     - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
     - [arm64,armhf] iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated
       tables
     - leds: lp55xx: Remove redundant test for invalid channel number
     - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
     - ad7780: fix division by zero in ad7780_write_raw()
     - [armel,armhf] 9429/1: ioremap: Sync PGDs for VMALLOC shadow
     - [s390x] entry: Mark IRQ entries to fix stack depot warnings
     - [armel,armhf] 9430/1: entry: Do a dummy read from VMAP shadow
     - [armel,armhf] 9431/1: mm: Pair atomic_set_release() with _read_acquire()
     - ceph: extract entity name from device id
     - util_macros.h: fix/rework find_closest() macros
     - scsi: ufs: exynos: Fix hibern8 notify callbacks
     - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
     - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
     - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
     - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
     - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
       iov_iter_zero
     - thermal: int3400: Fix reading of current_uuid for active policy
     - ovl: properly handle large files in ovl_security_fileattr
     - dm thin: Add missing destroy_work_on_stack()
     - PCI: rockchip-ep: Fix address translation unit programming
     - nfsd: make sure exp active before svc_export_show
     - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
     - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
     - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
     - [powerpc*] Fix stack protector Kconfig test for clang
     - [powerpc*] Adjust adding stack protector flags to KBUILD_CLAGS for clang
     - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
       walk_down_proc()
     - drm/sti: avoid potential dereference of error pointers in
       sti_hqvdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers in
       sti_gdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers
     - [arm64,armhf] drm/etnaviv: flush shader L1 cache after user commandstream
     - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
       v13.0.7
     - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
     - watchdog: apple: Actually flush writes after requesting watchdog restart
     - watchdog: mediatek: Make sure system reset gets asserted in
       mtk_wdt_restart()
     - can: gs_usb: remove leading space from goto labels
     - can: gs_usb: gs_usb_probe(): align block comment
     - can: gs_usb: uniformly use "parent" as variable name for struct gs_usb
     - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
     - can: gs_usb: add usb endpoint address detection at driver probe step
     - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
       fails
     - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
       NULL
     - can: hi311x: hi3110_can_ist(): fix potential use-after-free
     - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
     - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
     - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
     - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
     - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
     - netfilter: x_tables: fix LED ID check in led_tg_check()
     - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
     - ptp: convert remaining drivers to adjfine interface
     - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
     - net/sched: tbf: correct backlog statistic for GSO packets
     - net: hsr: avoid potential out-of-bound access in fill_frame_info()
     - can: j1939: j1939_session_new(): fix skb reference counting
     - net-timestamp: make sk_tskey more predictable in error path
     - net/ipv6: release expired exception dst cached in socket
     - dccp: Fix memory leak in dccp_feat_change_recv
     - tipc: Fix use-after-free of kernel socket in cleanup_bearer().
     - net/smc: fix LGR and link use-after-free issue
     - net/qed: allow old cards not supporting "num_images" to work
     - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
     - ixgbe: downgrade logging of unsupported VF API version to debug
     - igb: Fix potential invalid memory access in igb_init_module()
     - net: sched: fix erspan_opt settings in cls_flower
     - netfilter: ipset: Hold module reference while requesting a module
     - netfilter: nft_set_hash: skip duplicated elements pending gc run
     - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
     - geneve: do not assume mac header is set in geneve_xmit_skb()
     - net/mlx5e: Remove workaround to avoid syndrome for internal port
     - [arm64] KVM: arm64: Change kvm_handle_mmio_return() return polarity
     - [arm64] KVM: arm64: Don't retire aborted MMIO instruction
     - gpio: grgpio: use a helper variable to store the address of ofdev->dev
     - gpio: grgpio: Add NULL check in grgpio_probe
     - serial: amba-pl011: Use port lock wrappers
     - serial: amba-pl011: Fix RX stall when DMA is used
     - usb: dwc3: gadget: Rewrite endpoint allocation flow
     - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
     - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
     - [powerpc*] vdso: Skip objtool from running on VDSO files
     - [powerpc*] vdso: Remove unused '-s' flag from ASFLAGS
     - [powerpc*] vdso: Improve linker flags
     - [powerpc*] vdso: Remove an unsupported flag from vgettimeofday-32.o with
       clang
     - [powerpc*] vdso: Include CLANG_FLAGS explicitly in ldflags-y
     - [powerpc*] vdso: Refactor CFLAGS for CVDSO build
     - [powerpc*] vdso: Drop -mstack-protector-guard flags in 32-bit files with
       clang
     - ntp: Remove invalid cast in time offset math
     - driver core: fw_devlink: Improve logs for cycle detection
     - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
     - driver core: fw_devlink: Stop trying to optimize cycle detection logic
     - i3c: Make i3c_master_unregister() return void
     - i3c: master: add enable(disable) hot join in sys entry
     - i3c: master: svc: add hot join support
     - i3c: master: fix kernel-doc check warning
     - i3c: master: support to adjust first broadcast address speed
     - i3c: master: svc: use slow speed for first broadcast address
     - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable
       counter
     - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
     - i3c: master: Extend address status bit to 4 and add
       I3C_ADDR_SLOT_EXT_DESIRED
     - i3c: master: Fix dynamic address leak when 'assigned-address' is present
     - PCI: endpoint: Use a separate lock for protecting epc->pci_epf list
     - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
     - device property: Constify device child node APIs
     - device property: Add cleanup.h based fwnode_handle_put() scope based
       cleanup.
     - device property: Introduce device_for_each_child_node_scoped()
     - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
       paths
     - drm/bridge: it6505: update usleep_range for RC circuit charge time
     - drm/bridge: it6505: Fix inverted reset polarity
     - xsk: always clear DMA mapping information when unmapping the pool
     - bpftool: Remove asserts from JIT disassembler
     - bpftool: fix potential NULL pointer dereferencing in prog_dump()
     - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
     - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
     - ALSA: usb-audio: Notify xrun for low-latency mode
     - tools: Override makefile ARCH variable if defined, but empty
     - spi: mpc52xx: Add cancel_work_sync before module remove
     - scsi: scsi_debug: Fix hrtimer support for ndelay
     - [arm64] drm/v3d: Enable Performance Counters before clearing them
     - ocfs2: free inode when ocfs2_get_init_inode() fails
     - scatterlist: fix incorrect func name in kernel-doc
     - iio: magnetometer: yas530: use signed integer type for clamp limits
     - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
     - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
     - bpf: Handle in-place update for full LPM trie correctly
     - bpf: Fix exact match conditions in trie_get_next_key()
     - mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
       (CVE-2024-53105)
     - HID: wacom: fix when get product name maybe null pointer
     - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
     - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
     - watchdog: rti: of: honor timeout-sec property
     - can: dev: can_set_termination(): allow sleeping GPIOs
     - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E
       6.
     - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
     - [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
       ASIDs
     - [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
     - ALSA: usb-audio: add mixer mapping for Corsair HS80
     - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
     - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
     - scsi: qla2xxx: Fix abort in bsg timeout
     - scsi: qla2xxx: Fix NVMe and NPIV connect issue
     - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
     - scsi: qla2xxx: Fix use after free on unload
     - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
     - scsi: ufs: core: sysfs: Prevent div by zero
     - scsi: ufs: core: Add missing post notify for power mode change
     - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
     - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
     - drm/dp_mst: Fix MST sideband message body length check
     - drm/dp_mst: Verify request type in the corresponding down message reply
     - drm/dp_mst: Fix resetting msg rx state after topology removal
     - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
     - modpost: Add .irqentry.text to OTHER_SECTIONS
     - bpf: fix OOB devmap writes when deleting elements
     - dma-buf: fix dma_fence_array_signaled v4
     - dma-fence: Fix reference leak on fence merge failure path
     - dma-fence: Use kernel's sort for merging fences
     - xsk: fix OOB map writes when deleting elements
     - regmap: detach regmap from dev on regmap_exit
     - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
       tablet
     - mmc: core: Further prevent card detect during shutdown
     - ocfs2: update seq_file index in ocfs2_dlm_seq_next
     - lib: stackinit: hide never-taken branch from compiler
     - [arm64] iommu/arm-smmu: Defer probe of clients after smmu device bound
     - epoll: annotate racy check
     - [s390x] cpum_sf: Handle CPU hotplug remove during sampling
     - btrfs: avoid unnecessary device path update for the same device
     - btrfs: do not clear read-only when adding sprout device
     - [x86] perf/x86/amd: Warn only on new bits set
     - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
     - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
     - mmc: core: Add SD card quirk for broken poweroff notification
     - soc: imx8m: Probe the SoC driver as platform driver
     - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
     - [arm64,armhf] drm/vc4: hdmi: Avoid log spam for audio start failure
     - [arm64,armhf] drm/vc4: hvs: Set AXI panic modes for the HVS
     - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
     - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
     - drm/bridge: it6505: Enable module autoloading
     - drm/mcde: Enable module autoloading
     - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
     - drm/display: Fix building with GCC 15
     - r8169: don't apply UDP padding quirk on RTL8126A
     - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
     - net: ethernet: fs_enet: Use %pa to format resource_size_t
     - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
     - af_packet: avoid erroring out after sock_init_data() in packet_create()
     - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
       l2cap_sock_create()
     - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
       rfcomm_sock_alloc()
     - net: af_can: do not leave a dangling sk pointer in can_create()
     - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
     - net: inet: do not leave a dangling sk pointer in inet_create()
     - net: inet6: do not leave a dangling sk pointer in inet6_create()
     - wifi: ath5k: add PCI ID for SX76X
     - wifi: ath5k: add PCI ID for Arcadyan devices
     - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
     - net: sfp: change quirks for Alcatel Lucent G-010S-P
     - drm/sched: memset() 'job' in drm_sched_job_init()
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
     - drm/amdgpu: Dereference the ATCS ACPI buffer
     - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
     - dma-debug: fix a possible deadlock on radix_lock
     - jfs: array-index-out-of-bounds fix in dtReadFirst
     - jfs: fix shift-out-of-bounds in dbSplit
     - jfs: fix array-index-out-of-bounds in jfs_readdir
     - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
     - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
     - ALSA: usb-audio: Make mic volume workarounds globally applicable
     - drm/amdgpu: set the right AMDGPU sg segment limitation
     - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
     - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
       brcmf_sdiod_sglist_rw()
     - dsa: qca8k: Use nested lock to avoid splat
     - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
     - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
     - ASoC: hdmi-codec: reorder channel allocation list
     - rocker: fix link status detection in rocker_carrier_init()
     - net/neighbor: clear error in case strict check is not set
     - netpoll: Use rcu_access_pointer() in __netpoll_setup
     - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
     - tracing/ftrace: disable preemption in syscall probe
     - tracing: Use atomic64_inc_return() in trace_clock_counter()
     - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
     - scsi: hisi_sas: Add cond_resched() for no forced preemption model
     - scsi: ufs: core: Make DMA mask configuration more flexible
     - leds: class: Protect brightness_show() with led_cdev->led_access mutex
     - scsi: st: Don't modify unknown block number in MTIOCGET
     - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
     - pinctrl: qcom-pmic-gpio: add support for PM8937
     - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
     - nvdimm: rectify the illogical code within nd_dax_probe()
     - smb: client: memcpy() with surrounding object base address
     - verification/dot2: Improve dot parser robustness
     - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
     - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
     - PCI: Detect and trust built-in Thunderbolt chips
     - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
     - PCI: Add ACS quirk for Wangxun FF5xxx NICs
     - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
       avoid deadlock
     - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
     - iio: light: ltr501: Add LTER0303 to the supported devices
     - [x86] ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen
       6 21M1CTO1WW (Closes: #1087673)
     - [powerpc*] prom_init: Fixup missing powermac #size-cells
     - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
     - rtc: cmos: avoid taking rtc_lock for extended period of time
     - serial: 8250_dw: Add Sophgo SG2044 quirk
     - io_uring/tctx: work around xa_store() allocation error issue
     - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
     - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
       turning busy
     - sched/core: Prevent wakeup of ksoftirqd during idle load balance
     - btrfs: fix missing snapshot drew unlock when root is dead during swap
       activation
     - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
     - Revert "unicode: Don't special case ignorable code points"
     - vfio/mlx5: Align the page tracking max message size with the device
       capability
     - udf: Fold udf_getblk() into udf_bread()
     - [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
     - [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
     - [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
     - [x86] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn
       from kvm_faultin_pfn()
     - jffs2: Prevent rtime decompress memory corruption
     - jffs2: Fix rtime decompressor
     - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
     - io_uring: wake up optimisations
     - xhci: dbc: Fix STALL transfer event handling
     - mmc: mtk-sd: Fix error handle of probe function
     - drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
     - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
       volume"
     - Revert "drm/amdgpu: add missing size check in
       amdgpu_debugfs_gprwave_read()"
     - gve: Fixes for napi_poll when budget is 0
     - [arm64] sve: Discard stale CPU state when handling SVE traps
       (CVE-2024-50275)
     - [arm64] smccc: Remove broken support for SMCCCv1.3 SVE discard hint
     - [x86] ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
     - mm: call the security_mmap_file() LSM hook in remap_file_pages()
     - bpf: Fix helper writes to read-only maps (CVE-2024-49861)
     - net: Move {l,t,d}stats allocation to core and convert veth & vrf
     - bpf: Fix dev's rx stats for bpf_redirect_peer traffic
     - veth: Use tstats per-CPU traffic counters
     - drm/ttm: Make sure the mapped tt pages are decrypted when needed
     - drm/ttm: Print the memory decryption status just once
     - drm/amdgpu: rework resume handling for display (v2)
     - usb: dwc3: ep0: Don't reset resource alloc flag
     - serial: amba-pl011: fix build regression
     - i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
     - i3c: master: svc: fix possible assignment of the same address to two
       devices
     - PM / devfreq: Fix build issues with devfreq disabled
     - [arm64] drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed
     - fs/ntfs3: Sequential field availability check in mi_enum_attr()
     - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master
       Driver Due to Race Condition
     - Bluetooth: MGMT: Fix possible deadlocks
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.121
     - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
     - ksmbd: fix racy issue from session lookup and expire
     - tcp: check space before adding MPTCP SYN options
     - blk-cgroup: Fix UAF in blkcg_unpin_online()
     - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
     - usb: host: max3421-hcd: Correctly abort a USB request.
     - ata: sata_highbank: fix OF node reference leak in
       highbank_initialize_phys()
     - usb: dwc2: Fix HCD resume
     - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
     - usb: dwc2: Fix HCD port connection race
     - usb: ehci-hcd: fix call balance of clocks handling routines
     - usb: typec: anx7411: fix fwnode_handle reference leak
     - usb: typec: anx7411: fix OF node reference leaks in
       anx7411_typec_switch_probe()
     - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
       accessing null pointer
     - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
     - [x86] drm/i915: Fix memory leak by correcting cache object name in error
       handler
     - xfs: update btree keys correctly when _insrec splits an inode root block
     - xfs: don't drop errno values when we fail to ficlone the entire range
     - xfs: return from xfs_symlink_verify early on V4 filesystems
     - xfs: fix scrub tracepoints when inode-rooted btrees are involved
     - xfs: only run precommits once per transaction object
     - bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
     - bpf, sockmap: Fix update element with same
     - smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
       (Closes: #1088733)
     - exfat: support dynamic allocate bh for exfat_entry_set_cache
     - exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
     - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
     - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters()
     - wifi: mac80211: fix station NSS capability initialization order
     - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
     - amdgpu/uvd: get ring reference from rq scheduler
     - batman-adv: Do not send uninitialized TT changes
     - batman-adv: Remove uninitialized data in full table TT response
     - batman-adv: Do not let TT changes list grows indefinitely
     - tipc: fix NULL deref in cleanup_bearer()
     - net/mlx5: DR, prevent potential error pointer dereference
     - ptp: kvm: Use decrypted memory in confidential guest on x86
     - [x86] ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
       kvm_arch_ptp_init()
     - net: lapb: increase LAPB_HEADER_LEN
     - net: defer final 'struct net' free in netns dismantle
     - [arm64] net: mscc: ocelot: fix memory leak on
       ocelot_port_add_txtstamp_skb()
     - [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
       skb
     - [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
       ocelot_port->tx_skbs.lock are IRQ-safe
     - [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
       transmission
     - [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
     - [armhf] spi: aspeed: Fix an error handling path in
       aspeed_spi_[read|write]_user()
     - net: sparx5: fix FDMA performance issue
     - net: sparx5: fix the maximum frame length register
     - ACPI: resource: Fix memory resource type union access
     - cxgb4: use port number to set mac addr
     - qca_spi: Fix clock speed for multiple QCA7000
     - qca_spi: Make driver probing reliable
     - ASoC: amd: yc: Fix the wrong return value
     - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
     - net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
     - net/sched: netem: account for backlog updates from child qdisc
     - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - ACPICA: events/evxfregn: don't release the ContextMutex that was never
       acquired
     - Bluetooth: iso: Fix recursive locking warning
     - Bluetooth: SCO: Add support for 16 bits transparent voice setting
     - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
     - bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
     - tracing/kprobes: Skip symbol counting logic for module symbols in
       create_local_trace_kprobe()
     - xen/netfront: fix crash when removing device (CVE-2024-53240)
     - [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
     - [x86] objtool/x86: allow syscall instruction (CVE-2024-53241)
     - [x86] static-call: provide a way to do very early static-call updates
       (CVE-2024-53241)
     - [x86] xen: don't do PV iret hypercall through hypercall page
       (CVE-2024-53241)
     - [x86] xen: add central hypercall functions (CVE-2024-53241)
     - [x86] xen: use new hypercall functions instead of hypercall page
       (CVE-2024-53241)
     - [x86] xen: remove hypercall page (CVE-2024-53241)
     - ALSA: usb-audio: Fix a DMA to stack memory bug
     - [x86] static-call: fix 32-bit build
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
     - net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
     - PCI/AER: Disable AER service on suspend
     - PCI: Use preserve_config in place of pci_flags
     - PCI: vmd: Create domain symlink before pci_bus_add_devices()
     - usb: cdns3: Add quirk flag to enable suspend residency
     - [x86] ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
     - [x86] ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C
     - PCI: Add ACS quirk for Broadcom BCM5760X NIC
     - [arm64,armhf] usb: dwc2: gadget: Don't write invalid mapped sg entries
       into dma_desc with iommu enabled
     - PCI: Introduce pci_resource_n()
     - [x86] platform/x86: p2sb: Make p2sb_get_devfn() return void
     - [x86] p2sb: Factor out p2sb_read_from_cache()
     - [x86] p2sb: Introduce the global flag p2sb_hidden_by_bios
     - [x86] p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
     - [x86] p2sb: Do not scan and remove the P2SB device when it is unhidden
     - i2c: pnx: Fix timeout in wait functions
     - cxl/region: Fix region creation for greater than x2 switches
     - net/smc: protect link down work from execute after lgr freed
       (CVE-2024-56718)
     - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
     - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
       msg
     - net/smc: check smcd_v2_ext_offset when receiving proposal msg
     - net/smc: check return value of sock_recvmsg when draining clc data
     - [arm64] net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
       ocelot_ifh_set_basic()
     - ionic: Fix netdev notifier unregister on failure (CVE-2024-56715)
     - ionic: use ee->offset when returning sprom data
     - net: hinic: Fix cleanup in create_rxqs/txqs()
     - net: ethernet: bgmac-platform: fix an OF node reference leak
     - netfilter: ipset: Fix for recursive locking warning
     - net: mdiobus: fix an OF node reference leak
     - [arm64,armhf] mmc: sdhci-tegra: Remove
       SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
     - [x86] KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
     - i2c: riic: Always round-up when calculating bus period
     - efivarfs: Fix error on non-existent file
     - USB: serial: option: add TCL IK512 MBIM & ECM
     - USB: serial: option: add MeiG Smart SLM770A
     - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
     - USB: serial: option: add MediaTek T7XX compositions
     - USB: serial: option: add Telit FE910C04 rmnet compositions
     - [x86] thunderbolt: Improve redrive mode handling
     - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
     - drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
     - [x86] i915/guc: Reset engine utilization buffer before registration
     - [x86] i915/guc: Ensure busyness counter increases motonically
     - [x86] i915/guc: Accumulate active runtime on gt reset
     - drm/amdgpu: don't access invalid sched
     - hwmon: (tmp513) Don't use "proxy" headers
     - hwmon: (tmp513) Simplify with dev_err_probe()
     - hwmon: (tmp513) Use SI constants from units.h
     - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
       Registers
     - hwmon: (tmp513) Fix Current Register value interpretation
     - hwmon: (tmp513) Fix interpretation of values of Temperature Result and
       Limit Registers
     - zram: refuse to use zero sized block device as backing device
     - zram: fix uninitialized ZRAM not releasing backing device
     - btrfs: tree-checker: reject inline extent items with 0 ref count
     - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
     - [x86] KVM: x86: Play nice with protected guests in
       complete_hypercall_exit()
     - tracing: Fix test_event_printk() to process entire print argument
     - tracing: Add missing helper functions in event pointer dereference check
     - tracing: Add "%s" check in test_event_printk()
     - io_uring: Fix registered ring file refcount leak
     - io_uring: check if iowq is killed before queuing (CVE-2024-56709)
     - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
     - of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
     - of/irq: Fix using uninitialized variable @addr_len in API
       of_irq_parse_one()
     - nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
     - nilfs2: prevent use of deleted inode
     - of: Fix error path in of_parse_phandle_with_args_map()
     - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
     - ceph: validate snapdirname option length when mounting
     - udf: Fix directory iteration for longer tail extents (Closes: #1089698)
     - epoll: Add synchronous wakeup support for ep_poll_callback
     - io_uring/rw: split io_read() into a helper
     - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
     - io_uring/rw: avoid punting to io-wq directly
     - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
     - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
     - mm/vmstat: fix a W=1 clang compiler warning
     - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
     - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
     - bpf: Check negative offsets in __bpf_skb_min_len()
     - nfsd: restore callback functionality for NFSv4.0
     - mtd: diskonchip: Cast an operand to prevent potential overflow
     - [arm64] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
     - phy: core: Fix an OF node refcount leakage in _of_phy_get()
     - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
     - phy: core: Fix that API devm_phy_put() fails to release the phy
     - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
       unregister the phy provider
     - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
     - phy: usb: Toggle the PHY power during init
     - [arm64] phy: rockchip: naneng-combphy: fix phy reset
     - [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
     - [x86] dmaengine: dw: Select only supported masters for ACPI devices
     - [powerpc*] pseries/vas: Add close() callback in vas_vm_ops struct
     - stddef: make __struct_group() UAPI C++-friendly
     - tracing/kprobe: Make trace_kprobe's module callback called after
       jump_label update
     - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
     - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
     - scsi: megaraid_sas: Fix for a potential deadlock
     - ALSA: hda/conexant: fix Z60MR100 startup pop issue
     - smb: server: Fix building with GCC 15
     - regmap: Use correct format specifier for logging range errors
     - [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
     - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
       load time
     - scsi: storvsc: Do not flag MAINTENANCE_IN return of
       SRB_STATUS_DATA_OVERRUN as an error
     - drm/dp_mst: Ensure mst_primary pointer is valid in
       drm_dp_mst_handle_up_req()
     - virtio-blk: don't keep queue frozen during system suspend
     - blk-mq: register cpuhp callback after hctx is added to xarray table
     - vmalloc: fix accounting with i915
     - [mips*] mipsregs: Set proper ISA level for virt extensions
     - net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)
     - bpf: Check validity of link->type in bpf_link_show_fdinfo()
       (CVE-2024-53099)
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
     - ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
     - pmdomain: core: Add missing put_device()
     - sched/core: Report correct state for TASK_IDLE | TASK_FREEZABLE
     - freezer, sched: Report frozen tasks as 'D' instead of 'R'
     - tracing: Constify string literal data member in struct trace_event_call
     - tracing: Prevent bad count for tracing_cpumask_write
     - io_uring/sqpoll: fix sqpoll error handling races
     - i2c: microchip-core: actually use repeated sends
     - i2c: imx: add imx7d compatible string for applying erratum ERR007805
     - i2c: microchip-core: fix "ghost" detections
     - power: supply: gpio-charger: Fix set charge current limits
     - btrfs: avoid monopolizing a core when activating a swap file
     - btrfs: sysfs: fix direct super block member reads
     - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
       (CVE-2024-50121)
     - Revert "rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()"
     - ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
 .
   [ Salvatore Bonaccorso ]
   * d/salsa-ci.yml: Suppress aliased-location lintian errors
   * debian/salsa-ci.yml: Include run of .build-after-script from common
     pipeline.
   * debian/salsa-ci.yml: Reference .build-after-script from after_script
     section
   * Revert "[x86] Revert "x86: Increase brk randomness entropy for 64-bit
     systems""
     The root cause for the segfaults were actually in qemu, which re-enables
     --static-pie linking for qemu-user-static binaries. It was disabled by
     mistake in qemu versions in Debian. Details in #1087822 and #1053101.
   * Bump ABI to 29
   * [rt] Update to 6.1.120-rt47
linux-signed-amd64 (6.1.119+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.119-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116
     - cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format
     - cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012)
     - mm: remove kern_addr_valid() completely
     - fs/proc/kcore: avoid bounce buffer for ktext data
     - fs/proc/kcore: convert read_kcore() to read_kcore_iter()
     - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions
     - fs/proc/kcore.c: allow translation of physical memory addresses
     - cgroup: Fix potential overflow issue when checking max_depth
     - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
       (Closes: #1062421)
     - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
     - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
     - wifi: ath11k: Fix invalid ring usage in full monitor mode
     - wifi: brcm80211: BRCM_TRACING should depend on TRACING
     - RDMA/cxgb4: Dump vendor specific QP details
     - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
     - RDMA/bnxt_re: synchronize the qp-handle table array
     - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
     - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
       (CVE-2024-53059)
     - [armel,armhf] ASoC: cs42l51: Fix some error handling paths in
       cs42l51_probe()
     - macsec: Fix use-after-free while sending the offloading packet
       (CVE-2024-50261)
     - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
       (CVE-2024-53058)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
       (CVE-2024-53042)
     - gtp: allow -1 to be specified as file description from userspace
     - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
     - netdevsim: Add trailing zero to terminate the string in
       nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
     - bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
     - netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
     - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
       (CVE-2024-50256)
     - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
       (CVE-2024-50255)
     - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
     - netfilter: nft_payload: sanitize offset and length before calling
       skb_checksum() (CVE-2024-50251)
     - iomap: convert iomap_unshare_iter to use large folios
     - iomap: improve shared block detection in iomap_unshare_iter
     - iomap: don't bother unsharing delalloc extents
     - iomap: share iomap_unshare_iter predicate code with fsdax
     - fsdax: remove zeroing code from dax_unshare_iter
     - fsdax: dax_unshare_iter needs to copy entire blocks (CVE-2024-50250)
     - iomap: turn iomap_want_unshare_iter into an inline function
     - compiler-gcc: be consistent with underscores use for `no_sanitize`
     - compiler-gcc: remove attribute support check for `__no_sanitize_address__`
     - afs: Automatically generate trace tag enums
     - afs: Fix missing subdir edit when renamed between parent dirs
     - ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
     - fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
     - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
     - fs/ntfs3: Stale inode instead of bad
     - fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
     - fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
     - scsi: scsi_transport_fc: Allow setting rport state to current state
     - net: amd: mvme147: Fix probe banner message
     - NFS: remove revoked delegation from server's delegation list
     - misc: sgi-gru: Don't disable preemption in GRU driver
     - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
     - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
     - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
     - USB: gadget: dummy-hcd: Fix "task hung" problem
     - ALSA: usb-audio: Add quirks for Dell WD19 dock
     - usbip: tools: Fix detach_port() invalid port error path
     - usb: phy: Fix API devm_usb_put_phy() can not release the phy
     - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
     - xhci: Fix Link TRB DMA in command ring stopped completion event
     - xhci: Use pm_runtime_get to prevent RPM on unsupported systems
     - Revert "driver core: Fix uevent_show() vs driver detach race"
     - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
       (CVE-2024-50237)
     - wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
     - wifi: cfg80211: clear wdev->cqm_config pointer on free (CVE-2024-50235)
     - wifi: iwlegacy: Clear stale interrupts before resuming device
       (CVE-2024-50234)
     - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
       (CVE-2024-50232)
     - iio: light: veml6030: fix microlux value calculation
     - nilfs2: fix potential deadlock with newly created symlinks
       (CVE-2024-50229)
     - block: fix sanity checks in blk_rq_map_user_bvec
     - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
       (CVE-2024-53054)
     - ALSA: hda/realtek: Limit internal Mic boost on Dell platform
     - cxl/acpi: Move rescan to the workqueue
     - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
     - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
     - mm/page_alloc: treat RT tasks similar to __GFP_HIGH
     - mm/page_alloc: explicitly record high-order atomic allocations in
       alloc_flags
     - mm/page_alloc: explicitly define what alloc flags deplete min reserves
     - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
       accesses reserves
     - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
     - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
     - mctp i2c: handle NULL header address (CVE-2024-53043)
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1
     - nvmet-auth: assign dh_key to NULL after kfree_sensitive (CVE-2024-50215)
     - io_uring: rename kiocb_end_write() local helper
     - fs: create kiocb_{start,end}_write() helpers
     - io_uring: use kiocb_{start,end}_write() helpers
     - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
       (CVE-2024-53052)
     - mm: migrate: try again if THP split is failed due to page refcnt
     - migrate: convert unmap_and_move() to use folios
     - migrate: convert migrate_pages() to use folios
     - mm/migrate.c: stop using 0 as NULL pointer
     - migrate_pages: organize stats with struct migrate_pages_stats
     - migrate_pages: separate hugetlb folios migration
     - migrate_pages: restrict number of pages to migrate in batch
     - migrate_pages: split unmap_and_move() to _unmap() and _move()
     - vmscan,migrate: fix page count imbalance on node stats when demoting pages
     - io_uring: always lock __io_cqring_overflow_flush (Closes: #1087602)
     - [x86] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
     - wifi: mac80211: fix NULL dereference at band check in starting tx ba
       session (CVE-2024-43911)
     - nilfs2: fix kernel bug due to missing clearing of checked flag
       (CVE-2024-50230)
     - wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055)
     - mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228)
     - mtd: spi-nor: winbond: fix w25q128 regression
     - drm/amd/display: Add null checks for 'stream' and 'plane' before
       dereferencing (CVE-2024-43904)
     - drm/amd/display: Skip on writeback when it's not applicable
       (CVE-2024-36914)
     - vt: prevent kernel-infoleak in con_font_get()
     - mm: avoid gcc complaint about pointer casting
     - migrate_pages_batch: fix statistics for longterm pin retry
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
     - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
     - [arm64] dts: rockchip: Fix rt5651 compatible value on
       rk3399-sapphire-excavator
     - [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
     - [arm64] dts: rockchip: Fix wakeup prop names on PineNote BT node
     - [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
     - [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
     - [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
     - [arm64] dts: imx8qm: Fix VPU core alias name
     - [arm64] dts: imx8qxp: Add VPU subsystem file
     - [arm64] dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
     - [arm64] dts: imx8mp: correct sdhc ipg clk
     - [armhf] ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
     - HID: core: zero-initialize the report buffer (CVE-2024-50302)
     - [x86] platform/x86/amd/pmc: Detect when STB is not available
       (CVE-2024-53072)
     - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
     - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
     - NFSv3: handle out-of-order write replies.
     - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
     - security/keys: fix slab-out-of-bounds in key_task_permission
       (CVE-2024-50301)
     - [arm64] net: enetc: set MAC address to the VF net_device
     - sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
     - can: c_can: fix {rx,tx}_errors statistics
     - ice: change q_index variable type to s16 to store -1 value
     - i40e: fix race condition by adding filter's intermediate sync state
       (CVE-2024-53088)
     - [arm64] net: hns3: fix kernel crash when uninstalling driver
       (CVE-2024-50296)
     - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
     - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
     - virtio_net: Add hash_key_length check (CVE-2024-53082)
     - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
     - media: stb0899_algo: initialize cfr before using it
     - media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
     - media: dvb_frontend: don't play tricks with underflow values
     - media: adv7604: prevent underflow condition when reporting colorspace
     - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
     - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
     - [armhf] ASoC: stm32: spdifrx: fix dma channel release in
       stm32_spdifrx_remove
     - media: ar0521: don't overflow when checking PLL values (CVE-2024-53081)
     - media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
     - media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
     - media: pulse8-cec: fix data timestamp at pulse8_setup()
     - media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
     - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
     - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
     - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when
       switching CAN modes
     - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
       (CVE-2024-50286)
     - ksmbd: Fix the missing xa_store error check (CVE-2024-50284)
     - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp (CVE-2024-50283)
     - pwm: imx-tpm: Use correct MODULO value for EPWM mode
     - drm/amdgpu: Adjust debugfs eviction and IB access permissions
     - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
       (CVE-2024-50282)
     - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
       (CVE-2024-53060)
     - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
     - dm cache: correct the number of origin blocks to match the target length
     - dm cache: fix flushing uninitialized delayed_work on cache_ctr error
       (CVE-2024-50280)
     - dm cache: fix out-of-bounds access to the dirty bitset when resizing
       (CVE-2024-50279)
     - dm cache: optimize dirty bit checking with find_next_bit when resizing
     - dm cache: fix potential out-of-bounds access on the first resume
       (CVE-2024-50278)
     - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
       overflow
     - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
     - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
     - nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
     - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
     - net: vertexcom: mse102x: Fix possible double free of TX skb
       (CVE-2024-50276)
     - mptcp: use sock_kfree_s instead of kfree
     - btrfs: reinitialize delayed ref list after deleting it from the list
       (CVE-2024-50273)
     - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
       (CVE-2024-38540)
     - Revert "wifi: mac80211: fix RCU list iterations"
     - net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
     - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
       uvc_parse_format
     - filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
     - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
     - signal: restore the override_rlimit logic (CVE-2024-50271)
     - usb: musb: sunxi: Fix accessing an released usb phy (CVE-2024-50269)
     - usb: dwc3: fix fault at system suspend if device was already runtime
       suspended
     - usb: typec: fix potential out of bounds in
       ucsi_ccg_update_set_new_cam_cmd()
     - USB: serial: io_edgeport: fix use after free in debug printk
       (CVE-2024-50267)
     - USB: serial: qcserial: add support for Sierra Wireless EM86xx
     - USB: serial: option: add Fibocom FG132 0x0112 composition
     - USB: serial: option: add Quectel RG650V
     - irqchip/gic-v3: Force propagation of the active state with a read-back
     - ocfs2: remove entry once instead of null-ptr-dereference in
       ocfs2_xa_remove()
     - ucounts: fix counter leak in inc_rlimit_get_ucounts()
     - [x86] ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
     - net: sched: use RCU read-side critical section in taprio_dump()
       (CVE-2024-50126)
     - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
     - vsock/virtio: Initialization of the dangling pointer occurring in
       vsk->trans
     - media: amphion: Fix VPU core alias name
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.118
     - Revert "Bluetooth: fix use-after-free in accessing skb after sending it"
     - Revert "Bluetooth: hci_sync: Fix overwriting request callback"
     - Revert "Bluetooth: af_bluetooth: Fix deadlock"
     - Revert "Bluetooth: hci_core: Fix possible buffer overflow"
     - Revert "Bluetooth: hci_conn: Consolidate code for aborting connections"
       (Closes: #1086447)
     - 9p: Avoid creating multiple slab caches with the same name
     - nvme: tcp: avoid race between queue_lock lock and destroy
     - block: Fix elevator_get_default() checking for NULL q->tag_set
     - HID: multitouch: Add support for B2402FVA track point
     - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
     - nvme: disable CC.CRIME (NVME_CC_CRIME)
     - bpf: use kvzmalloc to allocate BPF verifier environment
     - crypto: api - Fix liveliness check in crypto_alg_tested
     - [arm*] crypto: marvell/cesa - Disable hash algorithms
     - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
     - drm/vmwgfx: Limit display layout ioctl array size to
       VMWGFX_NUM_DISPLAY_UNITS
     - nvme-multipath: defer partition scanning (CVE-2024-53093)
     - [powerpc*] powernv: Free name on error in opal_event_init()
     - nvme: make keep-alive synchronous operation
     - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
     - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
     - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
     - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
     - md/raid10: improve code of mrdev in raid10_sync_request
     - io_uring: fix possible deadlock in io_register_iowq_max_workers()
       (CVE-2024-41080)
     - uprobes: encapsulate preparation of uprobe args buffer
     - uprobe: avoid out-of-bounds memory access of fetching args
       (CVE-2024-50067)
     - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (CVE-2024-49991)
     - ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
     - Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950)
     - mm: krealloc: Fix MTE false alarm in __do_krealloc
     - [x86] platform/x86: x86-android-tablets: Fix use after free on
       platform_device_register() errors (CVE-2024-49986)
     - fs/ntfs3: Fix general protection fault in run_is_mapped_full
       (CVE-2024-50243)
     - 9p: fix slab cache name creation for real
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119
     - netlink: terminate outstanding dump on socket close
     - [arm64,armhf] drm/rockchip: vop: Fix a dereferenced before check warning
     - mptcp: error out earlier on disconnect
     - net/mlx5: fs, lock FTE when checking if active
     - net/mlx5e: kTLS, Fix incorrect page refcounting
     - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
     - virtio/vsock: Fix accept_queue memory leak
     - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS
     - Bluetooth: hci_core: Fix calling mgmt_device_connected
     - net/sched: cls_u32: replace int refcounts with proper refcounts
     - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for
       hnodes.
     - bonding: add ns target multicast address to slave device
     - [armel,armhf] 9419/1: mm: Fix kernel memory mapping for xip kernels
     - [x86] mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
     - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
     - ocfs2: uncache inode which has failed entering the group
     - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
     - ima: fix buffer overrun in ima_eventdigest_init_common
     - [x86] KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID
       disabled
     - [x86] KVM: x86: Unconditionally set irr_pending when updating APICv state
     - [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
       CONFIG_BROKEN
     - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
     - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
     - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
     - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
     - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
     - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
     - mmc: sunxi-mmc: Fix A100 compatible description
     - drm/bridge: tc358768: Fix DSI command tx
     - drm/amd: Fix initialization mistake for NBIO 7.7.0
     - staging: vchiq_arm: Get the rid off struct vchiq_2835_state
     - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
     - fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
     - Bluetooth: ISO: Fix not validating setsockopt user input (CVE-2024-35964)
     - lib/buildid: Fix build ID parsing logic
     - cxl/pci: fix error code in __cxl_hdm_decode_init()
     - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
     - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
     - NFSD: Async COPY result needs to return a write verifier
     - NFSD: Limit the number of concurrent async COPY operations
       (CVE-2024-49974)
     - NFSD: Initialize struct nfsd4_copy earlier
     - NFSD: Never decrement pending_async_copies on error
     - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
     - mptcp: define more local variables sk
     - mptcp: add userspace_pm_lookup_addr_by_id helper
     - mptcp: update local address flags when setting it
     - mptcp: hold pm lock when deleting entry
     - mptcp: drop lookup_by_id in lookup_addr
     - mptcp: pm: use _rcu variant under rcu_read_lock
     - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (CVE-2024-26954)
     - ksmbd: fix potencial out-of-bounds when buffer offset is invalid
       (CVE-2024-26952)
     - net: add copy_safe_from_sockptr() helper
     - nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
     - fs/9p: fix uninitialized values during inode evict (CVE-2024-36923)
     - ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322)
     - net/sched: taprio: extend minimum interval restriction to entire cycle too
       (CVE-2024-36244)
     - net: fec: remove .ndo_poll_controller to avoid deadlocks (CVE-2024-38553)
     - mm: revert "mm: shmem: fix data-race in shmem_getattr()"
     - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
     - mm: unconditionally close VMAs on error
     - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
     - mm: resolve faulty mmap_region() error path behaviour
     - drm/amd: check num of link levels when update pcie param (CVE-2023-52812)
     - char: xillybus: Prevent use-after-free due to race condition
       (CVE-2022-45888)
     - null_blk: Remove usage of the deprecated ida_simple_xx() API
     - null_blk: fix null-ptr-dereference while configuring 'power' and
       'submit_queues' (CVE-2024-36478)
     - null_blk: Fix return value of nullb_device_power_store()
     - parisc: fix a possible DMA corruption (CVE-2024-44949)
     - char: xillybus: Fix trivial bug with mutex
     - net: Make copy_safe_from_sockptr() match documentation
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 28
   * [x86] Revert "x86: Increase brk randomness entropy for 64-bit systems"
     (Closes: #1085762)

linux-signed-arm64 (6.1.123+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.123-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
     - [x86] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated
       codec
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet
     - [x86] ASoC: Intel: sst: Support LPE0F28 ACPI HID
     - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
     - mac80211: fix user-power when emulating chanctx
     - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
     - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
     - bpf: fix filed access without lock
     - net: usb: qmi_wwan: add Quectel RG650V
     - soc: qcom: Add check devm_kasprintf() returned value
     - regulator: rk808: Add apply_bit for BUCK3 on RK809
     - [x86] platform/x86: dell-smbios-base: Extends support to Alienware
       products
     - [x86] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
     - tools/lib/thermal: Remove the thermal.h soft link when doing make clean
     - can: j1939: fix error in J1939 documentation.
     - [x86] platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing
       incorrect fan speed
     - [x86] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14
       Gen 6
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_mclk_round_rate()
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_get_clk_div()
     - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
       strict
     - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
     - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
     - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
     - [armel,armhf] 9420/1: smp: Fix SMP for xip kernels
     - ipmr: Fix access to mfc_cache_list without lock held
     - closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)
     - net: fix crash when config small gso_max_size/gso_ipv4_max_size
       (CVE-2024-50258)
     - serial: sc16is7xx: fix invalid FIFO access with special register set
       (CVE-2024-44950)
     - cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
     - fpga: bridge: add owner module and take its refcount (CVE-2024-36479)
     - fpga: manager: add owner module and take its refcount (CVE-2024-37021)
     - drm/amd/display: Add NULL check for function pointer in
       dcn32_set_output_transfer_func (CVE-2024-49909)
     - drm/amd/display: Check null-initialized variables (CVE-2024-49898)
     - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
     - Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (CVE-2024-49951)
     - fbdev: efifb: Register sysfs groups through driver core (CVE-2024-49925)
     - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
     - wifi: rtw89: avoid to add interface to list twice when SER
       (CVE-2024-49939)
     - drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899)
     - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
     - [x86] barrier: Do not serialize MSR accesses on AMD
     - [s390x] cio: Do not unregister the subchannel based on DNV
     - brd: defer automatic disk creation until module initialization succeeds
     - ext4: make 'abort' mount option handling standard
     - ext4: avoid remount errors with 'abort' mount option
     - [mips*] asm: fix warning when disabling MIPS_FP_SUPPORT
     - initramfs: avoid filename buffer overrun (CVE-2024-53142)
     - nvme-pci: fix freeing of the HMB descriptor table
     - [arm64] acpi/arm64: Adjust error handling procedure in
       gtdt_parse_timer_block()
     - cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
     - netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
     - block: fix bio_split_rw_at to take zone_write_granularity into account
     - [s390x] syscalls: Avoid creation of arch/arch/ directory
     - hfsplus: don't query the device logical block size multiple times
     - nvme-pci: reverse request order in nvme_queue_rqs
     - virtio_blk: reverse request order in virtio_queue_rqs
     - crypto: caam - Fix the pointer passed to caam_qi_shutdown()
     - firmware: google: Unregister driver_info on failure
     - EDAC/bluefield: Fix potential integer overflow
     - [x86] crypto: qat - remove faulty arbiter config reset
     - thermal: core: Initialize thermal zones before registering them
     - EDAC/fsl_ddr: Fix bad bit shift operations
     - crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
       return -EBUSY
     - crypto: cavium - Fix the if condition to exit loop after timeout
     - crypto: hisilicon/qm - disable same error report before resetting
     - EDAC/igen6: Avoid segmentation fault on module unload
     - crypto: inside-secure - Fix the return value of
       safexcel_xcbcmac_cra_init()
     - doc: rcu: update printed dynticks counter bits
     - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
     - ACPI: CPPC: Fix _CPC register setting issue
     - crypto: caam - add error check to caam_rsa_set_priv_key_form
     - crypto: bcm - add error check in the ahash_hmac_init function
     - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
     - tools/lib/thermal: Make more generic the command encoding function
     - thermal/lib: Fix memory leak on error in thermal_genl_auto()
     - time: Fix references to _msecs_to_jiffies() handling of values
     - seqlock/latch: Provide raw_read_seqcount_latch_retry()
     - clocksource/drivers:sp804: Make user selectable
     - clocksource/drivers/timer-ti-dm: Fix child node refcount handling
     - spi: spi-fsl-lpspi: downgrade log level for pio mode
     - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
     - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
     - microblaze: Export xmb_manager functions
     - [arm64] dts: mt8195: Fix dtbs_check error for infracfg_ao node
     - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
     - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
     - mmc: mmc_spi: drop buggy snprintf()
     - tpm: fix signed/unsigned bug when checking event logs
     - [arm64] dts: mt8183: krane: Fix the address of eeprom at i2c4
     - [arm64] dts: mt8183: kukui: Fix the address of eeprom at i2c4
     - [arm64] dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
       trackpad
     - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
     - cgroup/bpf: only cgroup v2 can be attached by bpf programs
     - [arm64] dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
     - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
     - [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
     - pmdomain: ti-sci: Add missing of_node_put() for args.np
     - regmap: irq: Set lockdep class for hierarchical IRQ domains
     - [arm64] dts: mt8183: jacuzzi: Move panel under aux-bus
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
       regulators
     - [arm64] firmware: arm_scpi: Check the DVFS OPP count returned by the
       firmware
     - venus: venc: add handling for VIDIOC_ENCODER_CMD
     - media: venus: provide ctx queue lock for ioctl synchronization
     - media: atomisp: Add check for rgby_data memory allocation failure
     - [x86] platform/x86: panasonic-laptop: Return errno correctly in show
       callback
     - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
     - [arm64,armhf] drm/vc4: hvs: Don't write gamma luts on 2711
     - [arm64,armhf] drm/vc4: hdmi: Avoid hang with debug registers when
       suspended
     - [arm64,armhf] drm/vc4: hvs: Fix dlist debug not resetting the next entry
       pointer
     - [arm64,armhf] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
       function
     - [arm64,armhf] drm/vc4: hvs: Correct logic on stopping an HVS channel
     - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
     - drm/omap: Fix possible NULL dereference
     - drm/omap: Fix locking in omap_gem_new_dmabuf()
     - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
     - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/v3d: Address race-condition in MMU flush
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
     - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
     - ASoC: fsl_micfil: fix regmap_write_bits usage
     - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
     - drm/bridge: anx7625: Drop EDID cache on bridge power off
     - libbpf: Fix output .symtab byte-order during linking
     - bpf: Fix the xdp_adjust_tail sample prog issue
     - libbpf: fix sym_is_subprog() logic for weak global subprogs
     - libbpf: never interpret subprogs in .text as entry programs
     - netdevsim: copy addresses for both in and out paths
     - drm/bridge: tc358767: Fix link properties discovery
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_config_scan()
     - drm: fsl-dcu: enable PIXCLK on LS1021A
     - [arm64,armhf] drm/panfrost: Remove unused id_mask from struct
       panfrost_model
     - [arm64] bpf, arm64: Remove garbage frame for struct_ops trampoline
     - [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/msm/gpu: Add devfreq tuning debugfs
     - [arm64] drm/msm/gpu: Bypass PM QoS constraint for idle clamp
     - [arm64] drm/msm/gpu: Check the status of registration to PM QoS
     - [arm64,armhf] drm/etnaviv: Request pages from DMA32 zone on
       addressing_limited
     - [arm64,armhf] drm/etnaviv: fix power register offset on GC300
     - [arm64,armhf] drm/etnaviv: hold GPU lock across perfmon sampling
     - wifi: wfx: Fix error handling in wfx_core_init()
     - [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
       _dpu_core_perf_calc_clk()
     - netfilter: nf_tables: skip transaction if update object is not implemented
     - netfilter: nf_tables: must hold rcu read lock while iterating object type
       list
     - netlink: typographical error in nlmsg_type constants definition
     - bpf, sockmap: Several fixes to bpf_msg_push_data
     - bpf, sockmap: Several fixes to bpf_msg_pop_data
     - bpf, sockmap: Fix sk_msg_reset_curr
     - sock_diag: add module pointer to "struct sock_diag_handler"
     - sock_diag: allow concurrent operations
     - sock_diag: allow concurrent operation in sock_diag_rcv_msg()
     - net: use unrcu_pointer() helper
     - ipv6: release nexthop on device removal
     - net: rfkill: gpio: Add check for clk_enable()
     - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
     - ALSA: us122l: Use snd_card_free_when_closed() at disconnection
     - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
     - ALSA: 6fire: Release resources at card release
     - Bluetooth: fix use-after-free in device_for_each_child()
     - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
     - wireguard: selftests: load nf_conntrack if not present
     - bpf: fix recursive lock when verdict program return SK_PASS
     - unicode: Fix utf8_load() error path
     - trace/trace_event_perf: remove duplicate samples on the first tracepoint
       event
     - pinctrl: zynqmp: drop excess struct member description
     - [powerpc*] vdso: Flag VDSO64 entry points as functions
     - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
     - mfd: da9052-spi: Change read-mask to write-mask
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
     - cpufreq: loongson2: Unregister platform_driver on failure
     - [powerpc*] fadump: Refactor and prepare fadump_cma_init for late init
     - [powerpc*] fadump: Move fadump_cma_init to setup_arch() after
       initmem_init()
     - memory: renesas-rpc-if: Improve Runtime PM handling
     - memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*()
     - memory: renesas-rpc-if: Remove Runtime PM wrappers
     - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void
     - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
     - mtd: rawnand: atmel: Fix possible memory leak
     - [powerpc*] mm/fault: Fix kfence page fault reporting
     - [powerpc*] pseries: Fix dtl_access_lock to be a rw_semaphore
     - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
     - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
     - [arm64] RDMA/hns: Fix an AEQE overflow error caused by untimely update of
       eq_db_ci
     - [arm64] RDMA/hns: Add clear_hem return value to log
     - [arm64] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
     - [arm64] RDMA/hns: Remove unnecessary QP type checks
     - [arm64] RDMA/hns: Fix cpu stuck caused by printings during reset
     - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
     - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
     - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
     - clk: imx: lpcg-scu: SW workaround for errata (e10858)
     - clk: imx: fracn-gppll: correct PLL initialization flow
     - clk: imx: fracn-gppll: fix pll power up
     - clk: imx: clk-scu: fix clk enable state save and restore
     - [amd64] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
     - [amd64] iommu/vt-d: Fix checks and print in pgtable_walk()
     - mfd: rt5033: Fix missing regmap_del_irq_chip()
     - fs/proc/kcore.c: fix coccinelle reported ERROR instances
     - scsi: bfa: Fix use-after-free in bfad_im_module_exit()
     - scsi: fusion: Remove unused variable 'rc'
     - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
     - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
     - [arm64] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
     - [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
     - ocfs2: fix uninitialized value in ocfs2_file_read_iter()
     - dax: delete a stale directory pmem
     - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
     - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
       doorbells
     - [powerpc*] sstep: make emulate_vsx_load and emulate_vsx_store static
     - [powerpc*] kexec: Fix return of uninitialized variable
     - fbdev/sh7760fb: Alloc DMA memory from hardware device
     - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
     - clk: clk-apple-nco: Add NULL check in applnco_probe
     - dt-bindings: clock: axi-clkgen: include AXI clk
     - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
     - pinctrl: k210: Undef K210_PC_DEFAULT
     - smb: cached directories can be more than root file handle
     - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
     - perf cs-etm: Don't flush when packet_queue fills up
     - PCI: Fix reset_method_store() memory leak
     - perf stat: Close cork_fd when create_perf_stat_counter() failed
     - perf stat: Fix affinity memory leaks on error path
     - f2fs: compress: fix inconsistent update of i_blocks in
       release_compress_blocks and reserve_compress_blocks
     - f2fs: fix to account dirty data in __get_secs_required()
     - perf probe: Fix libdw memory leak
     - perf probe: Correct demangled symbols in C++ program
     - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
     - PCI: cpqphp: Fix PCIBIOS_* return value confusion
     - perf ftrace latency: Fix unit on histogram first entry when using
       --use-nsec
     - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
     - f2fs: remove struct segment_allocation default_salloc_ops
     - f2fs: open code allocate_segment_by_default
     - f2fs: remove the unused flush argument to change_curseg
     - f2fs: check curseg->inited before write_sum_page in change_curseg
     - f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
       GC_URGENT_MID
     - f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
       inode
     - perf trace: avoid garbage when not printing a trace event's arguments
     - svcrdma: Address an integer overflow
     - perf trace: Do not lose last events in a race
     - perf trace: Avoid garbage when not printing a syscall's arguments
     - remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk
     - remoteproc: qcom: pas: add minidump_id to SM8350 resources
     - rpmsg: glink: Fix GLINK command prefix
     - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
     - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
     - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
     - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
     - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
     - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
     - NFSD: Fix nfsd4_shutdown_copy()
     - hwmon: (tps23861) Fix reporting of negative temperatures
     - vdpa/mlx5: Fix suboptimal range on iotlb iteration
     - vfio/pci: Properly hide first-in-list PCIe extended capability
     - fs_parser: update mount_api doc to match function signature
     - power: supply: core: Remove might_sleep() from power_supply_put()
     - power: supply: bq27xxx: Fix registers of bq27426
     - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
     - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
     - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
     - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
       configuration
     - [s390x] iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
     - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
     - net: mdio-ipq4019: add missing error check
     - marvell: pxa168_eth: fix call balance of pep->clk handling routines
     - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
     - spi: atmel-quadspi: Fix register name in verbose logging function
     - net: hsr: fix hsr_init_sk() vs network/transport headers.
     - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
     - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
     - crypto: api - Add crypto_tfm_get
     - crypto: api - Add crypto_clone_tfm
     - llc: Improve setsockopt() handling of malformed user input
     - rxrpc: Improve setsockopt() handling of malformed user input
     - tcp: Fix use-after-free of nreq in reqsk_timer_handler().
     - ip6mr: fix tables suspicious RCU usage
     - ipmr: fix tables suspicious RCU usage
     - iio: light: al3010: Fix an error handling path in al3010_probe()
     - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
     - usb: yurex: make waiting on yurex_write interruptible
     - USB: chaoskey: fail open after removal
     - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
     - misc: apds990x: Fix missing pm_runtime_disable()
     - counter: stm32-timer-cnt: Add check for clk_enable()
     - counter: ti-ecap-capture: Add check for clk_enable()
     - ALSA: hda/realtek: Update ALC256 depop procedure
     - apparmor: fix 'Do simple duplicate message elimination'
     - [x86] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
     - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
       devm_pm_runtime_enable()
     - fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)
     - ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)
     - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata
       paths (CVE-2024-49891)
     - xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
     - xen: Fix the issue of resource not being properly released in
       xenbus_dev_probe()
     - ALSA: usb-audio: Fix out of bounds reads when finding clock sources
     - usb: ehci-spear: fix call balance of sehci clk handling routines
     - media: aspeed: Fix memory overwrite if timing is 1600x900 (CVE-2023-52916)
     - wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929)
     - drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in
       dcn30_init_hw (CVE-2024-49917)
     - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
       (CVE-2024-49915)
     - drm/amd/display: Add NULL check for function pointer in
       dcn20_set_output_transfer_func (CVE-2024-49911)
     - drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897)
     - rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()
     - btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
       (CVE-2024-35956)
     - [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
       enumerated
     - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
       devices
     - Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as
       disabled"
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN
     - [powerpc*] move the ARCH_DMA_MINALIGN definition to asm/cache.h
     - dma: allow dma_get_cache_alignment() to be overridden by the arch code
     - [x86] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
     - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
     - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
     - ext4: fix FS_IOC_GETFSMAP handling
     - jfs: xattr: check invalid xattr size more strictly
     - [x86] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen
       5 21MES00B00
     - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
     - [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
     - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
     - [x86] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf
       SPTE
     - [powerpc*] pseries: Fix KVM guest detection for disabling hardlockup
       detector
     - [arm64] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
     - [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
       status
     - PCI: Fix use-after-free of slot->bus on hot remove
     - fsnotify: fix sending inotify event with unexpected filename
     - comedi: Flush partial mappings in error case
     - apparmor: test: Fix memory leak for aa_unpack_strdup()
     - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
     - locking/lockdep: Avoid creating new name string literals in
       lockdep_set_subclass()
     - pinctrl: qcom: spmi: fix debugfs drive strength
     - dt-bindings: iio: dac: ad3552r: fix maximum spi speed
     - exfat: fix uninit-value in __exfat_get_dentry_set
     - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
     - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
     - driver core: bus: Fix double free in driver API bus_register()
       (CVE-2024-50055)
     - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
       failures
     - wifi: brcmfmac: release 'root' node in all execution paths
     - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
     - serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
     - gpio: exar: set value when external pull-up or pull-down is present
     - netfilter: ipset: add missing range check in bitmap_ip_uadt
       (CVE-2024-53141)
     - spi: Fix acpi deferred irq probe
     - mtd: spi-nor: core: replace dummy buswidth from addr to data
     - cpufreq: mediatek-hw: Fix wrong return value in
       mtk_cpufreq_get_cpu_power()
     - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
     - ubi: wl: Put source PEB into correct list if trying locking LEB failed
     - dt-bindings: serial: rs485: Fix rs485-rts-delay property
     - serial: 8250_fintek: Add support for F81216E
     - serial: 8250: omap: Move pm_runtime_get_sync
     - ublk: fix ublk_ch_mmap() for 64K page size
     - [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
     - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
     - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
     - media: wl128x: Fix atomicity violation in fmc_send_cmd()
     - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
     - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
     - ALSA: pcm: Add sanity NULL check for the default mmap fault handler
     - ALSA: hda/realtek: Update ALC225 depop procedure
     - ALSA: hda/realtek: Set PCBeep to default value for ALC274
     - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
     - ALSA: hda/realtek: Apply quirk for Medion E15433
     - smb3: request handle caching when caching directories
     - usb: musb: Fix hardware lockup on first Rx endpoint request
     - usb: dwc3: gadget: Fix checking for number of TRBs left
     - usb: dwc3: gadget: Fix looping of queued SG entries
     - ublk: fix error code for unsupported command
     - lib: string_helpers: silence snprintf() output truncation warning
     - ipc: fix memleak if msg_init_ns failed in create_ipc_ns
     - NFSD: Prevent a potential integer overflow
     - SUNRPC: make sure cache entry active before cache_show
     - NFSv4.0: Fix a use-after-free problem in the asynchronous open()
     - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
     - rtc: abx80x: Fix WDT bit position of the status register
     - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
     - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
     - ubifs: Correct the total block count by deducting journal reservation
     - ubi: fastmap: Fix duplicate slab cache names while attaching
     - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
     - jffs2: fix use of uninitialized variable
     - rtc: rzn1: fix BCD to rtc_time conversion errors
     - block: return unsigned int from bdev_io_min
     - 9p/xen: fix init sequence
     - 9p/xen: fix release of IRQ
     - [arm64] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
     - [arm64] perf/arm-cmn: Ensure port and device id bits are set properly
     - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
     - modpost: remove incorrect code in do_eisa_entry()
     - nfs: ignore SB_RDONLY when mounting nfs
     - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
     - xfs: remove unknown compat feature check in superblock write validation
     - quota: flush quota_release_work upon quota writeback
     - btrfs: don't loop for nowait writes when checking for cross references
     - btrfs: add might_sleep() annotations
     - btrfs: add a sanity check for btrfs root in btrfs_search_slot()
     - btrfs: ref-verify: fix use-after-free after invalid ref action
     - [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
     - [arm64] dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
     - media: amphion: Set video drvdata before register video device
     - media: imx-jpeg: Set video drvdata before register video device
     - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
     - [arm64] dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
     - media: i2c: tc358743: Fix crash in the probe error path when using polling
     - media: imx-jpeg: Ensure power suppliers be suspended before detach them
     - media: ts2020: fix null-ptr-deref in ts2020_probe()
     - media: platform: exynos4-is: Fix an OF node reference leak in
       fimc_md_is_isp_available
     - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
     - media: platform: allegro-dvt: Fix possible memory leak in
       allocate_buffers_internal()
     - media: uvcvideo: Stop stream during unregister
     - media: uvcvideo: Require entities to have a non-zero unique ID
     - ovl: Filter invalid inodes with missing lookup function
     - maple_tree: refine mas_store_root() on storing NULL
     - ftrace: Fix regression with module command in stack_trace_filter
     - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
     - [arm64,armhf] iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated
       tables
     - leds: lp55xx: Remove redundant test for invalid channel number
     - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
     - ad7780: fix division by zero in ad7780_write_raw()
     - [armel,armhf] 9429/1: ioremap: Sync PGDs for VMALLOC shadow
     - [s390x] entry: Mark IRQ entries to fix stack depot warnings
     - [armel,armhf] 9430/1: entry: Do a dummy read from VMAP shadow
     - [armel,armhf] 9431/1: mm: Pair atomic_set_release() with _read_acquire()
     - ceph: extract entity name from device id
     - util_macros.h: fix/rework find_closest() macros
     - scsi: ufs: exynos: Fix hibern8 notify callbacks
     - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
     - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
     - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
     - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
     - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
       iov_iter_zero
     - thermal: int3400: Fix reading of current_uuid for active policy
     - ovl: properly handle large files in ovl_security_fileattr
     - dm thin: Add missing destroy_work_on_stack()
     - PCI: rockchip-ep: Fix address translation unit programming
     - nfsd: make sure exp active before svc_export_show
     - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
     - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
     - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
     - [powerpc*] Fix stack protector Kconfig test for clang
     - [powerpc*] Adjust adding stack protector flags to KBUILD_CLAGS for clang
     - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
       walk_down_proc()
     - drm/sti: avoid potential dereference of error pointers in
       sti_hqvdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers in
       sti_gdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers
     - [arm64,armhf] drm/etnaviv: flush shader L1 cache after user commandstream
     - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
       v13.0.7
     - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
     - watchdog: apple: Actually flush writes after requesting watchdog restart
     - watchdog: mediatek: Make sure system reset gets asserted in
       mtk_wdt_restart()
     - can: gs_usb: remove leading space from goto labels
     - can: gs_usb: gs_usb_probe(): align block comment
     - can: gs_usb: uniformly use "parent" as variable name for struct gs_usb
     - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
     - can: gs_usb: add usb endpoint address detection at driver probe step
     - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
       fails
     - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
       NULL
     - can: hi311x: hi3110_can_ist(): fix potential use-after-free
     - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
     - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
     - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
     - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
     - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
     - netfilter: x_tables: fix LED ID check in led_tg_check()
     - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
     - ptp: convert remaining drivers to adjfine interface
     - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
     - net/sched: tbf: correct backlog statistic for GSO packets
     - net: hsr: avoid potential out-of-bound access in fill_frame_info()
     - can: j1939: j1939_session_new(): fix skb reference counting
     - net-timestamp: make sk_tskey more predictable in error path
     - net/ipv6: release expired exception dst cached in socket
     - dccp: Fix memory leak in dccp_feat_change_recv
     - tipc: Fix use-after-free of kernel socket in cleanup_bearer().
     - net/smc: fix LGR and link use-after-free issue
     - net/qed: allow old cards not supporting "num_images" to work
     - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
     - ixgbe: downgrade logging of unsupported VF API version to debug
     - igb: Fix potential invalid memory access in igb_init_module()
     - net: sched: fix erspan_opt settings in cls_flower
     - netfilter: ipset: Hold module reference while requesting a module
     - netfilter: nft_set_hash: skip duplicated elements pending gc run
     - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
     - geneve: do not assume mac header is set in geneve_xmit_skb()
     - net/mlx5e: Remove workaround to avoid syndrome for internal port
     - [arm64] KVM: arm64: Change kvm_handle_mmio_return() return polarity
     - [arm64] KVM: arm64: Don't retire aborted MMIO instruction
     - gpio: grgpio: use a helper variable to store the address of ofdev->dev
     - gpio: grgpio: Add NULL check in grgpio_probe
     - serial: amba-pl011: Use port lock wrappers
     - serial: amba-pl011: Fix RX stall when DMA is used
     - usb: dwc3: gadget: Rewrite endpoint allocation flow
     - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
     - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
     - [powerpc*] vdso: Skip objtool from running on VDSO files
     - [powerpc*] vdso: Remove unused '-s' flag from ASFLAGS
     - [powerpc*] vdso: Improve linker flags
     - [powerpc*] vdso: Remove an unsupported flag from vgettimeofday-32.o with
       clang
     - [powerpc*] vdso: Include CLANG_FLAGS explicitly in ldflags-y
     - [powerpc*] vdso: Refactor CFLAGS for CVDSO build
     - [powerpc*] vdso: Drop -mstack-protector-guard flags in 32-bit files with
       clang
     - ntp: Remove invalid cast in time offset math
     - driver core: fw_devlink: Improve logs for cycle detection
     - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
     - driver core: fw_devlink: Stop trying to optimize cycle detection logic
     - i3c: Make i3c_master_unregister() return void
     - i3c: master: add enable(disable) hot join in sys entry
     - i3c: master: svc: add hot join support
     - i3c: master: fix kernel-doc check warning
     - i3c: master: support to adjust first broadcast address speed
     - i3c: master: svc: use slow speed for first broadcast address
     - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable
       counter
     - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
     - i3c: master: Extend address status bit to 4 and add
       I3C_ADDR_SLOT_EXT_DESIRED
     - i3c: master: Fix dynamic address leak when 'assigned-address' is present
     - PCI: endpoint: Use a separate lock for protecting epc->pci_epf list
     - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
     - device property: Constify device child node APIs
     - device property: Add cleanup.h based fwnode_handle_put() scope based
       cleanup.
     - device property: Introduce device_for_each_child_node_scoped()
     - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
       paths
     - drm/bridge: it6505: update usleep_range for RC circuit charge time
     - drm/bridge: it6505: Fix inverted reset polarity
     - xsk: always clear DMA mapping information when unmapping the pool
     - bpftool: Remove asserts from JIT disassembler
     - bpftool: fix potential NULL pointer dereferencing in prog_dump()
     - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
     - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
     - ALSA: usb-audio: Notify xrun for low-latency mode
     - tools: Override makefile ARCH variable if defined, but empty
     - spi: mpc52xx: Add cancel_work_sync before module remove
     - scsi: scsi_debug: Fix hrtimer support for ndelay
     - [arm64] drm/v3d: Enable Performance Counters before clearing them
     - ocfs2: free inode when ocfs2_get_init_inode() fails
     - scatterlist: fix incorrect func name in kernel-doc
     - iio: magnetometer: yas530: use signed integer type for clamp limits
     - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
     - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
     - bpf: Handle in-place update for full LPM trie correctly
     - bpf: Fix exact match conditions in trie_get_next_key()
     - mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
       (CVE-2024-53105)
     - HID: wacom: fix when get product name maybe null pointer
     - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
     - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
     - watchdog: rti: of: honor timeout-sec property
     - can: dev: can_set_termination(): allow sleeping GPIOs
     - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E
       6.
     - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
     - [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
       ASIDs
     - [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
     - ALSA: usb-audio: add mixer mapping for Corsair HS80
     - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
     - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
     - scsi: qla2xxx: Fix abort in bsg timeout
     - scsi: qla2xxx: Fix NVMe and NPIV connect issue
     - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
     - scsi: qla2xxx: Fix use after free on unload
     - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
     - scsi: ufs: core: sysfs: Prevent div by zero
     - scsi: ufs: core: Add missing post notify for power mode change
     - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
     - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
     - drm/dp_mst: Fix MST sideband message body length check
     - drm/dp_mst: Verify request type in the corresponding down message reply
     - drm/dp_mst: Fix resetting msg rx state after topology removal
     - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
     - modpost: Add .irqentry.text to OTHER_SECTIONS
     - bpf: fix OOB devmap writes when deleting elements
     - dma-buf: fix dma_fence_array_signaled v4
     - dma-fence: Fix reference leak on fence merge failure path
     - dma-fence: Use kernel's sort for merging fences
     - xsk: fix OOB map writes when deleting elements
     - regmap: detach regmap from dev on regmap_exit
     - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
       tablet
     - mmc: core: Further prevent card detect during shutdown
     - ocfs2: update seq_file index in ocfs2_dlm_seq_next
     - lib: stackinit: hide never-taken branch from compiler
     - [arm64] iommu/arm-smmu: Defer probe of clients after smmu device bound
     - epoll: annotate racy check
     - [s390x] cpum_sf: Handle CPU hotplug remove during sampling
     - btrfs: avoid unnecessary device path update for the same device
     - btrfs: do not clear read-only when adding sprout device
     - [x86] perf/x86/amd: Warn only on new bits set
     - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
     - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
     - mmc: core: Add SD card quirk for broken poweroff notification
     - soc: imx8m: Probe the SoC driver as platform driver
     - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
     - [arm64,armhf] drm/vc4: hdmi: Avoid log spam for audio start failure
     - [arm64,armhf] drm/vc4: hvs: Set AXI panic modes for the HVS
     - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
     - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
     - drm/bridge: it6505: Enable module autoloading
     - drm/mcde: Enable module autoloading
     - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
     - drm/display: Fix building with GCC 15
     - r8169: don't apply UDP padding quirk on RTL8126A
     - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
     - net: ethernet: fs_enet: Use %pa to format resource_size_t
     - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
     - af_packet: avoid erroring out after sock_init_data() in packet_create()
     - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
       l2cap_sock_create()
     - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
       rfcomm_sock_alloc()
     - net: af_can: do not leave a dangling sk pointer in can_create()
     - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
     - net: inet: do not leave a dangling sk pointer in inet_create()
     - net: inet6: do not leave a dangling sk pointer in inet6_create()
     - wifi: ath5k: add PCI ID for SX76X
     - wifi: ath5k: add PCI ID for Arcadyan devices
     - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
     - net: sfp: change quirks for Alcatel Lucent G-010S-P
     - drm/sched: memset() 'job' in drm_sched_job_init()
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
     - drm/amdgpu: Dereference the ATCS ACPI buffer
     - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
     - dma-debug: fix a possible deadlock on radix_lock
     - jfs: array-index-out-of-bounds fix in dtReadFirst
     - jfs: fix shift-out-of-bounds in dbSplit
     - jfs: fix array-index-out-of-bounds in jfs_readdir
     - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
     - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
     - ALSA: usb-audio: Make mic volume workarounds globally applicable
     - drm/amdgpu: set the right AMDGPU sg segment limitation
     - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
     - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
       brcmf_sdiod_sglist_rw()
     - dsa: qca8k: Use nested lock to avoid splat
     - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
     - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
     - ASoC: hdmi-codec: reorder channel allocation list
     - rocker: fix link status detection in rocker_carrier_init()
     - net/neighbor: clear error in case strict check is not set
     - netpoll: Use rcu_access_pointer() in __netpoll_setup
     - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
     - tracing/ftrace: disable preemption in syscall probe
     - tracing: Use atomic64_inc_return() in trace_clock_counter()
     - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
     - scsi: hisi_sas: Add cond_resched() for no forced preemption model
     - scsi: ufs: core: Make DMA mask configuration more flexible
     - leds: class: Protect brightness_show() with led_cdev->led_access mutex
     - scsi: st: Don't modify unknown block number in MTIOCGET
     - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
     - pinctrl: qcom-pmic-gpio: add support for PM8937
     - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
     - nvdimm: rectify the illogical code within nd_dax_probe()
     - smb: client: memcpy() with surrounding object base address
     - verification/dot2: Improve dot parser robustness
     - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
     - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
     - PCI: Detect and trust built-in Thunderbolt chips
     - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
     - PCI: Add ACS quirk for Wangxun FF5xxx NICs
     - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
       avoid deadlock
     - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
     - iio: light: ltr501: Add LTER0303 to the supported devices
     - [x86] ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen
       6 21M1CTO1WW (Closes: #1087673)
     - [powerpc*] prom_init: Fixup missing powermac #size-cells
     - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
     - rtc: cmos: avoid taking rtc_lock for extended period of time
     - serial: 8250_dw: Add Sophgo SG2044 quirk
     - io_uring/tctx: work around xa_store() allocation error issue
     - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
     - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
       turning busy
     - sched/core: Prevent wakeup of ksoftirqd during idle load balance
     - btrfs: fix missing snapshot drew unlock when root is dead during swap
       activation
     - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
     - Revert "unicode: Don't special case ignorable code points"
     - vfio/mlx5: Align the page tracking max message size with the device
       capability
     - udf: Fold udf_getblk() into udf_bread()
     - [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
     - [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
     - [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
     - [x86] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn
       from kvm_faultin_pfn()
     - jffs2: Prevent rtime decompress memory corruption
     - jffs2: Fix rtime decompressor
     - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
     - io_uring: wake up optimisations
     - xhci: dbc: Fix STALL transfer event handling
     - mmc: mtk-sd: Fix error handle of probe function
     - drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
     - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
       volume"
     - Revert "drm/amdgpu: add missing size check in
       amdgpu_debugfs_gprwave_read()"
     - gve: Fixes for napi_poll when budget is 0
     - [arm64] sve: Discard stale CPU state when handling SVE traps
       (CVE-2024-50275)
     - [arm64] smccc: Remove broken support for SMCCCv1.3 SVE discard hint
     - [x86] ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
     - mm: call the security_mmap_file() LSM hook in remap_file_pages()
     - bpf: Fix helper writes to read-only maps (CVE-2024-49861)
     - net: Move {l,t,d}stats allocation to core and convert veth & vrf
     - bpf: Fix dev's rx stats for bpf_redirect_peer traffic
     - veth: Use tstats per-CPU traffic counters
     - drm/ttm: Make sure the mapped tt pages are decrypted when needed
     - drm/ttm: Print the memory decryption status just once
     - drm/amdgpu: rework resume handling for display (v2)
     - usb: dwc3: ep0: Don't reset resource alloc flag
     - serial: amba-pl011: fix build regression
     - i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
     - i3c: master: svc: fix possible assignment of the same address to two
       devices
     - PM / devfreq: Fix build issues with devfreq disabled
     - [arm64] drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed
     - fs/ntfs3: Sequential field availability check in mi_enum_attr()
     - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master
       Driver Due to Race Condition
     - Bluetooth: MGMT: Fix possible deadlocks
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.121
     - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
     - ksmbd: fix racy issue from session lookup and expire
     - tcp: check space before adding MPTCP SYN options
     - blk-cgroup: Fix UAF in blkcg_unpin_online()
     - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
     - usb: host: max3421-hcd: Correctly abort a USB request.
     - ata: sata_highbank: fix OF node reference leak in
       highbank_initialize_phys()
     - usb: dwc2: Fix HCD resume
     - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
     - usb: dwc2: Fix HCD port connection race
     - usb: ehci-hcd: fix call balance of clocks handling routines
     - usb: typec: anx7411: fix fwnode_handle reference leak
     - usb: typec: anx7411: fix OF node reference leaks in
       anx7411_typec_switch_probe()
     - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
       accessing null pointer
     - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
     - [x86] drm/i915: Fix memory leak by correcting cache object name in error
       handler
     - xfs: update btree keys correctly when _insrec splits an inode root block
     - xfs: don't drop errno values when we fail to ficlone the entire range
     - xfs: return from xfs_symlink_verify early on V4 filesystems
     - xfs: fix scrub tracepoints when inode-rooted btrees are involved
     - xfs: only run precommits once per transaction object
     - bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
     - bpf, sockmap: Fix update element with same
     - smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
       (Closes: #1088733)
     - exfat: support dynamic allocate bh for exfat_entry_set_cache
     - exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
     - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
     - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters()
     - wifi: mac80211: fix station NSS capability initialization order
     - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
     - amdgpu/uvd: get ring reference from rq scheduler
     - batman-adv: Do not send uninitialized TT changes
     - batman-adv: Remove uninitialized data in full table TT response
     - batman-adv: Do not let TT changes list grows indefinitely
     - tipc: fix NULL deref in cleanup_bearer()
     - net/mlx5: DR, prevent potential error pointer dereference
     - ptp: kvm: Use decrypted memory in confidential guest on x86
     - [x86] ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
       kvm_arch_ptp_init()
     - net: lapb: increase LAPB_HEADER_LEN
     - net: defer final 'struct net' free in netns dismantle
     - [arm64] net: mscc: ocelot: fix memory leak on
       ocelot_port_add_txtstamp_skb()
     - [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
       skb
     - [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
       ocelot_port->tx_skbs.lock are IRQ-safe
     - [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
       transmission
     - [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
     - [armhf] spi: aspeed: Fix an error handling path in
       aspeed_spi_[read|write]_user()
     - net: sparx5: fix FDMA performance issue
     - net: sparx5: fix the maximum frame length register
     - ACPI: resource: Fix memory resource type union access
     - cxgb4: use port number to set mac addr
     - qca_spi: Fix clock speed for multiple QCA7000
     - qca_spi: Make driver probing reliable
     - ASoC: amd: yc: Fix the wrong return value
     - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
     - net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
     - net/sched: netem: account for backlog updates from child qdisc
     - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - ACPICA: events/evxfregn: don't release the ContextMutex that was never
       acquired
     - Bluetooth: iso: Fix recursive locking warning
     - Bluetooth: SCO: Add support for 16 bits transparent voice setting
     - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
     - bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
     - tracing/kprobes: Skip symbol counting logic for module symbols in
       create_local_trace_kprobe()
     - xen/netfront: fix crash when removing device (CVE-2024-53240)
     - [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
     - [x86] objtool/x86: allow syscall instruction (CVE-2024-53241)
     - [x86] static-call: provide a way to do very early static-call updates
       (CVE-2024-53241)
     - [x86] xen: don't do PV iret hypercall through hypercall page
       (CVE-2024-53241)
     - [x86] xen: add central hypercall functions (CVE-2024-53241)
     - [x86] xen: use new hypercall functions instead of hypercall page
       (CVE-2024-53241)
     - [x86] xen: remove hypercall page (CVE-2024-53241)
     - ALSA: usb-audio: Fix a DMA to stack memory bug
     - [x86] static-call: fix 32-bit build
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
     - net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
     - PCI/AER: Disable AER service on suspend
     - PCI: Use preserve_config in place of pci_flags
     - PCI: vmd: Create domain symlink before pci_bus_add_devices()
     - usb: cdns3: Add quirk flag to enable suspend residency
     - [x86] ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
     - [x86] ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C
     - PCI: Add ACS quirk for Broadcom BCM5760X NIC
     - [arm64,armhf] usb: dwc2: gadget: Don't write invalid mapped sg entries
       into dma_desc with iommu enabled
     - PCI: Introduce pci_resource_n()
     - [x86] platform/x86: p2sb: Make p2sb_get_devfn() return void
     - [x86] p2sb: Factor out p2sb_read_from_cache()
     - [x86] p2sb: Introduce the global flag p2sb_hidden_by_bios
     - [x86] p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
     - [x86] p2sb: Do not scan and remove the P2SB device when it is unhidden
     - i2c: pnx: Fix timeout in wait functions
     - cxl/region: Fix region creation for greater than x2 switches
     - net/smc: protect link down work from execute after lgr freed
       (CVE-2024-56718)
     - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
     - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
       msg
     - net/smc: check smcd_v2_ext_offset when receiving proposal msg
     - net/smc: check return value of sock_recvmsg when draining clc data
     - [arm64] net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
       ocelot_ifh_set_basic()
     - ionic: Fix netdev notifier unregister on failure (CVE-2024-56715)
     - ionic: use ee->offset when returning sprom data
     - net: hinic: Fix cleanup in create_rxqs/txqs()
     - net: ethernet: bgmac-platform: fix an OF node reference leak
     - netfilter: ipset: Fix for recursive locking warning
     - net: mdiobus: fix an OF node reference leak
     - [arm64,armhf] mmc: sdhci-tegra: Remove
       SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
     - [x86] KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
     - i2c: riic: Always round-up when calculating bus period
     - efivarfs: Fix error on non-existent file
     - USB: serial: option: add TCL IK512 MBIM & ECM
     - USB: serial: option: add MeiG Smart SLM770A
     - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
     - USB: serial: option: add MediaTek T7XX compositions
     - USB: serial: option: add Telit FE910C04 rmnet compositions
     - [x86] thunderbolt: Improve redrive mode handling
     - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
     - drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
     - [x86] i915/guc: Reset engine utilization buffer before registration
     - [x86] i915/guc: Ensure busyness counter increases motonically
     - [x86] i915/guc: Accumulate active runtime on gt reset
     - drm/amdgpu: don't access invalid sched
     - hwmon: (tmp513) Don't use "proxy" headers
     - hwmon: (tmp513) Simplify with dev_err_probe()
     - hwmon: (tmp513) Use SI constants from units.h
     - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
       Registers
     - hwmon: (tmp513) Fix Current Register value interpretation
     - hwmon: (tmp513) Fix interpretation of values of Temperature Result and
       Limit Registers
     - zram: refuse to use zero sized block device as backing device
     - zram: fix uninitialized ZRAM not releasing backing device
     - btrfs: tree-checker: reject inline extent items with 0 ref count
     - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
     - [x86] KVM: x86: Play nice with protected guests in
       complete_hypercall_exit()
     - tracing: Fix test_event_printk() to process entire print argument
     - tracing: Add missing helper functions in event pointer dereference check
     - tracing: Add "%s" check in test_event_printk()
     - io_uring: Fix registered ring file refcount leak
     - io_uring: check if iowq is killed before queuing (CVE-2024-56709)
     - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
     - of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
     - of/irq: Fix using uninitialized variable @addr_len in API
       of_irq_parse_one()
     - nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
     - nilfs2: prevent use of deleted inode
     - of: Fix error path in of_parse_phandle_with_args_map()
     - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
     - ceph: validate snapdirname option length when mounting
     - udf: Fix directory iteration for longer tail extents (Closes: #1089698)
     - epoll: Add synchronous wakeup support for ep_poll_callback
     - io_uring/rw: split io_read() into a helper
     - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
     - io_uring/rw: avoid punting to io-wq directly
     - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
     - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
     - mm/vmstat: fix a W=1 clang compiler warning
     - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
     - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
     - bpf: Check negative offsets in __bpf_skb_min_len()
     - nfsd: restore callback functionality for NFSv4.0
     - mtd: diskonchip: Cast an operand to prevent potential overflow
     - [arm64] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
     - phy: core: Fix an OF node refcount leakage in _of_phy_get()
     - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
     - phy: core: Fix that API devm_phy_put() fails to release the phy
     - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
       unregister the phy provider
     - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
     - phy: usb: Toggle the PHY power during init
     - [arm64] phy: rockchip: naneng-combphy: fix phy reset
     - [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
     - [x86] dmaengine: dw: Select only supported masters for ACPI devices
     - [powerpc*] pseries/vas: Add close() callback in vas_vm_ops struct
     - stddef: make __struct_group() UAPI C++-friendly
     - tracing/kprobe: Make trace_kprobe's module callback called after
       jump_label update
     - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
     - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
     - scsi: megaraid_sas: Fix for a potential deadlock
     - ALSA: hda/conexant: fix Z60MR100 startup pop issue
     - smb: server: Fix building with GCC 15
     - regmap: Use correct format specifier for logging range errors
     - [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
     - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
       load time
     - scsi: storvsc: Do not flag MAINTENANCE_IN return of
       SRB_STATUS_DATA_OVERRUN as an error
     - drm/dp_mst: Ensure mst_primary pointer is valid in
       drm_dp_mst_handle_up_req()
     - virtio-blk: don't keep queue frozen during system suspend
     - blk-mq: register cpuhp callback after hctx is added to xarray table
     - vmalloc: fix accounting with i915
     - [mips*] mipsregs: Set proper ISA level for virt extensions
     - net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)
     - bpf: Check validity of link->type in bpf_link_show_fdinfo()
       (CVE-2024-53099)
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
     - ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
     - pmdomain: core: Add missing put_device()
     - sched/core: Report correct state for TASK_IDLE | TASK_FREEZABLE
     - freezer, sched: Report frozen tasks as 'D' instead of 'R'
     - tracing: Constify string literal data member in struct trace_event_call
     - tracing: Prevent bad count for tracing_cpumask_write
     - io_uring/sqpoll: fix sqpoll error handling races
     - i2c: microchip-core: actually use repeated sends
     - i2c: imx: add imx7d compatible string for applying erratum ERR007805
     - i2c: microchip-core: fix "ghost" detections
     - power: supply: gpio-charger: Fix set charge current limits
     - btrfs: avoid monopolizing a core when activating a swap file
     - btrfs: sysfs: fix direct super block member reads
     - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
       (CVE-2024-50121)
     - Revert "rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()"
     - ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
 .
   [ Salvatore Bonaccorso ]
   * d/salsa-ci.yml: Suppress aliased-location lintian errors
   * debian/salsa-ci.yml: Include run of .build-after-script from common
     pipeline.
   * debian/salsa-ci.yml: Reference .build-after-script from after_script
     section
   * Revert "[x86] Revert "x86: Increase brk randomness entropy for 64-bit
     systems""
     The root cause for the segfaults were actually in qemu, which re-enables
     --static-pie linking for qemu-user-static binaries. It was disabled by
     mistake in qemu versions in Debian. Details in #1087822 and #1053101.
   * Bump ABI to 29
   * [rt] Update to 6.1.120-rt47
linux-signed-arm64 (6.1.119+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.119-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116
     - cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format
     - cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012)
     - mm: remove kern_addr_valid() completely
     - fs/proc/kcore: avoid bounce buffer for ktext data
     - fs/proc/kcore: convert read_kcore() to read_kcore_iter()
     - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions
     - fs/proc/kcore.c: allow translation of physical memory addresses
     - cgroup: Fix potential overflow issue when checking max_depth
     - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
       (Closes: #1062421)
     - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
     - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
     - wifi: ath11k: Fix invalid ring usage in full monitor mode
     - wifi: brcm80211: BRCM_TRACING should depend on TRACING
     - RDMA/cxgb4: Dump vendor specific QP details
     - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
     - RDMA/bnxt_re: synchronize the qp-handle table array
     - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
     - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
       (CVE-2024-53059)
     - [armel,armhf] ASoC: cs42l51: Fix some error handling paths in
       cs42l51_probe()
     - macsec: Fix use-after-free while sending the offloading packet
       (CVE-2024-50261)
     - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
       (CVE-2024-53058)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
       (CVE-2024-53042)
     - gtp: allow -1 to be specified as file description from userspace
     - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
     - netdevsim: Add trailing zero to terminate the string in
       nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
     - bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
     - netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
     - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
       (CVE-2024-50256)
     - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
       (CVE-2024-50255)
     - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
     - netfilter: nft_payload: sanitize offset and length before calling
       skb_checksum() (CVE-2024-50251)
     - iomap: convert iomap_unshare_iter to use large folios
     - iomap: improve shared block detection in iomap_unshare_iter
     - iomap: don't bother unsharing delalloc extents
     - iomap: share iomap_unshare_iter predicate code with fsdax
     - fsdax: remove zeroing code from dax_unshare_iter
     - fsdax: dax_unshare_iter needs to copy entire blocks (CVE-2024-50250)
     - iomap: turn iomap_want_unshare_iter into an inline function
     - compiler-gcc: be consistent with underscores use for `no_sanitize`
     - compiler-gcc: remove attribute support check for `__no_sanitize_address__`
     - afs: Automatically generate trace tag enums
     - afs: Fix missing subdir edit when renamed between parent dirs
     - ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
     - fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
     - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
     - fs/ntfs3: Stale inode instead of bad
     - fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
     - fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
     - scsi: scsi_transport_fc: Allow setting rport state to current state
     - net: amd: mvme147: Fix probe banner message
     - NFS: remove revoked delegation from server's delegation list
     - misc: sgi-gru: Don't disable preemption in GRU driver
     - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
     - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
     - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
     - USB: gadget: dummy-hcd: Fix "task hung" problem
     - ALSA: usb-audio: Add quirks for Dell WD19 dock
     - usbip: tools: Fix detach_port() invalid port error path
     - usb: phy: Fix API devm_usb_put_phy() can not release the phy
     - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
     - xhci: Fix Link TRB DMA in command ring stopped completion event
     - xhci: Use pm_runtime_get to prevent RPM on unsupported systems
     - Revert "driver core: Fix uevent_show() vs driver detach race"
     - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
       (CVE-2024-50237)
     - wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
     - wifi: cfg80211: clear wdev->cqm_config pointer on free (CVE-2024-50235)
     - wifi: iwlegacy: Clear stale interrupts before resuming device
       (CVE-2024-50234)
     - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
       (CVE-2024-50232)
     - iio: light: veml6030: fix microlux value calculation
     - nilfs2: fix potential deadlock with newly created symlinks
       (CVE-2024-50229)
     - block: fix sanity checks in blk_rq_map_user_bvec
     - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
       (CVE-2024-53054)
     - ALSA: hda/realtek: Limit internal Mic boost on Dell platform
     - cxl/acpi: Move rescan to the workqueue
     - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
     - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
     - mm/page_alloc: treat RT tasks similar to __GFP_HIGH
     - mm/page_alloc: explicitly record high-order atomic allocations in
       alloc_flags
     - mm/page_alloc: explicitly define what alloc flags deplete min reserves
     - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
       accesses reserves
     - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
     - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
     - mctp i2c: handle NULL header address (CVE-2024-53043)
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1
     - nvmet-auth: assign dh_key to NULL after kfree_sensitive (CVE-2024-50215)
     - io_uring: rename kiocb_end_write() local helper
     - fs: create kiocb_{start,end}_write() helpers
     - io_uring: use kiocb_{start,end}_write() helpers
     - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
       (CVE-2024-53052)
     - mm: migrate: try again if THP split is failed due to page refcnt
     - migrate: convert unmap_and_move() to use folios
     - migrate: convert migrate_pages() to use folios
     - mm/migrate.c: stop using 0 as NULL pointer
     - migrate_pages: organize stats with struct migrate_pages_stats
     - migrate_pages: separate hugetlb folios migration
     - migrate_pages: restrict number of pages to migrate in batch
     - migrate_pages: split unmap_and_move() to _unmap() and _move()
     - vmscan,migrate: fix page count imbalance on node stats when demoting pages
     - io_uring: always lock __io_cqring_overflow_flush (Closes: #1087602)
     - [x86] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
     - wifi: mac80211: fix NULL dereference at band check in starting tx ba
       session (CVE-2024-43911)
     - nilfs2: fix kernel bug due to missing clearing of checked flag
       (CVE-2024-50230)
     - wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055)
     - mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228)
     - mtd: spi-nor: winbond: fix w25q128 regression
     - drm/amd/display: Add null checks for 'stream' and 'plane' before
       dereferencing (CVE-2024-43904)
     - drm/amd/display: Skip on writeback when it's not applicable
       (CVE-2024-36914)
     - vt: prevent kernel-infoleak in con_font_get()
     - mm: avoid gcc complaint about pointer casting
     - migrate_pages_batch: fix statistics for longterm pin retry
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
     - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
     - [arm64] dts: rockchip: Fix rt5651 compatible value on
       rk3399-sapphire-excavator
     - [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
     - [arm64] dts: rockchip: Fix wakeup prop names on PineNote BT node
     - [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
     - [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
     - [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
     - [arm64] dts: imx8qm: Fix VPU core alias name
     - [arm64] dts: imx8qxp: Add VPU subsystem file
     - [arm64] dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
     - [arm64] dts: imx8mp: correct sdhc ipg clk
     - [armhf] ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
     - HID: core: zero-initialize the report buffer (CVE-2024-50302)
     - [x86] platform/x86/amd/pmc: Detect when STB is not available
       (CVE-2024-53072)
     - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
     - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
     - NFSv3: handle out-of-order write replies.
     - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
     - security/keys: fix slab-out-of-bounds in key_task_permission
       (CVE-2024-50301)
     - [arm64] net: enetc: set MAC address to the VF net_device
     - sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
     - can: c_can: fix {rx,tx}_errors statistics
     - ice: change q_index variable type to s16 to store -1 value
     - i40e: fix race condition by adding filter's intermediate sync state
       (CVE-2024-53088)
     - [arm64] net: hns3: fix kernel crash when uninstalling driver
       (CVE-2024-50296)
     - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
     - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
     - virtio_net: Add hash_key_length check (CVE-2024-53082)
     - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
     - media: stb0899_algo: initialize cfr before using it
     - media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
     - media: dvb_frontend: don't play tricks with underflow values
     - media: adv7604: prevent underflow condition when reporting colorspace
     - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
     - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
     - [armhf] ASoC: stm32: spdifrx: fix dma channel release in
       stm32_spdifrx_remove
     - media: ar0521: don't overflow when checking PLL values (CVE-2024-53081)
     - media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
     - media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
     - media: pulse8-cec: fix data timestamp at pulse8_setup()
     - media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
     - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
     - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
     - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when
       switching CAN modes
     - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
       (CVE-2024-50286)
     - ksmbd: Fix the missing xa_store error check (CVE-2024-50284)
     - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp (CVE-2024-50283)
     - pwm: imx-tpm: Use correct MODULO value for EPWM mode
     - drm/amdgpu: Adjust debugfs eviction and IB access permissions
     - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
       (CVE-2024-50282)
     - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
       (CVE-2024-53060)
     - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
     - dm cache: correct the number of origin blocks to match the target length
     - dm cache: fix flushing uninitialized delayed_work on cache_ctr error
       (CVE-2024-50280)
     - dm cache: fix out-of-bounds access to the dirty bitset when resizing
       (CVE-2024-50279)
     - dm cache: optimize dirty bit checking with find_next_bit when resizing
     - dm cache: fix potential out-of-bounds access on the first resume
       (CVE-2024-50278)
     - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
       overflow
     - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
     - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
     - nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
     - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
     - net: vertexcom: mse102x: Fix possible double free of TX skb
       (CVE-2024-50276)
     - mptcp: use sock_kfree_s instead of kfree
     - btrfs: reinitialize delayed ref list after deleting it from the list
       (CVE-2024-50273)
     - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
       (CVE-2024-38540)
     - Revert "wifi: mac80211: fix RCU list iterations"
     - net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
     - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
       uvc_parse_format
     - filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
     - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
     - signal: restore the override_rlimit logic (CVE-2024-50271)
     - usb: musb: sunxi: Fix accessing an released usb phy (CVE-2024-50269)
     - usb: dwc3: fix fault at system suspend if device was already runtime
       suspended
     - usb: typec: fix potential out of bounds in
       ucsi_ccg_update_set_new_cam_cmd()
     - USB: serial: io_edgeport: fix use after free in debug printk
       (CVE-2024-50267)
     - USB: serial: qcserial: add support for Sierra Wireless EM86xx
     - USB: serial: option: add Fibocom FG132 0x0112 composition
     - USB: serial: option: add Quectel RG650V
     - irqchip/gic-v3: Force propagation of the active state with a read-back
     - ocfs2: remove entry once instead of null-ptr-dereference in
       ocfs2_xa_remove()
     - ucounts: fix counter leak in inc_rlimit_get_ucounts()
     - [x86] ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
     - net: sched: use RCU read-side critical section in taprio_dump()
       (CVE-2024-50126)
     - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
     - vsock/virtio: Initialization of the dangling pointer occurring in
       vsk->trans
     - media: amphion: Fix VPU core alias name
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.118
     - Revert "Bluetooth: fix use-after-free in accessing skb after sending it"
     - Revert "Bluetooth: hci_sync: Fix overwriting request callback"
     - Revert "Bluetooth: af_bluetooth: Fix deadlock"
     - Revert "Bluetooth: hci_core: Fix possible buffer overflow"
     - Revert "Bluetooth: hci_conn: Consolidate code for aborting connections"
       (Closes: #1086447)
     - 9p: Avoid creating multiple slab caches with the same name
     - nvme: tcp: avoid race between queue_lock lock and destroy
     - block: Fix elevator_get_default() checking for NULL q->tag_set
     - HID: multitouch: Add support for B2402FVA track point
     - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
     - nvme: disable CC.CRIME (NVME_CC_CRIME)
     - bpf: use kvzmalloc to allocate BPF verifier environment
     - crypto: api - Fix liveliness check in crypto_alg_tested
     - [arm*] crypto: marvell/cesa - Disable hash algorithms
     - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
     - drm/vmwgfx: Limit display layout ioctl array size to
       VMWGFX_NUM_DISPLAY_UNITS
     - nvme-multipath: defer partition scanning (CVE-2024-53093)
     - [powerpc*] powernv: Free name on error in opal_event_init()
     - nvme: make keep-alive synchronous operation
     - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
     - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
     - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
     - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
     - md/raid10: improve code of mrdev in raid10_sync_request
     - io_uring: fix possible deadlock in io_register_iowq_max_workers()
       (CVE-2024-41080)
     - uprobes: encapsulate preparation of uprobe args buffer
     - uprobe: avoid out-of-bounds memory access of fetching args
       (CVE-2024-50067)
     - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (CVE-2024-49991)
     - ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
     - Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950)
     - mm: krealloc: Fix MTE false alarm in __do_krealloc
     - [x86] platform/x86: x86-android-tablets: Fix use after free on
       platform_device_register() errors (CVE-2024-49986)
     - fs/ntfs3: Fix general protection fault in run_is_mapped_full
       (CVE-2024-50243)
     - 9p: fix slab cache name creation for real
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119
     - netlink: terminate outstanding dump on socket close
     - [arm64,armhf] drm/rockchip: vop: Fix a dereferenced before check warning
     - mptcp: error out earlier on disconnect
     - net/mlx5: fs, lock FTE when checking if active
     - net/mlx5e: kTLS, Fix incorrect page refcounting
     - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
     - virtio/vsock: Fix accept_queue memory leak
     - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS
     - Bluetooth: hci_core: Fix calling mgmt_device_connected
     - net/sched: cls_u32: replace int refcounts with proper refcounts
     - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for
       hnodes.
     - bonding: add ns target multicast address to slave device
     - [armel,armhf] 9419/1: mm: Fix kernel memory mapping for xip kernels
     - [x86] mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
     - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
     - ocfs2: uncache inode which has failed entering the group
     - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
     - ima: fix buffer overrun in ima_eventdigest_init_common
     - [x86] KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID
       disabled
     - [x86] KVM: x86: Unconditionally set irr_pending when updating APICv state
     - [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
       CONFIG_BROKEN
     - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
     - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
     - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
     - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
     - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
     - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
     - mmc: sunxi-mmc: Fix A100 compatible description
     - drm/bridge: tc358768: Fix DSI command tx
     - drm/amd: Fix initialization mistake for NBIO 7.7.0
     - staging: vchiq_arm: Get the rid off struct vchiq_2835_state
     - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
     - fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
     - Bluetooth: ISO: Fix not validating setsockopt user input (CVE-2024-35964)
     - lib/buildid: Fix build ID parsing logic
     - cxl/pci: fix error code in __cxl_hdm_decode_init()
     - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
     - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
     - NFSD: Async COPY result needs to return a write verifier
     - NFSD: Limit the number of concurrent async COPY operations
       (CVE-2024-49974)
     - NFSD: Initialize struct nfsd4_copy earlier
     - NFSD: Never decrement pending_async_copies on error
     - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
     - mptcp: define more local variables sk
     - mptcp: add userspace_pm_lookup_addr_by_id helper
     - mptcp: update local address flags when setting it
     - mptcp: hold pm lock when deleting entry
     - mptcp: drop lookup_by_id in lookup_addr
     - mptcp: pm: use _rcu variant under rcu_read_lock
     - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (CVE-2024-26954)
     - ksmbd: fix potencial out-of-bounds when buffer offset is invalid
       (CVE-2024-26952)
     - net: add copy_safe_from_sockptr() helper
     - nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
     - fs/9p: fix uninitialized values during inode evict (CVE-2024-36923)
     - ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322)
     - net/sched: taprio: extend minimum interval restriction to entire cycle too
       (CVE-2024-36244)
     - net: fec: remove .ndo_poll_controller to avoid deadlocks (CVE-2024-38553)
     - mm: revert "mm: shmem: fix data-race in shmem_getattr()"
     - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
     - mm: unconditionally close VMAs on error
     - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
     - mm: resolve faulty mmap_region() error path behaviour
     - drm/amd: check num of link levels when update pcie param (CVE-2023-52812)
     - char: xillybus: Prevent use-after-free due to race condition
       (CVE-2022-45888)
     - null_blk: Remove usage of the deprecated ida_simple_xx() API
     - null_blk: fix null-ptr-dereference while configuring 'power' and
       'submit_queues' (CVE-2024-36478)
     - null_blk: Fix return value of nullb_device_power_store()
     - parisc: fix a possible DMA corruption (CVE-2024-44949)
     - char: xillybus: Fix trivial bug with mutex
     - net: Make copy_safe_from_sockptr() match documentation
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 28
   * [x86] Revert "x86: Increase brk randomness entropy for 64-bit systems"
     (Closes: #1085762)

linux-signed-i386 (6.1.123+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.123-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
     - [x86] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated
       codec
     - [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
       tablet
     - [x86] ASoC: Intel: sst: Support LPE0F28 ACPI HID
     - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
     - mac80211: fix user-power when emulating chanctx
     - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
     - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
     - bpf: fix filed access without lock
     - net: usb: qmi_wwan: add Quectel RG650V
     - soc: qcom: Add check devm_kasprintf() returned value
     - regulator: rk808: Add apply_bit for BUCK3 on RK809
     - [x86] platform/x86: dell-smbios-base: Extends support to Alienware
       products
     - [x86] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
     - tools/lib/thermal: Remove the thermal.h soft link when doing make clean
     - can: j1939: fix error in J1939 documentation.
     - [x86] platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing
       incorrect fan speed
     - [x86] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14
       Gen 6
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_mclk_round_rate()
     - [armhf] ASoC: stm: Prevent potential division by zero in
       stm32_sai_get_clk_div()
     - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
       strict
     - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
     - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
     - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
     - [armel,armhf] 9420/1: smp: Fix SMP for xip kernels
     - ipmr: Fix access to mfc_cache_list without lock held
     - closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)
     - net: fix crash when config small gso_max_size/gso_ipv4_max_size
       (CVE-2024-50258)
     - serial: sc16is7xx: fix invalid FIFO access with special register set
       (CVE-2024-44950)
     - cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
     - fpga: bridge: add owner module and take its refcount (CVE-2024-36479)
     - fpga: manager: add owner module and take its refcount (CVE-2024-37021)
     - drm/amd/display: Add NULL check for function pointer in
       dcn32_set_output_transfer_func (CVE-2024-49909)
     - drm/amd/display: Check null-initialized variables (CVE-2024-49898)
     - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
     - Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (CVE-2024-49951)
     - fbdev: efifb: Register sysfs groups through driver core (CVE-2024-49925)
     - mptcp: fix possible integer overflow in mptcp_reset_tout_timer
     - wifi: rtw89: avoid to add interface to list twice when SER
       (CVE-2024-49939)
     - drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899)
     - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
     - [x86] barrier: Do not serialize MSR accesses on AMD
     - [s390x] cio: Do not unregister the subchannel based on DNV
     - brd: defer automatic disk creation until module initialization succeeds
     - ext4: make 'abort' mount option handling standard
     - ext4: avoid remount errors with 'abort' mount option
     - [mips*] asm: fix warning when disabling MIPS_FP_SUPPORT
     - initramfs: avoid filename buffer overrun (CVE-2024-53142)
     - nvme-pci: fix freeing of the HMB descriptor table
     - [arm64] acpi/arm64: Adjust error handling procedure in
       gtdt_parse_timer_block()
     - cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
     - netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
     - block: fix bio_split_rw_at to take zone_write_granularity into account
     - [s390x] syscalls: Avoid creation of arch/arch/ directory
     - hfsplus: don't query the device logical block size multiple times
     - nvme-pci: reverse request order in nvme_queue_rqs
     - virtio_blk: reverse request order in virtio_queue_rqs
     - crypto: caam - Fix the pointer passed to caam_qi_shutdown()
     - firmware: google: Unregister driver_info on failure
     - EDAC/bluefield: Fix potential integer overflow
     - [x86] crypto: qat - remove faulty arbiter config reset
     - thermal: core: Initialize thermal zones before registering them
     - EDAC/fsl_ddr: Fix bad bit shift operations
     - crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
       return -EBUSY
     - crypto: cavium - Fix the if condition to exit loop after timeout
     - crypto: hisilicon/qm - disable same error report before resetting
     - EDAC/igen6: Avoid segmentation fault on module unload
     - crypto: inside-secure - Fix the return value of
       safexcel_xcbcmac_cra_init()
     - doc: rcu: update printed dynticks counter bits
     - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
     - ACPI: CPPC: Fix _CPC register setting issue
     - crypto: caam - add error check to caam_rsa_set_priv_key_form
     - crypto: bcm - add error check in the ahash_hmac_init function
     - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
     - tools/lib/thermal: Make more generic the command encoding function
     - thermal/lib: Fix memory leak on error in thermal_genl_auto()
     - time: Fix references to _msecs_to_jiffies() handling of values
     - seqlock/latch: Provide raw_read_seqcount_latch_retry()
     - clocksource/drivers:sp804: Make user selectable
     - clocksource/drivers/timer-ti-dm: Fix child node refcount handling
     - spi: spi-fsl-lpspi: downgrade log level for pio mode
     - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
     - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
     - microblaze: Export xmb_manager functions
     - [arm64] dts: mt8195: Fix dtbs_check error for infracfg_ao node
     - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
     - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
     - mmc: mmc_spi: drop buggy snprintf()
     - tpm: fix signed/unsigned bug when checking event logs
     - [arm64] dts: mt8183: krane: Fix the address of eeprom at i2c4
     - [arm64] dts: mt8183: kukui: Fix the address of eeprom at i2c4
     - [arm64] dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
       trackpad
     - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
     - cgroup/bpf: only cgroup v2 can be attached by bpf programs
     - [arm64] dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
     - [arm64] dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
     - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
     - [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
     - pmdomain: ti-sci: Add missing of_node_put() for args.np
     - regmap: irq: Set lockdep class for hierarchical IRQ domains
     - [arm64] dts: mt8183: jacuzzi: Move panel under aux-bus
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
       regulators
     - [arm64] firmware: arm_scpi: Check the DVFS OPP count returned by the
       firmware
     - venus: venc: add handling for VIDIOC_ENCODER_CMD
     - media: venus: provide ctx queue lock for ioctl synchronization
     - media: atomisp: Add check for rgby_data memory allocation failure
     - [x86] platform/x86: panasonic-laptop: Return errno correctly in show
       callback
     - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
     - [arm64,armhf] drm/vc4: hvs: Don't write gamma luts on 2711
     - [arm64,armhf] drm/vc4: hdmi: Avoid hang with debug registers when
       suspended
     - [arm64,armhf] drm/vc4: hvs: Fix dlist debug not resetting the next entry
       pointer
     - [arm64,armhf] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
       function
     - [arm64,armhf] drm/vc4: hvs: Correct logic on stopping an HVS channel
     - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
     - drm/omap: Fix possible NULL dereference
     - drm/omap: Fix locking in omap_gem_new_dmabuf()
     - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
     - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/v3d: Address race-condition in MMU flush
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
     - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
     - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
     - ASoC: fsl_micfil: fix regmap_write_bits usage
     - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
     - drm/bridge: anx7625: Drop EDID cache on bridge power off
     - libbpf: Fix output .symtab byte-order during linking
     - bpf: Fix the xdp_adjust_tail sample prog issue
     - libbpf: fix sym_is_subprog() logic for weak global subprogs
     - libbpf: never interpret subprogs in .text as entry programs
     - netdevsim: copy addresses for both in and out paths
     - drm/bridge: tc358767: Fix link properties discovery
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_config_scan()
     - drm: fsl-dcu: enable PIXCLK on LS1021A
     - [arm64,armhf] drm/panfrost: Remove unused id_mask from struct
       panfrost_model
     - [arm64] bpf, arm64: Remove garbage frame for struct_ops trampoline
     - [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
     - [arm64] drm/msm/gpu: Add devfreq tuning debugfs
     - [arm64] drm/msm/gpu: Bypass PM QoS constraint for idle clamp
     - [arm64] drm/msm/gpu: Check the status of registration to PM QoS
     - [arm64,armhf] drm/etnaviv: Request pages from DMA32 zone on
       addressing_limited
     - [arm64,armhf] drm/etnaviv: fix power register offset on GC300
     - [arm64,armhf] drm/etnaviv: hold GPU lock across perfmon sampling
     - wifi: wfx: Fix error handling in wfx_core_init()
     - [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
       _dpu_core_perf_calc_clk()
     - netfilter: nf_tables: skip transaction if update object is not implemented
     - netfilter: nf_tables: must hold rcu read lock while iterating object type
       list
     - netlink: typographical error in nlmsg_type constants definition
     - bpf, sockmap: Several fixes to bpf_msg_push_data
     - bpf, sockmap: Several fixes to bpf_msg_pop_data
     - bpf, sockmap: Fix sk_msg_reset_curr
     - sock_diag: add module pointer to "struct sock_diag_handler"
     - sock_diag: allow concurrent operations
     - sock_diag: allow concurrent operation in sock_diag_rcv_msg()
     - net: use unrcu_pointer() helper
     - ipv6: release nexthop on device removal
     - net: rfkill: gpio: Add check for clk_enable()
     - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
     - ALSA: us122l: Use snd_card_free_when_closed() at disconnection
     - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
     - ALSA: 6fire: Release resources at card release
     - Bluetooth: fix use-after-free in device_for_each_child()
     - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
     - wireguard: selftests: load nf_conntrack if not present
     - bpf: fix recursive lock when verdict program return SK_PASS
     - unicode: Fix utf8_load() error path
     - trace/trace_event_perf: remove duplicate samples on the first tracepoint
       event
     - pinctrl: zynqmp: drop excess struct member description
     - [powerpc*] vdso: Flag VDSO64 entry points as functions
     - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
     - mfd: da9052-spi: Change read-mask to write-mask
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
     - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
     - cpufreq: loongson2: Unregister platform_driver on failure
     - [powerpc*] fadump: Refactor and prepare fadump_cma_init for late init
     - [powerpc*] fadump: Move fadump_cma_init to setup_arch() after
       initmem_init()
     - memory: renesas-rpc-if: Improve Runtime PM handling
     - memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*()
     - memory: renesas-rpc-if: Remove Runtime PM wrappers
     - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void
     - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
     - mtd: rawnand: atmel: Fix possible memory leak
     - [powerpc*] mm/fault: Fix kfence page fault reporting
     - [powerpc*] pseries: Fix dtl_access_lock to be a rw_semaphore
     - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
     - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
     - [arm64] RDMA/hns: Fix an AEQE overflow error caused by untimely update of
       eq_db_ci
     - [arm64] RDMA/hns: Add clear_hem return value to log
     - [arm64] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
     - [arm64] RDMA/hns: Remove unnecessary QP type checks
     - [arm64] RDMA/hns: Fix cpu stuck caused by printings during reset
     - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
     - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
     - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
     - clk: imx: lpcg-scu: SW workaround for errata (e10858)
     - clk: imx: fracn-gppll: correct PLL initialization flow
     - clk: imx: fracn-gppll: fix pll power up
     - clk: imx: clk-scu: fix clk enable state save and restore
     - [amd64] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
     - [amd64] iommu/vt-d: Fix checks and print in pgtable_walk()
     - mfd: rt5033: Fix missing regmap_del_irq_chip()
     - fs/proc/kcore.c: fix coccinelle reported ERROR instances
     - scsi: bfa: Fix use-after-free in bfad_im_module_exit()
     - scsi: fusion: Remove unused variable 'rc'
     - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
     - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
     - [arm64] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
     - [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
     - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
     - ocfs2: fix uninitialized value in ocfs2_file_read_iter()
     - dax: delete a stale directory pmem
     - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
     - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
       doorbells
     - [powerpc*] sstep: make emulate_vsx_load and emulate_vsx_store static
     - [powerpc*] kexec: Fix return of uninitialized variable
     - fbdev/sh7760fb: Alloc DMA memory from hardware device
     - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
     - clk: clk-apple-nco: Add NULL check in applnco_probe
     - dt-bindings: clock: axi-clkgen: include AXI clk
     - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
     - pinctrl: k210: Undef K210_PC_DEFAULT
     - smb: cached directories can be more than root file handle
     - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
     - perf cs-etm: Don't flush when packet_queue fills up
     - PCI: Fix reset_method_store() memory leak
     - perf stat: Close cork_fd when create_perf_stat_counter() failed
     - perf stat: Fix affinity memory leaks on error path
     - f2fs: compress: fix inconsistent update of i_blocks in
       release_compress_blocks and reserve_compress_blocks
     - f2fs: fix to account dirty data in __get_secs_required()
     - perf probe: Fix libdw memory leak
     - perf probe: Correct demangled symbols in C++ program
     - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
     - PCI: cpqphp: Fix PCIBIOS_* return value confusion
     - perf ftrace latency: Fix unit on histogram first entry when using
       --use-nsec
     - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
     - f2fs: remove struct segment_allocation default_salloc_ops
     - f2fs: open code allocate_segment_by_default
     - f2fs: remove the unused flush argument to change_curseg
     - f2fs: check curseg->inited before write_sum_page in change_curseg
     - f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
       GC_URGENT_MID
     - f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
       inode
     - perf trace: avoid garbage when not printing a trace event's arguments
     - svcrdma: Address an integer overflow
     - perf trace: Do not lose last events in a race
     - perf trace: Avoid garbage when not printing a syscall's arguments
     - remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk
     - remoteproc: qcom: pas: add minidump_id to SM8350 resources
     - rpmsg: glink: Fix GLINK command prefix
     - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
     - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
     - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
     - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
     - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
     - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
     - NFSD: Fix nfsd4_shutdown_copy()
     - hwmon: (tps23861) Fix reporting of negative temperatures
     - vdpa/mlx5: Fix suboptimal range on iotlb iteration
     - vfio/pci: Properly hide first-in-list PCIe extended capability
     - fs_parser: update mount_api doc to match function signature
     - power: supply: core: Remove might_sleep() from power_supply_put()
     - power: supply: bq27xxx: Fix registers of bq27426
     - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
     - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
     - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
     - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
       configuration
     - [s390x] iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
     - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
     - net: mdio-ipq4019: add missing error check
     - marvell: pxa168_eth: fix call balance of pep->clk handling routines
     - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
     - spi: atmel-quadspi: Fix register name in verbose logging function
     - net: hsr: fix hsr_init_sk() vs network/transport headers.
     - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
     - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
     - crypto: api - Add crypto_tfm_get
     - crypto: api - Add crypto_clone_tfm
     - llc: Improve setsockopt() handling of malformed user input
     - rxrpc: Improve setsockopt() handling of malformed user input
     - tcp: Fix use-after-free of nreq in reqsk_timer_handler().
     - ip6mr: fix tables suspicious RCU usage
     - ipmr: fix tables suspicious RCU usage
     - iio: light: al3010: Fix an error handling path in al3010_probe()
     - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
     - usb: yurex: make waiting on yurex_write interruptible
     - USB: chaoskey: fail open after removal
     - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
     - misc: apds990x: Fix missing pm_runtime_disable()
     - counter: stm32-timer-cnt: Add check for clk_enable()
     - counter: ti-ecap-capture: Add check for clk_enable()
     - ALSA: hda/realtek: Update ALC256 depop procedure
     - apparmor: fix 'Do simple duplicate message elimination'
     - [x86] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
     - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
       devm_pm_runtime_enable()
     - fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)
     - ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)
     - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata
       paths (CVE-2024-49891)
     - xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
     - xen: Fix the issue of resource not being properly released in
       xenbus_dev_probe()
     - ALSA: usb-audio: Fix out of bounds reads when finding clock sources
     - usb: ehci-spear: fix call balance of sehci clk handling routines
     - media: aspeed: Fix memory overwrite if timing is 1600x900 (CVE-2023-52916)
     - wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929)
     - drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in
       dcn30_init_hw (CVE-2024-49917)
     - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
       (CVE-2024-49915)
     - drm/amd/display: Add NULL check for function pointer in
       dcn20_set_output_transfer_func (CVE-2024-49911)
     - drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897)
     - rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()
     - btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
       (CVE-2024-35956)
     - [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
       enumerated
     - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
       devices
     - Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as
       disabled"
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN
     - [powerpc*] move the ARCH_DMA_MINALIGN definition to asm/cache.h
     - dma: allow dma_get_cache_alignment() to be overridden by the arch code
     - [x86] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
     - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
     - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
     - ext4: fix FS_IOC_GETFSMAP handling
     - jfs: xattr: check invalid xattr size more strictly
     - [x86] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen
       5 21MES00B00
     - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
     - [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
     - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
     - [x86] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf
       SPTE
     - [powerpc*] pseries: Fix KVM guest detection for disabling hardlockup
       detector
     - [arm64] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
     - [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
       status
     - PCI: Fix use-after-free of slot->bus on hot remove
     - fsnotify: fix sending inotify event with unexpected filename
     - comedi: Flush partial mappings in error case
     - apparmor: test: Fix memory leak for aa_unpack_strdup()
     - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
     - locking/lockdep: Avoid creating new name string literals in
       lockdep_set_subclass()
     - pinctrl: qcom: spmi: fix debugfs drive strength
     - dt-bindings: iio: dac: ad3552r: fix maximum spi speed
     - exfat: fix uninit-value in __exfat_get_dentry_set
     - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
     - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
     - driver core: bus: Fix double free in driver API bus_register()
       (CVE-2024-50055)
     - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
       failures
     - wifi: brcmfmac: release 'root' node in all execution paths
     - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
     - serial: sh-sci: Clean sci_ports[0] after at earlycon exit
     - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
     - gpio: exar: set value when external pull-up or pull-down is present
     - netfilter: ipset: add missing range check in bitmap_ip_uadt
       (CVE-2024-53141)
     - spi: Fix acpi deferred irq probe
     - mtd: spi-nor: core: replace dummy buswidth from addr to data
     - cpufreq: mediatek-hw: Fix wrong return value in
       mtk_cpufreq_get_cpu_power()
     - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
     - ubi: wl: Put source PEB into correct list if trying locking LEB failed
     - dt-bindings: serial: rs485: Fix rs485-rts-delay property
     - serial: 8250_fintek: Add support for F81216E
     - serial: 8250: omap: Move pm_runtime_get_sync
     - ublk: fix ublk_ch_mmap() for 64K page size
     - [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
     - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
     - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
     - media: wl128x: Fix atomicity violation in fmc_send_cmd()
     - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
     - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
     - ALSA: pcm: Add sanity NULL check for the default mmap fault handler
     - ALSA: hda/realtek: Update ALC225 depop procedure
     - ALSA: hda/realtek: Set PCBeep to default value for ALC274
     - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
     - ALSA: hda/realtek: Apply quirk for Medion E15433
     - smb3: request handle caching when caching directories
     - usb: musb: Fix hardware lockup on first Rx endpoint request
     - usb: dwc3: gadget: Fix checking for number of TRBs left
     - usb: dwc3: gadget: Fix looping of queued SG entries
     - ublk: fix error code for unsupported command
     - lib: string_helpers: silence snprintf() output truncation warning
     - ipc: fix memleak if msg_init_ns failed in create_ipc_ns
     - NFSD: Prevent a potential integer overflow
     - SUNRPC: make sure cache entry active before cache_show
     - NFSv4.0: Fix a use-after-free problem in the asynchronous open()
     - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
     - rtc: abx80x: Fix WDT bit position of the status register
     - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
     - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
     - ubifs: Correct the total block count by deducting journal reservation
     - ubi: fastmap: Fix duplicate slab cache names while attaching
     - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
     - jffs2: fix use of uninitialized variable
     - rtc: rzn1: fix BCD to rtc_time conversion errors
     - block: return unsigned int from bdev_io_min
     - 9p/xen: fix init sequence
     - 9p/xen: fix release of IRQ
     - [arm64] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
     - [arm64] perf/arm-cmn: Ensure port and device id bits are set properly
     - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
     - modpost: remove incorrect code in do_eisa_entry()
     - nfs: ignore SB_RDONLY when mounting nfs
     - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
     - xfs: remove unknown compat feature check in superblock write validation
     - quota: flush quota_release_work upon quota writeback
     - btrfs: don't loop for nowait writes when checking for cross references
     - btrfs: add might_sleep() annotations
     - btrfs: add a sanity check for btrfs root in btrfs_search_slot()
     - btrfs: ref-verify: fix use-after-free after invalid ref action
     - [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
     - [arm64] dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
     - media: amphion: Set video drvdata before register video device
     - media: imx-jpeg: Set video drvdata before register video device
     - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
     - [arm64] dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
     - media: i2c: tc358743: Fix crash in the probe error path when using polling
     - media: imx-jpeg: Ensure power suppliers be suspended before detach them
     - media: ts2020: fix null-ptr-deref in ts2020_probe()
     - media: platform: exynos4-is: Fix an OF node reference leak in
       fimc_md_is_isp_available
     - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
     - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
     - media: platform: allegro-dvt: Fix possible memory leak in
       allocate_buffers_internal()
     - media: uvcvideo: Stop stream during unregister
     - media: uvcvideo: Require entities to have a non-zero unique ID
     - ovl: Filter invalid inodes with missing lookup function
     - maple_tree: refine mas_store_root() on storing NULL
     - ftrace: Fix regression with module command in stack_trace_filter
     - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
     - [arm64,armhf] iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated
       tables
     - leds: lp55xx: Remove redundant test for invalid channel number
     - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
     - ad7780: fix division by zero in ad7780_write_raw()
     - [armel,armhf] 9429/1: ioremap: Sync PGDs for VMALLOC shadow
     - [s390x] entry: Mark IRQ entries to fix stack depot warnings
     - [armel,armhf] 9430/1: entry: Do a dummy read from VMAP shadow
     - [armel,armhf] 9431/1: mm: Pair atomic_set_release() with _read_acquire()
     - ceph: extract entity name from device id
     - util_macros.h: fix/rework find_closest() macros
     - scsi: ufs: exynos: Fix hibern8 notify callbacks
     - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
     - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
     - PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
     - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
     - fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
       iov_iter_zero
     - thermal: int3400: Fix reading of current_uuid for active policy
     - ovl: properly handle large files in ovl_security_fileattr
     - dm thin: Add missing destroy_work_on_stack()
     - PCI: rockchip-ep: Fix address translation unit programming
     - nfsd: make sure exp active before svc_export_show
     - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
     - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
     - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
     - [powerpc*] Fix stack protector Kconfig test for clang
     - [powerpc*] Adjust adding stack protector flags to KBUILD_CLAGS for clang
     - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
       walk_down_proc()
     - drm/sti: avoid potential dereference of error pointers in
       sti_hqvdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers in
       sti_gdp_atomic_check
     - drm/sti: avoid potential dereference of error pointers
     - [arm64,armhf] drm/etnaviv: flush shader L1 cache after user commandstream
     - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
       v13.0.7
     - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
     - watchdog: apple: Actually flush writes after requesting watchdog restart
     - watchdog: mediatek: Make sure system reset gets asserted in
       mtk_wdt_restart()
     - can: gs_usb: remove leading space from goto labels
     - can: gs_usb: gs_usb_probe(): align block comment
     - can: gs_usb: uniformly use "parent" as variable name for struct gs_usb
     - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
     - can: gs_usb: add usb endpoint address detection at driver probe step
     - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
       fails
     - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
       NULL
     - can: hi311x: hi3110_can_ist(): fix potential use-after-free
     - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
     - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
     - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
     - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
     - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
     - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
     - netfilter: x_tables: fix LED ID check in led_tg_check()
     - netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
     - ptp: convert remaining drivers to adjfine interface
     - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
     - net/sched: tbf: correct backlog statistic for GSO packets
     - net: hsr: avoid potential out-of-bound access in fill_frame_info()
     - can: j1939: j1939_session_new(): fix skb reference counting
     - net-timestamp: make sk_tskey more predictable in error path
     - net/ipv6: release expired exception dst cached in socket
     - dccp: Fix memory leak in dccp_feat_change_recv
     - tipc: Fix use-after-free of kernel socket in cleanup_bearer().
     - net/smc: fix LGR and link use-after-free issue
     - net/qed: allow old cards not supporting "num_images" to work
     - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
     - ixgbe: downgrade logging of unsupported VF API version to debug
     - igb: Fix potential invalid memory access in igb_init_module()
     - net: sched: fix erspan_opt settings in cls_flower
     - netfilter: ipset: Hold module reference while requesting a module
     - netfilter: nft_set_hash: skip duplicated elements pending gc run
     - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
     - geneve: do not assume mac header is set in geneve_xmit_skb()
     - net/mlx5e: Remove workaround to avoid syndrome for internal port
     - [arm64] KVM: arm64: Change kvm_handle_mmio_return() return polarity
     - [arm64] KVM: arm64: Don't retire aborted MMIO instruction
     - gpio: grgpio: use a helper variable to store the address of ofdev->dev
     - gpio: grgpio: Add NULL check in grgpio_probe
     - serial: amba-pl011: Use port lock wrappers
     - serial: amba-pl011: Fix RX stall when DMA is used
     - usb: dwc3: gadget: Rewrite endpoint allocation flow
     - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
     - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
     - [powerpc*] vdso: Skip objtool from running on VDSO files
     - [powerpc*] vdso: Remove unused '-s' flag from ASFLAGS
     - [powerpc*] vdso: Improve linker flags
     - [powerpc*] vdso: Remove an unsupported flag from vgettimeofday-32.o with
       clang
     - [powerpc*] vdso: Include CLANG_FLAGS explicitly in ldflags-y
     - [powerpc*] vdso: Refactor CFLAGS for CVDSO build
     - [powerpc*] vdso: Drop -mstack-protector-guard flags in 32-bit files with
       clang
     - ntp: Remove invalid cast in time offset math
     - driver core: fw_devlink: Improve logs for cycle detection
     - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
     - driver core: fw_devlink: Stop trying to optimize cycle detection logic
     - i3c: Make i3c_master_unregister() return void
     - i3c: master: add enable(disable) hot join in sys entry
     - i3c: master: svc: add hot join support
     - i3c: master: fix kernel-doc check warning
     - i3c: master: support to adjust first broadcast address speed
     - i3c: master: svc: use slow speed for first broadcast address
     - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable
       counter
     - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
     - i3c: master: Extend address status bit to 4 and add
       I3C_ADDR_SLOT_EXT_DESIRED
     - i3c: master: Fix dynamic address leak when 'assigned-address' is present
     - PCI: endpoint: Use a separate lock for protecting epc->pci_epf list
     - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
     - device property: Constify device child node APIs
     - device property: Add cleanup.h based fwnode_handle_put() scope based
       cleanup.
     - device property: Introduce device_for_each_child_node_scoped()
     - leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
       paths
     - drm/bridge: it6505: update usleep_range for RC circuit charge time
     - drm/bridge: it6505: Fix inverted reset polarity
     - xsk: always clear DMA mapping information when unmapping the pool
     - bpftool: Remove asserts from JIT disassembler
     - bpftool: fix potential NULL pointer dereferencing in prog_dump()
     - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
     - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
     - ALSA: usb-audio: Notify xrun for low-latency mode
     - tools: Override makefile ARCH variable if defined, but empty
     - spi: mpc52xx: Add cancel_work_sync before module remove
     - scsi: scsi_debug: Fix hrtimer support for ndelay
     - [arm64] drm/v3d: Enable Performance Counters before clearing them
     - ocfs2: free inode when ocfs2_get_init_inode() fails
     - scatterlist: fix incorrect func name in kernel-doc
     - iio: magnetometer: yas530: use signed integer type for clamp limits
     - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
     - bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
     - bpf: Handle in-place update for full LPM trie correctly
     - bpf: Fix exact match conditions in trie_get_next_key()
     - mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
       (CVE-2024-53105)
     - HID: wacom: fix when get product name maybe null pointer
     - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
     - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
     - watchdog: rti: of: honor timeout-sec property
     - can: dev: can_set_termination(): allow sleeping GPIOs
     - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E
       6.
     - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
     - [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
       ASIDs
     - [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
     - ALSA: usb-audio: add mixer mapping for Corsair HS80
     - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
     - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
     - scsi: qla2xxx: Fix abort in bsg timeout
     - scsi: qla2xxx: Fix NVMe and NPIV connect issue
     - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
     - scsi: qla2xxx: Fix use after free on unload
     - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
     - scsi: ufs: core: sysfs: Prevent div by zero
     - scsi: ufs: core: Add missing post notify for power mode change
     - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
     - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
     - drm/dp_mst: Fix MST sideband message body length check
     - drm/dp_mst: Verify request type in the corresponding down message reply
     - drm/dp_mst: Fix resetting msg rx state after topology removal
     - drm/amdgpu/hdp5.2: do a posting read when flushing HDP
     - modpost: Add .irqentry.text to OTHER_SECTIONS
     - bpf: fix OOB devmap writes when deleting elements
     - dma-buf: fix dma_fence_array_signaled v4
     - dma-fence: Fix reference leak on fence merge failure path
     - dma-fence: Use kernel's sort for merging fences
     - xsk: fix OOB map writes when deleting elements
     - regmap: detach regmap from dev on regmap_exit
     - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
       tablet
     - mmc: core: Further prevent card detect during shutdown
     - ocfs2: update seq_file index in ocfs2_dlm_seq_next
     - lib: stackinit: hide never-taken branch from compiler
     - [arm64] iommu/arm-smmu: Defer probe of clients after smmu device bound
     - epoll: annotate racy check
     - [s390x] cpum_sf: Handle CPU hotplug remove during sampling
     - btrfs: avoid unnecessary device path update for the same device
     - btrfs: do not clear read-only when adding sprout device
     - [x86] perf/x86/amd: Warn only on new bits set
     - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
     - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
     - mmc: core: Add SD card quirk for broken poweroff notification
     - soc: imx8m: Probe the SoC driver as platform driver
     - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
     - [arm64,armhf] drm/vc4: hdmi: Avoid log spam for audio start failure
     - [arm64,armhf] drm/vc4: hvs: Set AXI panic modes for the HVS
     - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
     - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
     - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
     - drm/bridge: it6505: Enable module autoloading
     - drm/mcde: Enable module autoloading
     - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
     - drm/display: Fix building with GCC 15
     - r8169: don't apply UDP padding quirk on RTL8126A
     - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
     - net: ethernet: fs_enet: Use %pa to format resource_size_t
     - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
     - af_packet: avoid erroring out after sock_init_data() in packet_create()
     - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
       l2cap_sock_create()
     - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
       rfcomm_sock_alloc()
     - net: af_can: do not leave a dangling sk pointer in can_create()
     - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
     - net: inet: do not leave a dangling sk pointer in inet_create()
     - net: inet6: do not leave a dangling sk pointer in inet6_create()
     - wifi: ath5k: add PCI ID for SX76X
     - wifi: ath5k: add PCI ID for Arcadyan devices
     - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
     - net: sfp: change quirks for Alcatel Lucent G-010S-P
     - drm/sched: memset() 'job' in drm_sched_job_init()
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
     - drm/amdgpu: Dereference the ATCS ACPI buffer
     - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
     - dma-debug: fix a possible deadlock on radix_lock
     - jfs: array-index-out-of-bounds fix in dtReadFirst
     - jfs: fix shift-out-of-bounds in dbSplit
     - jfs: fix array-index-out-of-bounds in jfs_readdir
     - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
     - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
     - ALSA: usb-audio: Make mic volume workarounds globally applicable
     - drm/amdgpu: set the right AMDGPU sg segment limitation
     - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
     - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
       brcmf_sdiod_sglist_rw()
     - dsa: qca8k: Use nested lock to avoid splat
     - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
     - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
     - ASoC: hdmi-codec: reorder channel allocation list
     - rocker: fix link status detection in rocker_carrier_init()
     - net/neighbor: clear error in case strict check is not set
     - netpoll: Use rcu_access_pointer() in __netpoll_setup
     - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
     - tracing/ftrace: disable preemption in syscall probe
     - tracing: Use atomic64_inc_return() in trace_clock_counter()
     - tools/rtla: fix collision with glibc sched_attr/sched_set_attr
     - scsi: hisi_sas: Add cond_resched() for no forced preemption model
     - scsi: ufs: core: Make DMA mask configuration more flexible
     - leds: class: Protect brightness_show() with led_cdev->led_access mutex
     - scsi: st: Don't modify unknown block number in MTIOCGET
     - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
     - pinctrl: qcom-pmic-gpio: add support for PM8937
     - pinctrl: qcom: spmi-mpp: Add PM8937 compatible
     - nvdimm: rectify the illogical code within nd_dax_probe()
     - smb: client: memcpy() with surrounding object base address
     - verification/dot2: Improve dot parser robustness
     - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
     - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
     - PCI: Detect and trust built-in Thunderbolt chips
     - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
     - PCI: Add ACS quirk for Wangxun FF5xxx NICs
     - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
       avoid deadlock
     - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
     - iio: light: ltr501: Add LTER0303 to the supported devices
     - [x86] ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen
       6 21M1CTO1WW (Closes: #1087673)
     - [powerpc*] prom_init: Fixup missing powermac #size-cells
     - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
     - rtc: cmos: avoid taking rtc_lock for extended period of time
     - serial: 8250_dw: Add Sophgo SG2044 quirk
     - io_uring/tctx: work around xa_store() allocation error issue
     - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
     - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
       turning busy
     - sched/core: Prevent wakeup of ksoftirqd during idle load balance
     - btrfs: fix missing snapshot drew unlock when root is dead during swap
       activation
     - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
     - Revert "unicode: Don't special case ignorable code points"
     - vfio/mlx5: Align the page tracking max message size with the device
       capability
     - udf: Fold udf_getblk() into udf_bread()
     - [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
     - [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
     - [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
     - [x86] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn
       from kvm_faultin_pfn()
     - jffs2: Prevent rtime decompress memory corruption
     - jffs2: Fix rtime decompressor
     - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
     - io_uring: wake up optimisations
     - xhci: dbc: Fix STALL transfer event handling
     - mmc: mtk-sd: Fix error handle of probe function
     - drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
     - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
       volume"
     - Revert "drm/amdgpu: add missing size check in
       amdgpu_debugfs_gprwave_read()"
     - gve: Fixes for napi_poll when budget is 0
     - [arm64] sve: Discard stale CPU state when handling SVE traps
       (CVE-2024-50275)
     - [arm64] smccc: Remove broken support for SMCCCv1.3 SVE discard hint
     - [x86] ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
     - mm: call the security_mmap_file() LSM hook in remap_file_pages()
     - bpf: Fix helper writes to read-only maps (CVE-2024-49861)
     - net: Move {l,t,d}stats allocation to core and convert veth & vrf
     - bpf: Fix dev's rx stats for bpf_redirect_peer traffic
     - veth: Use tstats per-CPU traffic counters
     - drm/ttm: Make sure the mapped tt pages are decrypted when needed
     - drm/ttm: Print the memory decryption status just once
     - drm/amdgpu: rework resume handling for display (v2)
     - usb: dwc3: ep0: Don't reset resource alloc flag
     - serial: amba-pl011: fix build regression
     - i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
     - i3c: master: svc: fix possible assignment of the same address to two
       devices
     - PM / devfreq: Fix build issues with devfreq disabled
     - [arm64] drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed
     - fs/ntfs3: Sequential field availability check in mi_enum_attr()
     - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master
       Driver Due to Race Condition
     - Bluetooth: MGMT: Fix possible deadlocks
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.121
     - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
     - ksmbd: fix racy issue from session lookup and expire
     - tcp: check space before adding MPTCP SYN options
     - blk-cgroup: Fix UAF in blkcg_unpin_online()
     - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
     - usb: host: max3421-hcd: Correctly abort a USB request.
     - ata: sata_highbank: fix OF node reference leak in
       highbank_initialize_phys()
     - usb: dwc2: Fix HCD resume
     - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
     - usb: dwc2: Fix HCD port connection race
     - usb: ehci-hcd: fix call balance of clocks handling routines
     - usb: typec: anx7411: fix fwnode_handle reference leak
     - usb: typec: anx7411: fix OF node reference leaks in
       anx7411_typec_switch_probe()
     - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
       accessing null pointer
     - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
     - [x86] drm/i915: Fix memory leak by correcting cache object name in error
       handler
     - xfs: update btree keys correctly when _insrec splits an inode root block
     - xfs: don't drop errno values when we fail to ficlone the entire range
     - xfs: return from xfs_symlink_verify early on V4 filesystems
     - xfs: fix scrub tracepoints when inode-rooted btrees are involved
     - xfs: only run precommits once per transaction object
     - bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
     - bpf, sockmap: Fix update element with same
     - smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
       (Closes: #1088733)
     - exfat: support dynamic allocate bh for exfat_entry_set_cache
     - exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
     - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
     - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters()
     - wifi: mac80211: fix station NSS capability initialization order
     - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
     - amdgpu/uvd: get ring reference from rq scheduler
     - batman-adv: Do not send uninitialized TT changes
     - batman-adv: Remove uninitialized data in full table TT response
     - batman-adv: Do not let TT changes list grows indefinitely
     - tipc: fix NULL deref in cleanup_bearer()
     - net/mlx5: DR, prevent potential error pointer dereference
     - ptp: kvm: Use decrypted memory in confidential guest on x86
     - [x86] ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
       kvm_arch_ptp_init()
     - net: lapb: increase LAPB_HEADER_LEN
     - net: defer final 'struct net' free in netns dismantle
     - [arm64] net: mscc: ocelot: fix memory leak on
       ocelot_port_add_txtstamp_skb()
     - [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
       skb
     - [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
       ocelot_port->tx_skbs.lock are IRQ-safe
     - [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
       transmission
     - [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
     - [armhf] spi: aspeed: Fix an error handling path in
       aspeed_spi_[read|write]_user()
     - net: sparx5: fix FDMA performance issue
     - net: sparx5: fix the maximum frame length register
     - ACPI: resource: Fix memory resource type union access
     - cxgb4: use port number to set mac addr
     - qca_spi: Fix clock speed for multiple QCA7000
     - qca_spi: Make driver probing reliable
     - ASoC: amd: yc: Fix the wrong return value
     - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
     - net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
     - net/sched: netem: account for backlog updates from child qdisc
     - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
     - ACPICA: events/evxfregn: don't release the ContextMutex that was never
       acquired
     - Bluetooth: iso: Fix recursive locking warning
     - Bluetooth: SCO: Add support for 16 bits transparent voice setting
     - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
     - bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
     - tracing/kprobes: Skip symbol counting logic for module symbols in
       create_local_trace_kprobe()
     - xen/netfront: fix crash when removing device (CVE-2024-53240)
     - [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
     - [x86] objtool/x86: allow syscall instruction (CVE-2024-53241)
     - [x86] static-call: provide a way to do very early static-call updates
       (CVE-2024-53241)
     - [x86] xen: don't do PV iret hypercall through hypercall page
       (CVE-2024-53241)
     - [x86] xen: add central hypercall functions (CVE-2024-53241)
     - [x86] xen: use new hypercall functions instead of hypercall page
       (CVE-2024-53241)
     - [x86] xen: remove hypercall page (CVE-2024-53241)
     - ALSA: usb-audio: Fix a DMA to stack memory bug
     - [x86] static-call: fix 32-bit build
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
     - net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
     - PCI/AER: Disable AER service on suspend
     - PCI: Use preserve_config in place of pci_flags
     - PCI: vmd: Create domain symlink before pci_bus_add_devices()
     - usb: cdns3: Add quirk flag to enable suspend residency
     - [x86] ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
     - [x86] ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C
     - PCI: Add ACS quirk for Broadcom BCM5760X NIC
     - [arm64,armhf] usb: dwc2: gadget: Don't write invalid mapped sg entries
       into dma_desc with iommu enabled
     - PCI: Introduce pci_resource_n()
     - [x86] platform/x86: p2sb: Make p2sb_get_devfn() return void
     - [x86] p2sb: Factor out p2sb_read_from_cache()
     - [x86] p2sb: Introduce the global flag p2sb_hidden_by_bios
     - [x86] p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
     - [x86] p2sb: Do not scan and remove the P2SB device when it is unhidden
     - i2c: pnx: Fix timeout in wait functions
     - cxl/region: Fix region creation for greater than x2 switches
     - net/smc: protect link down work from execute after lgr freed
       (CVE-2024-56718)
     - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
     - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
       msg
     - net/smc: check smcd_v2_ext_offset when receiving proposal msg
     - net/smc: check return value of sock_recvmsg when draining clc data
     - [arm64] net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
       ocelot_ifh_set_basic()
     - ionic: Fix netdev notifier unregister on failure (CVE-2024-56715)
     - ionic: use ee->offset when returning sprom data
     - net: hinic: Fix cleanup in create_rxqs/txqs()
     - net: ethernet: bgmac-platform: fix an OF node reference leak
     - netfilter: ipset: Fix for recursive locking warning
     - net: mdiobus: fix an OF node reference leak
     - [arm64,armhf] mmc: sdhci-tegra: Remove
       SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
     - [x86] KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
     - i2c: riic: Always round-up when calculating bus period
     - efivarfs: Fix error on non-existent file
     - USB: serial: option: add TCL IK512 MBIM & ECM
     - USB: serial: option: add MeiG Smart SLM770A
     - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
     - USB: serial: option: add MediaTek T7XX compositions
     - USB: serial: option: add Telit FE910C04 rmnet compositions
     - [x86] thunderbolt: Improve redrive mode handling
     - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
     - drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
     - [x86] i915/guc: Reset engine utilization buffer before registration
     - [x86] i915/guc: Ensure busyness counter increases motonically
     - [x86] i915/guc: Accumulate active runtime on gt reset
     - drm/amdgpu: don't access invalid sched
     - hwmon: (tmp513) Don't use "proxy" headers
     - hwmon: (tmp513) Simplify with dev_err_probe()
     - hwmon: (tmp513) Use SI constants from units.h
     - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
       Registers
     - hwmon: (tmp513) Fix Current Register value interpretation
     - hwmon: (tmp513) Fix interpretation of values of Temperature Result and
       Limit Registers
     - zram: refuse to use zero sized block device as backing device
     - zram: fix uninitialized ZRAM not releasing backing device
     - btrfs: tree-checker: reject inline extent items with 0 ref count
     - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
     - [x86] KVM: x86: Play nice with protected guests in
       complete_hypercall_exit()
     - tracing: Fix test_event_printk() to process entire print argument
     - tracing: Add missing helper functions in event pointer dereference check
     - tracing: Add "%s" check in test_event_printk()
     - io_uring: Fix registered ring file refcount leak
     - io_uring: check if iowq is killed before queuing (CVE-2024-56709)
     - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
     - of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
     - of/irq: Fix using uninitialized variable @addr_len in API
       of_irq_parse_one()
     - nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
     - nilfs2: prevent use of deleted inode
     - of: Fix error path in of_parse_phandle_with_args_map()
     - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
     - ceph: validate snapdirname option length when mounting
     - udf: Fix directory iteration for longer tail extents (Closes: #1089698)
     - epoll: Add synchronous wakeup support for ep_poll_callback
     - io_uring/rw: split io_read() into a helper
     - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
     - io_uring/rw: avoid punting to io-wq directly
     - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
     - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
     - mm/vmstat: fix a W=1 clang compiler warning
     - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
     - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
     - bpf: Check negative offsets in __bpf_skb_min_len()
     - nfsd: restore callback functionality for NFSv4.0
     - mtd: diskonchip: Cast an operand to prevent potential overflow
     - [arm64] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
     - phy: core: Fix an OF node refcount leakage in _of_phy_get()
     - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
     - phy: core: Fix that API devm_phy_put() fails to release the phy
     - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
       unregister the phy provider
     - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
     - phy: usb: Toggle the PHY power during init
     - [arm64] phy: rockchip: naneng-combphy: fix phy reset
     - [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
     - [x86] dmaengine: dw: Select only supported masters for ACPI devices
     - [powerpc*] pseries/vas: Add close() callback in vas_vm_ops struct
     - stddef: make __struct_group() UAPI C++-friendly
     - tracing/kprobe: Make trace_kprobe's module callback called after
       jump_label update
     - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
     - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
     - scsi: megaraid_sas: Fix for a potential deadlock
     - ALSA: hda/conexant: fix Z60MR100 startup pop issue
     - smb: server: Fix building with GCC 15
     - regmap: Use correct format specifier for logging range errors
     - [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
     - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
       load time
     - scsi: storvsc: Do not flag MAINTENANCE_IN return of
       SRB_STATUS_DATA_OVERRUN as an error
     - drm/dp_mst: Ensure mst_primary pointer is valid in
       drm_dp_mst_handle_up_req()
     - virtio-blk: don't keep queue frozen during system suspend
     - blk-mq: register cpuhp callback after hctx is added to xarray table
     - vmalloc: fix accounting with i915
     - [mips*] mipsregs: Set proper ISA level for virt extensions
     - net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)
     - bpf: Check validity of link->type in bpf_link_show_fdinfo()
       (CVE-2024-53099)
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
     - ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
     - pmdomain: core: Add missing put_device()
     - sched/core: Report correct state for TASK_IDLE | TASK_FREEZABLE
     - freezer, sched: Report frozen tasks as 'D' instead of 'R'
     - tracing: Constify string literal data member in struct trace_event_call
     - tracing: Prevent bad count for tracing_cpumask_write
     - io_uring/sqpoll: fix sqpoll error handling races
     - i2c: microchip-core: actually use repeated sends
     - i2c: imx: add imx7d compatible string for applying erratum ERR007805
     - i2c: microchip-core: fix "ghost" detections
     - power: supply: gpio-charger: Fix set charge current limits
     - btrfs: avoid monopolizing a core when activating a swap file
     - btrfs: sysfs: fix direct super block member reads
     - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
       (CVE-2024-50121)
     - Revert "rcu-tasks: Fix access non-existent percpu rtpcp variable in
       rcu_tasks_need_gpcb()"
     - ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
 .
   [ Salvatore Bonaccorso ]
   * d/salsa-ci.yml: Suppress aliased-location lintian errors
   * debian/salsa-ci.yml: Include run of .build-after-script from common
     pipeline.
   * debian/salsa-ci.yml: Reference .build-after-script from after_script
     section
   * Revert "[x86] Revert "x86: Increase brk randomness entropy for 64-bit
     systems""
     The root cause for the segfaults were actually in qemu, which re-enables
     --static-pie linking for qemu-user-static binaries. It was disabled by
     mistake in qemu versions in Debian. Details in #1087822 and #1053101.
   * Bump ABI to 29
   * [rt] Update to 6.1.120-rt47
linux-signed-i386 (6.1.119+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.119-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.116
     - cpufreq: Generalize of_perf_domain_get_sharing_cpumask phandle format
     - cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012)
     - mm: remove kern_addr_valid() completely
     - fs/proc/kcore: avoid bounce buffer for ktext data
     - fs/proc/kcore: convert read_kcore() to read_kcore_iter()
     - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions
     - fs/proc/kcore.c: allow translation of physical memory addresses
     - cgroup: Fix potential overflow issue when checking max_depth
     - wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd()
       (Closes: #1062421)
     - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
     - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
     - wifi: ath11k: Fix invalid ring usage in full monitor mode
     - wifi: brcm80211: BRCM_TRACING should depend on TRACING
     - RDMA/cxgb4: Dump vendor specific QP details
     - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
     - RDMA/bnxt_re: synchronize the qp-handle table array
     - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
     - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
       (CVE-2024-53059)
     - [armel,armhf] ASoC: cs42l51: Fix some error handling paths in
       cs42l51_probe()
     - macsec: Fix use-after-free while sending the offloading packet
       (CVE-2024-50261)
     - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
       (CVE-2024-53058)
     - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
       (CVE-2024-53042)
     - gtp: allow -1 to be specified as file description from userspace
     - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
     - netdevsim: Add trailing zero to terminate the string in
       nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
     - bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
     - netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
     - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
       (CVE-2024-50256)
     - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
       (CVE-2024-50255)
     - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
     - netfilter: nft_payload: sanitize offset and length before calling
       skb_checksum() (CVE-2024-50251)
     - iomap: convert iomap_unshare_iter to use large folios
     - iomap: improve shared block detection in iomap_unshare_iter
     - iomap: don't bother unsharing delalloc extents
     - iomap: share iomap_unshare_iter predicate code with fsdax
     - fsdax: remove zeroing code from dax_unshare_iter
     - fsdax: dax_unshare_iter needs to copy entire blocks (CVE-2024-50250)
     - iomap: turn iomap_want_unshare_iter into an inline function
     - compiler-gcc: be consistent with underscores use for `no_sanitize`
     - compiler-gcc: remove attribute support check for `__no_sanitize_address__`
     - afs: Automatically generate trace tag enums
     - afs: Fix missing subdir edit when renamed between parent dirs
     - ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
     - fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
     - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
     - fs/ntfs3: Stale inode instead of bad
     - fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
     - fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
     - scsi: scsi_transport_fc: Allow setting rport state to current state
     - net: amd: mvme147: Fix probe banner message
     - NFS: remove revoked delegation from server's delegation list
     - misc: sgi-gru: Don't disable preemption in GRU driver
     - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler
     - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe
     - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
     - USB: gadget: dummy-hcd: Fix "task hung" problem
     - ALSA: usb-audio: Add quirks for Dell WD19 dock
     - usbip: tools: Fix detach_port() invalid port error path
     - usb: phy: Fix API devm_usb_put_phy() can not release the phy
     - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
     - xhci: Fix Link TRB DMA in command ring stopped completion event
     - xhci: Use pm_runtime_get to prevent RPM on unsupported systems
     - Revert "driver core: Fix uevent_show() vs driver detach race"
     - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
       (CVE-2024-50237)
     - wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236)
     - wifi: cfg80211: clear wdev->cqm_config pointer on free (CVE-2024-50235)
     - wifi: iwlegacy: Clear stale interrupts before resuming device
       (CVE-2024-50234)
     - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
       (CVE-2024-50232)
     - iio: light: veml6030: fix microlux value calculation
     - nilfs2: fix potential deadlock with newly created symlinks
       (CVE-2024-50229)
     - block: fix sanity checks in blk_rq_map_user_bvec
     - cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction
       (CVE-2024-53054)
     - ALSA: hda/realtek: Limit internal Mic boost on Dell platform
     - cxl/acpi: Move rescan to the workqueue
     - cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices()
     - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
     - mm/page_alloc: treat RT tasks similar to __GFP_HIGH
     - mm/page_alloc: explicitly record high-order atomic allocations in
       alloc_flags
     - mm/page_alloc: explicitly define what alloc flags deplete min reserves
     - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
       accesses reserves
     - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
     - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (CVE-2024-50218)
     - mctp i2c: handle NULL header address (CVE-2024-53043)
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1
     - nvmet-auth: assign dh_key to NULL after kfree_sensitive (CVE-2024-50215)
     - io_uring: rename kiocb_end_write() local helper
     - fs: create kiocb_{start,end}_write() helpers
     - io_uring: use kiocb_{start,end}_write() helpers
     - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
       (CVE-2024-53052)
     - mm: migrate: try again if THP split is failed due to page refcnt
     - migrate: convert unmap_and_move() to use folios
     - migrate: convert migrate_pages() to use folios
     - mm/migrate.c: stop using 0 as NULL pointer
     - migrate_pages: organize stats with struct migrate_pages_stats
     - migrate_pages: separate hugetlb folios migration
     - migrate_pages: restrict number of pages to migrate in batch
     - migrate_pages: split unmap_and_move() to _unmap() and _move()
     - vmscan,migrate: fix page count imbalance on node stats when demoting pages
     - io_uring: always lock __io_cqring_overflow_flush (Closes: #1087602)
     - [x86] bugs: Use code segment selector for VERW operand (CVE-2024-50072)
     - wifi: mac80211: fix NULL dereference at band check in starting tx ba
       session (CVE-2024-43911)
     - nilfs2: fix kernel bug due to missing clearing of checked flag
       (CVE-2024-50230)
     - wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055)
     - mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228)
     - mtd: spi-nor: winbond: fix w25q128 regression
     - drm/amd/display: Add null checks for 'stream' and 'plane' before
       dereferencing (CVE-2024-43904)
     - drm/amd/display: Skip on writeback when it's not applicable
       (CVE-2024-36914)
     - vt: prevent kernel-infoleak in con_font_get()
     - mm: avoid gcc complaint about pointer casting
     - migrate_pages_batch: fix statistics for longterm pin retry
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.117
     - [arm64] dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610
     - [arm64] dts: rockchip: Fix rt5651 compatible value on
       rk3399-sapphire-excavator
     - [arm64] dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
     - [arm64] dts: rockchip: Fix wakeup prop names on PineNote BT node
     - [arm64] dts: rockchip: Fix bluetooth properties on Rock960 boards
     - [arm64] dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
     - [arm64] dts: rockchip: Fix LED triggers on rk3308-roc-cc
     - [arm64] dts: imx8qm: Fix VPU core alias name
     - [arm64] dts: imx8qxp: Add VPU subsystem file
     - [arm64] dts: imx8-ss-vpu: Fix imx8qm VPU IRQs
     - [arm64] dts: imx8mp: correct sdhc ipg clk
     - [armhf] ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
     - HID: core: zero-initialize the report buffer (CVE-2024-50302)
     - [x86] platform/x86/amd/pmc: Detect when STB is not available
       (CVE-2024-53072)
     - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket()
     - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
     - NFSv3: handle out-of-order write replies.
     - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
     - security/keys: fix slab-out-of-bounds in key_task_permission
       (CVE-2024-50301)
     - [arm64] net: enetc: set MAC address to the VF net_device
     - sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
     - can: c_can: fix {rx,tx}_errors statistics
     - ice: change q_index variable type to s16 to store -1 value
     - i40e: fix race condition by adding filter's intermediate sync state
       (CVE-2024-53088)
     - [arm64] net: hns3: fix kernel crash when uninstalling driver
       (CVE-2024-50296)
     - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
     - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
     - virtio_net: Add hash_key_length check (CVE-2024-53082)
     - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
     - media: stb0899_algo: initialize cfr before using it
     - media: dvbdev: prevent the risk of out of memory access (CVE-2024-53063)
     - media: dvb_frontend: don't play tricks with underflow values
     - media: adv7604: prevent underflow condition when reporting colorspace
     - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
     - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
     - [armhf] ASoC: stm32: spdifrx: fix dma channel release in
       stm32_spdifrx_remove
     - media: ar0521: don't overflow when checking PLL values (CVE-2024-53081)
     - media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061)
     - media: cx24116: prevent overflows on SNR calculus (CVE-2024-50290)
     - media: pulse8-cec: fix data timestamp at pulse8_setup()
     - media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287)
     - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
     - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation
     - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when
       switching CAN modes
     - ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
       (CVE-2024-50286)
     - ksmbd: Fix the missing xa_store error check (CVE-2024-50284)
     - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp (CVE-2024-50283)
     - pwm: imx-tpm: Use correct MODULO value for EPWM mode
     - drm/amdgpu: Adjust debugfs eviction and IB access permissions
     - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
       (CVE-2024-50282)
     - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
       (CVE-2024-53060)
     - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
     - dm cache: correct the number of origin blocks to match the target length
     - dm cache: fix flushing uninitialized delayed_work on cache_ctr error
       (CVE-2024-50280)
     - dm cache: fix out-of-bounds access to the dirty bitset when resizing
       (CVE-2024-50279)
     - dm cache: optimize dirty bit checking with find_next_bit when resizing
     - dm cache: fix potential out-of-bounds access on the first resume
       (CVE-2024-50278)
     - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
       overflow
     - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
     - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
     - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
     - nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
     - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc()
     - net: vertexcom: mse102x: Fix possible double free of TX skb
       (CVE-2024-50276)
     - mptcp: use sock_kfree_s instead of kfree
     - btrfs: reinitialize delayed ref list after deleting it from the list
       (CVE-2024-50273)
     - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
       (CVE-2024-38540)
     - Revert "wifi: mac80211: fix RCU list iterations"
     - net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
     - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
       uvc_parse_format
     - filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
     - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
     - signal: restore the override_rlimit logic (CVE-2024-50271)
     - usb: musb: sunxi: Fix accessing an released usb phy (CVE-2024-50269)
     - usb: dwc3: fix fault at system suspend if device was already runtime
       suspended
     - usb: typec: fix potential out of bounds in
       ucsi_ccg_update_set_new_cam_cmd()
     - USB: serial: io_edgeport: fix use after free in debug printk
       (CVE-2024-50267)
     - USB: serial: qcserial: add support for Sierra Wireless EM86xx
     - USB: serial: option: add Fibocom FG132 0x0112 composition
     - USB: serial: option: add Quectel RG650V
     - irqchip/gic-v3: Force propagation of the active state with a read-back
     - ocfs2: remove entry once instead of null-ptr-dereference in
       ocfs2_xa_remove()
     - ucounts: fix counter leak in inc_rlimit_get_ucounts()
     - [x86] ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022
     - net: sched: use RCU read-side critical section in taprio_dump()
       (CVE-2024-50126)
     - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
     - vsock/virtio: Initialization of the dangling pointer occurring in
       vsk->trans
     - media: amphion: Fix VPU core alias name
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.118
     - Revert "Bluetooth: fix use-after-free in accessing skb after sending it"
     - Revert "Bluetooth: hci_sync: Fix overwriting request callback"
     - Revert "Bluetooth: af_bluetooth: Fix deadlock"
     - Revert "Bluetooth: hci_core: Fix possible buffer overflow"
     - Revert "Bluetooth: hci_conn: Consolidate code for aborting connections"
       (Closes: #1086447)
     - 9p: Avoid creating multiple slab caches with the same name
     - nvme: tcp: avoid race between queue_lock lock and destroy
     - block: Fix elevator_get_default() checking for NULL q->tag_set
     - HID: multitouch: Add support for B2402FVA track point
     - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
     - nvme: disable CC.CRIME (NVME_CC_CRIME)
     - bpf: use kvzmalloc to allocate BPF verifier environment
     - crypto: api - Fix liveliness check in crypto_alg_tested
     - [arm*] crypto: marvell/cesa - Disable hash algorithms
     - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
     - drm/vmwgfx: Limit display layout ioctl array size to
       VMWGFX_NUM_DISPLAY_UNITS
     - nvme-multipath: defer partition scanning (CVE-2024-53093)
     - [powerpc*] powernv: Free name on error in opal_event_init()
     - nvme: make keep-alive synchronous operation
     - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
     - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
     - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
     - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
     - md/raid10: improve code of mrdev in raid10_sync_request
     - io_uring: fix possible deadlock in io_register_iowq_max_workers()
       (CVE-2024-41080)
     - uprobes: encapsulate preparation of uprobe args buffer
     - uprobe: avoid out-of-bounds memory access of fetching args
       (CVE-2024-50067)
     - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (CVE-2024-49991)
     - ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
     - Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950)
     - mm: krealloc: Fix MTE false alarm in __do_krealloc
     - [x86] platform/x86: x86-android-tablets: Fix use after free on
       platform_device_register() errors (CVE-2024-49986)
     - fs/ntfs3: Fix general protection fault in run_is_mapped_full
       (CVE-2024-50243)
     - 9p: fix slab cache name creation for real
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.119
     - netlink: terminate outstanding dump on socket close
     - [arm64,armhf] drm/rockchip: vop: Fix a dereferenced before check warning
     - mptcp: error out earlier on disconnect
     - net/mlx5: fs, lock FTE when checking if active
     - net/mlx5e: kTLS, Fix incorrect page refcounting
     - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
     - virtio/vsock: Fix accept_queue memory leak
     - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS
     - Bluetooth: hci_core: Fix calling mgmt_device_connected
     - net/sched: cls_u32: replace int refcounts with proper refcounts
     - net: sched: cls_u32: Fix u32's systematic failure to free IDR entries for
       hnodes.
     - bonding: add ns target multicast address to slave device
     - [armel,armhf] 9419/1: mm: Fix kernel memory mapping for xip kernels
     - [x86] mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
     - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
     - ocfs2: uncache inode which has failed entering the group
     - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
     - ima: fix buffer overrun in ima_eventdigest_init_common
     - [x86] KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID
       disabled
     - [x86] KVM: x86: Unconditionally set irr_pending when updating APICv state
     - [x86] KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
       CONFIG_BROKEN
     - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
     - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
     - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10
     - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
     - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
     - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
     - mmc: sunxi-mmc: Fix A100 compatible description
     - drm/bridge: tc358768: Fix DSI command tx
     - drm/amd: Fix initialization mistake for NBIO 7.7.0
     - staging: vchiq_arm: Get the rid off struct vchiq_2835_state
     - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
     - fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
     - Bluetooth: ISO: Fix not validating setsockopt user input (CVE-2024-35964)
     - lib/buildid: Fix build ID parsing logic
     - cxl/pci: fix error code in __cxl_hdm_decode_init()
     - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
     - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
     - NFSD: Async COPY result needs to return a write verifier
     - NFSD: Limit the number of concurrent async COPY operations
       (CVE-2024-49974)
     - NFSD: Initialize struct nfsd4_copy earlier
     - NFSD: Never decrement pending_async_copies on error
     - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
     - mptcp: define more local variables sk
     - mptcp: add userspace_pm_lookup_addr_by_id helper
     - mptcp: update local address flags when setting it
     - mptcp: hold pm lock when deleting entry
     - mptcp: drop lookup_by_id in lookup_addr
     - mptcp: pm: use _rcu variant under rcu_read_lock
     - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (CVE-2024-26954)
     - ksmbd: fix potencial out-of-bounds when buffer offset is invalid
       (CVE-2024-26952)
     - net: add copy_safe_from_sockptr() helper
     - nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
     - fs/9p: fix uninitialized values during inode evict (CVE-2024-36923)
     - ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322)
     - net/sched: taprio: extend minimum interval restriction to entire cycle too
       (CVE-2024-36244)
     - net: fec: remove .ndo_poll_controller to avoid deadlocks (CVE-2024-38553)
     - mm: revert "mm: shmem: fix data-race in shmem_getattr()"
     - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
     - mm: unconditionally close VMAs on error
     - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
     - mm: resolve faulty mmap_region() error path behaviour
     - drm/amd: check num of link levels when update pcie param (CVE-2023-52812)
     - char: xillybus: Prevent use-after-free due to race condition
       (CVE-2022-45888)
     - null_blk: Remove usage of the deprecated ida_simple_xx() API
     - null_blk: fix null-ptr-dereference while configuring 'power' and
       'submit_queues' (CVE-2024-36478)
     - null_blk: Fix return value of nullb_device_power_store()
     - parisc: fix a possible DMA corruption (CVE-2024-44949)
     - char: xillybus: Fix trivial bug with mutex
     - net: Make copy_safe_from_sockptr() match documentation
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 28
   * [x86] Revert "x86: Increase brk randomness entropy for 64-bit systems"
     (Closes: #1085762)

live-boot (1:20230131+deb12u1) bookworm; urgency=medium
 .
   * Add fix to get DHCP from all nics, not only the first one seen with link
     up (Closes: #1069048).

llvm-toolchain-19 (1:19.1.4-1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
   * Change build-dep from sid's llvm-spirv-19 to bookworm's llvm-spirv-14.
   * Add python3-myst-parser build-dep.
   * Use CMAKE_BUILD_PARALLEL_LEVEL rather than -j to ensure that we don't
     OOM during builds
     (https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/-/merge_requests/157).
llvm-toolchain-19 (1:19.1.3-2) unstable; urgency=medium
 .
   * enable OpenMP (without offloading) on riscv64 (and mips64el and loong64)
     Thanks to Aurélien Jarno for this patch
     (Closes: #1087280)
llvm-toolchain-19 (1:19.1.3-1) unstable; urgency=medium
 .
   * New release
llvm-toolchain-19 (1:19.1.2-2) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * Disable time64_t ABI on hurd-i386 too.
 .
   [ Sylvestre Ledru ]
   * Use the | hello trick for g++-multilib for s390x / Ubuntu Oracular
   * Enable compiler-rt runtime again for 32bit time_t64 architectures.
     (Closes: #1085853)
   * Backport Ubuntu 25.04 - Plucky Puffin support
llvm-toolchain-19 (1:19.1.2-1) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * patches/hurd/hurd-f_type.diff: Fix hurd build against glibc ≥ 2.39.
   * libomp-X.Y-dev.install.in: Don't try to ship ompd gdb plugin on
     hurd-amd64 ; ship libomptarget.
   * libomp5-X.Y.install.in: Ship libomptarget.
   * libomp5-X.Y.symbols.in: Fix symbols on hurd-any.
   * rules: Fix syntax on non-linux.
 .
   [ John Paul Adrian Glaubitz ]
   * Don't try to install xray and profile headers on powerpc
 .
   [ Sylvestre Ledru ]
   * New release
   * Update Standards version to 4.7.0
llvm-toolchain-19 (1:19.1.1-1) unstable; urgency=medium
 .
   * New upstream release 19.1.1.
 .
   [ Sylvestre Ledru ]
   * Don't enable intel-pt on Ubuntu Bionic
   * Add disabled info in the build log
   * Disable LLVM libc on bionic
   * Fix the bootstrapping (Closes: #1082610)
     Thanks to Andrey Feofilaktov for the patch
   * clang provides objc++-compiler (Closes: #1082744)
 .
   [ Matthias Klose ]
   * Update watch file and add .git* files to exclude in the tarball.
llvm-toolchain-19 (1:19.1.0-4) unstable; urgency=medium
 .
   [ Sylvestre Ledru ]
   * Adjust the workaround for apt.llvm.org version upgrades
     https://github.com/llvm/llvm-project/issues/109276
   * Ensure that at least 1 CPU is used for build
     Thanks to Santiago Vila for the patch
     (Closes: #1082360)
 .
   [ Matthias Klose ]
   * Don't relax versioned shlibs dependencies for snapshot builds and
     prerelease versions.
   * libllvm19: No symlinks in the llvm-19 subdir. Closes: #1081192, #1082495.
llvm-toolchain-19 (1:19.1.0-3) unstable; urgency=medium
 .
   * Fix typo in dh_makeshlibs calls.
llvm-toolchain-19 (1:19.1.0-2) unstable; urgency=medium
 .
   * Call dh_makeshlibs with the version of the first upstream
     release (1:19.1.0). Looking back at the 1.18 release cycle,
     these libraries didn't see any instability in the ABIs.
   * debian/qualify-clang.sh: Fix typo.
llvm-toolchain-19 (1:19.1.0-1) unstable; urgency=medium
 .
   * New upstream release 19.1.0.
 .
   [ Matthias Klose ]
   * debian/qualify-clang.sh: Skip llvmlibc test, if libllvmlibc-dev is not
     available.
   * Build-depend on llvm-spirv-19.
 .
   [ YunQiang Su ]
   * also pass -mxgot in LDFLAGS.
   * d/p/mips-mlir-xgot.diff: Pass -mxgot for mlir.
llvm-toolchain-19 (1:19.1.0~++rc4-5) unstable; urgency=medium
 .
   * Move the libLLVM.so.1 symlink into llvm-19-dev. Closes: #1081192.
llvm-toolchain-19 (1:19.1.0~++rc4-4) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Consolidate disabling CMake's package validation checks a bit.
   * debian/qualify-clang.sh: Skip OpenMP test, if libomp-dev is not available.
   * Disable CMake's package validation check for libLLVM.so.1.
   * Limit lldb autopkg test to the lldb architectures.
   * Generate debian/tests/* files.
   * Disable the usage-wrapper/memory tracking by default.
   * Replace LLDB_DISABLE_ARCHS macro with LLDB_ARCHS macro.
   * Remove unused kfreebsd patches, and remove references to kfreebsd and s390.
   * Remove references to alpha, hppa, powerpcspe and sh4.
   * Fix usage-wrapper build dependency.
 .
   [ Aurelien Jarno ]
   * Enable lldb on riscv64.
   * Enable lldb autopkgtest on riscv64.
llvm-toolchain-19 (1:19.1.0~++rc4-3) unstable; urgency=medium
 .
   [ Matthias Klose ]
   * Consolidate disabling CMake's package validation checks a bit.
   * debian/qualify-clang.sh: Skip OpenMP test, if libomp-dev is not available.
   * Disable CMake's package validation check for libLLVM.so.1.
   * Limit lldb autopkg test to the lldb architectures.
   * Generate debian/tests/* files.
   * Disable the usage-wrapper/memory tracking by default.
   * Replace LLDB_DISABLE_ARCHS macro with LLDB_ARCHS macro.
   * Remove unused kfreebsd patches, and remove references to kfreebsd and s390.
   * Remove references to alpha, hppa, powerpcspe and sh4.
 .
   [ Aurelien Jarno ]
   * Enable lldb on riscv64.
   * Enable lldb autopkgtest on riscv64.
llvm-toolchain-19 (1:19.1.0~++rc4-2) unstable; urgency=medium
 .
   * Disable z3 again for Ubuntu, and make the libz3-dev (build) dependency
     conditional.
   * Use -mxgot on mips64el.
   * Disable tests on mips64el, they do timeout.
llvm-toolchain-19 (1:19.1.0~++rc4-1) unstable; urgency=medium
 .
   * New release candidate.
 .
   [ Matthias Klose ]
   * Also explicitly link with -latomic on mips64el.
   * Disable openmp on loong64 (ld: cannot find -lomptarget.rtl.host).
   * Build without z3 on sh4 (ftbfs).
   * Also configure with -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD="M68k;Xtensa".
   * debian/tests/*: s/18/19/.
   * debian/qualify-clang.sh: Don't check for libclang-cpp.so.$VERSION symlink.
   * libllvm19: Restore the symlink /usr/lib/llvm-19/lib/libLLVM.so.1, apparently
     CMake's LLVMExports.cmake requires it. But why?
 .
   [ Samuel Thibault ]
   * Add hurd-amd64 support.
 .
   [ Sylvestre Ledru ]
   * Remove the cmake dependency on libLibcTableGenUtil.a
     see https://github.com/llvm/llvm-project/issues/99819
   * New snapshot release
llvm-toolchain-19 (1:19.1.0~++rc3-2) unstable; urgency=medium
 .
   * Fix binary-indep build.
   * Disable openmp on mips64el (ld: cannot find -lomptarget.rtl.host).
   * Disable memory tracking on the Hurd and some ports architectures.
llvm-toolchain-19 (1:19.1.0~++rc3-1) unstable; urgency=medium
 .
   * Add a .gitignore file with all toplevel upstream files and directories.
   * Add some memory tracking, getting some information on memory hogs.
   * Don't require g++-multilib on s390x for newer Ubuntu releases.
   * Factor-out ocaml architectures.
   * Don't try to install xray and profile headers on armel and armhf.
   * Disable ocaml on armhf, requires ocamlopt.
   * Factor-out omp architectures.
   * Disable openmp on riscv64 (ld: cannot find -lomptarget.rtl.host).
   * Factor-out flang architectures.
   * Disable flang on mips64el (currently not supported).
   * Don't try to install hwasan_symbolize on x32.
   * Don't try to install xray and profile headers on x32.
   * Fix installation of the shared libllvm and libclang-cpp libraries
     under their soname. Closes: #1072200.
   * Drop some of the unnecessary libllvm symlinks.
   * debian/orig-tar.sh: Don't include .git/.github metadata.
   * debian/rules. Call again dh_ocaml. Closes: #1078234.
   * debian/rules: Don't create a stamp for the override_dh_auto_install target.
llvm-toolchain-19 (1:19.1.0~++rc3-1~exp1) experimental; urgency=medium
 .
   [ Matthias Klose ]
   * ld.lld: When no package-metadata option is given, fall-back
     to the envvar ELF_PACKAGE_METADATA.
 .
   [ Emanuele Rocca ]
   * Enable bolt on arm64, now supported upstream.
 .
   [ Sylvestre Ledru ]
   * remove llvm-cgdata - see 9e90c40564e21dc5f1a12e08cfdf29305aaf9f50
   * New snapshot release
llvm-toolchain-19 (1:19.1.0~++rc2-1~exp1) experimental; urgency=medium
 .
   * New testing release
llvm-toolchain-19 (1:19.1.0~++20240724103243+7af27be6633a-1~exp1) experimental; urgency=medium
 .
   [ John Paul Adrian Glaubitz ]
   * Disable LLVM testsuite on x32
   * Install liborc_rt-x86_64.a on x32
   * Install hwasan_symbolize on x32
 .
   [ Norbert Lange ]
   * build lldb with Intel PT support on x86, amd64
 .
   [ Sylvestre Ledru ]
   * Prepare upload to 19
   * Adjust the clang-X-doc path after the change
     d7dd778cde84110e38521a6b55dfeb4e1c649ec2
   * bring back clang-nvlink-wrapper
     following upstream commit: 37d0568a6593adfe791c1327d99731050540e97a
   * ship llvm-cgdata
 .
   [ Matthias Klose ]
   * Pass --package-metadata on distros with supporting linkers (starting
     with Debian trixie and Ubuntu noble).
     The package metadata is constructed from the environment variables
     ELF_PACKAGE_METADATA.
     Setting NO_PKG_METADATA=1 disables the generation of the package metadata.

lxc (1:5.0.2-1+deb12u3) bookworm; urgency=medium
 .
   * Cherry-pick upstream fix for null pointer dereference when using a shared
     rootfs (See #1085241)

mailmindr (1.7.1-1~deb12u1) bookworm; urgency=medium
 .
   * Prepared for bookworm proposed-update
mailmindr (1.6.1-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [919abc8] New upstream version 1.6.1
   * [1891988] Bumped standard version - no changes needed;
               bumpd version of dependency
   * [f1ea3a7] Bumped year in d/copyright
mailmindr (1.6.0-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [534d272] New upstream version 1.6.0

mariadb (1:10.11.9-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 10.11.9. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-9-release-notes/
   * This release includes upstream version 10.11.8, with fixes for regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/ as well
     as security issue:
     - CVE-2024-21096
   * Drop multiple patches dropped upstream, including PR#2541.
   * Remove libmariadb file no longer present in MariaDB Connector C v3.3
   * Update client program 'mariadb' trace to match new libmariadb v3.3
   * Update server trace to include new parameters and values from 10.11.7 and .8
   * Note that upstream dropped support for pmem as Red Hat does not support it,
     but we continue to use it in Debian Bookworm
   * Also note upstream updated the MariaDB Connector C library (libmariadb)
     from v3.2 to 3.3 in this stable maintenance release, but it does not cause
     any issues as the soname and list of public symbols continues to be exactly
     same as before
   * Update gdb.conf to be aligned with other branches and easier to maintain
   * Add NEWS item to explain new `mariadb-dump` option `--sandbox`
mariadb (1:10.11.8-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.8. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/ as well
     as security issues:
     - CVE-2024-21096
   * Add CMake flag to ignore libfmt exit code so cross-building works
   * Extend skip test list for latest failures in reproducible builds on armhf
   * Disable tests that fail on armhf when full test suite is run
   * Remove temporary exceptions for bugs that should by now be fixed
   * MDEV-31530 Localizations for Swahili language
   * Update Innotop to be compatible with MariaDB 11.x series
   * Replace use of trailing line `| \` with just `|` in Bash scripts
   * Remove libmariadb file no longer present in MariaDB Connector C v3.3
   * Replace autopkgtest smoke test dependency hack with arch list
   * Update client program 'mariadb' trace to match new libmariadb v3.3
     - New parameter 'sandbox' to fix a vulnerability and new mariadb-dump
       output that always has the sandbox header and is backwards incompatible
   * Update server trace to include new parameters innodb-log-spin-wait-delay
     and innodb-snapshot-isolation
   [ Michael Biebl ]
   * Ensure debconf database is purged after it has been used in postrm
 .
   [ Svante Signell ]
   * Make hurd-i386 build fully pass (Closes: #1069094)
mariadb (1:10.11.7-4) unstable; urgency=medium
 .
   [ Michael Biebl ]
   * Drop unnecessary mariadb-server.prerm (Closes: #1067491)
   * Rely on dh_installsystemd to stop the service in postrm
 .
   [ Otto Kekäläinen ]
   * Remove direct dependencies on libcurl4 (Closes: #1068403, #1068404)
   * Make tests compatible with OpenSSL 3.2.0
mariadb (1:10.11.7-3) unstable; urgency=medium
 .
   * Add 'dpkg-dev (>= 1.22.5)' to Build-Depends for time_t transition
     (Closes: #1065275)
mariadb (1:10.11.7-2) unstable; urgency=medium
 .
   [ Graham Inggs ]
   * Rename libraries for 64-bit time_t transition (Closes: #1062841)
 .
   [ Otto Kekäläinen ]
   * Salsa-CI: Adopt new libmariadbd19t64 library name in CI
   * Remove obsolete Lintian override:
     package-supports-alternative-init-but-no-init.d-script
   * Disable more tests not passing for sparc64 on Debian
   * Add patch to fix hurd-i386 build failure (Closes: #1063739)
   * Add patch to partially revert upstream c432c9ef (Closes: #1063738)
   * Disable table_value_constr failing on armhf on Launchpad
   * Backport patch for MDEV-32975 (collation fix for PHP connector)
mariadb (1:10.11.7-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.7. Includes fixes for several regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/
   * Add missing ${misc:Depends} to Depends for mariadb-server-10.5
   * Re-export upstream signing key without extra signatures
   * Remove field Priority on binary package mariadb-server-10.5 that duplicates
     source
   * Update debian/copyright for 2024
   * Delete test plugin pam_mariadb_mtr.so to keep mariadb-test-data clean
   * Clean away unused Lintian overrides
   * Remove unneeded CMAKE_SYSTEM_PROCESSOR from debian/rules
   * Add patch to skip building AUTH_SOCKET on Hurd (Related: #1006531)
   * Use Pre-Depends to ensure init-system-helpers is present
 .
   [ Michael Biebl ]
   * Install PAM module and systemd files into /usr (Closes: #1061348)
   * Install .service files via .install and let dh_installinit/dh_systemd
     generate the maintscript code
   * Switch to dh_installsystemd and debhelper compat 13
mariadb (1:10.11.6-2.1~exp1) experimental; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.
mariadb (1:10.11.6-2) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * Make the transitional dummy package description explicit
   * Ensure 'clean' target works
   * Use upstream patch to fix subselect test regressions (Closes: #1059904)
   * Disable innodb_ext_key crashing on ppc64el (Related: #1059904)
   * Apply upstream patch to use RDTIME in RISC-V (Closes: #1060007)
mariadb (1:10.11.6-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream version 10.11.6. Includes fixes for several severe regressions
     as noted at https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/ as well
     as security issues:
     - CVE-2023-22084
   * Upstream MariaDB Server 10.11.6 included fix for fmtlib 10 compatibility
     (Closes: #1056387)
   * Drop STACK_DIRECTION customization as upstream CMake code now handles it
   * Update traces to match these changes in MariaDB 10.11.6:
     - New option 'ALL' to multiple parameters as a way to define that all
       possible values/options are selected
     - New variables log-slow-max-warnings, note-verbosity and
       optimizer-max-sel-args
     - Default value for innodb-purge-batch-size increased to 1000
     - Support for TLSv1.1 has been dropped
 .
   [ Guillem Jover ]
   * Remove tilegx support removed from dpkg 1.22.0 (Closes: #1056748)

mpg123 (1.31.2-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix buffer overflow (Frankenstein's Monster) (CVE-2024-10573)
     (Closes: #1086443)

needrestart (3.6-4+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * core: fix regression of false positives for processes running in chroot or
     mountns (Closes: #1087918, #1088047, #1088012, #1087917, #1087958,
     #1087957)
needrestart (3.6-4+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address local privilege escalation vulnerabilities from any unprivileged
     user to root (CVE-2024-48990, CVE-2024-48992, CVE-2024-48991,
     CVE-2024-11003):
     - core: prevent race condition on /proc/$PID/exec evaluation
     - interp: do not set PYTHONPATH environment variable to prevent a LPE
     - interp: do not set RUBYLIB environment variable to prevent a LPE
     - interp: chdir into empty directory to prevent python parsing arbitrary
       files
     - interp: drop usage of Module::ScanDeps to prevent LPE
   * debian/control: Drop Depends on libmodule-scandeps-perl

nfs-utils (1:2.6.2-4+deb12u1) bookworm; urgency=medium
 .
   * debian/salsa-ci.yml: Set release to bookworm
   * d/salsa-ci.yml: Suppress aliased-location lintian errors
   * exports: Fix referrals when --enable-junction=no
     (Closes: #1083098, #1035908)

nss (2:3.87.1-1+deb12u1) bookworm-security; urgency=medium
 .
   * nss: fix CVE-2024-6602, CVE-2024-6609 and CVE-2024-0743

nvidia-graphics-drivers (535.216.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085968)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * nvidia-detect: Add support for Tesla 535 drivers.
   * nvidia-detect: Restrict support to driver series in trixie.
   * Clean up packaging cruft in preparation for forking Tesla 535 drivers.
 .
 nvidia-graphics-drivers (535.183.06-2) unstable; urgency=medium
 .
   * Simplify using nv_pfn_valid() in virt_addr_valid() on ppc64el.
   * Backport nv_get_kern_phys_address() changes from 555.42.02 to fix kernel
     module build with gcc-14 on arm*.  (Closes: #1084844)
   * Regenerate debian/control with libdpkg-perl/bookworm.
 .
 nvidia-graphics-drivers (535.183.06-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.183.06 (2024-07-09).
 .
   [ Andreas Beckmann ]
   * Use dh_movetousr (if available) to relocate the firmware to /usr where
     needed.  (Closes: #1073744)
   * Log an error message if nvidia-peermem refuses to load because it was
     built without IB peer memory symbols present.  (Closes: #1074350)
   * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
     Linux 6.10.  (Closes: #1077841, #1078425, #1078462, #1078489, #1078424)
   * Use pfn_valid() variant with rcu_read_{,un}lock_sched() from Linux 6.8-rc3
     in virt_addr_valid() for Linux 5.10.210 - 5.10.999 to avoid using GPL
     symbols on ppc64el.
   * bug-script: Report 'apt-cache policy'.
nvidia-graphics-drivers (535.183.06-2) unstable; urgency=medium
 .
   * Simplify using nv_pfn_valid() in virt_addr_valid() on ppc64el.
   * Backport nv_get_kern_phys_address() changes from 555.42.02 to fix kernel
     module build with gcc-14 on arm64.  (Closes: #1084844)
   * Regenerate debian/control with libdpkg-perl/bookworm.
nvidia-graphics-drivers (535.183.06-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.183.06 (2024-07-09).
 .
   [ Andreas Beckmann ]
   * Use dh_movetousr (if available) to relocate the firmware to /usr where
     needed.  (Closes: #1073744)
   * Log an error message if nvidia-peermem refuses to load because it was
     built without IB peer memory symbols present.  (Closes: #1074350)
   * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
     Linux 6.10.  (Closes: #1077841, #1078425, #1078462, #1078489, #1078424)
   * ppc64el: Use pfn_valid() variant with rcu_read_{,un}lock_sched() for
     Linux 5.10 from 5.10.210 onwards to avoid using GPL symbols.
   * bug-script: Report 'apt-cache policy' (535.183.06-1).
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers (535.183.06-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
 .
 nvidia-graphics-drivers (535.183.06-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.183.06 (2024-07-09).
 .
   [ Andreas Beckmann ]
   * Use dh_movetousr (if available) to relocate the firmware to /usr where
     needed.  (Closes: #1073744)
   * Log an error message if nvidia-peermem refuses to load because it was
     built without IB peer memory symbols present.  (Closes: #1074350)
   * Backport follow_pfn changes from 550.90.07 to fix kernel module build for
     Linux 6.10.  (Closes: #1077841, #1078425, #1078462, #1078489, #1078424)
   * ppc64el: Use pfn_valid() variant with rcu_read_{,un}lock_sched() for
     Linux 5.10 from 5.10.210 onwards to avoid using GPL symbols.
   * bug-script: Report 'apt-cache policy' (535.183.06-1).
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause additional X screens to claim displays
       that should have been assigned to a prior X screen based on the given X
       configuration.
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
     - Fixed Xid error when playing Alan Wake 2 with ray tracing enabled.
     - Fixed a regression which prevented some Vulkan applications from
       receiving VK_DEVICE_LOST upon a VT switch, which could lead to the
       application hanging or behaving incorrectly.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.

nvidia-open-gpu-kernel-modules (535.216.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.216.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.216.01 (2024-10-22).
     * Fixed CVE-2024-0126.  (Closes: #1085976)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5586
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.183.06-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.183.06-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.183.06 (2024-07-09).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-open-gpu-kernel-modules (535.183.06-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (535.183.06-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.183.06 (2024-07-09).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-open-gpu-kernel-modules (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072800)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.

oar (2.5.9-1+deb12u1) bookworm; urgency=medium
 .
   [ Pierre Neyron ]
   * Fix Drawgantt-SVG with php8 (Closes: #1068444)
     - create_function does not exists anymore
     - static methods must be declared as such
   * Fix the oar user creation on new install (locked otherwise) (Closes:
     #1068713)
   * oar-web-status: add missing dependency to libcgi-fast-perl (Closes:
     #1068711)

opensc (0.23.0-0.3+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5
     padding in OpenSC. (Closes: #1064189)
   * Fix CVE-2024-1454: Memory use after free in AuthentIC driver when updating
     token info.
   * Fix CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating
     key. (Closes: #1082853)
   * Fix CVE-2024-45615: Usage of uninitialized values in libopensc and
     pkcs15init. (Closes: #1082859)
   * Fix CVE-2024-45616: Uninitialized values after incorrect check or usage of
     APDU response values in libopensc. (Closes: #1082860)
   * Fix CVE-2024-45617: Uninitialized values after incorrect or missing
     checking return values of functions in libopensc. (Closes: #1082861)
   * Fix CVE-2024-45618: Uninitialized values after incorrect or missing
     checking return values of functions in pkcs15init. (Closes: #1082862)
   * Fix CVE-2024-45619: Incorrect handling length of buffers or files in
     libopensc. (Closes: #1082863)
   * Fix CVE-2024-45620: Incorrect handling length of buffers or files in
     pkcs15init. (Closes: #1082864)
   * Add d/salsa-ci.yml for Salsa CI.

openssh (1:9.2p1-2+deb12u4) bookworm; urgency=medium
 .
   * Always use the internal mkdtemp implementation, since it substitutes
     more randomness into the template string than glibc's version (closes:
     #1001186, #1064898).
   * Fix gssapi-keyex declaration, broken when rebasing onto 8.9p1
     (LP: #2053146).
   * Import ssh-gssapi autopkgtest from 1:9.8p1-4.
   * Don't prefer host-bound public key signatures if there was no initial
     host key, as is the case when using GSS-API key exchange (closes:
     #1041521, #1088248).
   * Make sntrup761x25519-sha512 key exchange algorithm available without the
     @openssh.com suffix too (closes: #1088873).

pgtcl (1:3.0.0-1+deb12u1) bookworm; urgency=medium
 .
   * Install library in default Tcl auto_path (Closes: #1089166).

php8.2 (8.2.26-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.26
    + Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface.
    + [CVE-2024-8929]: Leak partial content of the heap through heap buffer
      over-read.
    + [CVE-2024-8932]: OOB access in ldap_escape.
    + [CVE-2024-11233]: Single byte overread with
      convert.quoted-printable-decode filter.
    + [CVE-2024-11234]: Configuring a proxy in a stream context might allow
      for CRLF injection in URIs.
    + [CVE-2024-11236]: Integer overflow in the dblib quoter causing OOB
      writes.
    + [CVE-2024-11236]: Integer overflow in the firebird quoter causing OOB
      writes.
   * Revert "ext/gmp: gmp_pow fix FPE with large values" upstream patch
php8.2 (8.2.24-1) unstable; urgency=medium
 .
   * New upstream version 8.2.24
    + [CVE-2024-8926]: Bypass of CVE-2024-4577, Parameter Injection
      Vulnerability
    + [CVE-2024-8927]: cgi.force_redirect configuration is bypassable due
      to the environment variable collision
    + [CVE-2024-8927]: Logs from FPM childrens may be altered
    + [CVE-2024-8925]: Erroneous parsing of multipart form data

poco (1.11.0-3+deb12u1) bookworm; urgency=medium
 .
   * CVE-2023-52389

postgresql-15 (15.10-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.10.
 .
     + Repair ABI break for extensions that work with struct ResultRelInfo
 .
       Last week's minor releases unintentionally broke binary compatibility
       with timescaledb and several other extensions.  Restore the affected
       structure to its previous size, so that such extensions need not be
       rebuilt.
 .
     + Restore functionality of ALTER {ROLE|DATABASE} SET role
 .
       The fix for CVE-2024-10978 accidentally caused settings for role to not
       be applied if they come from non-interactive sources, including previous
       ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
postgresql-15 (15.9-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.9.
 .
     + Ensure cached plans are marked as dependent on the calling role when RLS
       applies to a non-top-level table reference (Nathan Bossart)
 .
       If a CTE, subquery, sublink, security invoker view, or coercion
       projection in a query references a table with row-level security
       policies, we neglected to mark the resulting plan as potentially
       dependent on which role is executing it.  This could lead to later query
       executions in the same session using the wrong plan, and then returning
       or hiding rows that should have been hidden or returned instead.
 .
       The PostgreSQL Project thanks Wolfgang Walther for reporting this
       problem. (CVE-2024-10976)
 .
     + Make libpq discard error messages received during SSL or GSS protocol
       negotiation (Jacob Champion)
 .
       An error message received before encryption negotiation is completed
       might have been injected by a man-in-the-middle, rather than being real
       server output.  Reporting it opens the door to various security hazards;
       for example, the message might spoof a query result that a careless user
       could mistake for correct output.  The best answer seems to be to
       discard such data and rely only on libpq's own report of the connection
       failure.
 .
       The PostgreSQL Project thanks Jacob Champion for reporting this problem.
       (CVE-2024-10977)
 .
     + Fix unintended interactions between SET SESSION AUTHORIZATION and SET
       ROLE (Tom Lane)
 .
       The SQL standard mandates that SET SESSION AUTHORIZATION have a
       side-effect of doing SET ROLE NONE.  Our implementation of that was
       flawed, creating more interaction between the two settings than
       intended. Notably, rolling back a transaction that had done SET SESSION
       AUTHORIZATION would revert ROLE to NONE even if that had not been the
       previous state, so that the effective user ID might now be different
       from what it had been before the transaction.  Transiently setting
       session_authorization in a function SET clause had a similar effect. A
       related bug was that if a parallel worker inspected
       current_setting('role'), it saw none even when it should see something
       else.
 .
       The PostgreSQL Project thanks Tom Lane for reporting this problem.
       (CVE-2024-10978)
 .
     + Prevent trusted PL/Perl code from changing environment variables
       (Andrew Dunstan, Noah Misch)
 .
       The ability to manipulate process environment variables such as PATH
       gives an attacker opportunities to execute arbitrary code.  Therefore,
       trusted PLs must not offer the ability to do that.  To fix plperl,
       replace %ENV with a tied hash that rejects any modification attempt with
       a warning. Untrusted plperlu retains the ability to change the
       environment.
 .
       The PostgreSQL Project thanks Coby Abrams for reporting this problem.
       (CVE-2024-10979)

proftpd-dfsg (1.3.8+dfsg-4+deb12u4) bookworm-security; urgency=high
 .
   * Add my Debian E-Mail address to Field Uploaders.
   * Patch for issue Issue #1830 (Closes: #1082326).
     Supplemental Group Inheritance Grants Unintended Access to GID 0
     (CVE-2024-48651).

prometheus-node-exporter-collectors (0.0~git20230203.6f710f8-1+deb12u2) bookworm; urgency=medium
 .
   * Team upload
 .
   [ Antoine Beaupré ]
   * Add missing `apt_package_cache_timestamp_seconds` metrics ommitted from previous upload.
 .
   [ Reinhard Tartler ]
   * apt_info.py: fix apt_upgrades_pending and apt_upgrades_held, Closes: #1077694
   * backport another improvement to apt_package_cache_timestamp_seconds

pypy3 (7.3.11+dfsg-2+deb12u3) bookworm; urgency=medium
 .
   * Security patches to the standard library:
     - CVE-2023-27043: Parse email addresses with special characters,
       correctly.
     - CVE-2024-9287: Quote path names in venv activation scripts.
     - CVE-2024-4032: Fix private IP address ranges.
     - CVE-2024-6232: Fix ReDoS when parsing tarfile headers.
     - CVE-2024-8088: Avoid infinite loop in zip file parsing.
     - CVE-2024-6923: Encode newlines in headers in the email module.
     - CVE-2024-7592: Quadratic complexity parsing cookies with backslashes.
     - CVE-2024-11168: Ensure addresses in brackets are valid IPv6 addresses.
   * Clean the python 2.7 source tree.
   * Clean cffi modules C source, lex and yacc tabs.

python-aiohttp (3.8.4-1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2023-47627
   * CVE-2023-49081 (Closes: #1057163)
   * CVE-2023-49082 (Closes: #1057164)
   * CVE-2024-23334 (Closes: #1062709)
   * CVE-2024-30251 (Closes: #1070364)
   * CVE-2024-52304 (Closes: #1088109)

python-asyncssh (2.10.1-2+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * debian/patches/CVE-2023-46445-and-CVE-2023-46446.patch: Add patch to fix
     CVE-2023-46445 and CVE-2023-46446 (Rogue Session Attack, Rogue Extension
     Negotiation):
     - Put additional restrictions on when messages are accepted during the
       SSH handshake to avoid message injection attacks from a rogue client
       or server (closes: #1055999, #1056000).

python-tornado (6.2.0-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * d/patches/CVE-2024-52804.patch: Fix CVE-2024-52804 (closes: #1088112).
     - The algorithm used for parsing HTTP cookies in Tornado versions prior to
       6.4.2 sometimes has quadratic complexity, leading to excessive CPU
       consumption when parsing maliciously-crafted cookie headers. This
       parsing occurs in the event loop thread and may block the processing of
       other requests.
   * d/patches/CVE-2023-28370-1.patch,
     d/patches/CVE-2023-28370-2.patch: Fix CVE-2023-28370 (closes: #1036875).
     - Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows
       a remote unauthenticated attacker to redirect a user to an arbitrary web
       site and conduct a phishing attack by having user access a specially
       crafted URL.

python-urllib3 (1.26.12-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2023-43804: Cookie request header isn't stripped during
     cross-origin redirects. (Closes: #1053626)
   * Fix CVE-2023-45803: Request body not stripped after redirect from 303
     status changes request method to GET. (Closes: #1054226)
   * Fix CVE-2024-37891: Proxy-Authorization request header isn't stripped
     during cross-origin redirects. (Closes: #1074149)
   * Use system 'six' module in urllib3.util.ssltransport. (Closes: #1089507)
   * Fix test/test_connectionpool.py (currently ignored).
   * Adjust d/salsa-ci.yml for bookworm.
   * Adjust d/gbp.conf for bookworm.

python-werkzeug (2.2.2-3+deb12u1) bookworm; urgency=high
 .
   * Backport upstream fix for CVE-2023-46136
     (denial of service when file upload begins with CR or LF)
     (Closes: #1054553).
   * Backport upstream fixes for CVE-2024-34069
     (arbitrary code execution on developer's machine via the debugger)
     (Closes: #1070711).
   * Backport upstream fix for CVE-2024-49767
     (denial of service when processing multipart/form-data requests)
     (Closes: #1086062).

python3.11 (3.11.2-6+deb12u5) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-27043: Reject malformed addresses in email.parseaddr()
     (Closes: #1059298)
   * CVE-2024-6923: Encode newlines in headers in the email module
   * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
   * CVE-2024-9287: venv activation scripts did't quote paths
   * CVE-2024-11168: urllib functions improperly validated bracketed hosts

qemu (1:7.2+dfsg-7+deb12u12) bookworm; urgency=medium
 .
   * mark-internal-codegen-functions-hidden.patch:
     make GOT on AArch64 to fit. See comment in the patch for details.
   * Revert "d/rules: disable capstone for static-user build on aarch64"
     Re-enable capstone usage on aarch64, restore the status quo.
qemu (1:7.2+dfsg-7+deb12u11) bookworm; urgency=medium
 .
   * disable capstone for qemu-user-static buildi on arm64. See
     https://gitlab.com/qemu-project/qemu/-/issues/1129 for details.
     The choice is to disable either capstone or pie, and it is better
     to keep pie enabled because it helps with guest/host address conflicts.
     Capstone is used to produce disassembler output of guest code, it is
     nice to have it but it is not required for normal operations.
   * skip +deb12u11 release due to a typo
qemu (1:7.2+dfsg-7+deb12u10) bookworm; urgency=medium
 .
   * disable capstone for qemu-user-static build. See
     https://gitlab.com/qemu-project/qemu/-/issues/1129 for details.
     The choice is to disable either capstone or pie, and it is better
     to keep pie enabled because it helps with guest/host address conflicts.
     Capstone is used to produce disassembler output of guest code, it is
     nice to have it but it is not required for normal operations.
qemu (1:7.2+dfsg-7+deb12u9) bookworm; urgency=medium
 .
   * re-enable (upstream default) --static-pie linking for qemu-user-static
     binaries.  This has been disabled due to a mistake (LP:#1908331), has been
     re-enabled in later debian qemu releases.  Disabling static-pie leads to
     qemu binaries using fixed address which has high chance to clash with
     something in the emulated binary address space, and hence makes qemu-user
     generally crashy.  But this change has been forgotten in bookworm.  With
     recent bookworm kernel updates (6.1.112, with changes to KASLR), these
     qemu-user-static crashes has become too common.  Also add lintian-override
     about not-static-enough binaries.
     Closes: #1087822, #1053101
   * update to upstream 7.2.15 stable/bugfix release, v7.2.15.diff,
     https://gitlab.com/qemu-project/qemu/-/commits/v7.2.15 :
     - Update version for 7.2.15 release
     - usb-hub: Fix handling port power control messages
     - hw/audio/hda: fix memory leak on audio setup
     - hw/misc/mos6522: Fix bad class definition of the MOS6522 device
     - tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
     - target/arm: Drop user-only special case in sve_stN_r
     - linux-user: Fix setreuid and setregid to use direct syscalls
     - target/i386: Fix legacy page table walk
     - 9pfs: fix crash on 'Treaddir' request
     - hw/nvme: fix handling of over-committed queues
     - target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
     - target/ppc: Set ctx->opcode for decode_insn32()
     - target/riscv: Fix vcompress with rvv_ta_all_1s
     - hw/intc/riscv_aplic: Check and update pending when write sourcecfg
     - hw/intc/riscv_aplic: Fix in_clrip[x] read emulation
     - target/riscv: Set vtype.vill on CPU reset
     - hw/intc: Don't clear pending bits on IRQ lowering
     - target/riscv: Correct SXL return value for RV32 in RV64 QEMU
     - target/riscv/csr.c: Fix an access to VXSAT
     - target/arm: Don't assert in regime_is_user() for E10 mmuidx values
     - net/tap-win32: Fix gcc 14 format truncation errors
     - Fix calculation of minimum in colo_compare_tcp
     - gitlab: make check-[dco|patch] a little more verbose
     - linux-user/ppc: Fix sigmask endianness issue in sigreturn
     - target/i386: Walk NPT in guest real mode
     - target/i386: Avoid unreachable variable declaration in mmu_translate()
     - tcg: Reset data_gen_ptr correctly
     - raw-format: Fix error message for invalid offset/size
     - tests: Wait for migration completion on destination QEMU
       to avoid failures
     - KVM: Dynamic sized kvm memslots array
     - hw/audio/hda: free timer on exit
     - hw/intc/arm_gicv3_cpuif: Add cast to match the documentation
     - scsi: fetch unit attention when creating the request
     - linux-user: Fix parse_elf_properties GNU0_MAGIC check
     - linux-user/flatload: Take mmap_lock in load_flt_binary()
     - tracetool: avoid invalid escape in Python string
     - fuzz: disable leak-detection for oss-fuzz builds
     - block/reqlist: allow adding overlapping requests
     - target/ppc: Fix lxvx/stxvx facility check
     - softmmu/physmem.c: Keep transaction attribute in address_space_map()
qemu (1:7.2+dfsg-7+deb12u8) bookworm; urgency=medium
 .
   * update to upstream 7.2.14 stable/bugfix release, v7.2.14.diff,
     https://gitlab.com/qemu-project/qemu/-/commits/v7.2.14 :
     - Update version for 7.2.14 release
     - hw/intc/arm_gic: fix spurious level triggered interrupts
     - tests/docker: remove debian-armel-cross
     - hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read()
     - crypto: check gnutls & gcrypt support the requested pbkdf hash
     - crypto: run qcrypto_pbkdf2_count_iters in a new thread
     - softmmu/physmem: fix memory leak in dirty_memory_extend()
     - gitlab: migrate the s390x custom machine to 22.04
     - crypto/tlscredspsk: Free username on finalize
     - module: Prevent crash by resetting local_err in module_load_qom_all()
     - target/i386: Do not apply REX to MMX operands
     - block/blkio: use FUA flag on write zeroes only if supported
     - hw/core/ptimer: fix timer zero period condition for freq > 1GHz
     - nbd/server: CVE-2024-7409: Avoid use-after-free when closing server
     - nbd/server: CVE-2024-7409: Close stray clients at server-stop
     - nbd/server: CVE-2024-7409: Drop non-negotiating clients
     - nbd/server: CVE-2024-7409: Cap default max-connections to 100
     - nbd/server: Plumb in new args to nbd_client_add()
     - iotests: Add `vvfat` tests
     - vvfat: Fix reading files with non-continuous clusters
     - vvfat: Fix wrong checks for cluster mappings invariant
     - vvfat: Fix usage of `info.file.offset`
     - vvfat: Fix bug in writing to middle of file
     - hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers
     - virtio-net: Fix network stall at the host side waiting for kick
     - virtio-net: Ensure queue index fits with RSS
     - target/arm: Handle denormals correctly for FMOPA (widening)
     - hw/arm/mps2-tz.c: fix RX/TX interrupts order
     - hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb()
     - docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str
     - target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled
     - target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl()
     - target/arm: Fix UMOPA/UMOPS of 16-bit values
     - target/arm: Don't assert for 128-bit tile accesses when SVL is 128
     - hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE
     - hw/char/bcm2835_aux: Fix assert when receive FIFO fills up
     - target/rx: Use target_ulong for address in LI
     - hw/virtio: Fix the de-initialization of vhost-user devices
     - util/async.c: Forbid negative min/max
       in aio_context_set_thread_pool_params()
     - hw/intc/loongson_ipi: Access memory in little endian
     - chardev/char-win-stdio.c: restore old console mode
     - target/i386: do not crash if microvm guest uses SGX CPUID leaves
     - intel_iommu: fix FRCD construction macro
     - hw/cxl/cxl-host: Fix segmentation fault when getting cxl-fmw property
     - hw/nvme: fix memory leak in nvme_dsm
     - target/arm: Use FPST_F16 for SME FMOPA (widening)
     - target/arm: Use float_status copy in sme_fmopa_s
     - qapi/qom: Document feature unstable of @x-vfio-user-server

quicktext (5.16-1~deb12u1) bookworm; urgency=medium
 .
   [ Mechtilde ]
   * [9d327fa] Prepared rebuild for bookworm
quicktext (5.10-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [009df44] New upstream version 5.10
quicktext (5.6-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [a859d0b] New upstream version 5.6
   * [0e8df4f] Bumped standard version - no changes needed
   * [9bc840e] Bumped min version of thunderbird

redis (5:7.0.15-1~deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-31227: DoS with malformed ACL selectors
   * CVE-2024-31228: unbounded pattern matching DoS
   * CVE-2024-31449: Lua bit library stack overflow
   * Closes: 1084805

renderdoc (1.24+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-33863: integer overflow
   * CVE-2023-33864: integer overflow
   * CVE-2023-33865: symlink attack
   * Closes: #1037208

ruby-doorkeeper (5.5.0-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-34246: Improper Authentication (Closes: #1038950)

setuptools (66.1.1-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * debian/patches/CVE-2024-6345.patch: Fix CVE-2024-6345.
     - Replace the unsafe use of os.system to fix a possible remote code
       execution by supplying malicious URLs in a package index or via the
       command line.

simplesamlphp (1.19.7-1+deb12u1) bookworm-security; urgency=high
 .
   * Upload to the security archive.
   * Fix CVE-2024-52596

smarty3 (3.1.47-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-28447 - JavaScript injection (Closes: #1033964)
   * CVE-2024-35226 - PHP Code injection by untrusted template authors
     (Closes: #1072530)
   * Add simple autopkgtests for the three CVEs.

smarty4 (4.3.0-1+deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2024-35226 (Closes: #1072529)

sqlparse (0.4.2-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2023-30608: Parser contains a regular expression that is
     vulnerable to ReDOS. (Closes: #1034615)
   * Fix CVE-2024-4340: Parsing of heavily nested list leads to Denial of
     Service. (Closes: #1070148)
   * Adjust d/salsa-ci.yml for bookworm.

srt (1.5.1-1+deb12u1) bookworm; urgency=medium
 .
   * [1e9db13] d/control: correct hard dependencies for dev packages.
     Thanks to Laurent Bigonville <bigon@debian.org> (Closes: #1086751)

symfony (5.4.23+dfsg-1+deb12u4) bookworm-security; urgency=medium
 .
   * Backport security fixes from Symfony 5.4.47
     - [security-http] Check owner of persisted remember-me cookie
       [CVE-2024-51996]
     - [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient
       [CVE-2024-50342]
symfony (5.4.23+dfsg-1+deb12u3) bookworm-security; urgency=medium
 .
   * Backport security fixes from Symfony 5.4.46
     - [Validator] Add D regex modifier in relevant validators [CVE-2024-50343]
     - Do not read from argv on non-CLI SAPIs [CVE-2024-50340]
     - [HttpClient] Filter private IPs before connecting when Host == IP
       [CVE-2024-50342]
     - [HttpFoundation] Reject URIs that contain invalid characters
       [CVE-2024-50345]
   * Backport fixes to test suite

systemd (252.33-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.33
systemd (252.32-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.32

tango (9.3.4+dfsg1-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Make the property_* tables compatible with MariaDB 10.11 at install time.
     Thanks to Thomas Braun. Also update table modifications accordingly in
     dbconfig-common when upgrading from 9.3.4 (Closes: #1062979).
   * Add d/tests/starter-basic, including a test for #1062979.
   * Switch Salsa CI RELEASE variable from experimental to bookworm. Otherwise,
     Salsa CI runs the pipeline on experimental, and it has to be manually
     overriden.

tbsync (4.12-1~deb12u1) bookworm; urgency=medium
 .
   [ Mechtilde ]
   * [b716540] Merge branch 'debian/sid' into debian/bookworm
   * Prepared for release in bookworm (proposed-updates)
tbsync (4.8-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [958ffe6] New upstream version 4.8
   * [2a36c0a] Bumped standard version - no changes needed;
               bumped version of dependencies
   * [fbee43b] Bumped year in d/copyright
tbsync (4.7-1) unstable; urgency=medium
 .
   [ Mechtilde ]
   * [c727b2e] New upstream version 4.7
   * [3187154] Compression is now tar.gz

texlive-bin (2022.20220321.62855-5.1+deb12u2) bookworm; urgency=medium
 .
   * Add patches from upstream for "luatex loses or changes text when
     discretionaries with priorities are used" (Closes: #1041441).
   * Add patch for CVE-2024-25262.

thunderbird (1:128.5.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.4.3esr-1) unstable; urgency=medium
 .
   * [0f444cd] New upstream version 128.4.3esr
     Fixed CVE issues in upstream version 128.4.3 (MFSA 2024-61):
     CVE-2024-11159: Potential disclosure of plaintext in OpenPGP encrypted
                     message
   * [a1da929] Rebuild patch queue from patch-queue branch
     Remove wrong metadata from patch
     fixes/Install-vaapitest-v4l2test-only-when-build.patch
thunderbird (1:128.4.3esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:128.4.2esr-1) unstable; urgency=medium
 .
   * [a203321] New upstream version 128.4.2esr
thunderbird (1:128.4.0esr-1) unstable; urgency=medium
 .
   * [33e8ca6] New upstream version 128.4.0esr
     Fixed CVE issues in upstream version 128.4 (MFSA 2024-58):
     CVE-2024-10458: Permission leak via embed or object elements
     CVE-2024-10459: Use-after-free in layout with accessibility
     CVE-2024-10460: Confusing display of origin for external protocol handler
                     prompt
     CVE-2024-10461: XSS due to Content-Disposition being ignored in
                     multipart/x-mixed-replace response
     CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
     CVE-2024-10463: Cross origin video frame leak
     CVE-2024-10464: History interface could have been used to cause a Denial
                     of Service condition in the browser
     CVE-2024-10465: Clipboard "paste" button persisted across tabs
     CVE-2024-10466: DOM push subscription message could hang Firefox
     CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132,
                     Firefox ESR 128.4, and Thunderbird 128.4
thunderbird (1:128.4.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
 .
   [ Emilio Pozuelo Monfort ]
   * [3908929] Fix linker memory issues when building on bookworm/amd64
thunderbird (1:128.3.2esr-1) unstable; urgency=medium
 .
   * [ae355fe] New upstream version 128.3.2esr
     Fixed CVE issues in upstream version 128.3.1 (MFSA 2024-52):
     CVE-2024-9680: Use-after-free in Animation timeline
     (Closes: #1084989)
   * [d10c926] d/control: Remove s390x from architecture list
   * [02f107f] d/control: Fix VCS links so they point to debian/sid
thunderbird (1:128.3.0esr-1) unstable; urgency=medium
 .
   * [8f4b4a5] New upstream version 128.3.0esr
     Fixed CVE issues in upstream version 128.3 (MFSA 2024-49):
     CVE-2024-9392: Compromised content process can bypass site isolation
     CVE-2024-9393: Cross-origin access to PDF contents through multipart
                    responses
     CVE-2024-9394: Cross-origin access to JSON contents through multipart
                    responses
     CVE-2024-8900: Clipboard write permission bypass
     CVE-2024-9396: Potential memory corruption may occur when cloning certain
                    objects
     CVE-2024-9397: Potential directory upload bypass via clickjacking
     CVE-2024-9398: External protocol handlers could be enumerated via popups
     CVE-2024-9399: Specially crafted WebTransport requests could lead to
                    denial of service
     CVE-2024-9400: Potential memory corruption during JIT compilation
     CVE-2024-9401: Memory safety bugs fixed in Firefox 131/ESR 115.16/ESR
                    128.3 and Thunderbird 131/128.3
     CVE-2024-9402: Memory safety bugs fixed in Firefox 131/ESR 128.3 and
                    Thunderbird 131/128.3
thunderbird (1:128.2.3esr-1) unstable; urgency=medium
 .
   * [2c299bf] New upstream version 128.2.3esr
   * [95769b9] d/thunderbird.postinst: Correct misspelled THUNDERBIRD_LIBDIR
     (Closes: #1082842)
   * [c46440b] d/t-lintian-overrides: Drop librnp.so from list
   * [17dc3f3] d/s/lintian-overrides: Overhaul the list to ignore
thunderbird (1:128.2.1esr-1) unstable; urgency=medium
 .
   * [5d41f15] New upstream version 128.2.1esr
thunderbird (1:128.2.0esr-1) unstable; urgency=medium
 .
   * [33f11cd] d/create-upstream-tarballs.py: Ignore version 130.0
   * [56e8a06] New upstream version 128.2.0esr
     Fixed CVE issues in upstream version 128.2 (MFSA 2024-43):
     CVE-2024-8394: Crash when aborting verification of OTR chat
     CVE-2024-8385: WASM type confusion involving ArrayTypes
     CVE-2024-8381: Type confusion when looking up a property name in a
                    "with" block
     CVE-2024-8382: Internal event interfaces were exposed to web content
                    when browser EventHandler listener callbacks ran
     CVE-2024-8384: Garbage collection could mis-color cross-compartment
                    objects in OOM conditions
     CVE-2024-8386: SelectElements could be shown over another site if popups
                    are allowed
     CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
                    and Thunderbird 128.2
thunderbird (1:128.1.1esr-1) unstable; urgency=medium
 .
   [ Michael Weghorn ]
   * [91e6069] Use app ID that matches the desktop file name
     (Closes: #1022037)
 .
   [ Carsten Schoenert ]
   * [b07a057] d/control: Drop B-D on libdbus-glib-1-dev
     (Closes: #955955)
   * [16531ce] d/create-upstream-tarballs.py: Ignore version 129.0
   * [544931b] d/control: Fix short description for thunderbird-l10n-lv
     (Closes: #1079029)
   * [9d65f1f] New upstream version 128.1.1esr
   * [1eff397] d/rules: Move/rename third party Python modul temporarly
thunderbird (1:128.1.0esr-1) unstable; urgency=medium
 .
   [ Carsten Schoenert ]
   * [a4bdee4] d/gbp.conf: Adjust upstream branch to new ESR cycle
   * [9909948] d/control: Readd dependencies on librnp{0,-dev}
   * [049ad32] d/thunderbird.install: Don't try installing rnp tools
   * [63b5a69] New upstream version 128.1.0esr
     Fixed CVE issues in upstream version 128.1 (MFSA 2024-37):
     CVE-2024-7518: Fullscreen notification dialog can be obscured by document
                    content
     CVE-2024-7519: Out of bounds memory access in graphics shared memory
                    handling
     CVE-2024-7520: Type confusion in WebAssembly
     CVE-2024-7521: Incomplete WebAssembly exception handing
     CVE-2024-7522: Out of bounds read in editor component
     CVE-2024-7525: Missing permission check when creating a StreamFilter
     CVE-2024-7526: Uninitialized memory used by WebGL
     CVE-2024-7527: Use-after-free in JavaScript garbage collection
     CVE-2024-7528: Use-after-free in IndexedDB
     CVE-2024-7529: Document content could partially obscure security prompts
thunderbird (1:128.0esr-1) experimental; urgency=medium
 .
   * [e6bbe24] d/create-upstream-tarballs.py: Need to check for esr now
   * [f27f6f8] New upstream version 128.0esr
thunderbird (1:128.0~b5-1) experimental; urgency=medium
 .
   * [30985b4] d/source.filter: Filter out comm/third_party/rust/winapi*/**/*.a
   * [d75c09c] New upstream version 128.0~b5
   * [d1adc7f] Rebuild patch queue from patch-queue branch
     Removed patches:
     debian-hacks/Relax-minimum-supported-rust-version-to-1.75.patch
     fixes/skia-Cast-SkEndian_SwapBE32-n-to-uint32_t-on-big-endian.patch
     Modified patches:
     porting-mips64el/skia-Disable-musttail-on-mips64.patch
     porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch
   * [7042e2a] d/copyright: Update content due upstream changes
   * [9046790] d/s/lintian-overrides: Update data due upstream changes
thunderbird (1:127.0~b5-1) experimental; urgency=medium
 .
   * [5b073c7] New upstream version 127.0~b5
   * [3ab1f6c] Rebuild patch queue from patch-queue branch
     added patch:
     debian-hacks/Relax-minimum-supported-rust-version-to-1.75.patch
     Thanks Mike for working on this!
     removed patches:
     debian-hacks/Relax-minimum-supported-rust-version-to-1.70.patch
     debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch
   * [5544dee] d/c-u-t.py: Ignore one more version
   * [ac6e99c] d/logo/thunderbird: Update PNG files from newer SVG
     (Closes: #1071824)
   * [cee6fb8] d/thunderbird.install: Install the newer correct SVG graphic
thunderbird (1:125.0~b3-1) experimental; urgency=medium
 .
   [ William Desportes ]
   * [afa7e77] Fix a typo in the wrapper file
 .
   [ Carsten Schoenert ]
   * [cd67758] New upstream version 125.0~b3
   * [2224a5f] Rebuild patch queue from patch-queue branch
     added patches:
     debian-hacks/Relax-minimum-supported-rust-version-to-1.70.patch
     Thanks Mike for working on this!
   * [f0b98c4] d/control: Move libotr5 to libotr5t64 for bin:thunderbird
     (Closes: #1069337)
   * [311f88e] d/control: Drop dependencies on librnp{0,-dev}
   * [7f50d91] d/control: Increase Standards-Version to 4.7.0
     No further changes needed.
   * [fd7d588] d/c-u-t.py: Ignore potentially non ESR versions
thunderbird (1:124.0~b5-1) experimental; urgency=medium
 .
   * [2189bc4] New upstream version 124.0~b5
   * [b943acc] d/control: Bump B-D for cbindgen libnss3-dev
thunderbird (1:122.0~b2-1) experimental; urgency=medium
 .
   * [7c0ec4b] d/source.filter: Update content to filter out
   * [f9cea81] New upstream version 122.0~b2
   * [00364f5] d/copyright: Update content due upstream changes
   * [5bd3edd] d/t.lintian-overrides: Update entries due build changes
   * [789a079] d/s/lintian-overrides: Update data due upstream changes
thunderbird (1:121.0~b3-1) experimental; urgency=medium
 .
   [ Christoph Goehre ]
   * [d770988] d/{rules,thunderbird.install}: install vaapitest/v4l2test
               only on some architectures
   * [a85c9bd] rebuild patch queue from patch-queue branch
     Added patch:
     fixes/Install-vaapitest-v4l2test-only-when-build.patch
 .
   [ intrigeri ]
   * [6c6d3ff] AppArmor: update profile from upstream at
               commit 9d3fa88cdab512e45f6fd80f067337f200d356bc
 .
   [ Carsten Schoenert ]
   * [35bd423] New upstream version 121.0~b3
thunderbird (1:120.0~b1-1) experimental; urgency=medium
 .
   * [6f842cd] New upstream version 120.0~b1
   * [9cb9ff0] Rebuild patch queue from patch-queue branch
     Added patch:
     debian-hacks/Relax-cargo-version-requirement.patch
     Dropped patches:
     debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
   * [f447eb6] d/control: Bump B-D for cbindgen and libnss3-dev
   * [546c436] d/thunderbird.install: Drop install of plugin-container
   * [e912f12] d/rules: Drop remaining lightning parts
thunderbird (1:117.0~b5-1) experimental; urgency=medium
 .
   [ Christoph Goehre ]
   * [35f24cb] ship glxtest and vaapitest binaries
     (Closes: #1043057)
 .
   [ Carsten Schoenert ]
   * [f8ce5fb] New upstream version 117.0~b5
   * [91f34ab] Rebuild patch queue from patch-queue branch
     Removed patches (included upstream):
     fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
     porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
     porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
   * [680d811] d/thunderbird.install: Use upstream graphics for icons
   * [0768e17] d/c-u-t.py: Use Version() from python3-packaging
   * [b463514] d/thunderbird.desktop: Sort MimeType entries alphabetically
   * [4ac761b] d/control: Bump the usual build dependencies
 .
   [ Max Nikulin ]
   * [83018ae] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard
   * [615c2a0] d/thunderbird.desktop: Add mid: URI to MIME types
     (Closes: #1008159)
   * [f595e42] d/thunderbird.desktop: Add news: URI to MIME types
   * [7a2dde8] d/thunderbird.desktop: Add webcal: URI to MIME types
thunderbird (1:116.0~b7-1) experimental; urgency=medium
 .
   * [489b6a2] New upstream version 116.0~b7
   * [a6a2814] Rebuild patch queue from patch-queue branch
     Removed patches (included upstream):
     fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
     porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch

tiff (4.5.0-6+deb12u2) bookworm; urgency=medium
 .
   * CVE-2023-2908
   * CVE-2023-3618 (Closes: #1040945)
   * CVE-2023-25433
   * CVE-2023-26965
   * CVE-2023-26966
   * CVE-2023-52356 (Closes: #1061524)
   * CVE-2024-7006 (Closes: #1078648)

tzdata (2024b-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version 2024b
     - Improve historical data for Mexico, Mongolia, and Portugal.
     - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
     - No leap second on 2024-12-31
   * Add Asia/Choibalsan to INCLUDE_SYMLINKS
   * Revert System V names deprecation
tzdata (2024a-4) unstable; urgency=medium
 .
   * d/rules: Support creating symlinks pointing to symlinks
   * Fixup for avoid timezones being symlinks to symlinks (LP: #2062522)
tzdata (2024a-3) unstable; urgency=medium
 .
   * Avoid timezones being symlinks to symlinks to avoid breaking C++20 standard
     expectation (LP: #2062522)
tzdata (2024a-2) unstable; urgency=medium
 .
   * Update Italian debconf translation.
     Thanks to Ceppo <ceppo@oziosi.org> (Closes: #1063490)
   * Replace America/Godthab by America/Nuuk
   * Do not replace CET, CST6CDT, EET, EST*, HST, MET, MST*, PST8PDT, WET.
     The replacements differed in using daylight saving. (LP: #2055718)
   * Fix updating US/Indiana-Starke to America/Indiana/Knox
   * Allow ziguard.awk to generate timezone symlink that point to symlinks
     to fix (at least) the timezone symlinks Africa/Asmera,
     Antarctica/South_Pole, Iceland, Pacific/Ponape, and Pacific/Truk.
   * test_timezone_conversions: Check symlink targets
tzdata (2024a-1) unstable; urgency=medium
 .
   * New upstream version 2024a
      - Kazakhstan unifies on UTC+5 beginning 2024-03-01.
      - Palestine springs forward a week later after Ramadan.
   * Add autopkgtest test case for 2024a release

ucf (3.0043+nmu1+deb12u1) bookworm; urgency=medium
 .
   * Initialise variable subsequently passed to eval. (Closes: #1089015)

util-linux (2.38.1-5+deb12u3) bookworm; urgency=medium
 .
   * Fixup upstream patches from 2.38.1-5+deb12u2 so gbp-pq can apply them
   * Use upstream's new --disable-makeinstall-tty-setgid.
     This fixes our wider mitigation for CVE-2024-28085.

webkit2gtk (2.46.5-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.4-1) unstable; urgency=high
 .
   * New upstream release.
   * The WebKitGTK security advisory WSA-2024-0007 lists the following
     security fixes in the latest versions of WebKitGTK:
     - CVE-2024-44308, CVE-2024-44309 (fixed in 2.46.4).
webkit2gtk (2.46.4-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.3-1) unstable; urgency=medium
 .
   * New upstream release.
webkit2gtk (2.46.3-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.2-1) unstable; urgency=medium
 .
   * New upstream release.
   * Drop socket-monitor-crash.patch (included in this release).
   * debian/control-common.in:
     - The libwebkit*-dev packages are no longer Multi-Arch: same.
       The s390x versions of the WebKit*.gir files are different due to a
       change in a default value (WebKit bug #279220).
   * debian/copyright:
     - Update copyright information of all files.
   * debian/rules:
     - Stop disabling jpeg-xl in Ubuntu (Jeremy Bícha).
     - Remove the USE_PREBUILT_DOCS variable, we can always build the
       documentation now.
     - Fix build with -Nlibwebkitgtk-doc.
     - Disable Skia on loong64 (Closes: #1082740).
webkit2gtk (2.46.1-2) unstable; urgency=medium
 .
   * Make the package Linux-only.
     - debian/control*.in: Set Architecture: linux-any.
     - debian/rules: Remove non-Linux quirks.
   * debian/patches/socket-monitor-crash.patch:
     - Fix crash due to a regression in 2.46.1 (WebKit bug #281495).
   * debian/control.in:
     - Require cmake 3.20.
webkit2gtk (2.46.1-2~bpo12+1) bookworm-backports; urgency=medium
 .
   * Rebuild for bookworm-backports.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.1-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/rules:
     - Remove compiler overrides for sh4 (Closes: #1082305)
       (thanks, John Paul Adrian Glaubitz).
     - Build with -DENALE_WEBGL=OFF in the Hurd.
   * Drop debian/patches/fix-epiphany-ftbfs.patch.
   * debian/copyright:
     - Update copyright information of all files.
webkit2gtk (2.46.0-2) unstable; urgency=medium
 .
   * debian/rules:
     - Use -DUSE_SYSPROF_CAPTURE=OFF in unsupported arches.
     - Enable bmalloc on armhf, using the system malloc is crashing the web
       process (Closes: #1082148)
   * debian/patches/fix-epiphany-ftbfs.patch:
     - Disable webkit_settings_set_enable_2d_canvas_acceleration on
       non-Skia builds. This fixes a FTBFS in epiphany-browser
       (Closes: #1082149).
   * debian/patches/disable-dmabuf-nvidia.patch:
     - Bring back this patch (Closes: #1082139), see also #1039720.
   * debian/patches/fix-bmalloc-armhf.patch:
     - Fix the armhf build if bmalloc is enabled.

xsane (0.999-12.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * debian/control: Recommends firefox-esr | firefox | www-browser rather
     than firefox | www-browser to avoid fallback to www-browser when
     package firefox is not available. (Closes: #1076101)

zfs-linux (2.1.11-1+deb12u1) bookworm; urgency=medium
 .
   * dch: typo fix
   * New symbols for libzfs4linux and libzpool5linux
   * d/patches: cherry-pick upstream fixes for stability issues
     + fix dnode dirty test (Closes: #1056752, #1063497, CVE-2023-49298)
     + fix sharenfx IPv6 address parsing (Closes: CVE-2013-20001)
     + and some fixes related to NULL pointer, memory allocation, etc.

zookeeper (3.8.0-11+deb12u2) bookworm; urgency=medium
 .
   * Team upload
   * Bug fix: CVE-2024-23944 (Closes: #1066947):
     An information disclosure in persistent watchers handling was found in
     Apache ZooKeeper due to missing ACL check.  It allows an attacker to
     monitor child znodes by attaching a persistent watcher (addWatch
     command) to a parent which the attacker has already access
     to. ZooKeeper server doesn't do ACL check when the persistent watcher
     is triggered and as a consequence, the full path of znodes that a
     watch event gets triggered upon is exposed to the owner of the
     watcher. It's important to note that only the path is exposed by this
     vulnerability, not the data of znode, but since znode path can contain
     sensitive information like user name or login ID, this issue is
     potentially critical.
   * Add salsa CI
=======================================
Sat, 09 Nov 2024 - Debian 12.8 released
=======================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:28:38 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
btrfs-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
cdrom-core-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
cdrom-core-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
crc-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
crc-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
crypto-dm-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
crypto-dm-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
crypto-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
crypto-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
dasd-extra-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
dasd-extra-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
dasd-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
dasd-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
ext4-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
ext4-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
f2fs-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
f2fs-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
fat-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
fat-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
fuse-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
fuse-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
isofs-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
isofs-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
kernel-image-6.1.0-22-s390x-di |   6.1.94-1 | s390x
kernel-image-6.1.0-26-s390x-di |  6.1.112-1 | s390x
linux-headers-6.1.0-22-s390x |   6.1.94-1 | s390x
linux-headers-6.1.0-26-s390x |  6.1.112-1 | s390x
linux-image-6.1.0-22-s390x |   6.1.94-1 | s390x
linux-image-6.1.0-22-s390x-dbg |   6.1.94-1 | s390x
linux-image-6.1.0-26-s390x |  6.1.112-1 | s390x
linux-image-6.1.0-26-s390x-dbg |  6.1.112-1 | s390x
loop-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
loop-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
md-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
md-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
mtd-core-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
mtd-core-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
multipath-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
multipath-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
nbd-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
nbd-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
nic-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
nic-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
scsi-core-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
scsi-core-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
scsi-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
scsi-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
udf-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
udf-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x
xfs-modules-6.1.0-22-s390x-di |   6.1.94-1 | s390x
xfs-modules-6.1.0-26-s390x-di |  6.1.112-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:30:48 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
affs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
affs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
affs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
ata-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
ata-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
ata-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
ata-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
btrfs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
btrfs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
btrfs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
btrfs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
cdrom-core-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
cdrom-core-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
cdrom-core-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
cdrom-core-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
crc-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
crc-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
crc-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
crc-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
crypto-dm-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
crypto-dm-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
crypto-dm-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
crypto-dm-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
crypto-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
crypto-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
crypto-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
crypto-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
event-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
event-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
event-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
event-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
ext4-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
ext4-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
ext4-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
ext4-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
f2fs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
f2fs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
f2fs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
f2fs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
fat-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
fat-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
fat-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
fat-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
fb-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
fb-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
fb-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
fb-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
firewire-core-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
firewire-core-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
firewire-core-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
firewire-core-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
fuse-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
fuse-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
fuse-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
fuse-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
input-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
input-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
input-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
input-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
isofs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
isofs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
isofs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
isofs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
jfs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
jfs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
jfs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
jfs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
kernel-image-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
kernel-image-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
kernel-image-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
kernel-image-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
linux-headers-6.1.0-22-4kc-malta |   6.1.94-1 | mipsel
linux-headers-6.1.0-22-mips32r2el |   6.1.94-1 | mipsel
linux-headers-6.1.0-26-4kc-malta |  6.1.112-1 | mipsel
linux-headers-6.1.0-26-mips32r2el |  6.1.112-1 | mipsel
linux-image-6.1.0-22-4kc-malta |   6.1.94-1 | mipsel
linux-image-6.1.0-22-4kc-malta-dbg |   6.1.94-1 | mipsel
linux-image-6.1.0-22-mips32r2el |   6.1.94-1 | mipsel
linux-image-6.1.0-22-mips32r2el-dbg |   6.1.94-1 | mipsel
linux-image-6.1.0-26-4kc-malta |  6.1.112-1 | mipsel
linux-image-6.1.0-26-4kc-malta-dbg |  6.1.112-1 | mipsel
linux-image-6.1.0-26-mips32r2el |  6.1.112-1 | mipsel
linux-image-6.1.0-26-mips32r2el-dbg |  6.1.112-1 | mipsel
loop-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
loop-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
loop-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
loop-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
md-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
md-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
md-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
md-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
minix-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
minix-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
minix-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
minix-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
mmc-core-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
mmc-core-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
mmc-core-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
mmc-core-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
mmc-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
mmc-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
mmc-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
mmc-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
mouse-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
mouse-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
mouse-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
mouse-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
multipath-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
multipath-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
multipath-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
multipath-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nbd-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nbd-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nbd-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nbd-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nfs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nfs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nfs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nfs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nic-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nic-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nic-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nic-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nic-shared-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nic-shared-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nic-shared-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nic-shared-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nic-usb-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nic-usb-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nic-usb-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nic-usb-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
nic-wireless-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
nic-wireless-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
nic-wireless-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
nic-wireless-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
pata-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
pata-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
pata-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
pata-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
ppp-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
ppp-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
ppp-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
ppp-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
sata-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
sata-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
sata-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
sata-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
scsi-core-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
scsi-core-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
scsi-core-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
scsi-core-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
scsi-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
scsi-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
scsi-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
scsi-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
scsi-nic-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
scsi-nic-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
scsi-nic-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
scsi-nic-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
sound-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
sound-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
sound-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
sound-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
speakup-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
speakup-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
speakup-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
speakup-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
squashfs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
squashfs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
squashfs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
squashfs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
udf-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
udf-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
udf-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
udf-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
usb-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
usb-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
usb-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
usb-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
usb-serial-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
usb-serial-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
usb-serial-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
usb-serial-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
usb-storage-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
usb-storage-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
usb-storage-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
usb-storage-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel
xfs-modules-6.1.0-22-4kc-malta-di |   6.1.94-1 | mipsel
xfs-modules-6.1.0-22-mips32r2el-di |   6.1.94-1 | mipsel
xfs-modules-6.1.0-26-4kc-malta-di |  6.1.112-1 | mipsel
xfs-modules-6.1.0-26-mips32r2el-di |  6.1.112-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:31:00 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
ata-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
btrfs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
btrfs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
cdrom-core-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
cdrom-core-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
crc-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
crc-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
crypto-dm-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
crypto-dm-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
crypto-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
crypto-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
event-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
event-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
ext4-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
ext4-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
f2fs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
f2fs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
fancontrol-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
fancontrol-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
fat-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
fat-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
fb-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
fb-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
firewire-core-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
firewire-core-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
fuse-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
fuse-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
hypervisor-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
hypervisor-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
i2c-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
i2c-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
input-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
input-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
isofs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
isofs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
jfs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
jfs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
kernel-image-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
kernel-image-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
linux-headers-6.1.0-22-powerpc64le |   6.1.94-1 | ppc64el
linux-headers-6.1.0-26-powerpc64le |  6.1.112-1 | ppc64el
linux-image-6.1.0-22-powerpc64le |   6.1.94-1 | ppc64el
linux-image-6.1.0-22-powerpc64le-dbg |   6.1.94-1 | ppc64el
linux-image-6.1.0-26-powerpc64le |  6.1.112-1 | ppc64el
linux-image-6.1.0-26-powerpc64le-dbg |  6.1.112-1 | ppc64el
loop-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
loop-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
md-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
md-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
mouse-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
mouse-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
mtd-core-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
mtd-core-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
multipath-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
multipath-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
nbd-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
nbd-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
nic-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
nic-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
nic-shared-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
nic-shared-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
nic-usb-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
nic-usb-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
nic-wireless-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
nic-wireless-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
ppp-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
ppp-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
sata-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
sata-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
scsi-core-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
scsi-core-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
scsi-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
scsi-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
scsi-nic-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
scsi-nic-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
serial-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
serial-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
squashfs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
squashfs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
udf-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
udf-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
uinput-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
uinput-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
usb-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
usb-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
usb-serial-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
usb-serial-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
usb-storage-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
usb-storage-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el
xfs-modules-6.1.0-22-powerpc64le-di |   6.1.94-1 | ppc64el
xfs-modules-6.1.0-26-powerpc64le-di |  6.1.112-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:31:11 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-22-amd64 |   6.1.94-1 | amd64
linux-headers-6.1.0-22-cloud-amd64 |   6.1.94-1 | amd64
linux-headers-6.1.0-22-rt-amd64 |   6.1.94-1 | amd64
linux-headers-6.1.0-26-amd64 |  6.1.112-1 | amd64
linux-headers-6.1.0-26-cloud-amd64 |  6.1.112-1 | amd64
linux-headers-6.1.0-26-rt-amd64 |  6.1.112-1 | amd64
linux-image-6.1.0-22-amd64-dbg |   6.1.94-1 | amd64
linux-image-6.1.0-22-amd64-unsigned |   6.1.94-1 | amd64
linux-image-6.1.0-22-cloud-amd64-dbg |   6.1.94-1 | amd64
linux-image-6.1.0-22-cloud-amd64-unsigned |   6.1.94-1 | amd64
linux-image-6.1.0-22-rt-amd64-dbg |   6.1.94-1 | amd64
linux-image-6.1.0-22-rt-amd64-unsigned |   6.1.94-1 | amd64
linux-image-6.1.0-26-amd64-dbg |  6.1.112-1 | amd64
linux-image-6.1.0-26-amd64-unsigned |  6.1.112-1 | amd64
linux-image-6.1.0-26-cloud-amd64-dbg |  6.1.112-1 | amd64
linux-image-6.1.0-26-cloud-amd64-unsigned |  6.1.112-1 | amd64
linux-image-6.1.0-26-rt-amd64-dbg |  6.1.112-1 | amd64
linux-image-6.1.0-26-rt-amd64-unsigned |  6.1.112-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:31:22 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-22-arm64 |   6.1.94-1 | arm64
linux-headers-6.1.0-22-cloud-arm64 |   6.1.94-1 | arm64
linux-headers-6.1.0-22-rt-arm64 |   6.1.94-1 | arm64
linux-headers-6.1.0-26-arm64 |  6.1.112-1 | arm64
linux-headers-6.1.0-26-cloud-arm64 |  6.1.112-1 | arm64
linux-headers-6.1.0-26-rt-arm64 |  6.1.112-1 | arm64
linux-image-6.1.0-22-arm64-dbg |   6.1.94-1 | arm64
linux-image-6.1.0-22-arm64-unsigned |   6.1.94-1 | arm64
linux-image-6.1.0-22-cloud-arm64-dbg |   6.1.94-1 | arm64
linux-image-6.1.0-22-cloud-arm64-unsigned |   6.1.94-1 | arm64
linux-image-6.1.0-22-rt-arm64-dbg |   6.1.94-1 | arm64
linux-image-6.1.0-22-rt-arm64-unsigned |   6.1.94-1 | arm64
linux-image-6.1.0-26-arm64-dbg |  6.1.112-1 | arm64
linux-image-6.1.0-26-arm64-unsigned |  6.1.112-1 | arm64
linux-image-6.1.0-26-cloud-arm64-dbg |  6.1.112-1 | arm64
linux-image-6.1.0-26-cloud-arm64-unsigned |  6.1.112-1 | arm64
linux-image-6.1.0-26-rt-arm64-dbg |  6.1.112-1 | arm64
linux-image-6.1.0-26-rt-arm64-unsigned |  6.1.112-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:31:40 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
btrfs-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
cdrom-core-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
cdrom-core-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
crc-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
crc-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
crypto-dm-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
crypto-dm-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
crypto-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
crypto-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
event-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
event-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
ext4-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
ext4-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
f2fs-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
f2fs-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
fat-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
fat-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
fb-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
fb-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
fuse-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
fuse-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
input-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
input-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
ipv6-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
ipv6-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
isofs-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
isofs-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
jffs2-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
jffs2-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
jfs-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
jfs-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
kernel-image-6.1.0-22-marvell-di |   6.1.94-1 | armel
kernel-image-6.1.0-26-marvell-di |  6.1.112-1 | armel
leds-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
leds-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
linux-headers-6.1.0-22-marvell |   6.1.94-1 | armel
linux-headers-6.1.0-22-rpi |   6.1.94-1 | armel
linux-headers-6.1.0-26-marvell |  6.1.112-1 | armel
linux-headers-6.1.0-26-rpi |  6.1.112-1 | armel
linux-image-6.1.0-22-marvell |   6.1.94-1 | armel
linux-image-6.1.0-22-marvell-dbg |   6.1.94-1 | armel
linux-image-6.1.0-22-rpi |   6.1.94-1 | armel
linux-image-6.1.0-22-rpi-dbg |   6.1.94-1 | armel
linux-image-6.1.0-26-marvell |  6.1.112-1 | armel
linux-image-6.1.0-26-marvell-dbg |  6.1.112-1 | armel
linux-image-6.1.0-26-rpi |  6.1.112-1 | armel
linux-image-6.1.0-26-rpi-dbg |  6.1.112-1 | armel
loop-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
loop-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
md-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
md-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
minix-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
minix-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
mmc-core-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
mmc-core-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
mmc-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
mmc-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
mouse-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
mouse-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
mtd-core-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
mtd-core-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
mtd-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
mtd-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
multipath-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
multipath-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
nbd-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
nbd-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
nic-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
nic-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
nic-shared-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
nic-shared-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
nic-usb-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
nic-usb-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
ppp-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
ppp-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
sata-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
sata-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
scsi-core-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
scsi-core-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
squashfs-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
squashfs-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
udf-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
udf-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
uinput-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
uinput-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
usb-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
usb-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
usb-serial-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
usb-serial-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel
usb-storage-modules-6.1.0-22-marvell-di |   6.1.94-1 | armel
usb-storage-modules-6.1.0-26-marvell-di |  6.1.112-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:31:55 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
ata-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
btrfs-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
btrfs-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
cdrom-core-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
cdrom-core-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
crc-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
crc-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
crypto-dm-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
crypto-dm-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
crypto-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
crypto-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
efi-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
efi-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
event-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
event-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
ext4-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
ext4-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
f2fs-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
f2fs-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
fat-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
fat-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
fb-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
fb-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
fuse-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
fuse-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
i2c-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
i2c-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
input-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
input-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
isofs-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
isofs-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
jfs-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
jfs-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
kernel-image-6.1.0-22-armmp-di |   6.1.94-1 | armhf
kernel-image-6.1.0-26-armmp-di |  6.1.112-1 | armhf
leds-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
leds-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
linux-headers-6.1.0-22-armmp |   6.1.94-1 | armhf
linux-headers-6.1.0-22-armmp-lpae |   6.1.94-1 | armhf
linux-headers-6.1.0-22-rt-armmp |   6.1.94-1 | armhf
linux-headers-6.1.0-26-armmp |  6.1.112-1 | armhf
linux-headers-6.1.0-26-armmp-lpae |  6.1.112-1 | armhf
linux-headers-6.1.0-26-rt-armmp |  6.1.112-1 | armhf
linux-image-6.1.0-22-armmp |   6.1.94-1 | armhf
linux-image-6.1.0-22-armmp-dbg |   6.1.94-1 | armhf
linux-image-6.1.0-22-armmp-lpae |   6.1.94-1 | armhf
linux-image-6.1.0-22-armmp-lpae-dbg |   6.1.94-1 | armhf
linux-image-6.1.0-22-rt-armmp |   6.1.94-1 | armhf
linux-image-6.1.0-22-rt-armmp-dbg |   6.1.94-1 | armhf
linux-image-6.1.0-26-armmp |  6.1.112-1 | armhf
linux-image-6.1.0-26-armmp-dbg |  6.1.112-1 | armhf
linux-image-6.1.0-26-armmp-lpae |  6.1.112-1 | armhf
linux-image-6.1.0-26-armmp-lpae-dbg |  6.1.112-1 | armhf
linux-image-6.1.0-26-rt-armmp |  6.1.112-1 | armhf
linux-image-6.1.0-26-rt-armmp-dbg |  6.1.112-1 | armhf
loop-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
loop-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
md-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
md-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
mmc-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
mmc-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
mtd-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
mtd-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
multipath-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
multipath-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
nbd-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
nbd-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
nic-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
nic-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
nic-shared-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
nic-shared-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
nic-usb-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
nic-usb-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
nic-wireless-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
nic-wireless-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
pata-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
pata-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
ppp-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
ppp-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
sata-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
sata-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
scsi-core-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
scsi-core-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
scsi-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
scsi-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
scsi-nic-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
scsi-nic-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
sound-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
sound-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
speakup-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
speakup-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
squashfs-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
squashfs-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
udf-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
udf-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
uinput-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
uinput-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
usb-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
usb-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
usb-serial-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
usb-serial-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf
usb-storage-modules-6.1.0-22-armmp-di |   6.1.94-1 | armhf
usb-storage-modules-6.1.0-26-armmp-di |  6.1.112-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:32:36 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-22-686 |   6.1.94-1 | i386
linux-headers-6.1.0-22-686-pae |   6.1.94-1 | i386
linux-headers-6.1.0-22-rt-686-pae |   6.1.94-1 | i386
linux-headers-6.1.0-26-686 |  6.1.112-1 | i386
linux-headers-6.1.0-26-686-pae |  6.1.112-1 | i386
linux-headers-6.1.0-26-rt-686-pae |  6.1.112-1 | i386
linux-image-6.1.0-22-686-dbg |   6.1.94-1 | i386
linux-image-6.1.0-22-686-pae-dbg |   6.1.94-1 | i386
linux-image-6.1.0-22-686-pae-unsigned |   6.1.94-1 | i386
linux-image-6.1.0-22-686-unsigned |   6.1.94-1 | i386
linux-image-6.1.0-22-rt-686-pae-dbg |   6.1.94-1 | i386
linux-image-6.1.0-22-rt-686-pae-unsigned |   6.1.94-1 | i386
linux-image-6.1.0-26-686-dbg |  6.1.112-1 | i386
linux-image-6.1.0-26-686-pae-dbg |  6.1.112-1 | i386
linux-image-6.1.0-26-686-pae-unsigned |  6.1.112-1 | i386
linux-image-6.1.0-26-686-unsigned |  6.1.112-1 | i386
linux-image-6.1.0-26-rt-686-pae-dbg |  6.1.112-1 | i386
linux-image-6.1.0-26-rt-686-pae-unsigned |  6.1.112-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:32:47 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
affs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
affs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
affs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
ata-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
ata-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
ata-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
ata-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
btrfs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
btrfs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
btrfs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
btrfs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
cdrom-core-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
cdrom-core-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
cdrom-core-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
cdrom-core-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
crc-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
crc-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
crc-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
crc-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
crypto-dm-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
crypto-dm-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
crypto-dm-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
crypto-dm-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
crypto-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
crypto-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
crypto-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
crypto-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
event-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
event-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
event-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
event-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
ext4-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
ext4-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
ext4-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
ext4-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
f2fs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
f2fs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
f2fs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
f2fs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
fat-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
fat-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
fat-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
fat-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
fb-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
fb-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
fb-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
fb-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
firewire-core-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
firewire-core-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
firewire-core-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
firewire-core-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
fuse-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
fuse-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
fuse-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
fuse-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
input-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
input-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
input-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
input-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
isofs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
isofs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
isofs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
isofs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
jfs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
jfs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
jfs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
jfs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
kernel-image-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
kernel-image-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
kernel-image-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
kernel-image-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
linux-headers-6.1.0-22-5kc-malta |   6.1.94-1 | mips64el
linux-headers-6.1.0-22-mips64r2el |   6.1.94-1 | mips64el
linux-headers-6.1.0-26-5kc-malta |  6.1.112-1 | mips64el
linux-headers-6.1.0-26-mips64r2el |  6.1.112-1 | mips64el
linux-image-6.1.0-22-5kc-malta |   6.1.94-1 | mips64el
linux-image-6.1.0-22-5kc-malta-dbg |   6.1.94-1 | mips64el
linux-image-6.1.0-22-mips64r2el |   6.1.94-1 | mips64el
linux-image-6.1.0-22-mips64r2el-dbg |   6.1.94-1 | mips64el
linux-image-6.1.0-26-5kc-malta |  6.1.112-1 | mips64el
linux-image-6.1.0-26-5kc-malta-dbg |  6.1.112-1 | mips64el
linux-image-6.1.0-26-mips64r2el |  6.1.112-1 | mips64el
linux-image-6.1.0-26-mips64r2el-dbg |  6.1.112-1 | mips64el
loop-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
loop-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
loop-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
loop-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
md-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
md-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
md-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
md-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
minix-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
minix-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
minix-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
minix-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
mmc-core-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
mmc-core-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
mmc-core-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
mmc-core-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
mmc-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
mmc-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
mmc-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
mmc-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
mouse-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
mouse-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
mouse-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
mouse-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
multipath-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
multipath-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
multipath-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
multipath-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nbd-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nbd-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nbd-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nbd-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nfs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nfs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nfs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nfs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nic-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nic-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nic-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nic-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nic-shared-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nic-shared-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nic-shared-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nic-shared-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nic-usb-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nic-usb-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nic-usb-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nic-usb-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
nic-wireless-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
nic-wireless-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
nic-wireless-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
nic-wireless-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
pata-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
pata-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
pata-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
pata-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
ppp-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
ppp-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
ppp-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
ppp-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
sata-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
sata-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
sata-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
sata-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
scsi-core-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
scsi-core-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
scsi-core-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
scsi-core-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
scsi-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
scsi-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
scsi-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
scsi-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
scsi-nic-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
scsi-nic-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
scsi-nic-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
scsi-nic-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
sound-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
sound-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
sound-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
sound-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
speakup-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
speakup-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
speakup-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
speakup-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
squashfs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
squashfs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
squashfs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
squashfs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
udf-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
udf-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
udf-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
udf-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
usb-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
usb-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
usb-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
usb-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
usb-serial-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
usb-serial-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
usb-serial-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
usb-serial-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
usb-storage-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
usb-storage-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
usb-storage-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
usb-storage-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el
xfs-modules-6.1.0-22-5kc-malta-di |   6.1.94-1 | mips64el
xfs-modules-6.1.0-22-mips64r2el-di |   6.1.94-1 | mips64el
xfs-modules-6.1.0-26-5kc-malta-di |  6.1.112-1 | mips64el
xfs-modules-6.1.0-26-mips64r2el-di |  6.1.112-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:33:08 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
affs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
affs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
affs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
ata-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
ata-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
ata-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
ata-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
btrfs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
btrfs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
btrfs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
btrfs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
crc-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
crc-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
crc-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
crc-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
crypto-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
crypto-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
crypto-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
crypto-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
event-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
event-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
event-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
event-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
ext4-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
ext4-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
ext4-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
ext4-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
f2fs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
f2fs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
f2fs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
f2fs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
fat-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
fat-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
fat-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
fat-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
fb-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
fb-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
fb-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
fb-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
firewire-core-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
firewire-core-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
firewire-core-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
firewire-core-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
fuse-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
fuse-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
fuse-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
fuse-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
input-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
input-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
input-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
input-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
isofs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
isofs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
isofs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
isofs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
jfs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
jfs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
jfs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
jfs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
kernel-image-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
kernel-image-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
kernel-image-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
kernel-image-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
linux-headers-6.1.0-22-loongson-3 |   6.1.94-1 | mips64el, mipsel
linux-headers-6.1.0-22-octeon |   6.1.94-1 | mips64el, mipsel
linux-headers-6.1.0-26-loongson-3 |  6.1.112-1 | mips64el, mipsel
linux-headers-6.1.0-26-octeon |  6.1.112-1 | mips64el, mipsel
linux-image-6.1.0-22-loongson-3 |   6.1.94-1 | mips64el, mipsel
linux-image-6.1.0-22-loongson-3-dbg |   6.1.94-1 | mips64el, mipsel
linux-image-6.1.0-22-octeon |   6.1.94-1 | mips64el, mipsel
linux-image-6.1.0-22-octeon-dbg |   6.1.94-1 | mips64el, mipsel
linux-image-6.1.0-26-loongson-3 |  6.1.112-1 | mips64el, mipsel
linux-image-6.1.0-26-loongson-3-dbg |  6.1.112-1 | mips64el, mipsel
linux-image-6.1.0-26-octeon |  6.1.112-1 | mips64el, mipsel
linux-image-6.1.0-26-octeon-dbg |  6.1.112-1 | mips64el, mipsel
loop-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
loop-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
loop-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
loop-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
md-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
md-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
md-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
md-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
minix-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
minix-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
minix-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
minix-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
mmc-core-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
mmc-core-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
mmc-core-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
mmc-core-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
mmc-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
mmc-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
mmc-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
mmc-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
mouse-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
mouse-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
mouse-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
mouse-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
multipath-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
multipath-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
multipath-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
multipath-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nbd-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nbd-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nbd-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nbd-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nfs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nfs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nfs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nfs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nic-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nic-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nic-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nic-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nic-shared-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nic-shared-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nic-shared-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nic-shared-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nic-usb-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nic-usb-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nic-usb-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nic-usb-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
pata-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
pata-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
pata-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
pata-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
ppp-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
ppp-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
ppp-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
ppp-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
sata-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
sata-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
sata-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
sata-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
scsi-core-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
scsi-core-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
scsi-core-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
scsi-core-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
scsi-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
scsi-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
scsi-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
scsi-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
sound-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
sound-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
sound-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
sound-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
speakup-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
speakup-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
speakup-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
speakup-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
squashfs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
squashfs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
squashfs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
squashfs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
udf-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
udf-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
udf-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
udf-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
usb-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
usb-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
usb-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
usb-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
usb-serial-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
usb-serial-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
usb-serial-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
usb-serial-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
usb-storage-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
usb-storage-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
usb-storage-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
usb-storage-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel
xfs-modules-6.1.0-22-loongson-3-di |   6.1.94-1 | mips64el, mipsel
xfs-modules-6.1.0-22-octeon-di |   6.1.94-1 | mips64el, mipsel
xfs-modules-6.1.0-26-loongson-3-di |  6.1.112-1 | mips64el, mipsel
xfs-modules-6.1.0-26-octeon-di |  6.1.112-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:33:22 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
acpi-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
ata-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
ata-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
btrfs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
btrfs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
cdrom-core-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
cdrom-core-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
crc-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
crc-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
crypto-dm-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
crypto-dm-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
crypto-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
crypto-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
efi-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
efi-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
event-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
event-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
ext4-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
ext4-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
f2fs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
f2fs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
fat-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
fat-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
fb-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
fb-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
firewire-core-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
firewire-core-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
fuse-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
fuse-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
i2c-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
i2c-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
input-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
input-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
isofs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
isofs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
jfs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
jfs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
kernel-image-6.1.0-22-amd64-di |   6.1.94-1 | amd64
kernel-image-6.1.0-26-amd64-di |  6.1.112-1 | amd64
linux-image-6.1.0-22-amd64 |   6.1.94-1 | amd64
linux-image-6.1.0-22-cloud-amd64 |   6.1.94-1 | amd64
linux-image-6.1.0-22-rt-amd64 |   6.1.94-1 | amd64
linux-image-6.1.0-26-amd64 |  6.1.112-1 | amd64
linux-image-6.1.0-26-cloud-amd64 |  6.1.112-1 | amd64
linux-image-6.1.0-26-rt-amd64 |  6.1.112-1 | amd64
loop-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
loop-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
md-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
md-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
mmc-core-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
mmc-core-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
mmc-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
mmc-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
mouse-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
mouse-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
mtd-core-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
mtd-core-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
multipath-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
multipath-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nbd-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nbd-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nic-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nic-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nic-pcmcia-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nic-pcmcia-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nic-shared-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nic-shared-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nic-usb-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nic-usb-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
nic-wireless-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
nic-wireless-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
pata-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
pata-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
pcmcia-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
pcmcia-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
pcmcia-storage-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
pcmcia-storage-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
ppp-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
ppp-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
rfkill-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
rfkill-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
sata-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
sata-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
scsi-core-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
scsi-core-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
scsi-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
scsi-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
scsi-nic-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
scsi-nic-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
serial-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
serial-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
sound-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
sound-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
speakup-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
speakup-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
squashfs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
squashfs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
udf-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
udf-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
uinput-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
uinput-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
usb-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
usb-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
usb-serial-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
usb-serial-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
usb-storage-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
usb-storage-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64
xfs-modules-6.1.0-22-amd64-di |   6.1.94-1 | amd64
xfs-modules-6.1.0-26-amd64-di |  6.1.112-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:33:34 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
ata-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
btrfs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
btrfs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
cdrom-core-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
cdrom-core-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
crc-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
crc-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
crypto-dm-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
crypto-dm-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
crypto-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
crypto-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
efi-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
efi-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
event-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
event-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
ext4-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
ext4-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
f2fs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
f2fs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
fat-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
fat-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
fb-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
fb-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
fuse-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
fuse-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
i2c-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
i2c-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
input-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
input-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
isofs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
isofs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
jfs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
jfs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
kernel-image-6.1.0-22-arm64-di |   6.1.94-1 | arm64
kernel-image-6.1.0-26-arm64-di |  6.1.112-1 | arm64
leds-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
leds-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
linux-image-6.1.0-22-arm64 |   6.1.94-1 | arm64
linux-image-6.1.0-22-cloud-arm64 |   6.1.94-1 | arm64
linux-image-6.1.0-22-rt-arm64 |   6.1.94-1 | arm64
linux-image-6.1.0-26-arm64 |  6.1.112-1 | arm64
linux-image-6.1.0-26-cloud-arm64 |  6.1.112-1 | arm64
linux-image-6.1.0-26-rt-arm64 |  6.1.112-1 | arm64
loop-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
loop-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
md-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
md-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
mmc-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
mmc-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
mtd-core-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
mtd-core-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
multipath-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
multipath-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
nbd-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
nbd-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
nic-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
nic-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
nic-shared-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
nic-shared-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
nic-usb-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
nic-usb-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
nic-wireless-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
nic-wireless-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
ppp-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
ppp-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
sata-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
sata-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
scsi-core-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
scsi-core-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
scsi-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
scsi-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
scsi-nic-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
scsi-nic-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
sound-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
sound-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
speakup-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
speakup-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
squashfs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
squashfs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
udf-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
udf-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
uinput-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
uinput-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
usb-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
usb-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
usb-serial-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
usb-serial-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
usb-storage-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
usb-storage-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64
xfs-modules-6.1.0-22-arm64-di |   6.1.94-1 | arm64
xfs-modules-6.1.0-26-arm64-di |  6.1.112-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:34:10 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-22-686-di |   6.1.94-1 | i386
acpi-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
acpi-modules-6.1.0-26-686-di |  6.1.112-1 | i386
acpi-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
ata-modules-6.1.0-22-686-di |   6.1.94-1 | i386
ata-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
ata-modules-6.1.0-26-686-di |  6.1.112-1 | i386
ata-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
btrfs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
btrfs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
btrfs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
btrfs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
cdrom-core-modules-6.1.0-22-686-di |   6.1.94-1 | i386
cdrom-core-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
cdrom-core-modules-6.1.0-26-686-di |  6.1.112-1 | i386
cdrom-core-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
crc-modules-6.1.0-22-686-di |   6.1.94-1 | i386
crc-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
crc-modules-6.1.0-26-686-di |  6.1.112-1 | i386
crc-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
crypto-dm-modules-6.1.0-22-686-di |   6.1.94-1 | i386
crypto-dm-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
crypto-dm-modules-6.1.0-26-686-di |  6.1.112-1 | i386
crypto-dm-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
crypto-modules-6.1.0-22-686-di |   6.1.94-1 | i386
crypto-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
crypto-modules-6.1.0-26-686-di |  6.1.112-1 | i386
crypto-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
efi-modules-6.1.0-22-686-di |   6.1.94-1 | i386
efi-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
efi-modules-6.1.0-26-686-di |  6.1.112-1 | i386
efi-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
event-modules-6.1.0-22-686-di |   6.1.94-1 | i386
event-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
event-modules-6.1.0-26-686-di |  6.1.112-1 | i386
event-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
ext4-modules-6.1.0-22-686-di |   6.1.94-1 | i386
ext4-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
ext4-modules-6.1.0-26-686-di |  6.1.112-1 | i386
ext4-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
f2fs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
f2fs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
f2fs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
f2fs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
fat-modules-6.1.0-22-686-di |   6.1.94-1 | i386
fat-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
fat-modules-6.1.0-26-686-di |  6.1.112-1 | i386
fat-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
fb-modules-6.1.0-22-686-di |   6.1.94-1 | i386
fb-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
fb-modules-6.1.0-26-686-di |  6.1.112-1 | i386
fb-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
firewire-core-modules-6.1.0-22-686-di |   6.1.94-1 | i386
firewire-core-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
firewire-core-modules-6.1.0-26-686-di |  6.1.112-1 | i386
firewire-core-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
fuse-modules-6.1.0-22-686-di |   6.1.94-1 | i386
fuse-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
fuse-modules-6.1.0-26-686-di |  6.1.112-1 | i386
fuse-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
i2c-modules-6.1.0-22-686-di |   6.1.94-1 | i386
i2c-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
i2c-modules-6.1.0-26-686-di |  6.1.112-1 | i386
i2c-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
input-modules-6.1.0-22-686-di |   6.1.94-1 | i386
input-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
input-modules-6.1.0-26-686-di |  6.1.112-1 | i386
input-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
isofs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
isofs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
isofs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
isofs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
jfs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
jfs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
jfs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
jfs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
kernel-image-6.1.0-22-686-di |   6.1.94-1 | i386
kernel-image-6.1.0-22-686-pae-di |   6.1.94-1 | i386
kernel-image-6.1.0-26-686-di |  6.1.112-1 | i386
kernel-image-6.1.0-26-686-pae-di |  6.1.112-1 | i386
linux-image-6.1.0-22-686 |   6.1.94-1 | i386
linux-image-6.1.0-22-686-pae |   6.1.94-1 | i386
linux-image-6.1.0-22-rt-686-pae |   6.1.94-1 | i386
linux-image-6.1.0-26-686 |  6.1.112-1 | i386
linux-image-6.1.0-26-686-pae |  6.1.112-1 | i386
linux-image-6.1.0-26-rt-686-pae |  6.1.112-1 | i386
loop-modules-6.1.0-22-686-di |   6.1.94-1 | i386
loop-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
loop-modules-6.1.0-26-686-di |  6.1.112-1 | i386
loop-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
md-modules-6.1.0-22-686-di |   6.1.94-1 | i386
md-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
md-modules-6.1.0-26-686-di |  6.1.112-1 | i386
md-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
mmc-core-modules-6.1.0-22-686-di |   6.1.94-1 | i386
mmc-core-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
mmc-core-modules-6.1.0-26-686-di |  6.1.112-1 | i386
mmc-core-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
mmc-modules-6.1.0-22-686-di |   6.1.94-1 | i386
mmc-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
mmc-modules-6.1.0-26-686-di |  6.1.112-1 | i386
mmc-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
mouse-modules-6.1.0-22-686-di |   6.1.94-1 | i386
mouse-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
mouse-modules-6.1.0-26-686-di |  6.1.112-1 | i386
mouse-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
mtd-core-modules-6.1.0-22-686-di |   6.1.94-1 | i386
mtd-core-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
mtd-core-modules-6.1.0-26-686-di |  6.1.112-1 | i386
mtd-core-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
multipath-modules-6.1.0-22-686-di |   6.1.94-1 | i386
multipath-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
multipath-modules-6.1.0-26-686-di |  6.1.112-1 | i386
multipath-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nbd-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nbd-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nbd-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nbd-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nic-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nic-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nic-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nic-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nic-pcmcia-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nic-pcmcia-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nic-pcmcia-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nic-pcmcia-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nic-shared-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nic-shared-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nic-shared-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nic-shared-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nic-usb-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nic-usb-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nic-usb-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nic-usb-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
nic-wireless-modules-6.1.0-22-686-di |   6.1.94-1 | i386
nic-wireless-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
nic-wireless-modules-6.1.0-26-686-di |  6.1.112-1 | i386
nic-wireless-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
pata-modules-6.1.0-22-686-di |   6.1.94-1 | i386
pata-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
pata-modules-6.1.0-26-686-di |  6.1.112-1 | i386
pata-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
pcmcia-modules-6.1.0-22-686-di |   6.1.94-1 | i386
pcmcia-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
pcmcia-modules-6.1.0-26-686-di |  6.1.112-1 | i386
pcmcia-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
pcmcia-storage-modules-6.1.0-22-686-di |   6.1.94-1 | i386
pcmcia-storage-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
pcmcia-storage-modules-6.1.0-26-686-di |  6.1.112-1 | i386
pcmcia-storage-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
ppp-modules-6.1.0-22-686-di |   6.1.94-1 | i386
ppp-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
ppp-modules-6.1.0-26-686-di |  6.1.112-1 | i386
ppp-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
rfkill-modules-6.1.0-22-686-di |   6.1.94-1 | i386
rfkill-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
rfkill-modules-6.1.0-26-686-di |  6.1.112-1 | i386
rfkill-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
sata-modules-6.1.0-22-686-di |   6.1.94-1 | i386
sata-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
sata-modules-6.1.0-26-686-di |  6.1.112-1 | i386
sata-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
scsi-core-modules-6.1.0-22-686-di |   6.1.94-1 | i386
scsi-core-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
scsi-core-modules-6.1.0-26-686-di |  6.1.112-1 | i386
scsi-core-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
scsi-modules-6.1.0-22-686-di |   6.1.94-1 | i386
scsi-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
scsi-modules-6.1.0-26-686-di |  6.1.112-1 | i386
scsi-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
scsi-nic-modules-6.1.0-22-686-di |   6.1.94-1 | i386
scsi-nic-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
scsi-nic-modules-6.1.0-26-686-di |  6.1.112-1 | i386
scsi-nic-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
serial-modules-6.1.0-22-686-di |   6.1.94-1 | i386
serial-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
serial-modules-6.1.0-26-686-di |  6.1.112-1 | i386
serial-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
sound-modules-6.1.0-22-686-di |   6.1.94-1 | i386
sound-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
sound-modules-6.1.0-26-686-di |  6.1.112-1 | i386
sound-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
speakup-modules-6.1.0-22-686-di |   6.1.94-1 | i386
speakup-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
speakup-modules-6.1.0-26-686-di |  6.1.112-1 | i386
speakup-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
squashfs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
squashfs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
squashfs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
squashfs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
udf-modules-6.1.0-22-686-di |   6.1.94-1 | i386
udf-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
udf-modules-6.1.0-26-686-di |  6.1.112-1 | i386
udf-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
uinput-modules-6.1.0-22-686-di |   6.1.94-1 | i386
uinput-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
uinput-modules-6.1.0-26-686-di |  6.1.112-1 | i386
uinput-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
usb-modules-6.1.0-22-686-di |   6.1.94-1 | i386
usb-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
usb-modules-6.1.0-26-686-di |  6.1.112-1 | i386
usb-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
usb-serial-modules-6.1.0-22-686-di |   6.1.94-1 | i386
usb-serial-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
usb-serial-modules-6.1.0-26-686-di |  6.1.112-1 | i386
usb-serial-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
usb-storage-modules-6.1.0-22-686-di |   6.1.94-1 | i386
usb-storage-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
usb-storage-modules-6.1.0-26-686-di |  6.1.112-1 | i386
usb-storage-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386
xfs-modules-6.1.0-22-686-di |   6.1.94-1 | i386
xfs-modules-6.1.0-22-686-pae-di |   6.1.94-1 | i386
xfs-modules-6.1.0-26-686-di |  6.1.112-1 | i386
xfs-modules-6.1.0-26-686-pae-di |  6.1.112-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:34:40 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-22-common |   6.1.94-1 | all
linux-headers-6.1.0-22-common-rt |   6.1.94-1 | all
linux-headers-6.1.0-26-common |  6.1.112-1 | all
linux-headers-6.1.0-26-common-rt |  6.1.112-1 | all
linux-support-6.1.0-22 |   6.1.94-1 | all
linux-support-6.1.0-26 |  6.1.112-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 09 Nov 2024 09:36:02 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

librte-bpf23 | 22.11.5-1~deb12u1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by dpdk - based on source metadata)
----------------------------------------------
=========================================================================
7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)
 .
     * CVE-2023-52168: heap-based buffer overflow
         NTFS handler allows an attacker to overwrite two bytes at multiple
         offsets beyond the allocated buffer size.
     * CVE-2023-52169: out-of-bounds read
         NTFS handler allows an attacker to read beyond the intended buffer.
         The bytes read beyond the intended buffer are presented as a part of
         a filename listed in the file system image. This has security relevance
         in some known web-service use cases where untrusted users can upload
         files and have them extracted by a server-side 7-Zip process.
 .
     Detailed report about these issues are available at:
     https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

activemq (5.17.2+dfsg-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2022-41678: Potential arbitrary code execution via Jolokia
   * CVE-2023-46604: The Java OpenWire protocol marshaller is vulnerable to
     Remote Code Execution (Closes: #1054909).

amanda (1:3.5.1-11+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * The fix for CVE-2022-37704 was incomplete and also broke some
     xfsdump usecases. (Closes: #1081049)

apache2 (2.4.62-1~deb12u2) bookworm-security; urgency=medium
 .
   * Fix CVE-2024-38474 regression:
     Better question mark tracking to avoid UnsafeAllow3F
     (Closes: #1079172)
   * Fix CVE-2024-39884 regression:
     Trust strings from configuration in mod_proxy
     (Closes: #1079206)
   * Add myself as maintainer with Yadd agreement

apr (1.7.2-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Use 0600 perms for named shared mem consistently (CVE-2023-49582)
     (Closes: #1080375)

base-files (12.4+deb12u8) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.8, for Debian 12.8 point release.

booth (1.0-283-g9d4029a-2+deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-3049: wrong hmac might be accepted (Closes: #1073249)

btrfs-progs (6.2-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Add patch to fix bad checksum in btrfs-convert (closes: #1085207).
     It will produce corrupted checksum when converting from ext4 fs
     with 64K block size.

calamares-settings-debian (12.0.9-1+deb12u2) bookworm; urgency=medium
 .
   * Fix missing calamares launcher on KDE desktops
     (Closes: #1057853)
   * Fix broken btrfs space_cache option
     (Closes: #1080158)

chromium (130.0.6723.91-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-10487: Out of bounds write in Dawn.
       Reported by Apple Security Engineering and Architecture (SEAR).
     - CVE-2024-10488: Use after free in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
chromium (130.0.6723.69-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-10229: Inappropriate implementation in Extensions.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2024-10230: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-10231: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
chromium (130.0.6723.69-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-10229: Inappropriate implementation in Extensions.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2024-10230: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-10231: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
 .
   [ Timothy Pearson ]
   * d/patches:
     - bookworm/partially-deployed-mseal-syscall.patch: Work around newly
       introduced `mseal` syscall being inconsistently available on Bookworm kernels
chromium (130.0.6723.58-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
     - CVE-2024-9955: Use after free in Web Authentication.
       Reported by anonymous.
     - CVE-2024-9956: Inappropriate implementation in Web Authentication.
       Reported by mastersplinter.
     - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
       fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-9958: Inappropriate implementation in PictureInPicture.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
     - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9961: Use after free in Parcel Tracking. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
       Legendsec at QI-ANXIN Group.
     - CVE-2024-9962: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
     - CVE-2024-9963: Insufficient data validation in Downloads.
       Reported by Anonymous.
     - CVE-2024-9964: Inappropriate implementation in Payments.
       Reported by Hafiizh.
     - CVE-2024-9965: Insufficient data validation in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-9966: Inappropriate implementation in Navigations.
       Reported by Harry Chen.
   * d/copyright: rollup -> @rollup  deletion.
   * d/patches:
     - debianization/sandbox.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - disable/catapult.patch: refresh.
     - system/zlib.patch: drop. Upstream removed courgette, and its
       replacement (zucchini) doesn't appear to use zlib.
     - system/rollup.patch: update path due to upstream renaming; call
       ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
     - system/event.patch: drop half of patch due to upstream deletions.
     - upstream/mojo-null.patch: merged into mojo.patch.
     - upstream/mojo.patch: update based on 130 test files.
 .
   [ Daniel Richard G. ]
   * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
     they are no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
       platforms
     - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
       when starting Chromium from within a VNC session
   * d/patches/ppc64le:
     - core/add-ppc64-pthread-stack-size.patch: Define correct pthread
       stack size on ppc64 systems
     - core/cargo-add-ppc64.diff
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
       .patch: Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
chromium (130.0.6723.58-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
     - CVE-2024-9955: Use after free in Web Authentication.
       Reported by anonymous.
     - CVE-2024-9956: Inappropriate implementation in Web Authentication.
       Reported by mastersplinter.
     - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
       fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-9958: Inappropriate implementation in PictureInPicture.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
     - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9961: Use after free in Parcel Tracking. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
       Legendsec at QI-ANXIN Group.
     - CVE-2024-9962: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
     - CVE-2024-9963: Insufficient data validation in Downloads.
       Reported by Anonymous.
     - CVE-2024-9964: Inappropriate implementation in Payments.
       Reported by Hafiizh.
     - CVE-2024-9965: Insufficient data validation in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-9966: Inappropriate implementation in Navigations.
       Reported by Harry Chen.
   * d/copyright: rollup -> @rollup  deletion.
   * d/patches:
     - debianization/sandbox.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - disable/catapult.patch: refresh.
     - system/zlib.patch: drop. Upstream removed courgette, and its
       replacement (zucchini) doesn't appear to use zlib.
     - system/rollup.patch: update path due to upstream renaming; call
       ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
     - system/event.patch: drop half of patch due to upstream deletions.
     - upstream/mojo-null.patch: merged into mojo.patch.
     - upstream/mojo.patch: update based on 130 test files.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/gn-funcs.patch: refresh.
     - bookworm/cacheline.patch: add patch to revert usage of
       std::hardware_destructive_interference_size, which clang-16 lacks.
     - bookworm/constexpr2.patch: add around clang16 build failure
       workaround related to constexpr.
     - upstream/stack-header.patch: add missing include.
 .
   [ Daniel Richard G. ]
   * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
     they are no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
       platforms
     - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
       when starting Chromium from within a VNC session
   * d/patches/ppc64le:
     - core/add-ppc64-pthread-stack-size.patch: Define correct pthread
       stack size on ppc64 systems
     - core/cargo-add-ppc64.diff
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
       .patch: Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
chromium (129.0.6668.100-2) unstable; urgency=high
 .
   * Switch to using clang-19, and drop all d/patches/bookworm/ workarounds
     except for libxml-parsererr.patch (closes: #1081241).
chromium (129.0.6668.100-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-9602: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-9603: Type Confusion in V8.
       Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs.
chromium (129.0.6668.100-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-9602: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-9603: Type Confusion in V8.
       Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs.
chromium (129.0.6668.89-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-7025: Integer overflow in Layout.
       Reported by Tashita Software Security.
     - CVE-2024-9369: Insufficient data validation in Mojo.
       Reported by Xiantong Hou and Pisanbao of Wuheng Lab.
     - CVE-2024-9370: Inappropriate implementation in V8. Reported by
       Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte Ltd.
   * d/patches:
     - bookworm/libxml-parseerr.patch: readd for downgraded libxml2 in
       unstable (closes: #1082907).
     - upstream/wayland-gbm-pixmap.patch: backport two patches to fix
       noisy wayland video playback (closes: #1077345).
   * Build against system libtiff, thanks to
     Soren Stoutner <soren@stoutner.com> for getting this fixed upstream
     (closes: #1033747).
chromium (129.0.6668.89-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-7025: Integer overflow in Layout.
       Reported by Tashita Software Security.
     - CVE-2024-9369: Insufficient data validation in Mojo.
       Reported by Xiantong Hou and Pisanbao of Wuheng Lab.
     - CVE-2024-9370: Inappropriate implementation in V8. Reported by
       Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte Ltd.
   * d/patches:
     - bookworm/libxml-parseerr.patch: readd for downgraded libxml2 in
       unstable (closes: #1082907).
     - upstream/wayland-gbm-pixmap.patch: backport two patches to fix
       noisy wayland video playback (closes: #1077345).
   * Build against system libtiff, thanks to
     Soren Stoutner <soren@stoutner.com> for getting this fixed upstream
     (closes: #1033747).
chromium (129.0.6668.70-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-9120: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9121: Inappropriate implementation in V8.
       Reported by Tashita Software Security.
     - CVE-2024-9122: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-9123: Integer overflow in Skia.
       Reported by raven at KunLun lab.
   * d/copyright: delete more upstream .clang, .git, and android residue.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/predictor-denial-of-service.patch: Work around upstream
       issue #368562245, which can cause denial of service of the entire
       browser process on specific types of Web sites.
chromium (129.0.6668.70-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-9120: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9121: Inappropriate implementation in V8.
       Reported by Tashita Software Security.
     - CVE-2024-9122: Type Confusion in V8.
       Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-9123: Integer overflow in Skia.
       Reported by raven at KunLun lab.
   * d/copyright: delete more upstream .clang, .git, and android residue.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/predictor-denial-of-service.patch: Work around upstream
       issue #368562245, which can cause denial of service of the entire
       browser process on specific types of Web sites.
chromium (129.0.6668.58-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-8904: Type Confusion in V8. Reported by Popax21.
     - CVE-2024-8905: Inappropriate implementation in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-8906: Incorrect security UI in Downloads.
       Reported by @retsew0x01.
     - CVE-2024-8907: Insufficient data validation in Omnibox.
       Reported by Muhammad Zaid Ghifari.
     - CVE-2024-8908: Inappropriate implementation in Autofill.
       Reported by Levit Nudi from Kenya.
     - CVE-2024-8909: Inappropriate implementation in UI.
       Reported by Shaheen Fazim.
   * d/patches:
     - debianization/sandbox.patch: refresh for upstream changes. Since we
       have some downstream users of this package, retain the Ubuntu wording.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - bookworm/clang16.patch: refresh, delete -Wno-dangling-assignment-gsl
     - ppc64le/crashpad/0001-Implement-support-for-PPC64-on-Linux.patch:
       refresh.
     - ppc64le/sandbox/Sandbox-linux-services-credentials.cc-PPC.patch:
       refresh.
     - ppc64le/third_party/dawn-fix-ppc64le-detection.patch: refresh.
     - bookworm/more-spaceships.patch: yet another clang-17 header
       backport for clang-16 inadequecies.
     - bookworm/signer-lambda.patch: clang-16 lambda bug workaround.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/dawn-fix-typos.patch: drop, applied upstream
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - core/cargo-add-ppc64.diff: Add ppc64 to cargo architecture definitions
chromium (129.0.6668.58-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-8904: Type Confusion in V8. Reported by Popax21.
     - CVE-2024-8905: Inappropriate implementation in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-8906: Incorrect security UI in Downloads.
       Reported by @retsew0x01.
     - CVE-2024-8907: Insufficient data validation in Omnibox.
       Reported by Muhammad Zaid Ghifari.
     - CVE-2024-8908: Inappropriate implementation in Autofill.
       Reported by Levit Nudi from Kenya.
     - CVE-2024-8909: Inappropriate implementation in UI.
       Reported by Shaheen Fazim.
   * d/patches:
     - debianization/sandbox.patch: refresh for upstream changes. Since we
       have some downstream users of this package, retain the Ubuntu wording.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - bookworm/clang16.patch: refresh, delete -Wno-dangling-assignment-gsl
     - ppc64le/crashpad/0001-Implement-support-for-PPC64-on-Linux.patch:
       refresh.
     - ppc64le/sandbox/Sandbox-linux-services-credentials.cc-PPC.patch:
       refresh.
     - ppc64le/third_party/dawn-fix-ppc64le-detection.patch: refresh.
     - bookworm/more-spaceships.patch: yet another clang-17 header
       backport for clang-16 inadequecies.
     - bookworm/signer-lambda.patch: clang-16 lambda bug workaround.
     - bookworm/bubble-contents.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/dawn-fix-typos.patch: drop, applied upstream
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - core/cargo-add-ppc64.diff: Add ppc64 to cargo architecture definitions
chromium (128.0.6613.137-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-8636: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
     - CVE-2024-8637: Use after free in Media Router. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-8638: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-8639: Use after free in Autofill. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - core/add-ppc64-architecture-string.patch
     - fixes/fix-study-crash.patch
 .
   [ Daniel Richard G. ]
   * d/copyright: Add some more Files-Excluded: entries.
   * d/rules: Ensure all files in orig source tarball are user-writable.
   * d/patches/disable:
     - tests.patch: Break out SwiftShader tests deletion to...
     - tests-swiftshader.patch: ...a separate file, to simplify resolving
       conflicts with the ungoogled-chromium patch series.
chromium (128.0.6613.137-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-8636: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
     - CVE-2024-8637: Use after free in Media Router. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-8638: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-8639: Use after free in Autofill. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - core/add-ppc64-architecture-string.patch
     - fixes/fix-study-crash.patch
 .
   [ Daniel Richard G. ]
   * d/copyright: Add some more Files-Excluded: entries.
   * d/rules: Ensure all files in orig source tarball are user-writable.
   * d/patches/disable:
     - tests.patch: Break out SwiftShader tests deletion to...
     - tests-swiftshader.patch: ...a separate file, to simplify resolving
       conflicts with the ungoogled-chromium patch series.
chromium (128.0.6613.119-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-8362: Use after free in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-7970: Out of bounds write in V8.
       Reported by Cassidy Kim(@cassidy6564).
   * Enable swiftshader support; thanks to Charles Samuels for helping out
     on this (closes: #1064465).
   * d/patches:
     - disable/swiftshader.patch: drop.
     - disable/swiftshader-2.patch: drop.
     - disable/tests.patch: some swiftshader tests deletion needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/gpu-crash.patch: Fix GPU process crash (upstream issue #364568422)
     - ppc64le/third_party/0001-swiftshader-fix-build.patch: Fix SwiftShader
       build on ppc64el systems
chromium (128.0.6613.119-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-8362: Use after free in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-7970: Out of bounds write in V8.
       Reported by Cassidy Kim(@cassidy6564).
   * Enable swiftshader support; thanks to Charles Samuels for helping out
     on this (closes: #1064465).
   * d/patches:
     - disable/swiftshader.patch: drop.
     - disable/swiftshader-2.patch: drop.
     - disable/tests.patch: some swiftshader tests deletion needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/gpu-crash.patch: Fix GPU process crash (upstream issue #364568422)
     - ppc64le/third_party/0001-swiftshader-fix-build.patch: Fix SwiftShader
       build on ppc64el systems
chromium (128.0.6613.113-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-7969: Type Confusion in V8.
       Reported by CFF of Topsec Alpha Team.
     - CVE-2024-8193: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
     - CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-8198: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
   * d/control:
     - Bump rustc build-dep up to >= 1.74.
   * d/patches:
     - bookworm/rust-downgrade-osstr-users.patch: drop, now that we have a
       newer rust in bookworm.
chromium (128.0.6613.113-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie.
   * Revert libxml2-dev versioned build-dep, and re-add
     d/patches/bookworm/libxml/parseerr.patch.
chromium (128.0.6613.113-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-7969: Type Confusion in V8.
       Reported by CFF of Topsec Alpha Team.
     - CVE-2024-8193: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
     - CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n).
     - CVE-2024-8198: Heap buffer overflow in Skia.
       Reported by Renan Rios (@hyhy_100).
   * d/control:
     - Bump rustc-web build-dep up to >= 1.74.
   * d/patches:
     - bookworm/rust-downgrade-osstr-users.patch: drop, now that we have a
       newer rust in bookworm.
     - bookworm/crabbyav1f.patch: drop, no longer needed w/ new rust.
     - bookworm/rust-no-thin-lto.patch: drop, we can now enable thinlto w/
       new rust.
     - fixes/clang-rust-target.patch: add, needed for thinlto in rust.
     - ppc64le/fixes/fix-different-data-layouts.patch: add, needed for
       mismatch between newer rust and older clang.
chromium (128.0.6613.84-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-7964: Use after free in Passwords. Reported by Anonymous.
     - CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog.
     - CVE-2024-7966: Out of bounds memory access in Skia.
       Reported by Renan Rios (@HyHy100).
     - CVE-2024-7967: Heap buffer overflow in Fonts.
       Reported by Tashita Software Security.
     - CVE-2024-7968: Use after free in Autofill.
       Reported by Han Zheng (HexHive).
     - CVE-2024-7969: Type Confusion in V8.
       Reported by CFF of Topsec Alpha Team.
     - CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat
       Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC).
     - CVE-2024-7972: Inappropriate implementation in V8.
       Reported by Simon Gerst (intrigus-lgtm).
     - CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax.
     - CVE-2024-7974: Insufficient data validation in V8 API.
       Reported by bowu(@gocrashed).
     - CVE-2024-7975: Inappropriate implementation in Permissions.
       Reported by Thomas Orlita.
     - CVE-2024-7976: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7977: Insufficient data validation in Installer.
       Reported by Kim Dong-uk (@justlikebono).
     - CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
       Reported by NDevTK.
     - CVE-2024-7979: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7980: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7981: Inappropriate implementation in Views.
       Reported by Thomas Orlita.
     - CVE-2024-8033: Inappropriate implementation in WebApp Installs.
       Reported by Lijo A.T.
     - CVE-2024-8034: Inappropriate implementation in Custom Tabs.
       Reported by Bharat (mrnoob).
     - CVE-2024-8035: Inappropriate implementation in Extensions.
       Reported by Microsoft.
   * d/copyright: delete third_party/siso/ which contains binaries.
   * d/rules: set safe_browsing_use_unrar=false to disable unrar.
   * d/patches:
     - fixes/blink-frags.patch: drop, merged upstream.
     - fixes/stats-collector.patch: drop, upstream deleted broken code.
     - fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream.
     - upstream/armhf-ftbfs.patch: drop, merged upstream.
     - upstream/containers-header.patch: drop, merged upstream.
     - upstream/crabbyav1f.patch: drop, merged upstream.
     - upstream/lock-impl.patch: drop, merged upstream.
     - upstream/paint-layer-header.patch: drop, merged upstream.
     - disable/unrar.patch: drop, merged upstream w/ build arg.
     - bookworm/nvt.patch: drop, no longer needed.
     - fixes/ps-print.patch: refresh.
     - system/openjpeg.patch: refresh.
     - bookworm/clang16.patch: refresh & remove another unsupported option.
     - bookworm/constexpr.patch: refresh & add more fixes.
     - bookworm/lex-3way.patch: pull in another STL function from clang-17.
     - bookworm/blink-attrib.patch: add build fix to reorder __attribute__.
     - fixes/highway-include-path.patch: upstream fixed the original issue
       in a broken way, making this worse. Add more to this patch to work
       around that.
 .
   [ Daniel Richard G. ]
   * d/rules: Parameterize Rust sysroot to simplify using a different one.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/dawn-fix-typos.patch: Refresh for upstream changes
     - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
       Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable
       musttail on ppc64el platforms

cjson (1.7.15-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport patch to add NULL check to cJSON_SetValuestring (CVE-2024-31755)
     (Closes: #1071742)

clamav (1.0.7+dfsg-1~deb12u1) bookworm; urgency=medium
 .
   * Import 1.0.7 (Closes: #1080962)
     - CVE-2024-20506 (Changed the logging module to disable following symlinks
       on Linux)
     - CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
       parser).
clamav (1.0.6+dfsg-1) unstable; urgency=medium
 .
   * Import 1.0.6
   * Bump standards-version to 4.7.0 without changes.
clamav (1.0.5+dfsg-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Rename libraries for 64-bit time_t transition.  Closes: #1062072
clamav (1.0.5+dfsg-1) unstable; urgency=medium
 .
   * Import 1.0.4 (Closes: #1063479).
     - Update symbols.
     - CVE-2024-20290 (Fixed a possible heap overflow read bug in the OLE2 file
       parser that could cause a denial-of-service (DoS) condition.)
     - CVE-2024-20328 (Fixed a possible command injection vulnerability in the
       "VirusEvent" feature of ClamAV's ClamD service.

cloud-init (22.4.2-1+deb12u2) bookworm; urgency=medium
 .
   * networkd: Add support for multiple [Route] sections (Closes: #1052535)

cloud-initramfs-tools (0.18.debian13+deb12u1) bookworm; urgency=medium
 .
   * growroot: add missing dependencies (Closes: #1037914)

cups (2.4.2-3+deb12u8) bookworm-security; urgency=high
 .
   * CVE-2024-47175
     Fix CVE and upstream also added some extra hardening to patch
     - validate URIs, attribute names, and capabilities
       in cups/ppd-cache.c, scheduler/ipp.c
     - sanitize make and model in cups/ppd-cache.c
     - PPDize preset and template names in cups/ppd-cache.c
     - quote PPD localized strings in  cups/ppd-cache.c
     - fix warnings in cups/ppd-cache.c

cups-filters (1.28.17-3+deb12u1) bookworm-security; urgency=high
 .
   * CVE-2024-47076 (Closes: #1082827)
     cfGetPrinterAttributes5(): Validate response attributes before return
   * CVE-2024-47176 (Closes: #1082820)
     Default BrowseRemoteProtocols should not include "cups" protocol

curl (7.88.1-10+deb12u8) bookworm; urgency=medium
 .
   * Team upload.
   * Import patch for CVE-2024-8096
     - CVE-2024-8096: When the TLS backend is GnuTLS, curl may incorrectly
       handle OCSP stapling. If the OCSP status reports an error other than
       "revoked" (e.g., "unauthorized"), it is not treated as a bad certificate,
       potentially allowing invalid certificates to be considered valid.

debian-installer (20230607+deb12u8) bookworm; urgency=medium
 .
   * Reinstate some armel netboot targets, as suggested by Martin
     Michlmayr (Closes: #1068898) and tested by Rick Thomas (thanks!):
      - openrd-base
      - openrd-client
      - openrd-ultimate
   * Bump Linux kernel ABI to 6.1.0-27.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u8) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u8, from bookworm-proposed-updates.

devscripts (2.23.4+deb12u2) bookworm; urgency=medium
 .
   [ Lee Garrett ]
   * bts: Fix regression when using Auth on 587/tcp.  Closes: #1079730
 .
   [ Cyril Brulebois ]
   * build-rdeps: Add support for non-free-firmware
   * chdist: Update sources.list examples with non-free-firmware
 .
   [ Gioele Barabucci ]
   * build-rdeps: Use all available distros by default.  Closes: #1032396

diffoscope (240+deb12u1) stable; urgency=medium
 .
   [ Chris Lamb ]
   * Backport a patch by FC (Fay) Stegerman to fix a FTBFS caused by a
     .zip-related security fix that was included in Debian's own upload of
     python3.11 3.11.2-6+deb12u2 (see #1070133). Diffoscope's testsuite
     deliberately excercises a Mozilla-style ZIP file that has its Central
     Directory secton at the beginning of the file, rather than at the end. This
     breaks the new overlap check in Python's built-in zipfile.py library as
     that checks that every entry ends before the Central Directory begins. Many
     thanks to Fay for both the patch and related guidance. (Closes: #1078883)
   * Do not call marshal.loads() on precompiled Python bytecode as it is
     inherently unsafe. The loads() method can easily cause the CPython process
     running diffoscope to irretrievably crash (e.g. when presented with a newer
     .pyc format), and potentially permit of arbitrary code execution. Replace,
     for now, with a brief textual summary of the code section of .pyc files
     instead. For more information, see:
     <https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/371>

distro-info-data (0.58+deb12u3) bookworm; urgency=medium
 .
   * Update data to 0.63:
     - Add Ubuntu 25.04 "Plucky Puffin" (LP: #2084572)

docker.io (20.10.24+dfsg1-1+deb12u1) bookworm; urgency=high
 .
   * Team upload
   * Fix CVE-2024-41110: Authz zero length regression
     A security vulnerability has been detected in Docker Engine,
     which could allow an attacker
     to bypass authorization plugins (AuthZ) under specific
     circumstances. The base likelihood of this being exploited is low.
     (Closes: #1084993)

dpdk (22.11.6-1~deb12u1) bookworm; urgency=medium
 .
   [ Christian Ehrhardt ]
   * fix reprotest for parallel sphinx
   * d/p/disable-parallel-sphinx.patch: mention forwarding
 .
   [ Luca Boccassi ]
   * salsa-ci: run Lintian on stable and suppress two warnings
   * Update upstream source from tag 'upstream/22.11.6'
   * Refresh patches to remove fuzz from 22.11.6
   * BPF library is now disabled on i386

exim4 (4.96-15+deb12u6) bookworm; urgency=medium
 .
   * Fix crash in dbmnz when looking up keys with no content.
     Closes: #1080472

expat (2.5.0-1+deb12u1) bookworm-security; urgency=medium
 .
   * Backport security fix for CVE-2024-45490: reject negative len for
     XML_ParseBuffer() (closes: #1080149).
   * Backport security fix for CVE-2024-45491: detect integer overflow in
     dtdCopy() (closes: #1080150).
   * Backport security fix for CVE-2024-45492: detect integer overflow in
     function nextScaffoldPart() (closes: #1080152).

fcgiwrap (1.1.0-14+deb12u1) bookworm; urgency=medium
 .
   [ Mitchell Dzurick ]
   * d/t/git-http-backend: make www-data own $AUTOPKGTEST_TMP/test1/.git
     git introduced more aggressive security checking, so the dep8 test needs
     to explicitly change ownership of the new git directory.
     (LP: #2067942, Closes: #1072394)

firefox-esr (128.3.1esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-51, also known as CVE-2024-9680.
 .
   * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
     js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp,
     js/src/jit/mips-shared/MacroAssembler-mips-shared.h,
     js/src/jit/mips64/MacroAssembler-mips64.cpp,
     js/src/jit/mips64/MacroAssembler-mips64.h,
     js/src/wasm/WasmGenerator.cpp, js/src/wasm/WasmSummarizeInsn.cpp: Fix
     FTBFS on mipsel64. bz#1855960.
firefox-esr (128.3.0esr-2) unstable; urgency=medium
 .
   * debian/watch: Refreshed for firefox-esr.
   * debian/rules:
     - Fixed manual page header for firefox-esr.
     - Use a single virtualenv for preprocessing and build.
   * debian/iceweasel.*: Remove the remaining iceweasel files.
   * debian/control*:
     - Remove unnecessary dependency on autotools-dev.
     - Remove explicit dependency on dpkg-dev.
     - Remove Breaks: xul-ext-torbutton. The package was removed in bug
       #796316, 9 years ago.
   * debian/browser.lintian-overrides.in: Updated.
   * debian/source/lintian-overrides: Updated.
   * debian/copyright: Updated.
 .
   * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
     js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp,
     js/src/jit/mips-shared/MacroAssembler-mips-shared.h,
     js/src/jit/mips64/MacroAssembler-mips64.cpp,
     js/src/jit/mips64/MacroAssembler-mips64.h,
     js/src/wasm/WasmGenerator.cpp, js/src/wasm/WasmSummarizeInsn.cpp: Fix
     FTBFS on mipsel64. bz#1855960.
firefox-esr (128.3.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-47, also known as:
     CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-8900,
     CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399,
     CVE-2024-9400, CVE-2024-9401, CVE-2024-9402.
 .
   * debian/control.in: Use rustc-web and cbindgen-web on bookworm and bullseye.
   * debian/control.in, debian/rules: Use gcc-11 on bookworm, working around
     #1056561.
   * debian/browser.mozconfig.in, debian/browser.preinst.in, debian/control.in,
     debian/l10n/browser-l10n.control, debian/l10n/browser-l10n.control.in,
     debian/l10n/gen, debian/rules, debian/upstream.mk: Remove support for
     buster.
firefox-esr (128.3.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-47, also known as:
     CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-8900,
     CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399,
     CVE-2024-9400, CVE-2024-9401, CVE-2024-9402.
 .
   * debian/control.in: Use rustc-web and cbindgen-web on bookworm and bullseye.
   * debian/control.in, debian/rules: Use gcc-11 on bookworm, working around
     #1056561.
   * debian/browser.mozconfig.in, debian/browser.preinst.in, debian/control.in,
     debian/l10n/browser-l10n.control, debian/l10n/browser-l10n.control.in,
     debian/l10n/gen, debian/rules, debian/upstream.mk: Remove support for
     buster.
firefox-esr (128.3.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * Backport to bullseye.
firefox-esr (115.15.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-41, also known as:
     CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384.
firefox-esr (115.15.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-41, also known as:
     CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384.
firefox-esr (115.14.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-34, also known as:
     CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
     CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
     CVE-2024-7531.

galera-4 (26.4.20-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream release 26.4.20. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.20.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.19.txt
   * Adopt gbp.conf from 'debian/latest' but adopt it for 'debian/12-bookworm'
galera-4 (26.4.19-1) unstable; urgency=medium
 .
   * New upstream release 26.4.19. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.19.txt
galera-4 (26.4.18-1) unstable; urgency=medium
 .
   * Switch to upstream aware DEP-14 branch structure in gbp.conf
   * New upstream release 26.4.18. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.18.txt
   * For previous release details see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.17.txt
   * New upstream signing key 3D53839A70BC938B08CDD47F45460A518DA84635,
     verified from 26.4.17 release notes
   * Move service file from /lib to /usr/lib to conform with usrmerge
galera-4 (26.4.18-1~exp1) experimental; urgency=medium
 .
   * Switch to upstream aware DEP-14 branch structure in gbp.conf
   * New upstream signing key 3D53839A70BC938B08CDD47F45460A518DA84635
   * Move service file from /lib to /usr/lib to conform with usrmerge

ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * review printing of pointers (CVE-2024-29508)
   * Fix compiler warning in optimised build
   * Coverity IDs 414141 & 414145
   * Don't allow PDF files with bad Filters to overflow the debug buffer
     (CVE-2024-29506)
   * Don't use strlen on passwords (CVE-2024-29509)
   * Bounds checks when using CIDFont related params (CVE-2024-29507)

git (1:2.39.5-0+deb12u1) bookworm-security; urgency=medium
 .
   * new upstream point release (see RelNotes/2.39.3.txt,
     RelNotes/2.39.4.txt, RelNotes/2.39.5.txt).  Addresses
     CVE-2023-25652, CVE-2023-25815, CVE-2023-29007, CVE-2024-32002,
     CVE-2024-32004, CVE-2024-32020, CVE-2023-32021 (closes:
     #1071160).
git (1:2.39.2+next.20230215-1) experimental; urgency=low
 .
   * new snapshot, taken from upstream commit 279f198d.
   * merge branch debian-sid.

glib2.0 (2.74.6-2+deb12u4) bookworm; urgency=medium
 .
   [ Helmut Grohne ]
   * Provide libgio-2.0-dev from libglib2.0-dev in bookworm.
     In unstable, libgio-2.0-dev has been split off from
     libglib2.0-dev. Some of the build dependencies on libglib2.0-dev
     will be switched over to libgio-2.0-dev. This causes them to
     be unsatisfiable in bookworm-backports, unless a bookworm update
     provides forward compatibility by providing libgio-2.0-dev (which
     has never been mentioned in bookworm).
 .
   [ Simon McVittie ]
   * d/control.in: libglib2.0-dev-bin Provides libgio-2.0-dev-bin.
     Packages backported from trixie/sid might build-depend on
     libgio-2.0-dev-bin if they participate in bootstrapping and need to
     run utilities like glib-mkenums or gdbus-codegen during their build.
   * d/control.in: Freeze Uploaders at the value it previously had in bookworm.
     This allows `debian/rules clean` to be run without altering d/control.

glibc (2.36-9+deb12u9) bookworm; urgency=medium
 .
   * debian/testsuite-xfail-debian.mk: mark tst-support_descriptors as XFAIL,
     due to sbuild bug #1070003.
   * debian/patches/localedata/git-locale-hr_HR-euro.diff: change Croatian
     locale to use Euro as currency.
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - resolv: do not ignore short error responses (as generated by e.g.
       Unbound) to avoid timeouts.
     - resolv: fix timeouts when single-request mode is enabled in resolv.conf.
     - resolv: fix reloading resolv.conf when a nameserver has been
       automatically switched to single-request mode.
     - mremap(): fix support for the MREMAP_DONTUNMAP option.
     - fortification: fix name space violation in fortify wrappers.
     - vfscanf(): fix matches longer than INT_MAX.
     - ungetc(): fix uninitialized read when putting into unused streams.
     - ungetc(): fix backup buffer leak on program exit.
   * patches/arm64/local-revert-aarch64-check-kernel-version-for-sve-ifuncs.diff:
     revert upstream commit as it changes the GLIBC_PRIVATE ABI, causing
     crashes with static binaries using dlopened NSS functions.  Closes:
     #1083095.

gtk+3.0 (3.24.38-2~deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * d/p/atk_focus_tracker_notify.deprecated.patch: Fix letting Orca announce
     initial focus (Closes: #1084489)

ikiwiki-hosting (0.20220716-2+deb12u1) bookworm; urgency=medium
 .
   [ Simon McVittie ]
   * d/ikiwiki-hosting-web.{init,service}: Allow reading other users' repositories.
     Each website's git repository is owned by its own uid, and the
     git-daemon running as ikiwiki-anon needs to be able to read them all.
     (Closes: #1076751)

intel-microcode (3.20240910.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm
   * All trixie-only changes (from 3.20240813.2) are reverted on this branch
 .
 intel-microcode (3.20240910.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240910 (closes: #1081363)
     - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
       A potential security vulnerability in the Running Average Power Limit
       (RAPL) interface for some Intel Processors may allow information
       disclosure.
     - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
       A potential security vulnerability in some Intel Processors may allow
       denial of service.
     - Fixes for unspecified functional issues on several processor models
     - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
       FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
       THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
       THROUGH THE FIT TABLE IN FIRMWARE.  Contact your system vendor for a
       firmware update that includes the appropriate microcode update for
       your processor.
   * Updated Microcodes:
     sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
     sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
     sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
     sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
     sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
     sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
     sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
     sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
   * Update changelog for 3.20240813.1 with new information
   * Update changelog for 3.20240514.1 with new information
   * source: update symlinks to reflect id of the latest release, 20240910
intel-microcode (3.20240813.2) unstable; urgency=high
 .
   * Merge changes from intel-microcode/3.20240531.1+nmu1, which were left out
     from 3.20240813.1 by an oversight, regressing merged-usr. Closes: #1060200
intel-microcode (3.20240813.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240813 (closes: #1078742)
     - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
       Incorrect behavior order in transition between executive monitor and SMI
       transfer monitor (STM) in some Intel Processors may allow a privileged
       user to potentially enable escalation of privilege via local access.
     - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
       Mirrored regions with different values in 3rd Generation Intel Xeon
       Scalable Processors may allow a privileged user to potentially enable
       denial of service via local access.
     - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
       Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
       Xeon Processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
       Improper isolation in the Intel Core Ultra Processor stream cache
       mechanism may allow an authenticated user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
       Improper isolation in some Intel® Processors stream cache mechanism may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Fix for unspecified functional issues on several processor models
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
     sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
     sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
     sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
     sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
     sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
     sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
     sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
     sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
     sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
     sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
   * source: update symlinks to reflect id of the latest release, 20240813
   * postinst, postrm: switch to dpkg-trigger to run update-initramfs

ipmitool (1.8.19-4+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * d/control: Remove obsolete lsb-base from Depends
   * d/patches: backport several important fixes from upstream
     + fix a buffer overrun in `open` interface
     + fix lan print fails on unsupported parameters (closes: #1061770)
     + fix parameter passed to read temperature sensors
     + fix using hex values when sending raw data (closes: #1082101)

iputils (3:20221126-1+deb12u1) bookworm; urgency=medium
 .
   * Import upstream fix for incorrect ping receiving packets intended for other
     processes (Closes: #1040313)

kexec-tools (1:2.0.25-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Add a systemd mask to kexec.service, to prevent the init script from
     handling kexec process on a systemd enabled system. (Closes: #1028416)

lemonldap-ng (2.16.1+ds-deb12u3) bookworm; urgency=medium
 .
   * Fix XSS issue (Closes: #1084979, CVE-2024-48933)

lgogdownloader (3.9-2+deb12u1) bookworm; urgency=medium
 .
   * Apply upstream fixes for parsing Galaxy URLs. Closes: #1085527.

libgsf (1.14.50-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * OLE2: Fix allocation problems (CVE-2024-42415, CVE-2024-36474)
     (Closes: #1084056)

libheif (1.15.1-1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-41311
   * CVE-2023-49462 (Closes: #1059151)
   * CVE-2023-29659 (Closes: #1035607)

libreoffice (4:7.4.7-1+deb12u5) bookworm-security; urgency=medium
 .
   * debian/patches/debian/patches/do-not-trust-any-signature-on-repaired-package.diff:
     as name says (CVE-2024-7788)

libskk (1.0.5-2+deb12u1) bookworm; urgency=medium
 .
   * debian/patches/a2936e865fcc00e6e0c0bfc6c1d62db19e49fe74.patch:
     Cherry-pick upstream patch to fix invalid escape in json file that
     triggered crash. (Closes: #1081915)

libvirt (9.0.0-4+deb12u2) bookworm; urgency=medium
 .
   * [275099d] patches: Add backports
     - backport/apparmor-Allow-running-i686-VMs-on-Debian-12.patch
       - Closes: #1030926
     - backport/qemu_process-Skip-over-non-virtio-non-TAP-NIC-[...]
       - Prevents certain guests from becoming unbootable or
         disappearing during upgrade

linux (6.1.115-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
     - wifi: rtw88: always wait for both firmware loading attempts
       (CVE-2024-47718)
     - crypto: xor - fix template benchmarking
     - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
     - wifi: ath9k: fix parameter check in ath9k_init_debug()
     - wifi: ath9k: Remove error checks when creating debugfs entries
     - wifi: rtw88: remove CPT execution branch never used
     - fs/namespace: fnic: Switch to use %ptTd
     - mount: handle OOM on mnt_warn_timestamp_expiry
     - drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
       (CVE-2024-47731)
     - wifi: mac80211: don't use rate mask for offchannel TX either
       (CVE-2024-47738)
     - wifi: iwlwifi: mvm: increase the time between ranging measurements
     - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
     - ACPICA: executer/exsystem: Don't nag user about every Stall() violating
       the spec
     - padata: Honor the caller's alignment in case of chunk_size 0
     - drivers/perf: hisi_pcie: Record hardware counts correctly
     - can: j1939: use correct function name in comment
     - ACPI: CPPC: Fix MASK_VAL() usage
     - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
     - netfilter: nf_tables: reject element expiration with no timeout
     - netfilter: nf_tables: reject expiration higher than timeout
     - netfilter: nf_tables: remove annotation to access set timeout while
       holding lock
     - [arm64] perf/arm-cmn: Rework DTC counters (again)
     - [arm64] perf/arm-cmn: Improve debugfs pretty-printing for large configs
     - [arm64] perf/arm-cmn: Refactor node ID handling. Again.
     - [arm64] perf/arm-cmn: Ensure dtm_idx is big enough
     - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
     - [x86] sgx: Fix deadlock in SGX NUMA node search (CVE-2024-49856)
     - crypto: hisilicon/hpre - enable sva error interrupt event
     - crypto: hisilicon/hpre - mask cluster timeout error
     - crypto: hisilicon/qm - fix coding style issues
     - crypto: hisilicon/qm - reset device before enabling it
     - crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730)
     - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
     - wifi: mt76: mt7915: fix rx filter setting for bfee functionality
     - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
     - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
       (CVE-2024-47713)
     - wifi: wilc1000: fix potential RCU dereference issue in
       wilc_parse_join_bss_param (CVE-2024-47712)
     - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
     - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL
     - sock_map: Add a cond_resched() in sock_hash_free()
     - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
       (CVE-2024-47709)
     - can: m_can: Remove repeated check for is_peripheral
     - can: m_can: enable NAPI before enabling interrupts
     - can: m_can: m_can_close(): stop clocks after device has been shut down
     - Bluetooth: btusb: Fix not handling ZPL/short-transfer
     - bareudp: Pull inner IP header in bareudp_udp_encap_recv().
     - bareudp: Pull inner IP header on xmit.
     - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
     - r8169: disable ALDPS per default for RTL8125
     - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
     - net: tipc: avoid possible garbage value
     - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
       (CVE-2024-47707)
     - nbd: fix race between timeout and normal completion (CVE-2024-49855)
     - block, bfq: fix possible UAF for bfqq->bic with merge chain
       (CVE-2024-47706)
     - block, bfq: choose the last bfqq from merge chain in
       bfq_setup_cooperator()
     - block, bfq: don't break merge chain in bfq_split_bfqq()
     - block: print symbolic error name instead of error code
     - block: fix potential invalid pointer dereference in blk_add_partition
       (CVE-2024-47705)
     - spi: ppc4xx: handle irq_of_parse_and_map() errors
     - [arm64] dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB
     - firmware: arm_scmi: Fix double free in OPTEE transport (CVE-2024-49853)
     - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
     - regulator: Return actual error in of_regulator_bulk_get_all()
     - [arm64] dts: renesas: r9a07g043u: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g054: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g044: Correct GICD and GICR sizes
     - [arm64] dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations
     - reset: berlin: fix OF node leak in probe() error path
     - reset: k210: fix OF node leak in probe() error path
     - clocksource/drivers/qcom: Add missing iounmap() on errors in
       msm_dt_timer_init()
     - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error
     - ALSA: hda: cs35l41: fix module autoloading
     - hwmon: (max16065) Fix overflows seen when writing limits
     - i2c: Add i2c_get_match_data()
     - hwmon: (max16065) Remove use of i2c_match_id()
     - hwmon: (max16065) Fix alarm attributes
     - mtd: slram: insert break after errors in parsing the map
     - hwmon: (ntc_thermistor) fix module autoloading
     - power: supply: axp20x_battery: Remove design from min and max voltage
     - power: supply: max17042_battery: Fix SOC threshold calc w/ no current
       sense
     - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
     - [amd64] iommu/amd: Do not set the D bit on AMD v2 table entries
     - mtd: powernv: Add check devm_kasprintf() returned value
     - rcu/nocb: Fix RT throttling hrtimer armed from offline CPU
     - mtd: rawnand: mtk: Use for_each_child_of_node_scoped()
     - mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips
     - mtd: rawnand: mtk: Fix init error path
     - pmdomain: core: Harden inter-column space in debug summary
     - drm/stm: Fix an error handling path in stm_drm_platform_probe()
     - drm/stm: ltdc: check memory returned by devm_kzalloc()
     - drm/amd/display: Add null check for set_output_gamma in
       dcn30_set_output_transfer_func (CVE-2024-47720)
     - drm/amdgpu: Replace one-element array with flexible-array member
     - drm/amdgpu: properly handle vbios fake edid sizing
     - drm/radeon: Replace one-element array with flexible-array member
     - drm/radeon: properly handle vbios fake edid sizing
     - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly
     - scsi: NCR5380: Check for phase match during PDMA fixup
     - drm/amd/amdgpu: Properly tune the size of struct
     - drm/rockchip: vop: Allow 4096px width scaling
     - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
     - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
     - drm/bridge: lontium-lt8912b: Validate mode in
       drm_bridge_funcs::mode_valid()
     - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
     - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
       (CVE-2024-49852)
     - jfs: fix out-of-bounds in dbNextAG() and diAlloc()
     - drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config()
     - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
     - [powerpc*] 8xx: Fix initial memory mapping
     - [powerpc*] 8xx: Fix kernel vs user address comparison
     - drm/msm: Fix incorrect file name output in adreno_request_fw()
     - drm/msm/a5xx: disable preemption in submits by default
     - drm/msm/a5xx: properly clear preemption records on resume
     - drm/msm/a5xx: fix races in preemption evaluation stage
     - drm/msm/a5xx: workaround early ring-buffer emptiness check
     - ipmi: docs: don't advertise deprecated sysfs entries
     - drm/msm: fix %s null argument error
     - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
     - xen: use correct end address of kernel for conflict checking
     - HID: wacom: Support sequence numbers smaller than 16-bit
     - HID: wacom: Do not warn about dropped packets for first packet
     - xen/swiotlb: add alignment check for dma buffers
     - xen/swiotlb: fix allocated size
     - tpm: Clean up TPM space after command failure (CVE-2024-49851)
     - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
       (CVE-2024-49850)
     - xz: cleanup CRC32 edits from 2018
     - kthread: fix task state in kthread worker if being frozen
     - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
     - smackfs: Use rcu_assign_pointer() to ensure safe assignment in
       smk_set_cipso
     - ext4: avoid buffer_head leak in ext4_mark_inode_used()
     - ext4: avoid potential buffer_head leak in __ext4_new_inode()
     - ext4: avoid negative min_clusters in find_group_orlov()
     - ext4: return error on ext4_find_inline_entry
     - ext4: avoid OOB when system.data xattr changes underneath the filesystem
       (CVE-2024-47701)
     - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
       (CVE-2024-47699)
     - nilfs2: determine empty node blocks as corrupted
     - nilfs2: fix potential oob read in nilfs_btree_check_delete()
       (CVE-2024-47757)
     - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
     - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
     - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
       (CVE-2024-47728)
     - perf mem: Free the allocated sort string, fixing a leak
     - perf inject: Fix leader sampling inserting additional samples
     - perf sched timehist: Fix missing free of session in perf_sched__timehist()
     - perf stat: Display iostat headers correctly
     - perf sched timehist: Fixed timestamp error when unable to confirm event
       sched_in time
     - perf time-utils: Fix 32-bit nsec parsing
     - clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite()
       after error detection
     - clk: imx: composite-8m: Enable gate clk with mcore_booted
     - clk: imx: composite-7ulp: Check the PCC present bit
     - clk: imx: fracn-gppll: support integer pll
     - clk: imx: fracn-gppll: fix fractional part of PLL getting lost
     - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
     - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
     - clk: imx: imx8qxp: Parent should be initialized earlier than the clock
     - remoteproc: imx_rproc: Correct ddr alias for i.MX8M
     - remoteproc: imx_rproc: Initialize workqueue earlier
     - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
     - Input: ilitek_ts_i2c - avoid wrong input subsystem sync
     - Input: ilitek_ts_i2c - add report id message validation
     - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
       (CVE-2024-47698)
     - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
       (CVE-2024-47697)
     - PCI/PM: Increase wait time after resume
     - PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter
     - PCI: Wait for Link before restoring Downstream Buses
     - PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
       (CVE-2024-47756)
     - clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL
     - nvdimm: Fix devs leaks in scan_labels()
     - PCI: xilinx-nwl: Fix register misspelling
     - PCI: xilinx-nwl: Clean up clock on probe failure/removal
     - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
       (CVE-2024-47696)
     - pinctrl: single: fix missing error code in pcs_probe()
     - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
     - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (CVE-2024-47695)
     - clk: ti: dra7-atl: Fix leak of of_nodes
     - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
     - nfsd: fix refcount leak when file is unhashed after being found
     - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
     - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
     - IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
     - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
       (CVE-2024-47751)
     - RDMA/erdma: Return QP state in erdma_query_qp
     - watchdog: imx_sc_wdt: Don't disable WDT in suspend
     - [arm64] RDMA/hns: Don't modify rq next block addr in HIP09 QPC
     - [arm64] RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (CVE-2024-47750)
     - [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
     - [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
     - [arm64] RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
     - [arm64] RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS
     - [arm64] RDMA/hns: Optimize hem allocation performance
     - RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
     - RDMA/irdma: fix error message in irdma_modify_qp_roce()
     - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
     - ntb_perf: Fix printk format
     - ntb: Force physically contiguous allocation of rx ring buffers
     - nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
     - nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
     - f2fs: fix to update i_ctime in __f2fs_setxattr()
     - f2fs: remove unneeded check condition in __f2fs_setxattr()
     - f2fs: reduce expensive checkpoint trigger frequency
     - f2fs: factor the read/write tracing logic into a helper
     - f2fs: fix to avoid racing in between read and OPU dio write
     - f2fs: fix to wait page writeback before setting gcing flag
     - f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation
     - f2fs: clean up w/ dotdot_name
     - f2fs: get rid of online repaire on corrupted directory (CVE-2024-47690)
     - spi: atmel-quadspi: Undo runtime PM changes at driver exit time
     - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
     - lib/sbitmap: define swap_lock as raw_spinlock_t
     - nvme-multipath: system fails to create generic nvme device
     - iio: adc: ad7606: fix oversampling gpio array
     - iio: adc: ad7606: fix standby gpio state to match the documentation
     - ABI: testing: fix admv8818 attr description
     - iio: chemical: bme680: Fix read/write ops to device by adding mutexes
     - iio: magnetometer: ak8975: Convert enum->pointer for data in the match
       tables
     - iio: magnetometer: ak8975: drop incorrect AK09116 compatible
     - dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible
     - coresight: tmc: sg: Do not leak sg_table
     - cxl/pci: Break out range register decoding from cxl_hdm_decode_init()
     - cxl/pci: Fix to record only non-zero ranges
     - vdpa: Add eventfd for the vdpa callback
     - vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
     - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (CVE-2024-47686)
     - Revert "dm: requeue IO if mapping table not yet available"
     - net: xilinx: axienet: Schedule NAPI in two steps
     - net: xilinx: axienet: Fix packet counting
     - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685)
     - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
       Condition (CVE-2024-47747)
     - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
     - tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
     - net: qrtr: Update packets cloning when broadcasting
     - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
       (CVE-2024-47734)
     - net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled
     - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
     - netfilter: ctnetlink: compile ctnetlink_label_size with
       CONFIG_NF_CONNTRACK_EVENTS
     - io_uring/sqpoll: do not allow pinning outside of cpuset
     - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
     - io_uring/io-wq: do not allow pinning outside of cpuset
     - io_uring/io-wq: inherit cpuset of cgroup in io worker
     - vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
     - selinux,smack: don't bypass permissions check in inode_setsecctx hook
       (CVE-2024-46695)
     - drm/vmwgfx: Prevent unmapping active read buffers (CVE-2024-46710)
     - io_uring/sqpoll: retain test for whether the CPU is valid
     - io_uring/sqpoll: do not put cpumask on stack
     - Remove *.orig pattern from .gitignore
     - PCI: imx6: Fix missing call to phy_power_off() in error handling
     - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
     - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
     - soc: versatile: integrator: fix OF node leak in probe() error path
     - Revert "media: tuners: fix error return code of
       hybrid_tuner_request_state()"
     - Input: adp5588-keys - fix check on return code
     - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
     - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
     - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
     - [x86] KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
     - [x86] KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
       (CVE-2024-47683)
     - drm/amd/display: Round calculated vtotal
     - drm/amd/display: Validate backlight caps are sane
     - KEYS: prevent NULL pointer dereference in find_asymmetric_key()
       (CVE-2024-47743)
     - fs: Create a generic is_dot_dotdot() utility
     - ksmbd: make __dir_empty() compatible with POSIX
     - ksmbd: allow write with FILE_APPEND_DATA
     - ksmbd: handle caseless file creation
     - scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
       (CVE-2024-47682)
     - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
     - scsi: mac_scsi: Refactor polling loop
     - scsi: mac_scsi: Disallow bus errors during PDMA send
     - usbnet: fix cyclical race on disconnect with work queue
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - USB: appledisplay: close race between probe and completion handler
     - USB: misc: cypress_cy7c63: check for short transfer
     - USB: class: CDC-ACM: fix race between get_serial and set_serial
     - usb: cdnsp: Fix incorrect usb_request status
     - usb: dwc2: drd: fix clock gating on USB role switch
     - bus: integrator-lm: fix OF node leak in probe()
     - bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
     - firmware_loader: Block path traversal (CVE-2024-47742)
     - tty: rp2: Fix reset with non forgiving PCIe host bridges
     - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
     - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
     - drbd: Fix atomicity violation in drbd_uuid_set_bm()
     - drbd: Add NULL check for net_conf to prevent dereference in state
       validation
     - ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
     - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
     - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
       (CVE-2024-49858)
     - perf/x86/intel/pt: Fix sampling synchronization
     - wifi: rtw88: 8822c: Fix reported RX band width
     - wifi: mt76: mt7615: check devm_kasprintf() returned value
     - debugobjects: Fix conditions in fill_pool()
     - f2fs: fix several potential integer overflows in file offsets
     - f2fs: prevent possible int overflow in dir_block_index()
     - f2fs: avoid potential int overflow in sanity_check_area_boundary()
     - f2fs: fix to check atomic_file in f2fs ioctl interfaces (CVE-2024-49859)
     - hwrng: mtk - Use devm_pm_runtime_enable
     - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
     - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
     - [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
     - [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
     - vfs: fix race between evice_inodes() and find_inode()&iput()
     - fs: Fix file_set_fowner LSM hook inconsistencies
     - nfs: fix memory leak in error path of nfs4_do_reclaim
     - EDAC/igen6: Fix conversion of system address to physical memory address
     - padata: use integer wrap around to prevent deadlock on seq_nr overflow
       (CVE-2024-47739)
     - soc: versatile: realview: fix memory leak during device remove
     - soc: versatile: realview: fix soc_dev leak during device remove
     - [powerpc*] 64: Option to build big-endian with ELFv2 ABI
     - [powerpc*] 64: Add support to build with prefixed instructions
     - [powerpc*] atomic: Use YZ constraints for DS-form instructions
     - usb: yurex: Replace snprintf() with the safer scnprintf() variant
     - USB: misc: yurex: fix race between read and write
     - xhci: fix event ring segment table related masks and variables in header
     - xhci: remove xhci_test_trb_in_td_math early development check
     - xhci: Refactor interrupter code for initial multi interrupter support.
     - xhci: Preserve RsvdP bits in ERSTBA register correctly
     - xhci: Add a quirk for writing ERST in high-low order
     - usb: xhci: fix loss of data on Cadence xHC
     - pps: remove usage of the deprecated ida_simple_xx() API
     - pps: add an error check in parport_attach
     - [x86] idtentry: Incorporate definitions/declarations of the FRED entries
     - [x86] entry: Remove unwanted instrumentation in common_interrupt()
     - mm/filemap: return early if failed to allocate memory for split
     - lib/xarray: introduce a new helper xas_get_order
     - mm/filemap: optimize filemap folio adding
     - icmp: Add counters for rate limits
     - icmp: change the order of rate limits (CVE-2024-47678)
     - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
     - lockdep: fix deadlock issue between lockdep and rcu
     - mm: only enforce minimum stack gap size if it's sensible
     - module: Fix KCOV-ignored file name
     - mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with
       rcu read lock
     - i2c: aspeed: Update the stop sw state when the bus recovery occurs
     - i2c: isch: Add missed 'else'
     - usb: yurex: Fix inconsistent locking bug in yurex_read()
     - perf/arm-cmn: Fail DTC counter allocation correctly
     - iio: magnetometer: ak8975: Fix 'Unexpected device' error
     - [powerpc*] Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
     - PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
     - [x86*] tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
     - static_call: Handle module init failure correctly in
       static_call_del_module() (CVE-2024-50002)
     - static_call: Replace pointless WARN_ON() in static_call_module_notify()
     - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
     - jump_label: Fix static_key_slow_dec() yet again
     - scsi: pm8001: Do not overwrite PCI queue mapping
     - mailbox: rockchip: fix a typo in module autoloading
     - mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
     - ceph: remove the incorrect Fw reference check when dirtying pages
     - ieee802154: Fix build error
     - net: sparx5: Fix invalid timestamps
     - net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
     - net/mlx5: Added cond_resched() to crdump collection
     - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
     - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
     - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
     - netfilter: nf_tables: prevent nf_skb_duplicated corruption
       (CVE-2024-49952)
     - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: ethernet: lantiq_etop: fix memory disclosure (CVE-2024-49997)
     - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
     - net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
     - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
     - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
     - ppp: do not assume bh is held in ppp_channel_bridge_input()
       (CVE-2024-49946)
     - fsdax,xfs: port unshare to fsdax
     - iomap: constrain the file range passed to iomap_file_unshare
     - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
       (CVE-2024-49944)
     - i2c: xiic: improve error message when transfer fails to start
     - i2c: xiic: Try re-initialization on bus busy timeout
     - loop: don't set QUEUE_FLAG_NOMERGES
     - Bluetooth: hci_sock: Fix not validating setsockopt user input
       (CVE-2024-35963)
     - media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
     - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is
       uninitialized
     - ALSA: mixer_oss: Remove some incorrect kfree_const() usages
     - ALSA: hda/realtek: Fix the push button function for the ALC257
     - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
     - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
     - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
     - f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
     - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
     - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
     - ice: Adjust over allocation of memory in ice_sched_add_root_node() and
       ice_sched_add_node()
     - wifi: iwlwifi: mvm: Fix a race in scan abort flow
     - wifi: cfg80211: Set correct chandef when starting CAC (CVE-2024-49937)
     - net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
     - net: hisilicon: hip04: fix OF node leak in probe()
     - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
     - net: hisilicon: hns_mdio: fix OF node leak in probe()
     - ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
     - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
     - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
     - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
     - net: sched: consistently use rcu_replace_pointer() in taprio_change()
     - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
     - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
     - blk_iocost: fix more out of bound shifts (CVE-2024-49933)
     - nvme-pci: qdepth 1 quirk
     - wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
     - wifi: rtw88: select WANT_DEV_COREDUMP
     - ACPI: EC: Do not release locks during operation region accesses
     - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
       acpi_db_convert_to_package()
     - tipc: guard against string buffer overrun (CVE-2024-49995)
     - net: mvpp2: Increase size of queue_name buffer
     - bnxt_en: Extend maximum length of version string by 1 byte
     - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
     - wifi: rtw89: correct base HT rate mask for firmware
     - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
     - net: atlantic: Avoid warning about potential string truncation
     - crypto: simd - Do not call crypto_alloc_tfm during registration
     - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
     - wifi: mac80211: fix RCU list iterations
     - ACPICA: iasl: handle empty connection_node
     - proc: add config & param to block forcing mem writes
     - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_cmd_802_11_scan_ext()
     - nfp: Use IRQF_NO_AUTOEN flag in request_irq()
     - ALSA: usb-audio: Add input value sanity checks for standard types
     - [x86] ioapic: Handle allocation failures gracefully (CVE-2024-49927)
     - ALSA: usb-audio: Define macros for quirk table entries
     - ALSA: usb-audio: Replace complex quirk lines with macros
     - ALSA: usb-audio: Add logitech Audio profile quirk
     - ASoC: codecs: wsa883x: Handle reading version failure
     - [x86] kexec: Add EFI config table identity mapping for kexec kernel
     - ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
     - ALSA: hdsp: Break infinite MIDI input flush loop
     - [x86] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
     - fbdev: pxafb: Fix possible use after free in pxafb_task() (CVE-2024-49924)
     - rcuscale: Provide clear error when async specified without primitives
     - [arm64] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
     - power: reset: brcmstb: Do not go into infinite loop if reset fails
     - [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
     - [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
       count (CVE-2024-49993)
     - drm/stm: Avoid use-after-free issues with crtc and plane (CVE-2024-49992)
     - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
     - drm/amd/display: Add null check for top_pipe_to_program in
       commit_planes_for_stream (CVE-2024-49913)
     - ata: pata_serverworks: Do not use the term blacklist
     - ata: sata_sil: Rename sil_blacklist to sil_quirks
     - drm/amd/display: Handle null 'stream_status' in
       'planes_changed_for_existing_stream' (CVE-2024-49912)
     - drm/amd/display: Check null pointers before using dc->clk_mgr
       (CVE-2024-49907)
     - drm/amd/display: Add null check for 'afb' in
       amdgpu_dm_plane_handle_cursor_update (v2)
     - jfs: UBSAN: shift-out-of-bounds in dbFindBits
     - jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
     - jfs: check if leafidx greater than num leaves per dmap tree
       (CVE-2024-49902)
     - scsi: smartpqi: correct stream detection
     - jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
     - drm/amdgpu: add raven1 gfxoff quirk
     - drm/amdgpu: enable gfxoff quirk on HP 705G4
     - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
     - [x86] platform/x86: touchscreen_dmi: add nanote-next quirk
     - drm/stm: ltdc: reset plane transparency after plane disable
     - drm/amd/display: Check stream before comparing them (CVE-2024-49896)
     - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
       translation (CVE-2024-49895)
     - drm/amd/display: Fix index out of bounds in degamma hardware format
       translation (CVE-2024-49894)
     - drm/amd/display: Fix index out of bounds in DCN30 color transformation
       (CVE-2024-49969)
     - drm/amd/display: Initialize get_bytes_per_element's default to 1
       (CVE-2024-49892)
     - drm/printer: Allow NULL data in devcoredump printer
     - [x86] perf,x86: avoid missing caller address in stack traces captured in
       uprobe
     - scsi: aacraid: Rearrange order of struct aac_srb_unit
     - scsi: lpfc: Update PRLO handling in direct attached topology
     - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
     - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
     - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
     - drm/amd/pm: ensure the fw_info is not null before using it
       (CVE-2024-49890)
     - of/irq: Refer to actual buffer size in of_irq_parse_one()
     - [powerpc*] pseries: Use correct data types from pseries_hp_errorlog struct
     - ext4: ext4_search_dir should return a proper error
     - ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
     - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
     - iomap: handle a post-direct I/O invalidate race in
       iomap_write_delalloc_release
     - blk-integrity: use sysfs_emit
     - blk-integrity: convert to struct device_attribute
     - blk-integrity: register sysfs attributes on struct device
     - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
     - spi: s3c64xx: fix timeout counters in flush_fifo
     - [powerpc*] vdso: Fix VDSO data access when running in a non-root time
       namespace
     - Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
       (Closes: #1081833)
     - [x86] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
       (CVE-2024-49886)
     - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
       (CVE-2024-49985)
     - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
     - i2c: xiic: Wait for TX empty to avoid missed TX NAKs
     - media: i2c: ar0521: Use cansleep version of gpiod_set_value()
       (CVE-2024-49961)
     - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
     - spi: bcm63xx: Fix module autoloading
     - power: supply: hwmon: Fix missing temp1_max_alarm attribute
     - perf/core: Fix small negative period being ignored
     - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
     - ALSA: core: add isascii() check to card ID generator
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
     - ALSA: usb-audio: Add native DSD support for Luxman D-08u
     - ALSA: line6: add hw monitor volume control to POD HD500X
     - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
     - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
     - ext4: no need to continue when the number of entries is 1 (CVE-2024-49967)
     - ext4: correct encrypted dentry name hash when not casefolded
     - ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
     - ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
     - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
     - ext4: dax: fix overflowing extents beyond inode size when partially
       writing (CVE-2024-50015)
     - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
     - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
     - ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
     - ext4: fix double brelse() the buffer of the extents path
     - ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
     - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
     - ext4: fix incorrect tid assumption in
       jbd2_journal_shrink_checkpoint_list()
     - ext4: fix fast commit inode enqueueing during a full journal commit
     - ext4: use handle to mark fc as ineligible in __track_dentry_update()
     - ext4: mark fc as ineligible using an handle in ext4_xattr_set()
     - drm/rockchip: vop: clear DMA stop bit on RK3066
     - of/irq: Support #msi-cells=<0> in of_msi_get_domain
     - drm: omapdrm: Add missing check for alloc_ordered_workqueue
       (CVE-2024-49879)
     - resource: fix region_intersects() vs add_memory_driver_managed()
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
       error
     - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
     - mm: krealloc: consider spare memory for __GFP_ZERO
     - ocfs2: fix the la space leak when unmounting an ocfs2 volume
     - ocfs2: fix uninit-value in ocfs2_get_block()
     - ocfs2: reserve space for inline xattr before attaching reflink tree
       (CVE-2024-49958)
     - ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
     - ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
       (CVE-2024-49877)
     - exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
     - perf hist: Update hist symbol when updating maps
     - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
     - nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
     - NFSD: Fix NFSv4's PUTPUBFH operation
     - aoe: fix the potential use-after-free problem in more places
       (CVE-2024-49982)
     - clk: rockchip: fix error for unknown clocks
     - remoteproc: k3-r5: Fix error handling when power-up failed
     - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
     - media: sun4i_csi: Implement link validate for sun4i_csi subdev
     - clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
     - clk: qcom: clk-rpmh: Fix overflow in BCM vote
     - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
     - media: venus: fix use after free bug in venus_remove due to race condition
       (CVE-2024-49981)
     - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: qcom: camss: Fix ordering of pm_runtime_enable
     - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
     - clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
     - smb: client: use actual path when queryfs
     - iio: magnetometer: ak8975: Fix reading for ak099xx sensors
     - gso: fix udp gso fraglist segmentation after pull from frag_list
       (CVE-2024-49978)
     - tomoyo: fallback to realpath if symlink's pathname does not exist
       (Closes: #1082001)
     - net: stmmac: Fix zero-division error when disabling tc cbs
       (CVE-2024-49977)
     - rtc: at91sam9: fix OF node leak in probe() error path
     - Input: adp5589-keys - fix NULL pointer dereference (CVE-2024-49871)
     - Input: adp5589-keys - fix adp5589_gpio_get_value()
     - cachefiles: fix dentry leak in cachefiles_open_file() (CVE-2024-49870)
     - ACPI: resource: Add Asus Vivobook X1704VAP to
       irq1_level_low_skip_override[] (Closes: #1078696)
     - ACPI: resource: Add Asus ExpertBook B2502CVA to
       irq1_level_low_skip_override[]
     - btrfs: fix a NULL pointer dereference when failed to start a new
       trasacntion (CVE-2024-49868)
     - btrfs: send: fix invalid clone operation for file that got its size
       decreased
     - btrfs: wait for fixup workers before stopping cleaner kthread during
       umount (CVE-2024-49867)
     - gpio: davinci: fix lazy disable
     - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
       (CVE-2024-8805)
     - ceph: fix cap ref leak via netfs init_request
     - tracing/hwlat: Fix a race during cpuhp processing
     - tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866)
     - close_range(): fix the logics in descriptor table trimming
     - [x86] drm/i915/gem: fix bitwise and logical AND mixup
     - drm/sched: Add locking to drm_sched_entity_modify_sched
     - drm/amd/display: Fix system hang while resume with TBT monitor
       (CVE-2024-50003)
     - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
       (Closes: #1076483)
     - kconfig: qconf: fix buffer overflow in debug links
     - i2c: create debugfs entry per adapter
     - i2c: core: Lock address during client device instantiation
     - i2c: xiic: Use devm_clk_get_enabled()
     - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
     - dt-bindings: clock: exynos7885: Fix duplicated binding
     - spi: bcm63xx: Fix missing pm_runtime_disable()
     - [arm64] Add Cortex-715 CPU part definition
     - [arm64] cputype: Add Neoverse-N3 definitions
     - [arm64] errata: Expand speculative SSBS workaround once more
     - io_uring/net: harden multishot termination case for recv
     - uprobes: fix kernel info leak via "[uprobes]" vma
     - mm: z3fold: deprecate CONFIG_Z3FOLD
     - drm/amd/display: Allow backlight to go below
       `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
     - build-id: require program headers to be right after ELF header
     - lib/buildid: harden build ID parsing logic
     - docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
     - delayacct: improve the average delay precision of getdelay tool to
       microsecond
     - sched: psi: fix bogus pressure spikes from aggregation race
     - media: i2c: imx335: Enable regulator supplies
     - media: imx335: Fix reset-gpio handling
     - remoteproc: k3-r5: Acquire mailbox handle during probe routine
     - remoteproc: k3-r5: Delay notification of wakeup event
     - dt-bindings: clock: qcom: Add missing UFS QREF clocks
     - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
     - clk: samsung: exynos7885: do not define number of clocks in bindings
     - clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
     - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
     - r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
     - clk: qcom: gcc-sc8180x: Add GPLL9 support
     - ACPI: battery: Simplify battery hook locking
     - ACPI: battery: Fix possible crash when unregistering a battery hook
       (CVE-2024-49955)
     - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
       bindings"
     - erofs: get rid of erofs_inode_datablocks()
     - erofs: get rid of z_erofs_do_map_blocks() forward declaration
     - erofs: avoid hardcoded blocksize for subpage block support
     - erofs: set block size to the on-disk block size
     - erofs: fix incorrect symlink detection in fast symlink
     - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
     - perf report: Fix segfault when 'sym' sort key is not used
     - fsdax: dax_unshare_iter() should return a valid length
     - fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
     - unicode: Don't special case ignorable code points
     - net: ethernet: cortina: Drop TSO support
     - tracing: Remove precision vsnprintf() check from print event
     - ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
     - ALSA: hda/realtek: cs35l41: Fix device ID / model name
     - drm/crtc: fix uninitialized variable use even harder
     - tracing: Have saved_cmdlines arrays all in one allocation
     - bootconfig: Fix the kerneldoc of _xbc_exit()
     - perf lock: Dynamically allocate lockhash_table
     - perf sched: Avoid large stack allocations
     - perf sched: Move start_work_mutex and work_done_wait_mutex initialization
       to perf_sched__replay()
     - perf sched: Fix memory leak in perf_sched__map()
     - perf sched: Move curr_thread initialization to perf_sched__map()
     - perf sched: Move curr_pid and cpu_last_switched initialization to
       perf_sched__{lat|map|replay}()
     - libsubcmd: Don't free the usage string
     - Bluetooth: Fix usage of __hci_cmd_sync_status
     - virtio_console: fix misc probe bugs
     - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
     - bpf: Check percpu map value size first
     - [s390x] facility: Disable compile time optimization for decompressor code
     - [s390x] mm: Add cond_resched() to cmm_alloc/free_pages()
     - bpf, x64: Fix a jit convergence issue
     - ext4: don't set SB_RDONLY after filesystem errors
     - ext4: nested locking for xattr inode
     - [s390x] cpum_sf: Remove WARN_ON_ONCE statements
     - RDMA/mad: Improve handling of timed out WRs of mad agent
     - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
     - RDMA/rtrs-srv: Avoid null pointer deref during path establishment
       (CVE-2024-50062)
     - clk: bcm: bcm53573: fix OF node leak in init
     - PCI: Add ACS quirk for Qualcomm SA8775P
     - i2c: i801: Use a different adapter-name for IDF adapters
     - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
     - io_uring: check if we need to reschedule during overflow flush
       (CVE-2024-50060)
     - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
       switchtec_ntb_remove due to race condition (CVE-2024-50059)
     - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
     - media: videobuf2-core: clear memory related fields in
       __vb2_plane_dmabuf_put()
     - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
     - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
     - usb: chipidea: udc: enable suspend interrupt after usb reset
     - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
       Crashkernel Scenario
     - comedi: ni_routing: tools: Check when the file could not be opened
     - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
     - virtio_pmem: Check device status before requesting flush
     - tools/iio: Add memory allocation failure check for trigger_name
     - staging: vme_user: added bound check to geoid
     - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
       attribute
     - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
       lpfc_els_flush_cmd()
     - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
       instance
     - drm/amd/display: Check null pointer before dereferencing se
       (CVE-2024-50049)
     - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
       (CVE-2024-50048)
     - fbdev: sisfb: Fix strbuf array overflow
     - drm/rockchip: vop: limit maximum resolution to hardware capabilities
     - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
     - NFSD: Mark filecache "down" if init fails
     - ice: fix VLAN replay after reset
     - SUNRPC: Fix integer overflow in decode_rc_list()
     - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
       (CVE-2024-50046)
     - net: phy: dp83869: fix memory corruption when enabling fiber
     - tcp: fix to allow timestamp undo if no retransmits were sent
     - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
     - netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
     - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
       (CVE-2024-50044)
     - net: phy: bcm84881: Fix some error handling paths
     - thermal: int340x: processor_thermal: Set feature mask before
       proc_thermal_add
     - thermal: intel: int340x: processor: Fix warning during module unload
     - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
     - net: ethernet: adi: adin1110: Fix some error handling path in
       adin1110_read_fifo()
     - net: dsa: b53: fix jumbo frame mtu check
     - net: dsa: b53: fix max MTU for 1g switches
     - net: dsa: b53: fix max MTU for BCM5325/BCM5365
     - net: dsa: b53: allow lower MTUs on BCM5325/5365
     - net: dsa: b53: fix jumbo frames on 10/100 ports
     - gpio: aspeed: Add the flush write to ensure the write complete.
     - gpio: aspeed: Use devm_clk api to manage clock source
     - ice: Fix netif_is_ice() in Safe Mode
     - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
       (CVE-2024-50041)
     - igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
     - net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
     - net: ibm: emac: mal: fix wrong goto
     - btrfs: zoned: fix missing RCU locking in error message when loading zone
       info
     - sctp: ensure sk_state is set to CLOSED if hashing fails in
       sctp_listen_start
     - netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
     - netfilter: fib: check correct rtable in vrf setups
     - net: ibm/emac: allocate dummy net_device dynamically
     - net: ibm: emac: mal: add dcr_unmap to _remove
     - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
     - vxlan: Handle error of rtnl_register_module().
     - mctp: Handle error of rtnl_register_module().
     - ppp: fix ppp_async_encode() illegal access
     - slip: make slhc_remember() more robust against malicious packets
     - rust: macros: provide correct provenance when constructing THIS_MODULE
     - HID: multitouch: Add support for lenovo Y9000P Touchpad
     - net/mlx5: Always drain health in shutdown callback (CVE-2024-43866)
     - wifi: mac80211: Avoid address calculations via out of bounds array
       indexing (CVE-2024-41071)
     - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
     - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
     - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
     - Revert "net: ibm/emac: allocate dummy net_device dynamically"
     - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
     - HID: plantronics: Workaround for an unexcepted opposite volume key
     - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
     - usb: dwc3: core: Stop processing of pending events if controller is halted
     - usb: xhci: Fix problem with xhci resume from suspend
     - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
     - usb: gadget: core: force synchronous registration
     - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
       ish_fw_xfer_direct_dma
     - drm/v3d: Stop the active perfmon before being destroyed (CVE-2024-50031)
     - drm/vc4: Stop the active perfmon before being destroyed
     - scsi: wd33c93: Don't use stale scsi_pointer value (CVE-2024-50026)
     - mptcp: fallback when MPTCP opts are dropped after 1st data
     - ata: libata: avoid superfluous disk spin down + spin up during hibernation
     - net: explicitly clear the sk pointer, when pf->create fails
     - net: Fix an unsafe loop on the list (CVE-2024-50024)
     - net: dsa: lan9303: ensure chip reset and wait for READY status
     - mptcp: handle consistently DSS corruption
     - mptcp: pm: do not remove closing subflows
     - device-dax: correct pgoff align in dax_set_mapping() (CVE-2024-50022)
     - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
     - kthread: unpark only parked kthread (CVE-2024-50019)
     - secretmem: disable memfd_secret() if arch cannot set direct map
     - net: ethernet: cortina: Restore TSO support
     - perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
     - block, bfq: fix uaf for accessing waker_bfqq after splitting
       (CVE-2024-49854)
     - Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
     - btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
     - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
     - ksmbd: fix user-after-free from session log off (CVE-2024-50086)
     - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
     - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
     - udf: New directory iteration code
     - udf: Convert udf_expand_dir_adinicb() to new directory iteration
     - udf: Move udf_expand_dir_adinicb() to its callsite
     - udf: Implement searching for directory entry using new iteration code
     - udf: Provide function to mark entry as deleted using new directory
       iteration code
     - udf: Convert udf_rename() to new directory iteration code
     - udf: Convert udf_readdir() to new directory iteration
     - udf: Convert udf_lookup() to use new directory iteration code
     - udf: Convert udf_get_parent() to new directory iteration code
     - udf: Convert empty_dir() to new directory iteration code
     - udf: Convert udf_rmdir() to new directory iteration code
     - udf: Convert udf_unlink() to new directory iteration code
     - udf: Implement adding of dir entries using new iteration code
     - udf: Convert udf_add_nondir() to new directory iteration
     - udf: Convert udf_mkdir() to new directory iteration code
     - udf: Convert udf_link() to new directory iteration code
     - udf: Remove old directory iteration code
     - udf: Handle error when expanding directory
     - udf: Don't return bh from udf_expand_dir_adinicb()
     - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
     - net: enetc: add missing static descriptor and inline keyword
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
     - [arm64] probes: Remove broken LDR (literal) uprobe support
     - [arm64] probes: Fix simulate_ldr*_literal()
     - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
       fixed-link PHY
     - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
     - fat: fix uninitialized variable
     - mm/swapfile: skip HugeTLB pages for unuse_vma
     - devlink: drop the filter argument from devlinks_xa_find_get
     - devlink: bump the instance index directly when iterating
     - maple_tree: correct tree corruption on spanning store
     - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
       (CVE-2024-39497)
     - [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
       devices
     - [s390x] sclp: Deactivate sclp after all its users
     - [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
     - [s390x] KVM: s390: gaccess: Check if guest address is in memslot
     - [s390x] KVM: s390: Change virtual to physical address access in diag 0x258
       handler
     - [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
     - [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
     - [x86] entry: Have entry_ibpb() invalidate return predictions
     - [x86] bugs: Skip RSB fill at VMEXIT
     - [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
     - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
       (CVE-2024-50082)
     - io_uring/sqpoll: close race on waiting for sqring entries
     - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
     - drm/radeon: Fix encoder->possible_clones
     - drm/vmwgfx: Handle surface check failure correctly
     - drm/amdgpu/swsmu: Only force workload setup on init
     - drm/amdgpu: prevent BO_HANDLES error from being overwritten
     - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
     - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
     - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: hid-sensors: Fix an error handling path in
       _hid_sensor_set_report_latency()
     - iio: light: veml6030: fix ALS sensor resolution
     - iio: light: veml6030: fix IIO device retrieval from embedded device
     - iio: light: opt3001: add missing full-scale range value
     - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - Bluetooth: Call iso_exit() on module unload
     - Bluetooth: Remove debugfs directory on module init failure
     - Bluetooth: ISO: Fix multiple init when debugfs is disabled
       (CVE-2024-50077)
     - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
     - xhci: Fix incorrect stream context type macro
     - xhci: Mitigate failed set dequeue pointer commands
     - USB: serial: option: add support for Quectel EG916Q-GL
     - USB: serial: option: add Telit FN920C04 MBIM compositions
     - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
     - parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
     - [x86] resctrl: Annotate get_mem_config() functions as __init
     - [x86] apic: Always explicitly disarm TSC-deadline timer
     - [x86] entry_32: Do not clobber user EFLAGS.ZF
     - [x86] entry_32: Clear CPU buffers after register restore in NMI return
     - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073)
     - pinctrl: ocelot: fix system hang on level based interrupts
     - pinctrl: apple: check devm_kasprintf() returned value
     - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
     - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
     - tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
     - mptcp: prevent MPC handshake on port-based signal endpoints
     - nilfs2: propagate directory read errors from nilfs_find_entry()
     - [powerpc*] 64: Add big-endian ELFv2 flavour to crypto VMX asm generation
     - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
       1000 G2
     - udf: Allocate name buffer in directory iterator on heap
     - udf: Avoid directory type conversion failure due to ENOMEM
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.115
     - bpf: Use raw_spinlock_t in ringbuf
     - iio: accel: bma400: Fix uninitialized variable field_value in tap event
       handling.
     - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
     - bpf: devmap: provide rxq after redirect
     - bpf: Fix memory leak in bpf_core_apply
     - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
     - RDMA/bnxt_re: Add a check for memory allocation
     - [x86] resctrl: Avoid overflow in MB settings in bw_validate()
     - [armhf] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
     - [s390x] pci: Handle PCI error codes other than 0x3a
     - bpf: fix kfunc btf caching for modules
     - drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
     - ALSA: hda/cs8409: Fix possible NULL dereference
     - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
     - RDMA/irdma: Fix misspelling of "accept*"
     - RDMA/srpt: Make slab cache names unique
     - ipv4: give an IPv4 dev to blackhole_netdev
     - RDMA/bnxt_re: Return more meaningful error
     - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
     - [arm64] drm/msm/dpu: make sure phys resources are properly initialized
     - [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
       calculation
     - [arm64] drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
     - [arm64] drm/msm: Allocate memory for disp snapshot with kvzalloc()
     - net: usb: usbnet: fix race in probe failure
     - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
     - macsec: don't increment counters for an unrelated SA
     - netdevsim: use cond_resched() in nsim_dev_trap_report_work()
     - net: ethernet: aeroflex: fix potential memory leak in
       greth_start_xmit_gbit()
     - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
     - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
     - net: systemport: fix potential memory leak in bcm_sysport_xmit()
     - [arm64] drm/msm/dpu: Wire up DSC mask for active CTL configuration
     - [arm64] drm/msm/dpu: don't always program merge_3d block
     - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
     - genetlink: hold RCU in genlmsg_mcast()
     - ravb: Remove setting of RX software timestamp
     - net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
     - scsi: target: core: Fix null-ptr-deref in target_alloc_device()
     - smb: client: fix OOBs when building SMB2_IOCTL request
     - usb: typec: altmode should keep reference to parent
     - [s390x] Initialize psw mask in perf_arch_fetch_caller_regs()
     - Bluetooth: bnep: fix wild-memory-access in proto_unregister
     - net/mlx5: Remove redundant cmdif revision check
     - net/mlx5: split mlx5_cmd_init() to probe and reload routines
     - net/mlx5: Fix command bitmask initialization
     - net/mlx5: Unregister notifier on eswitch init failure
     - bpf: Fix iter/task tid filtering
     - [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
     - [arm64] probes: Fix uprobes for big-endian kernels
     - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
     - usb: gadget: f_uac2: fix non-newline-terminated function name
     - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
     - usb: gadget: Add function wakeup support
     - XHCI: Separate PORT and CAPs macros into dedicated file
     - [arm64,armhf] usb: dwc3: core: Fix system suspend on TI AM62 platforms
     - tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool
       active
     - serial: Make uart_handle_cts_change() status param bool active
     - serial: imx: Update mctrl old_status on RTSD interrupt
     - block, bfq: fix procress reference leakage for bfqq in merge chain
     - exec: don't WARN for racy path_noexec check (CVE-2024-50010)
     - fs/ntfs3: Add more attributes checks in mi_enum_attr() (CVE-2023-45896)
     - [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
       with real VLA
     - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
       default regs values
     - [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
     - [arm64] Force position-independent veneers
     - udf: refactor udf_current_aext() to handle error
     - udf: fix uninit-value use in udf_get_fileshortad
     - [x86] platform/x86: dell-sysman: add support for alienware products
     - jfs: Fix sanity check in dbMount
     - tracing: Consider the NULL character when validating the event length
     - xfrm: extract dst lookup parameters into a struct
     - xfrm: respect ip protocols rules criteria when performing dst lookups
     - be2net: fix potential memory leak in be_xmit()
     - net: plip: fix break; causing plip to never transmit
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix error when setting port policy on
       mv88e6393x
     - netfilter: xtables: fix typo causing some targets not to load on IPv6
     - net: wwan: fix global oob in wwan_rtnl_policy
     - docs: net: reformat driver.rst from a list to sections
     - net: provide macros for commonly copied lockless queue stop/wake code
     - net/sched: adjust device watchdog timer to detect stopped queue at right
       time
     - net: fix races in netdev_tx_sent_queue()/dev_watchdog()
     - net: usb: usbnet: fix name regression
     - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
       created by classifiers
     - net: sched: fix use-after-free in taprio_change()
     - r8169: avoid unsolicited interrupts
     - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
     - Bluetooth: SCO: Fix UAF on sco_sock_timeout
     - Bluetooth: ISO: Fix UAF on iso_sock_timeout
     - bpf,perf: Fix perf_event_detach_bpf_prog error handling
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
     - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
     - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
     - ALSA: hda/realtek: Update default depop procedure
     - cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
     - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
     - btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
     - btrfs: zoned: fix zone unusable accounting for freed reserved extent
     - drm/amd: Guard against bad data for ATIF ACPI method
     - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
     - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
     - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
       detection issue
     - nilfs2: fix kernel bug due to missing clearing of buffer delay flag
     - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
     - [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
     - [arm64] KVM: arm64: Don't eagerly teardown the vgic on init error
     - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
     - xfrm: fix one more kernel-infoleak in algo dumping
     - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
     - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
     - selinux: improve error checking in sel_write_load()
     - serial: protect uart_port_dtr_rts() in uart_shutdown() too
       (CVE-2024-50058)
     - net: phy: dp83822: Fix reset pin definitions
     - [arm64] ASoC: qcom: Fix NULL Dereference in
       asoc_qcom_lpass_cpu_platform_probe()
     - [x86] platform/x86: dell-wmi: Ignore suspend notifications
     - ACPI: PRM: Clean up guid type in struct prm_handler_info
     - [arm64] uprobes: change the uprobe_opcode_t typedef to fix the sparse
       warning
     - xfrm: validate new SA's prefixlen using SA family when sel.family is unset
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 27
   * d/config: Update with the help of kconfigeditor2
     - mm: Enable Z3FOLD_DEPRECATED instead of Z3FOLD
linux (6.1.112-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
     - tty: atmel_serial: use the correct RTS flag.
     - fuse: Initialize beyond-EOF page contents before setting uptodate
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
     - ALSA: usb-audio: Support Yamaha P-125 quirk entry
     - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
     - [x86] thunderbolt: Mark XDomain as unplugged when router is removed
     - [s390x] dasd: fix error recovery leading to data corruption on ESE devices
     - [arm64] ACPI: NUMA: initialize all values of acpi_early_node_map to
       NUMA_NO_NODE
     - dm resume: don't return EINVAL when signalled
     - dm persistent data: fix memory allocation failure
     - vfs: Don't evict inode under the inode lru traversing context
     - [s390x] cio: rename bitmap_size() -> idset_bitmap_size()
     - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
     - bitmap: introduce generic optimized bitmap_size()
     - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
     - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
     - rtla/osnoise: Prevent NULL dereference in error handling
     - fs/netfs/fscache_cookie: add missing "n_accesses" check
     - selinux: fix potential counting error in avc_add_xperms_decision()
     - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
     - btrfs: zoned: properly take lock to read/update block group's zoned
       variables
     - btrfs: tree-checker: add dev extent item checks
     - drm/amdgpu: Actually check flags for all context ops.
     - memcg_write_event_control(): fix a user-triggerable oops
     - drm/amdgpu/jpeg2: properly set atomics vmid field
     - [s390x] uv: Panic for set and remove shared access UVC errors
     - bpf: Fix updating attached freplace prog in prog_array map
     - nilfs2: prevent WARNING in nilfs_dat_commit_end()
     - ext4, jbd2: add an optimized bmap for the journal inode
     - 9P FS: Fix wild-memory-access write in v9fs_get_acl
     - nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
     - mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
     - bpf: Split off basic BPF verifier log into separate file
     - bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
     - posix-timers: Ensure timer ID search-loop limit is valid
     - pid: Replace struct pid 1-element array with flex-array
     - gfs2: Rename remaining "transaction" glock references
     - gfs2: Rename the {freeze,thaw}_super callbacks
     - gfs2: Rename gfs2_freeze_lock{ => _shared }
     - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
     - gfs2: Rework freeze / thaw logic
     - gfs2: Stop using gfs2_make_fs_ro for withdraw
     - Bluetooth: Fix hci_link_tx_to RCU lock usage
     - wifi: mac80211: take wiphy lock for MAC addr change
     - wifi: mac80211: fix change_address deadlock during unregister
     - net: sched: Print msecs when transmit queue time out
     - net: don't dump stack on queue timeout
     - jfs: fix shift-out-of-bounds in dbJoin
     - squashfs: squashfs_read_data need to check if the length is 0
     - Squashfs: fix variable overflow triggered by sysbot
     - reiserfs: fix uninit-value in comp_keys
     - erofs: avoid debugging output for (de)compressed data
     - quota: Detect loops in quota tree
     - net:rds: Fix possible deadlock in rds_message_put
     - net: sctp: fix skb leak in sctp_inq_free()
     - pppoe: Fix memory leak in pppoe_sendmsg()
     - wifi: mac80211: fix and simplify unencrypted drop check for mesh
     - wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
     - wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
     - wifi: mac80211: remove mesh forwarding congestion check
     - wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
     - wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
     - wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
     - docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
     - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
     - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
     - Bluetooth: RFCOMM: Fix not validating setsockopt user input
       (CVE-2024-35966)
     - ext4: check the return value of ext4_xattr_inode_dec_ref()
     - ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
     - ext4: do not create EA inode under buffer lock (CVE-2024-40972)
     - udf: Fix bogus checksum computation in udf_rename()
     - bpf, net: Use DEV_STAT_INC()
     - fou: remove warn in gue_gro_receive on unsupported protocol
       (CVE-2024-44940)
     - jfs: fix null ptr deref in dtInsertEntry (CVE-2024-44939)
     - jfs: Fix shift-out-of-bounds in dbDiscardAG (CVE-2024-44938)
     - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
     - igc: Correct the launchtime offset
     - igc: Fix packet still tx after gate close by reducing i226 MAC retry
       buffer
     - net/mlx5e: Take state lock during tx timeout reporter
     - net/mlx5e: Correctly report errors for ethtool rx flows
     - atm: idt77252: prevent use after free in dequeue_rx()
     - mlxbf_gige: Remove two unused function declarations
     - mlxbf_gige: disable RX filters until RX path initialized
     - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
     - netfilter: allow ipv6 fragments to arrive on different devices
     - netfilter: flowtable: initialise extack before use
     - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
       (Closes: #1070685)
     - netfilter: nf_tables: Audit log dump reset after the fact
     - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
     - netfilter: nf_tables: Unconditionally allocate nft_obj_filter
     - netfilter: nf_tables: A better name for nft_obj_filter
     - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
     - netfilter: nf_tables: nft_obj_filter fits into cb->ctx
     - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
     - netfilter: nf_tables: Introduce nf_tables_getobj_single
     - netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
     - [arm64] net: hns3: fix wrong use of semaphore up
     - [arm64] net: hns3: use the user's cfg after reset
     - [arm64] net: hns3: fix a deadlock problem when config TC during resetting
     - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
     - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible
       values can be stored
     - ssb: Fix division by zero issue in ssb_calc_clock_rate
     - wifi: cfg80211: check wiphy mutex is held for wdev mutex
     - wifi: mac80211: fix BA session teardown race
     - mm: Remove kmem_valid_obj()
     - rcu: Dump memory object info if callback function is invalid
     - rcu: Eliminate rcu_gp_slow_unregister() false positive
     - wifi: cw1200: Avoid processing an invalid TIM IE
     - cgroup: Avoid extra dereference in css_populate_dir()
     - i2c: riic: avoid potential division by zero
     - RDMA/rtrs: Fix the problem of variable not initialized fully
     - [s390x] smp,mcck: fix early IPI handling
     - drm/bridge: tc358768: Attempt to fix DSI horizontal timings
     - media: radio-isa: use dev_name to fill in bus_info
     - staging: iio: resolver: ad2s1210: fix use before initialization
     - usb: gadget: uvc: cleanup request when not in correct state
     - drm/amd/display: Validate hw_points_num before using it
     - staging: ks7010: disable bh on tx_dev_lock
     - media: s5p-mfc: Fix potential deadlock on condlock
     - md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
     - binfmt_misc: cleanup on filesystem umount
     - [arm64,armhf] drm/tegra: Zero-initialize iosys_map
     - media: qcom: venus: fix incorrect return value
     - scsi: spi: Fix sshdr use
     - gfs2: setattr_chown: Add missing initialization
     - wifi: iwlwifi: abort scan when rfkill on but device enabled
     - wifi: iwlwifi: fw: Fix debugfs command sending
     - clk: visconti: Add bounds-checking coverage for struct
       visconti_pll_provider
     - [amd64] IB/hfi1: Fix potential deadlock on &irq_src_lock and
       &dd->uctxt_lock
     - kbuild: rust_is_available: normalize version matching
     - kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
     - [arm64] Fix KASAN random tag seed initialization
     - block: Fix lockdep warning in blk_mq_mark_tag_wait
     - [arm64] drm/msm: Reduce fallout of fence signaling vs reclaim hangs
     - memory: tegra: Skip SID programming if SID registers aren't set
     - [powerpc*] xics: Check return value of kasprintf in icp_native_map_one_cpu
     - [x86] ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
     - [x86] hwmon: (pc87360) Bounds check data->innr usage
     - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at
       linear mode
     - Bluetooth: hci_conn: Check non NULL function before calling for HFP
       offload
     - gfs2: Refcounting fix in gfs2_thaw_super
     - nvmet-trace: avoid dereferencing pointer too early
     - ext4: do not trim the group with corrupted block bitmap
     - afs: fix __afs_break_callback() / afs_drop_open_mmap() race
     - fuse: fix UAF in rcu pathwalks
     - quota: Remove BUG_ON from dqget()
     - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
     - media: pci: cx23885: check cx23885_vdev_init() return
     - fs: binfmt_elf_efpic: don't use missing interpreter's properties
     - scsi: lpfc: Initialize status local variable in
       lpfc_sli4_repost_sgl_list()
     - media: drivers/media/dvb-core: copy user arrays safely
     - net/sun3_82586: Avoid reading past buffer in debug output
     - drm/lima: set gp bus_stop bit before hard reset
     - hrtimer: Select housekeeping CPU during migration
     - virtiofs: forbid newlines in tags
     - clocksource/drivers/arm_global_timer: Guard against division by zero
     - netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
     - md: clean up invalid BUG_ON in md_ioctl
     - [x86] Increase brk randomness entropy for 64-bit systems
     - memory: stm32-fmc2-ebi: check regmap_read return value
     - [powerpc*] boot: Handle allocation failure in simple_realloc()
     - [powerpc*] boot: Only free if realloc() succeeds
     - btrfs: delayed-inode: drop pointless BUG_ON in
       __btrfs_remove_delayed_item()
     - btrfs: change BUG_ON to assertion when checking for delayed_node root
     - btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
     - btrfs: handle invalid root reference found in may_destroy_subvol()
     - btrfs: send: handle unexpected data in header buffer in begin_cmd()
     - btrfs: change BUG_ON to assertion in tree_move_down()
     - btrfs: delete pointless BUG_ON check on quota root in
       btrfs_qgroup_account_extent()
     - f2fs: fix to do sanity check in update_sit_entry
     - usb: gadget: fsl: Increase size of name buffer for endpoints
     - nvme: clear caller pointer on identify failure
     - Bluetooth: bnep: Fix out-of-bound access
     - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
     - rtc: nct3018y: fix possible NULL dereference
     - [arm64] net: hns3: add checking for vf id of mailbox
     - nvmet-tcp: do not continue for invalid icreq
     - NFS: avoid infinite loop in pnfs_update_layout.
     - [s390x] iucv: fix receive buffer virtual vs physical address confusion
     - irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
     - clocksource: Make watchdog and suspend-timing multiplication overflow safe
     - [x86] platform/x86: lg-laptop: fix %s null argument warning
     - usb: dwc3: core: Skip setting event buffers for host only controllers
     - fbdev: offb: replace of_node_put with __free(device_node)
     - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
     - ext4: set the type of max_zeroout to unsigned int to avoid overflow
     - nvmet-rdma: fix possible bad dereference when freeing rsps
     - drm/amdgpu: fix dereference null return value for the function
       amdgpu_vm_pt_parent
     - hrtimer: Prevent queuing of hrtimer without a function callback
     - gtp: pull network headers in gtp_dev_xmit()
     - [arm64,armhf] i2c: tegra: allow DVC support to be compiled out
     - [arm64,armhf] i2c: tegra: allow VI support to be compiled out
     - [arm64,armhf] i2c: tegra: Do not mark ACPI devices as irq safe
     - dm suspend: return -ERESTARTSYS instead of -EINTR
     - net: mana: Fix doorbell out of order violation and avoid unnecessary
       doorbell rings
     - btrfs: replace sb::s_blocksize by fs_info::sectorsize
     - btrfs: send: allow cloning non-aligned extent if it ends at i_size
     - drm/amd/display: Adjust cursor position
     - platform/surface: aggregator: Fix warning when controller is destroyed in
       probe
     - Bluetooth: hci_core: Fix LE quote calculation
     - Bluetooth: SMP: Fix assumption of Central always being Initiator
     - [arm64] net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN
       xmit
     - [arm64] net: dsa: tag_ocelot: call only the relevant portion of
       __skb_vlan_pop() on TX
     - [arm64] net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA
       and register injection
     - [arm64] net: mscc: ocelot: fix QoS class for injected packets with
       "ocelot-8021q"
     - [arm64] net: mscc: ocelot: serialize access to the injection/extraction
       groups
     - tc-testing: don't access non-existent variable on exception
     - tcp/dccp: bypass empty buckets in inet_twsk_purge()
     - tcp/dccp: do not care about families in inet_twsk_purge()
     - tcp: prevent concurrent execution of tcp_sk_exit_batch
     - net: mctp: test: Use correct skb for route input check
     - kcm: Serialise kcm_sendmsg() for the same socket.
     - netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
     - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
     - ip6_tunnel: Fix broken GRO
     - bonding: fix bond_ipsec_offload_ok return type
     - bonding: fix null pointer deref in bond_ipsec_offload_ok
     - bonding: fix xfrm real_dev null pointer dereference
     - bonding: fix xfrm state handling when clearing active slave
     - ice: Prepare legacy-rx for upcoming XDP multi-buffer support
     - ice: Add xdp_buff to ice_rx_ring struct
     - ice: Store page count inside ice_rx_buf
     - ice: Pull out next_to_clean bump out of ice_put_rx_buf()
     - ice: fix page reuse when PAGE_SIZE is over 8k
     - ice: fix ICE_LAST_OFFSET formula
     - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
     - net: dsa: mv88e6xxx: Fix out-of-bound access
     - netem: fix return value if duplicate enqueue fails
     - ipv6: prevent UAF in ip6_send_skb()
     - ipv6: fix possible UAF in ip6_finish_output2()
     - ipv6: prevent possible UAF in ip6_xmit()
     - netfilter: flowtable: validate vlan header
     - [arm64] drm/msm/dpu: don't play tricks with debug macros
     - [arm64] drm/msm/dp: fix the max supported bpp logic
     - [arm64] drm/msm/dp: reset the link phy params before link training
     - [arm64] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
     - mmc: mmc_test: Fix NULL dereference on allocation failure
     - Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884)
     - scsi: core: Fix the return value of scsi_logical_block_count()
     - ksmbd: the buffer of smb2 query dir response has at least 1 byte
     - drm/amdgpu: Validate TA binary size
     - HID: wacom: Defer calculation of resolution until resolution_code is known
     - HID: microsoft: Add rumble support to latest xbox controllers
     - Input: i8042 - add forcenorestore quirk to leave controller untouched even
       on s3
     - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk
       combination
     - cxgb4: add forgotten u64 ivlan cast before shift
     - [arm64] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
     - mmc: dw_mmc: allow biu and ciu clocks to defer
     - pmdomain: imx: wait SSAR when i.MX93 power domain on
     - mptcp: pm: re-using ID of unused removed ADD_ADDR
     - mptcp: pm: re-using ID of unused removed subflows
     - mptcp: pm: re-using ID of unused flushed subflows
     - mptcp: pm: only decrement add_addr_accepted for MPJ req
     - Revert "usb: gadget: uvc: cleanup request when not in correct state"
     - Revert "drm/amd/display: Validate hw_points_num before using it"
     - tcp: do not export tcp_twsk_purge()
     - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
     - ALSA: timer: Relax start tick time check for slave timer elements
     - mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order
       fallback to order 0
     - mm/numa: no task_numa_fault() call if PMD is changed
     - mm/numa: no task_numa_fault() call if PTE is changed
     - nfsd: Simplify code around svc_exit_thread() call in nfsd()
     - nfsd: separate nfsd_last_thread() from nfsd_put()
     - NFSD: simplify error paths in nfsd_svc()
     - nfsd: call nfsd_last_thread() before final nfsd_put()
     - nfsd: drop the nfsd_put helper
     - nfsd: don't call locks_release_private() twice concurrently
     - nfsd: Fix a regression in nfsd_setattr()
     - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
     - drm/amdgpu/vcn: identify unified queue in sw init
     - drm/amdgpu/vcn: not pause dpg for unified queue
     - [x86] KVM: x86: fire timer when it is migrated and expired, and in oneshot
       mode
     - Revert "s390/dasd: Establish DMA alignment"
     - wifi: mac80211: add documentation for amsdu_mesh_control
     - wifi: mac80211: fix mesh path discovery based on unicast packets
     - wifi: mac80211: fix mesh forwarding
     - wifi: mac80211: fix flow dissection for forwarded packets
     - wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
     - wifi: mac80211: drop bogus static keywords in A-MSDU rx
     - wifi: mac80211: fix potential null pointer dereference
     - wifi: cfg80211: fix receiving mesh packets without RFC1042 header
     - gfs2: Fix another freeze/thaw hang
     - gfs2: don't withdraw if init_threads() got interrupted
     - gfs2: Remove LM_FLAG_PRIORITY flag
     - gfs2: Remove freeze_go_demote_ok
     - udp: fix receiving fraglist GSO packets
     - ice: fix W=1 headers mismatch
     - Revert "jfs: fix shift-out-of-bounds in dbJoin"
     - net: change maximum number of UDP segments to 128
     - selftests: net: more strict check in net_helper
     - Input: MT - limit max slots
     - tools: move alignment-related macros to new <linux/align.h>
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.108
     - drm/amdgpu: Using uninitialized value *size when calling
       amdgpu_vce_cs_reloc (CVE-2024-42228)
     - btrfs: run delayed iputs when flushing delalloc
     - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
     - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
     - pinctrl: single: fix potential NULL dereference in pcs_get_function()
     - of: Add cleanup.h based auto release via __free(device_node) markings
     - wifi: wfx: repair open network AP mode
     - wifi: mwifiex: duplicate static structs used in driver instances
     - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
     - mptcp: close subflow when receiving TCP+FIN
     - mptcp: sched: check both backup in retrans
     - mptcp: pm: skip connecting to already established sf
     - mptcp: pm: reset MPC endp ID when re-added
     - mptcp: pm: send ACK on an active subflow
     - mptcp: pm: do not remove already closed subflows
     - mptcp: pm: ADD_ADDR 0 is not a new address
     - drm/amdgpu: align pp_power_profile_mode with kernel docs
     - drm/amdgpu/swsmu: always force a state reprogram on init
     - ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)
     - usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister
       existing source caps before re-registration"
     - mmc: Avoid open coding by using mmc_op_tuning()
     - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
     - mptcp: unify pm get_local_id interfaces
     - mptcp: pm: remove mptcp_pm_remove_subflow()
     - mptcp: pm: only mark 'subflow' endp as available
     - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
     - of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put()
       handling
     - thermal: of: Fix OF node leak in thermal_of_trips_init() error path
     - thermal: of: Fix OF node leak in of_thermal_zone_find() error paths
     - ASoC: amd: acp: fix module autoloading
     - ASoC: SOF: amd: Fix for acp init sequence
     - pinctrl: mediatek: common-v2: Fix broken bias-disable for
       PULL_PU_PD_RSEL_TYPE
     - btrfs: fix extent map use-after-free when adding pages to compressed bio
       (CVE-2024-42314)
     - soundwire: stream: fix programming slave ports for non-continous port maps
     - [arm64] phy: xilinx: add runtime PM support
     - [arm64] phy: xilinx: phy-zynqmp: dynamic clock support for power-save
     - [arm64] phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume
     - [x86] dmaengine: dw: Add peripheral bus width verification
     - [x86] dmaengine: dw: Add memory bus width verification
     - Bluetooth: hci_core: Fix not handling hibernation actions
     - iommu: Do not return 0 from map_pages if it doesn't do anything
     - netfilter: nf_tables: restore IP sanity checks for netdev/egress
     - wifi: iwlwifi: fw: fix wgds rev 3 exact size
     - ethtool: check device is present when getting link settings
     - netfilter: nf_tables_ipv6: consider network offset in netdev/egress
       validation
     - bonding: implement xdo_dev_state_free and call it after deletion
     - gtp: fix a potential NULL pointer dereference
     - sctp: fix association labeling in the duplicate COOKIE-ECHO case
     - drm/amd/display: avoid using null object of framebuffer
     - net: busy-poll: use ktime_get_ns() instead of local_clock()
     - nfc: pn533: Add poll mod list filling check
     - [arm64] soc: qcom: cmd-db: Map shared memory as WC, not WB
     - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
     - USB: serial: option: add MeiG Smart SRM825L
     - [armhf] usb: dwc3: omap: add missing depopulate in probe error path
     - [arm64,armhf] usb: dwc3: core: Prevent USB core invalid event buffer
       address access
     - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
       remove_power_attributes()
     - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
     - usb: cdnsp: fix for Link TRB with TC
     - [arm64] phy: zynqmp: Enable reference clock correctly
     - igc: Fix reset adapter logics when tx mode change
     - igc: Fix qbv tx latency by setting gtxoffset
     - scsi: aacraid: Fix double-free on probe failure
     - apparmor: fix policy_unpack_test on big endian systems
     - fbdev: offb: fix up missing cleanup.h
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.109
     - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
     - scsi: ufs: core: Bypass quick recovery if force reset is needed
     - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
     - ALSA: hda/conexant: Mute speakers at suspend / shutdown
     - i2c: Fix conditional for substituting empty ACPI functions
     - dma-debug: avoid deadlock between dma debug vs printk and netconsole
     - net: usb: qmi_wwan: add MeiG Smart SRM825L
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
     - mptcp: make pm_remove_addrs_and_subflows static
     - mptcp: pm: fix RM_ADDR ID for the initial subflow
     - PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
     - f2fs: fix to truncate preallocated blocks in f2fs_file_open()
       (CVE-2024-43859)
     - mptcp: pm: fullmesh: select the right ID later
     - mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)
     - mptcp: pm: reuse ID 0 after delete and re-add
     - mptcp: pm: fix ID 0 endp usage after multiple re-creations
     - mptcp: pr_debug: add missing \n at the end
     - mptcp: avoid duplicated SUB_CLOSED events
     - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
     - drm/amd/display: Assign linear_pitch_alignment even for VM
     - drm/amdgpu: fix overflowed array index read warning
     - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
     - drm/amd/pm: fix uninitialized variable warning
     - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
     - drm/amd/pm: fix warning using uninitialized value of max_vid_step
     - drm/amd/pm: Fix negative array index read
     - drm/amd/pm: fix the Out-of-bounds read warning
     - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
     - drm/amdgpu: avoid reading vf2pf info size from FB
     - drm/amd/display: Check gpio_id before used as array index
     - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
     - drm/amd/display: Add array index check for hdcp ddc access
     - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
     - drm/amd/display: Check msg_id before processing transcation
     - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
       dal_gpio_service_create
     - drm/amd/display: Spinlock before reading event
     - drm/amd/display: Ensure index calculation will not overflow
     - drm/amd/display: Skip inactive planes within
       ModeSupportAndSystemConfiguration
     - drm/amd/amdgpu: Check tbo resource pointer
     - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
     - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
     - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
     - drm/amdgpu: Fix out-of-bounds write warning
     - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
     - drm/amdgpu: fix ucode out-of-bounds read warning
     - drm/amdgpu: fix mc_data out-of-bounds read warning
     - apparmor: fix possible NULL pointer dereference
     - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
     - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
       SOCs
     - drm/amdgpu: fix dereference after null check
     - drm/amdgpu: fix the waring dereferencing hive
     - drm/amd/pm: check specific index for aldebaran
     - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
     - drm/amd/pm: check negtive return for table entries
     - wifi: rtw89: ser: avoid multiple deinit on same CAM
     - drm/amdgpu: update type of buf size to u32 for eeprom functions
     - wifi: iwlwifi: remove fw_running op
     - cpufreq: scmi: Avoid overflow of target_freq in fast switch
     - PCI: al: Check IORESOURCE_BUS existence during probe
     - hwspinlock: Introduce hwspin_lock_bust()
     - RDMA/efa: Properly handle unexpected AQ completions
     - ionic: fix potential irq name truncation
     - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
     - rcu/nocb: Remove buggy bypass lock contention mitigation
     - usbip: Don't submit special requests twice
     - usb: typec: ucsi: Fix null pointer dereference in trace
     - fsnotify: clear PARENT_WATCHED flags lazily
     - regmap: spi: Fix potential off-by-one when calculating reserved size
     - smack: tcp: ipv4, fix incorrect labeling
     - net/mlx5e: SHAMPO, Fix incorrect page release
     - [arm64] drm/meson: plane: Add error handling
     - [x86] hwmon: (k10temp) Check return value of amd_smn_read()
     - wifi: cfg80211: make hash table duplicates more survivable
     - driver: iio: add missing checks on iio_info's callback access
     - block: remove the blk_flush_integrity call in blk_integrity_unregister
     - drm/amd/display: added NULL check at start of dc_validate_stream
     - drm/amd/display: Correct the defined value for
       AMDGPU_DMUB_NOTIFICATION_MAX
     - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
     - media: uvcvideo: Enforce alignment of frame and interval
     - virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)
     - Bluetooth: SCO: Fix possible circular locking dependency on
       sco_connect_cfm
     - Bluetooth: SCO: fix sco_conn related locking and validity issues
     - ext4: fix inode tree inconsistency caused by ENOMEM
     - udf: Limit file size to 4TB
     - ext4: reject casefold inode flag without casefold feature
     - ext4: handle redirtying in ext4_bio_write_page()
     - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
     - sch/netem: fix use after free in netem_dequeue
     - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
     - [x86] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
     - [x86] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and
       MSR_GS_BASE
     - [x86] KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is
       missing
     - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
       devices
     - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
     - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
     - ksmbd: unset the binding mark of a reused connection
     - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
     - ata: libata: Fix memory leak for error path in ata_host_alloc()
     - [x86] tdx: Fix data leak in mmio_read()
     - [x86] perf/x86/intel: Limit the period on Haswell
     - [arm64,armhf] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
     - [x86] kaslr: Expose and use the end of the physical memory address space
     - rtmutex: Drop rt_mutex::wait_lock before scheduling
     - nvme-pci: Add sleep quirk for Samsung 990 Evo
     - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
       BREDR/LE"
     - Bluetooth: MGMT: Ignore keys being loaded with invalid type
     - mmc: core: apply SD quirks earlier during probe
     - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
     - mmc: sdhci-of-aspeed: fix module autoloading
     - mmc: cqhci: Fix checking of CQHCI_HALT state
     - fuse: update stats for pages in dropped aux writeback list
     - fuse: use unsigned type for getxattr/listxattr size truncation
     - [arm64] clk: qcom: clk-alpha-pll: Fix the pll post div mask
     - [arm64] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
     - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
     - spi: rockchip: Resolve unbalanced runtime PM / system PM handling
     - tracing: Avoid possible softlockup in tracing_iter_reset()
     - net: mctp-serial: Fix missing escapes on transmit
     - [x86] fpu: Avoid writing LBR bit to IA32_XSS unless supported
     - Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
     - tcp_bpf: fix return value of tcp_bpf_sendmsg()
     - ila: call nf_unregister_net_hooks() sooner
     - sched: sch_cake: fix bulk flow accounting logic for host fairness
     - nilfs2: fix missing cleanup on rollforward recovery error
     - nilfs2: protect references to superblock parameters exposed in sysfs
     - nilfs2: fix state management in error path of log writing function
     - ALSA: control: Apply sanity check of input values for user elements
     - ALSA: hda: Add input value sanity checks to HDMI channel map controls
     - smack: unix sockets: fix accept()ed socket label
     - ELF: fix kernel.randomize_va_space double read
     - [armhf] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
     - af_unix: Remove put_pid()/put_cred() in copy_peercred().
     - [x86] kmsan: Fix hook for unaligned accesses
     - netfilter: nf_conncount: fix wrong variable type
     - udf: Avoid excessive partition lengths
     - media: vivid: fix wrong sizeimage value for mplane
     - leds: spi-byte: Call of_node_put() on error path
     - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
     - usb: uas: set host status byte on data completion error
     - usb: gadget: aspeed_udc: validate endpoint index for ast udc
     - drm/amd/display: Check HDCP returned status
     - drm/amdgpu: Fix smatch static checker warning
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
     - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
     - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
     - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
     - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
     - pcmcia: Use resource_size function on resource object
     - drm/amd/display: Check denominator pbn_div before used
     - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
     - can: bcm: Remove proc entry when dev is unregistered.
     - [arm64] can: m_can: Release irq on error in m_can_open
     - can: mcp251xfd: fix ring configuration when switching from CAN-CC to
       CAN-FD mode
     - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
     - igb: Fix not clearing TimeSync interrupts for 82580
     - ice: Add netif_device_attach/detach into PF reset flow
     - [x86] platform/x86: dell-smbios: Fix error path in dell_smbios_init()
     - regulator: Add of_regulator_bulk_get_all
     - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
     - igc: Unlock on error in igc_io_resume()
     - ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog()
     - ice: allow hot-swapping XDP programs
     - ice: do not bring the VSI up, if it was down before the XDP setup
     - usbnet: modern method to get random MAC
     - bareudp: Fix device stats updates.
     - fou: Fix null-ptr-deref in GRO.
     - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
     - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
     - firmware: cs_dsp: Don't allow writes to read-only controls
     - [arm64] phy: zynqmp: Take the phy mutex in xlate
     - [x86] ASoC: topology: Properly initialize soc_enum values
     - dm init: Handle minors larger than 255
     - [amd64] iommu/vt-d: Handle volatile descriptor status read
     - cgroup: Protect css->cgroup write under css_set_lock
     - devres: Initialize an uninitialized struct member
     - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
     - [x86] crypto: qat - fix unintentional re-enabling of error interrupts
     - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
     - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
     - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
     - drm/amdgpu: Set no_hw_access when VF request full GPU fails
     - ext4: fix possible tid_t sequence overflows
     - dma-mapping: benchmark: Don't starve others when doing the test
     - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
     - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
     - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
     - btrfs: clean up our handling of refs == 0 in snapshot delete
     - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
     - PCI: Add missing bridge lock to pci_bus_lock()
     - tcp: Don't drop SYN+ACK for simultaneous connect().
     - net: dpaa: avoid on-stack arrays of NR_CPUS elements
     - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
     - btrfs: initialize location to fix -Wmaybe-uninitialized in
       btrfs_lookup_dentry()
     - [s390x] vmlinux.lds.S: Move ro_after_init section behind rodata section
     - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
     - [amd64] HID: amd_sfh: free driver_data after destroying hid device
     - Input: uinput - reject requests with unreasonable number of slots
     - usbnet: ipheth: race between ipheth_close and error handling
     - Squashfs: sanity check symbolic link size
     - of/irq: Prevent device address out-of-bounds read in interrupt map walk
     - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
     - [mips*] cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
     - ata: pata_macio: Use WARN instead of BUG
     - NFSv4: Add missing rescheduling points in
       nfs_client_return_marked_delegations
     - io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers
     - io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads
     - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
     - iio: buffer-dmaengine: fix releasing dma channel on error
     - iio: fix scale application in iio_convert_raw_to_processed_unlocked
     - iio: adc: ad7124: fix config comparison
     - iio: adc: ad7606: remove frstdata check for serial mode
     - iio: adc: ad7124: fix chip ID mismatch
     - [arm64,armhf] usb: dwc3: core: update LC timer as per USB Spec V3.2
     - [arm*] binder: fix UAF caused by offsets overwrite
     - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
     - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
     - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
     - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
     - clocksource/drivers/timer-of: Remove percpu irq related code
     - uprobes: Use kzalloc to allocate xol area
     - perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
     - fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY
     - fuse: allow non-extending parallel direct writes on the same file
     - fuse: add request extension
     - fuse: fix memory leak in fuse_create_open
     - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
     - workqueue: wq_watchdog_touch is always called with valid CPU
     - workqueue: Improve scalability of workqueue watchdog touch
     - ACPI: processor: Return an error if acpi_processor_get_info() fails in
       processor_add()
     - ACPI: processor: Fix memory leaks in error paths of processor_add()
     - [arm64] acpi: Move get_cpu_for_acpi_id() to a header
     - [arm64] acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
     - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
       function
     - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index
       erratum
     - can: mcp251xfd: clarify the meaning of timestamp
     - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
     - drm/amd: Add gfx12 swizzle mode defs
     - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
     - [powerpc*] 64e: remove unused IBM HTW code
     - [powerpc*] 64e: split out nohash Book3E 64-bit code
     - [powerpc*] 64e: Define mmu_pte_psize static
     - nvmet-tcp: fix kernel crash if commands allocation fails
     - [x86] ASoc: SOF: topology: Clear SOF link platform name upon unload
     - [arm64,armhf] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
     - [x86] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
     - [x86] drm/i915/fence: Mark debug_fence_free() with __maybe_unused
     - [arm64,armhf] gpio: rockchip: fix OF node leak in probe()
     - [arm64] gpio: modepin: Enable module autoloading
     - [x86] mm: Fix PTI for i386 some more
     - btrfs: fix race between direct IO write and fsync when using same fd
     - bpf: Silence a warning in btf_type_id_size()
     - memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
     - regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all()
     - fuse: add feature flag for expire-only
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.111
     - ksmbd: override fsids for share path check
     - ksmbd: override fsids for smb2_query_info()
     - usbnet: ipheth: fix carrier detection in modes 1 and 4
     - net: ethernet: use ip_hdrlen() instead of bit shift
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
     - net: phy: vitesse: repair vsc73xx autonegotiation
     - [powerpc*] mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
     - btrfs: update target inode's ctime on unlink
     - Input: ads7846 - ratelimit the spi_sync error message
     - Input: synaptics - enable SMBus for HP Elitebook 840 G2
     - HID: multitouch: Add support for GT7868Q
     - scripts: kconfig: merge_config: config files: add a trailing newline
     - [x86] platform/surface: aggregator_registry: Add Support for Surface Pro
       10
     - [x86] platform/surface: aggregator_registry: Add support for Surface
       Laptop Go 3
     - [arm64] drm/msm/adreno: Fix error return if missing firmware-name
     - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
     - smb/server: fix return value of smb2_open()
     - NFSv4: Fix clearing of layout segments in layoutreturn
     - NFS: Avoid unnecessary rescanning of the per-server delegation list
     - [x86] platform/x86: panasonic-laptop: Fix SINF array out of bounds
       accesses
     - [x86] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf
       array
     - mptcp: pm: Fix uaf in __timer_delete_sync
     - [arm64] dts: rockchip: fix eMMC/SPI corruption when audio has been used on
       RK3399 Puma
     - [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
       Puma
     - net: tighten bad gso csum offset check in virtio_net_hdr
     - dm-integrity: fix a race condition when accessing recalc_sector
     - mm: avoid leaving partial pfn mappings around in error case
     - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
       (CVE-2024-35943)
     - [arm64] dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
     - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
     - cxl/core: Fix incorrect vendor debug UUID define
     - [armhf] hwmon: (pmbus) Conditionally clear individual status bits for
       pmbus rev >= 1.2
     - ice: fix accounting for filters shared by multiple VSIs
     - igb: Always call igb_xdp_ring_update_tail() under Tx lock
     - net/mlx5: Update the list of the PCI supported devices
     - net/mlx5e: Add missing link modes to ptys2ethtool_map
     - net/mlx5: Explicitly set scheduling element and TSAR type
     - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
     - net/mlx5: Correct TASR typo into TSAR
     - net/mlx5: Verify support for scheduling element and TSAR type
     - net/mlx5: Fix bridge mode operations when there are no VFs
     - fou: fix initialization of grc
     - netfilter: nft_socket: fix sk refcount leaks
     - net: dpaa: Pad packets to ETH_ZLEN
     - [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
     - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
       for non-continous port maps"
     - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
     - drm/amdgpu/atomfirmware: Silence UBSAN warning
     - [x86] drm/i915/guc: prevent a possible int overflow in wq offsets
     - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
     - [arm64] ASoC: meson: axg-card: fix 'use-after-free'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.112
     - ALSA: hda/realtek - Fixed ALC256 headphone no sound
     - ALSA: hda/realtek - FIxed ALC285 headphone no sound
     - scsi: lpfc: Fix overflow build issue
     - [x86] hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
     - [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
     - wifi: iwlwifi: lower message level for FW buffer destination
     - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
     - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
     - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
     - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap()
     - wifi: iwlwifi: clear trans->state earlier upon error
     - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration
     - [x86] ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match
       less strict
     - [x86] ASoC: intel: fix module autoloading
     - spi: spidev: Add an entry for elgin,jg10309-01
     - spi: bcm63xx: Enable module autoloading
     - smb: client: fix hang in wait_for_response() for negproto
     - [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
       frequency
     - tools: hv: rm .*.cmd when make clean
     - block: Fix where bio IO priority gets set
     - spi: spidev: Add missing spi_device_id for jg10309-01
     - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
     - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
       (CVE-2024-41016)
     - xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
     - xfs: Fix deadlock on xfs_inodegc_worker
     - xfs: fix extent busy updating
     - xfs: don't use BMBT btree split workers for IO completion
     - xfs: fix low space alloc deadlock
     - xfs: prefer free inodes at ENOSPC over chunk allocation
     - xfs: block reservation too large for minleft allocation
     - xfs: fix uninitialized variable access
     - xfs: quotacheck failure can race with background inode inactivation
     - xfs: fix BUG_ON in xfs_getbmap()
     - xfs: buffer pins need to hold a buffer reference
     - xfs: defered work could create precommits
     - xfs: fix AGF vs inode cluster buffer deadlock
     - xfs: collect errors from inodegc for unlinked inode recovery
     - xfs: fix ag count overflow during growfs
     - xfs: remove WARN when dquot cache insertion fails
     - xfs: fix the calculation for "end" and "length"
     - xfs: load uncached unlinked inodes into memory on demand
     - xfs: fix negative array access in xfs_getbmap
     - xfs: fix unlink vs cluster buffer instantiation race
     - xfs: correct calculation for agend and blockcount
     - xfs: use i_prev_unlinked to distinguish inodes that are not on the
       unlinked list
     - xfs: reload entire unlinked bucket lists
     - xfs: make inode unlinked bucket recovery work with quotacheck
     - xfs: fix reloading entire unlinked bucket lists
     - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
     - xfs: journal geometry is not properly bounds checked
     - netfilter: nft_socket: make cgroupsv2 matching work with namespaces
     - netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in
       nft_socket_cgroup_subtree_level()
     - netfilter: nft_set_pipapo: walk over current view on netlink dump
       (CVE-2024-27017)
     - netfilter: nf_tables: missing iterator type in lookup walk
     - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
     - gpiolib: cdev: Ignore reconfiguration without direction
     - gpio: prevent potential speculation leaks in gpio_device_get_desc()
       (CVE-2024-44931)
     - can: mcp251xfd: properly indent labels
     - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
       mcp251xfd_chip_start/stop()
     - btrfs: calculate the right space for delayed refs when updating global
       reserve
     - [x86] powercap: RAPL: fix invalid initialization for pl4_supported field
     - [x86] mm: Switch to new Intel CPU model defines
     - USB: serial: pl2303: add device id for Macrosilicon MS3020
     - USB: usbtmc: prevent kernel-usb-infoleak
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 26
   * [rt] Update to 6.1.107-rt39
   * [rt] Update to 6.1.111-rt42

linux-signed-amd64 (6.1.115+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.115-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
     - wifi: rtw88: always wait for both firmware loading attempts
       (CVE-2024-47718)
     - crypto: xor - fix template benchmarking
     - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
     - wifi: ath9k: fix parameter check in ath9k_init_debug()
     - wifi: ath9k: Remove error checks when creating debugfs entries
     - wifi: rtw88: remove CPT execution branch never used
     - fs/namespace: fnic: Switch to use %ptTd
     - mount: handle OOM on mnt_warn_timestamp_expiry
     - drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
       (CVE-2024-47731)
     - wifi: mac80211: don't use rate mask for offchannel TX either
       (CVE-2024-47738)
     - wifi: iwlwifi: mvm: increase the time between ranging measurements
     - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
     - ACPICA: executer/exsystem: Don't nag user about every Stall() violating
       the spec
     - padata: Honor the caller's alignment in case of chunk_size 0
     - drivers/perf: hisi_pcie: Record hardware counts correctly
     - can: j1939: use correct function name in comment
     - ACPI: CPPC: Fix MASK_VAL() usage
     - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
     - netfilter: nf_tables: reject element expiration with no timeout
     - netfilter: nf_tables: reject expiration higher than timeout
     - netfilter: nf_tables: remove annotation to access set timeout while
       holding lock
     - [arm64] perf/arm-cmn: Rework DTC counters (again)
     - [arm64] perf/arm-cmn: Improve debugfs pretty-printing for large configs
     - [arm64] perf/arm-cmn: Refactor node ID handling. Again.
     - [arm64] perf/arm-cmn: Ensure dtm_idx is big enough
     - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
     - [x86] sgx: Fix deadlock in SGX NUMA node search (CVE-2024-49856)
     - crypto: hisilicon/hpre - enable sva error interrupt event
     - crypto: hisilicon/hpre - mask cluster timeout error
     - crypto: hisilicon/qm - fix coding style issues
     - crypto: hisilicon/qm - reset device before enabling it
     - crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730)
     - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
     - wifi: mt76: mt7915: fix rx filter setting for bfee functionality
     - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
     - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
       (CVE-2024-47713)
     - wifi: wilc1000: fix potential RCU dereference issue in
       wilc_parse_join_bss_param (CVE-2024-47712)
     - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
     - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL
     - sock_map: Add a cond_resched() in sock_hash_free()
     - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
       (CVE-2024-47709)
     - can: m_can: Remove repeated check for is_peripheral
     - can: m_can: enable NAPI before enabling interrupts
     - can: m_can: m_can_close(): stop clocks after device has been shut down
     - Bluetooth: btusb: Fix not handling ZPL/short-transfer
     - bareudp: Pull inner IP header in bareudp_udp_encap_recv().
     - bareudp: Pull inner IP header on xmit.
     - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
     - r8169: disable ALDPS per default for RTL8125
     - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
     - net: tipc: avoid possible garbage value
     - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
       (CVE-2024-47707)
     - nbd: fix race between timeout and normal completion (CVE-2024-49855)
     - block, bfq: fix possible UAF for bfqq->bic with merge chain
       (CVE-2024-47706)
     - block, bfq: choose the last bfqq from merge chain in
       bfq_setup_cooperator()
     - block, bfq: don't break merge chain in bfq_split_bfqq()
     - block: print symbolic error name instead of error code
     - block: fix potential invalid pointer dereference in blk_add_partition
       (CVE-2024-47705)
     - spi: ppc4xx: handle irq_of_parse_and_map() errors
     - [arm64] dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB
     - firmware: arm_scmi: Fix double free in OPTEE transport (CVE-2024-49853)
     - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
     - regulator: Return actual error in of_regulator_bulk_get_all()
     - [arm64] dts: renesas: r9a07g043u: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g054: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g044: Correct GICD and GICR sizes
     - [arm64] dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations
     - reset: berlin: fix OF node leak in probe() error path
     - reset: k210: fix OF node leak in probe() error path
     - clocksource/drivers/qcom: Add missing iounmap() on errors in
       msm_dt_timer_init()
     - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error
     - ALSA: hda: cs35l41: fix module autoloading
     - hwmon: (max16065) Fix overflows seen when writing limits
     - i2c: Add i2c_get_match_data()
     - hwmon: (max16065) Remove use of i2c_match_id()
     - hwmon: (max16065) Fix alarm attributes
     - mtd: slram: insert break after errors in parsing the map
     - hwmon: (ntc_thermistor) fix module autoloading
     - power: supply: axp20x_battery: Remove design from min and max voltage
     - power: supply: max17042_battery: Fix SOC threshold calc w/ no current
       sense
     - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
     - [amd64] iommu/amd: Do not set the D bit on AMD v2 table entries
     - mtd: powernv: Add check devm_kasprintf() returned value
     - rcu/nocb: Fix RT throttling hrtimer armed from offline CPU
     - mtd: rawnand: mtk: Use for_each_child_of_node_scoped()
     - mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips
     - mtd: rawnand: mtk: Fix init error path
     - pmdomain: core: Harden inter-column space in debug summary
     - drm/stm: Fix an error handling path in stm_drm_platform_probe()
     - drm/stm: ltdc: check memory returned by devm_kzalloc()
     - drm/amd/display: Add null check for set_output_gamma in
       dcn30_set_output_transfer_func (CVE-2024-47720)
     - drm/amdgpu: Replace one-element array with flexible-array member
     - drm/amdgpu: properly handle vbios fake edid sizing
     - drm/radeon: Replace one-element array with flexible-array member
     - drm/radeon: properly handle vbios fake edid sizing
     - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly
     - scsi: NCR5380: Check for phase match during PDMA fixup
     - drm/amd/amdgpu: Properly tune the size of struct
     - drm/rockchip: vop: Allow 4096px width scaling
     - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
     - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
     - drm/bridge: lontium-lt8912b: Validate mode in
       drm_bridge_funcs::mode_valid()
     - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
     - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
       (CVE-2024-49852)
     - jfs: fix out-of-bounds in dbNextAG() and diAlloc()
     - drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config()
     - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
     - [powerpc*] 8xx: Fix initial memory mapping
     - [powerpc*] 8xx: Fix kernel vs user address comparison
     - drm/msm: Fix incorrect file name output in adreno_request_fw()
     - drm/msm/a5xx: disable preemption in submits by default
     - drm/msm/a5xx: properly clear preemption records on resume
     - drm/msm/a5xx: fix races in preemption evaluation stage
     - drm/msm/a5xx: workaround early ring-buffer emptiness check
     - ipmi: docs: don't advertise deprecated sysfs entries
     - drm/msm: fix %s null argument error
     - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
     - xen: use correct end address of kernel for conflict checking
     - HID: wacom: Support sequence numbers smaller than 16-bit
     - HID: wacom: Do not warn about dropped packets for first packet
     - xen/swiotlb: add alignment check for dma buffers
     - xen/swiotlb: fix allocated size
     - tpm: Clean up TPM space after command failure (CVE-2024-49851)
     - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
       (CVE-2024-49850)
     - xz: cleanup CRC32 edits from 2018
     - kthread: fix task state in kthread worker if being frozen
     - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
     - smackfs: Use rcu_assign_pointer() to ensure safe assignment in
       smk_set_cipso
     - ext4: avoid buffer_head leak in ext4_mark_inode_used()
     - ext4: avoid potential buffer_head leak in __ext4_new_inode()
     - ext4: avoid negative min_clusters in find_group_orlov()
     - ext4: return error on ext4_find_inline_entry
     - ext4: avoid OOB when system.data xattr changes underneath the filesystem
       (CVE-2024-47701)
     - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
       (CVE-2024-47699)
     - nilfs2: determine empty node blocks as corrupted
     - nilfs2: fix potential oob read in nilfs_btree_check_delete()
       (CVE-2024-47757)
     - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
     - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
     - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
       (CVE-2024-47728)
     - perf mem: Free the allocated sort string, fixing a leak
     - perf inject: Fix leader sampling inserting additional samples
     - perf sched timehist: Fix missing free of session in perf_sched__timehist()
     - perf stat: Display iostat headers correctly
     - perf sched timehist: Fixed timestamp error when unable to confirm event
       sched_in time
     - perf time-utils: Fix 32-bit nsec parsing
     - clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite()
       after error detection
     - clk: imx: composite-8m: Enable gate clk with mcore_booted
     - clk: imx: composite-7ulp: Check the PCC present bit
     - clk: imx: fracn-gppll: support integer pll
     - clk: imx: fracn-gppll: fix fractional part of PLL getting lost
     - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
     - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
     - clk: imx: imx8qxp: Parent should be initialized earlier than the clock
     - remoteproc: imx_rproc: Correct ddr alias for i.MX8M
     - remoteproc: imx_rproc: Initialize workqueue earlier
     - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
     - Input: ilitek_ts_i2c - avoid wrong input subsystem sync
     - Input: ilitek_ts_i2c - add report id message validation
     - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
       (CVE-2024-47698)
     - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
       (CVE-2024-47697)
     - PCI/PM: Increase wait time after resume
     - PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter
     - PCI: Wait for Link before restoring Downstream Buses
     - PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
       (CVE-2024-47756)
     - clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL
     - nvdimm: Fix devs leaks in scan_labels()
     - PCI: xilinx-nwl: Fix register misspelling
     - PCI: xilinx-nwl: Clean up clock on probe failure/removal
     - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
       (CVE-2024-47696)
     - pinctrl: single: fix missing error code in pcs_probe()
     - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
     - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (CVE-2024-47695)
     - clk: ti: dra7-atl: Fix leak of of_nodes
     - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
     - nfsd: fix refcount leak when file is unhashed after being found
     - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
     - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
     - IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
     - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
       (CVE-2024-47751)
     - RDMA/erdma: Return QP state in erdma_query_qp
     - watchdog: imx_sc_wdt: Don't disable WDT in suspend
     - [arm64] RDMA/hns: Don't modify rq next block addr in HIP09 QPC
     - [arm64] RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (CVE-2024-47750)
     - [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
     - [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
     - [arm64] RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
     - [arm64] RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS
     - [arm64] RDMA/hns: Optimize hem allocation performance
     - RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
     - RDMA/irdma: fix error message in irdma_modify_qp_roce()
     - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
     - ntb_perf: Fix printk format
     - ntb: Force physically contiguous allocation of rx ring buffers
     - nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
     - nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
     - f2fs: fix to update i_ctime in __f2fs_setxattr()
     - f2fs: remove unneeded check condition in __f2fs_setxattr()
     - f2fs: reduce expensive checkpoint trigger frequency
     - f2fs: factor the read/write tracing logic into a helper
     - f2fs: fix to avoid racing in between read and OPU dio write
     - f2fs: fix to wait page writeback before setting gcing flag
     - f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation
     - f2fs: clean up w/ dotdot_name
     - f2fs: get rid of online repaire on corrupted directory (CVE-2024-47690)
     - spi: atmel-quadspi: Undo runtime PM changes at driver exit time
     - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
     - lib/sbitmap: define swap_lock as raw_spinlock_t
     - nvme-multipath: system fails to create generic nvme device
     - iio: adc: ad7606: fix oversampling gpio array
     - iio: adc: ad7606: fix standby gpio state to match the documentation
     - ABI: testing: fix admv8818 attr description
     - iio: chemical: bme680: Fix read/write ops to device by adding mutexes
     - iio: magnetometer: ak8975: Convert enum->pointer for data in the match
       tables
     - iio: magnetometer: ak8975: drop incorrect AK09116 compatible
     - dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible
     - coresight: tmc: sg: Do not leak sg_table
     - cxl/pci: Break out range register decoding from cxl_hdm_decode_init()
     - cxl/pci: Fix to record only non-zero ranges
     - vdpa: Add eventfd for the vdpa callback
     - vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
     - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (CVE-2024-47686)
     - Revert "dm: requeue IO if mapping table not yet available"
     - net: xilinx: axienet: Schedule NAPI in two steps
     - net: xilinx: axienet: Fix packet counting
     - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685)
     - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
       Condition (CVE-2024-47747)
     - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
     - tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
     - net: qrtr: Update packets cloning when broadcasting
     - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
       (CVE-2024-47734)
     - net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled
     - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
     - netfilter: ctnetlink: compile ctnetlink_label_size with
       CONFIG_NF_CONNTRACK_EVENTS
     - io_uring/sqpoll: do not allow pinning outside of cpuset
     - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
     - io_uring/io-wq: do not allow pinning outside of cpuset
     - io_uring/io-wq: inherit cpuset of cgroup in io worker
     - vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
     - selinux,smack: don't bypass permissions check in inode_setsecctx hook
       (CVE-2024-46695)
     - drm/vmwgfx: Prevent unmapping active read buffers (CVE-2024-46710)
     - io_uring/sqpoll: retain test for whether the CPU is valid
     - io_uring/sqpoll: do not put cpumask on stack
     - Remove *.orig pattern from .gitignore
     - PCI: imx6: Fix missing call to phy_power_off() in error handling
     - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
     - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
     - soc: versatile: integrator: fix OF node leak in probe() error path
     - Revert "media: tuners: fix error return code of
       hybrid_tuner_request_state()"
     - Input: adp5588-keys - fix check on return code
     - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
     - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
     - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
     - [x86] KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
     - [x86] KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
       (CVE-2024-47683)
     - drm/amd/display: Round calculated vtotal
     - drm/amd/display: Validate backlight caps are sane
     - KEYS: prevent NULL pointer dereference in find_asymmetric_key()
       (CVE-2024-47743)
     - fs: Create a generic is_dot_dotdot() utility
     - ksmbd: make __dir_empty() compatible with POSIX
     - ksmbd: allow write with FILE_APPEND_DATA
     - ksmbd: handle caseless file creation
     - scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
       (CVE-2024-47682)
     - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
     - scsi: mac_scsi: Refactor polling loop
     - scsi: mac_scsi: Disallow bus errors during PDMA send
     - usbnet: fix cyclical race on disconnect with work queue
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - USB: appledisplay: close race between probe and completion handler
     - USB: misc: cypress_cy7c63: check for short transfer
     - USB: class: CDC-ACM: fix race between get_serial and set_serial
     - usb: cdnsp: Fix incorrect usb_request status
     - usb: dwc2: drd: fix clock gating on USB role switch
     - bus: integrator-lm: fix OF node leak in probe()
     - bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
     - firmware_loader: Block path traversal (CVE-2024-47742)
     - tty: rp2: Fix reset with non forgiving PCIe host bridges
     - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
     - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
     - drbd: Fix atomicity violation in drbd_uuid_set_bm()
     - drbd: Add NULL check for net_conf to prevent dereference in state
       validation
     - ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
     - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
     - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
       (CVE-2024-49858)
     - perf/x86/intel/pt: Fix sampling synchronization
     - wifi: rtw88: 8822c: Fix reported RX band width
     - wifi: mt76: mt7615: check devm_kasprintf() returned value
     - debugobjects: Fix conditions in fill_pool()
     - f2fs: fix several potential integer overflows in file offsets
     - f2fs: prevent possible int overflow in dir_block_index()
     - f2fs: avoid potential int overflow in sanity_check_area_boundary()
     - f2fs: fix to check atomic_file in f2fs ioctl interfaces (CVE-2024-49859)
     - hwrng: mtk - Use devm_pm_runtime_enable
     - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
     - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
     - [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
     - [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
     - vfs: fix race between evice_inodes() and find_inode()&iput()
     - fs: Fix file_set_fowner LSM hook inconsistencies
     - nfs: fix memory leak in error path of nfs4_do_reclaim
     - EDAC/igen6: Fix conversion of system address to physical memory address
     - padata: use integer wrap around to prevent deadlock on seq_nr overflow
       (CVE-2024-47739)
     - soc: versatile: realview: fix memory leak during device remove
     - soc: versatile: realview: fix soc_dev leak during device remove
     - [powerpc*] 64: Option to build big-endian with ELFv2 ABI
     - [powerpc*] 64: Add support to build with prefixed instructions
     - [powerpc*] atomic: Use YZ constraints for DS-form instructions
     - usb: yurex: Replace snprintf() with the safer scnprintf() variant
     - USB: misc: yurex: fix race between read and write
     - xhci: fix event ring segment table related masks and variables in header
     - xhci: remove xhci_test_trb_in_td_math early development check
     - xhci: Refactor interrupter code for initial multi interrupter support.
     - xhci: Preserve RsvdP bits in ERSTBA register correctly
     - xhci: Add a quirk for writing ERST in high-low order
     - usb: xhci: fix loss of data on Cadence xHC
     - pps: remove usage of the deprecated ida_simple_xx() API
     - pps: add an error check in parport_attach
     - [x86] idtentry: Incorporate definitions/declarations of the FRED entries
     - [x86] entry: Remove unwanted instrumentation in common_interrupt()
     - mm/filemap: return early if failed to allocate memory for split
     - lib/xarray: introduce a new helper xas_get_order
     - mm/filemap: optimize filemap folio adding
     - icmp: Add counters for rate limits
     - icmp: change the order of rate limits (CVE-2024-47678)
     - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
     - lockdep: fix deadlock issue between lockdep and rcu
     - mm: only enforce minimum stack gap size if it's sensible
     - module: Fix KCOV-ignored file name
     - mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with
       rcu read lock
     - i2c: aspeed: Update the stop sw state when the bus recovery occurs
     - i2c: isch: Add missed 'else'
     - usb: yurex: Fix inconsistent locking bug in yurex_read()
     - perf/arm-cmn: Fail DTC counter allocation correctly
     - iio: magnetometer: ak8975: Fix 'Unexpected device' error
     - [powerpc*] Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
     - PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
     - [x86*] tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
     - static_call: Handle module init failure correctly in
       static_call_del_module() (CVE-2024-50002)
     - static_call: Replace pointless WARN_ON() in static_call_module_notify()
     - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
     - jump_label: Fix static_key_slow_dec() yet again
     - scsi: pm8001: Do not overwrite PCI queue mapping
     - mailbox: rockchip: fix a typo in module autoloading
     - mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
     - ceph: remove the incorrect Fw reference check when dirtying pages
     - ieee802154: Fix build error
     - net: sparx5: Fix invalid timestamps
     - net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
     - net/mlx5: Added cond_resched() to crdump collection
     - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
     - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
     - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
     - netfilter: nf_tables: prevent nf_skb_duplicated corruption
       (CVE-2024-49952)
     - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: ethernet: lantiq_etop: fix memory disclosure (CVE-2024-49997)
     - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
     - net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
     - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
     - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
     - ppp: do not assume bh is held in ppp_channel_bridge_input()
       (CVE-2024-49946)
     - fsdax,xfs: port unshare to fsdax
     - iomap: constrain the file range passed to iomap_file_unshare
     - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
       (CVE-2024-49944)
     - i2c: xiic: improve error message when transfer fails to start
     - i2c: xiic: Try re-initialization on bus busy timeout
     - loop: don't set QUEUE_FLAG_NOMERGES
     - Bluetooth: hci_sock: Fix not validating setsockopt user input
       (CVE-2024-35963)
     - media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
     - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is
       uninitialized
     - ALSA: mixer_oss: Remove some incorrect kfree_const() usages
     - ALSA: hda/realtek: Fix the push button function for the ALC257
     - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
     - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
     - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
     - f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
     - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
     - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
     - ice: Adjust over allocation of memory in ice_sched_add_root_node() and
       ice_sched_add_node()
     - wifi: iwlwifi: mvm: Fix a race in scan abort flow
     - wifi: cfg80211: Set correct chandef when starting CAC (CVE-2024-49937)
     - net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
     - net: hisilicon: hip04: fix OF node leak in probe()
     - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
     - net: hisilicon: hns_mdio: fix OF node leak in probe()
     - ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
     - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
     - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
     - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
     - net: sched: consistently use rcu_replace_pointer() in taprio_change()
     - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
     - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
     - blk_iocost: fix more out of bound shifts (CVE-2024-49933)
     - nvme-pci: qdepth 1 quirk
     - wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
     - wifi: rtw88: select WANT_DEV_COREDUMP
     - ACPI: EC: Do not release locks during operation region accesses
     - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
       acpi_db_convert_to_package()
     - tipc: guard against string buffer overrun (CVE-2024-49995)
     - net: mvpp2: Increase size of queue_name buffer
     - bnxt_en: Extend maximum length of version string by 1 byte
     - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
     - wifi: rtw89: correct base HT rate mask for firmware
     - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
     - net: atlantic: Avoid warning about potential string truncation
     - crypto: simd - Do not call crypto_alloc_tfm during registration
     - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
     - wifi: mac80211: fix RCU list iterations
     - ACPICA: iasl: handle empty connection_node
     - proc: add config & param to block forcing mem writes
     - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_cmd_802_11_scan_ext()
     - nfp: Use IRQF_NO_AUTOEN flag in request_irq()
     - ALSA: usb-audio: Add input value sanity checks for standard types
     - [x86] ioapic: Handle allocation failures gracefully (CVE-2024-49927)
     - ALSA: usb-audio: Define macros for quirk table entries
     - ALSA: usb-audio: Replace complex quirk lines with macros
     - ALSA: usb-audio: Add logitech Audio profile quirk
     - ASoC: codecs: wsa883x: Handle reading version failure
     - [x86] kexec: Add EFI config table identity mapping for kexec kernel
     - ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
     - ALSA: hdsp: Break infinite MIDI input flush loop
     - [x86] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
     - fbdev: pxafb: Fix possible use after free in pxafb_task() (CVE-2024-49924)
     - rcuscale: Provide clear error when async specified without primitives
     - [arm64] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
     - power: reset: brcmstb: Do not go into infinite loop if reset fails
     - [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
     - [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
       count (CVE-2024-49993)
     - drm/stm: Avoid use-after-free issues with crtc and plane (CVE-2024-49992)
     - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
     - drm/amd/display: Add null check for top_pipe_to_program in
       commit_planes_for_stream (CVE-2024-49913)
     - ata: pata_serverworks: Do not use the term blacklist
     - ata: sata_sil: Rename sil_blacklist to sil_quirks
     - drm/amd/display: Handle null 'stream_status' in
       'planes_changed_for_existing_stream' (CVE-2024-49912)
     - drm/amd/display: Check null pointers before using dc->clk_mgr
       (CVE-2024-49907)
     - drm/amd/display: Add null check for 'afb' in
       amdgpu_dm_plane_handle_cursor_update (v2)
     - jfs: UBSAN: shift-out-of-bounds in dbFindBits
     - jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
     - jfs: check if leafidx greater than num leaves per dmap tree
       (CVE-2024-49902)
     - scsi: smartpqi: correct stream detection
     - jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
     - drm/amdgpu: add raven1 gfxoff quirk
     - drm/amdgpu: enable gfxoff quirk on HP 705G4
     - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
     - [x86] platform/x86: touchscreen_dmi: add nanote-next quirk
     - drm/stm: ltdc: reset plane transparency after plane disable
     - drm/amd/display: Check stream before comparing them (CVE-2024-49896)
     - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
       translation (CVE-2024-49895)
     - drm/amd/display: Fix index out of bounds in degamma hardware format
       translation (CVE-2024-49894)
     - drm/amd/display: Fix index out of bounds in DCN30 color transformation
       (CVE-2024-49969)
     - drm/amd/display: Initialize get_bytes_per_element's default to 1
       (CVE-2024-49892)
     - drm/printer: Allow NULL data in devcoredump printer
     - [x86] perf,x86: avoid missing caller address in stack traces captured in
       uprobe
     - scsi: aacraid: Rearrange order of struct aac_srb_unit
     - scsi: lpfc: Update PRLO handling in direct attached topology
     - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
     - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
     - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
     - drm/amd/pm: ensure the fw_info is not null before using it
       (CVE-2024-49890)
     - of/irq: Refer to actual buffer size in of_irq_parse_one()
     - [powerpc*] pseries: Use correct data types from pseries_hp_errorlog struct
     - ext4: ext4_search_dir should return a proper error
     - ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
     - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
     - iomap: handle a post-direct I/O invalidate race in
       iomap_write_delalloc_release
     - blk-integrity: use sysfs_emit
     - blk-integrity: convert to struct device_attribute
     - blk-integrity: register sysfs attributes on struct device
     - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
     - spi: s3c64xx: fix timeout counters in flush_fifo
     - [powerpc*] vdso: Fix VDSO data access when running in a non-root time
       namespace
     - Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
       (Closes: #1081833)
     - [x86] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
       (CVE-2024-49886)
     - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
       (CVE-2024-49985)
     - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
     - i2c: xiic: Wait for TX empty to avoid missed TX NAKs
     - media: i2c: ar0521: Use cansleep version of gpiod_set_value()
       (CVE-2024-49961)
     - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
     - spi: bcm63xx: Fix module autoloading
     - power: supply: hwmon: Fix missing temp1_max_alarm attribute
     - perf/core: Fix small negative period being ignored
     - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
     - ALSA: core: add isascii() check to card ID generator
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
     - ALSA: usb-audio: Add native DSD support for Luxman D-08u
     - ALSA: line6: add hw monitor volume control to POD HD500X
     - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
     - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
     - ext4: no need to continue when the number of entries is 1 (CVE-2024-49967)
     - ext4: correct encrypted dentry name hash when not casefolded
     - ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
     - ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
     - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
     - ext4: dax: fix overflowing extents beyond inode size when partially
       writing (CVE-2024-50015)
     - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
     - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
     - ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
     - ext4: fix double brelse() the buffer of the extents path
     - ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
     - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
     - ext4: fix incorrect tid assumption in
       jbd2_journal_shrink_checkpoint_list()
     - ext4: fix fast commit inode enqueueing during a full journal commit
     - ext4: use handle to mark fc as ineligible in __track_dentry_update()
     - ext4: mark fc as ineligible using an handle in ext4_xattr_set()
     - drm/rockchip: vop: clear DMA stop bit on RK3066
     - of/irq: Support #msi-cells=<0> in of_msi_get_domain
     - drm: omapdrm: Add missing check for alloc_ordered_workqueue
       (CVE-2024-49879)
     - resource: fix region_intersects() vs add_memory_driver_managed()
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
       error
     - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
     - mm: krealloc: consider spare memory for __GFP_ZERO
     - ocfs2: fix the la space leak when unmounting an ocfs2 volume
     - ocfs2: fix uninit-value in ocfs2_get_block()
     - ocfs2: reserve space for inline xattr before attaching reflink tree
       (CVE-2024-49958)
     - ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
     - ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
       (CVE-2024-49877)
     - exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
     - perf hist: Update hist symbol when updating maps
     - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
     - nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
     - NFSD: Fix NFSv4's PUTPUBFH operation
     - aoe: fix the potential use-after-free problem in more places
       (CVE-2024-49982)
     - clk: rockchip: fix error for unknown clocks
     - remoteproc: k3-r5: Fix error handling when power-up failed
     - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
     - media: sun4i_csi: Implement link validate for sun4i_csi subdev
     - clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
     - clk: qcom: clk-rpmh: Fix overflow in BCM vote
     - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
     - media: venus: fix use after free bug in venus_remove due to race condition
       (CVE-2024-49981)
     - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: qcom: camss: Fix ordering of pm_runtime_enable
     - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
     - clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
     - smb: client: use actual path when queryfs
     - iio: magnetometer: ak8975: Fix reading for ak099xx sensors
     - gso: fix udp gso fraglist segmentation after pull from frag_list
       (CVE-2024-49978)
     - tomoyo: fallback to realpath if symlink's pathname does not exist
       (Closes: #1082001)
     - net: stmmac: Fix zero-division error when disabling tc cbs
       (CVE-2024-49977)
     - rtc: at91sam9: fix OF node leak in probe() error path
     - Input: adp5589-keys - fix NULL pointer dereference (CVE-2024-49871)
     - Input: adp5589-keys - fix adp5589_gpio_get_value()
     - cachefiles: fix dentry leak in cachefiles_open_file() (CVE-2024-49870)
     - ACPI: resource: Add Asus Vivobook X1704VAP to
       irq1_level_low_skip_override[] (Closes: #1078696)
     - ACPI: resource: Add Asus ExpertBook B2502CVA to
       irq1_level_low_skip_override[]
     - btrfs: fix a NULL pointer dereference when failed to start a new
       trasacntion (CVE-2024-49868)
     - btrfs: send: fix invalid clone operation for file that got its size
       decreased
     - btrfs: wait for fixup workers before stopping cleaner kthread during
       umount (CVE-2024-49867)
     - gpio: davinci: fix lazy disable
     - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
       (CVE-2024-8805)
     - ceph: fix cap ref leak via netfs init_request
     - tracing/hwlat: Fix a race during cpuhp processing
     - tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866)
     - close_range(): fix the logics in descriptor table trimming
     - [x86] drm/i915/gem: fix bitwise and logical AND mixup
     - drm/sched: Add locking to drm_sched_entity_modify_sched
     - drm/amd/display: Fix system hang while resume with TBT monitor
       (CVE-2024-50003)
     - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
       (Closes: #1076483)
     - kconfig: qconf: fix buffer overflow in debug links
     - i2c: create debugfs entry per adapter
     - i2c: core: Lock address during client device instantiation
     - i2c: xiic: Use devm_clk_get_enabled()
     - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
     - dt-bindings: clock: exynos7885: Fix duplicated binding
     - spi: bcm63xx: Fix missing pm_runtime_disable()
     - [arm64] Add Cortex-715 CPU part definition
     - [arm64] cputype: Add Neoverse-N3 definitions
     - [arm64] errata: Expand speculative SSBS workaround once more
     - io_uring/net: harden multishot termination case for recv
     - uprobes: fix kernel info leak via "[uprobes]" vma
     - mm: z3fold: deprecate CONFIG_Z3FOLD
     - drm/amd/display: Allow backlight to go below
       `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
     - build-id: require program headers to be right after ELF header
     - lib/buildid: harden build ID parsing logic
     - docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
     - delayacct: improve the average delay precision of getdelay tool to
       microsecond
     - sched: psi: fix bogus pressure spikes from aggregation race
     - media: i2c: imx335: Enable regulator supplies
     - media: imx335: Fix reset-gpio handling
     - remoteproc: k3-r5: Acquire mailbox handle during probe routine
     - remoteproc: k3-r5: Delay notification of wakeup event
     - dt-bindings: clock: qcom: Add missing UFS QREF clocks
     - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
     - clk: samsung: exynos7885: do not define number of clocks in bindings
     - clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
     - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
     - r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
     - clk: qcom: gcc-sc8180x: Add GPLL9 support
     - ACPI: battery: Simplify battery hook locking
     - ACPI: battery: Fix possible crash when unregistering a battery hook
       (CVE-2024-49955)
     - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
       bindings"
     - erofs: get rid of erofs_inode_datablocks()
     - erofs: get rid of z_erofs_do_map_blocks() forward declaration
     - erofs: avoid hardcoded blocksize for subpage block support
     - erofs: set block size to the on-disk block size
     - erofs: fix incorrect symlink detection in fast symlink
     - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
     - perf report: Fix segfault when 'sym' sort key is not used
     - fsdax: dax_unshare_iter() should return a valid length
     - fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
     - unicode: Don't special case ignorable code points
     - net: ethernet: cortina: Drop TSO support
     - tracing: Remove precision vsnprintf() check from print event
     - ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
     - ALSA: hda/realtek: cs35l41: Fix device ID / model name
     - drm/crtc: fix uninitialized variable use even harder
     - tracing: Have saved_cmdlines arrays all in one allocation
     - bootconfig: Fix the kerneldoc of _xbc_exit()
     - perf lock: Dynamically allocate lockhash_table
     - perf sched: Avoid large stack allocations
     - perf sched: Move start_work_mutex and work_done_wait_mutex initialization
       to perf_sched__replay()
     - perf sched: Fix memory leak in perf_sched__map()
     - perf sched: Move curr_thread initialization to perf_sched__map()
     - perf sched: Move curr_pid and cpu_last_switched initialization to
       perf_sched__{lat|map|replay}()
     - libsubcmd: Don't free the usage string
     - Bluetooth: Fix usage of __hci_cmd_sync_status
     - virtio_console: fix misc probe bugs
     - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
     - bpf: Check percpu map value size first
     - [s390x] facility: Disable compile time optimization for decompressor code
     - [s390x] mm: Add cond_resched() to cmm_alloc/free_pages()
     - bpf, x64: Fix a jit convergence issue
     - ext4: don't set SB_RDONLY after filesystem errors
     - ext4: nested locking for xattr inode
     - [s390x] cpum_sf: Remove WARN_ON_ONCE statements
     - RDMA/mad: Improve handling of timed out WRs of mad agent
     - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
     - RDMA/rtrs-srv: Avoid null pointer deref during path establishment
       (CVE-2024-50062)
     - clk: bcm: bcm53573: fix OF node leak in init
     - PCI: Add ACS quirk for Qualcomm SA8775P
     - i2c: i801: Use a different adapter-name for IDF adapters
     - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
     - io_uring: check if we need to reschedule during overflow flush
       (CVE-2024-50060)
     - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
       switchtec_ntb_remove due to race condition (CVE-2024-50059)
     - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
     - media: videobuf2-core: clear memory related fields in
       __vb2_plane_dmabuf_put()
     - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
     - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
     - usb: chipidea: udc: enable suspend interrupt after usb reset
     - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
       Crashkernel Scenario
     - comedi: ni_routing: tools: Check when the file could not be opened
     - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
     - virtio_pmem: Check device status before requesting flush
     - tools/iio: Add memory allocation failure check for trigger_name
     - staging: vme_user: added bound check to geoid
     - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
       attribute
     - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
       lpfc_els_flush_cmd()
     - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
       instance
     - drm/amd/display: Check null pointer before dereferencing se
       (CVE-2024-50049)
     - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
       (CVE-2024-50048)
     - fbdev: sisfb: Fix strbuf array overflow
     - drm/rockchip: vop: limit maximum resolution to hardware capabilities
     - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
     - NFSD: Mark filecache "down" if init fails
     - ice: fix VLAN replay after reset
     - SUNRPC: Fix integer overflow in decode_rc_list()
     - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
       (CVE-2024-50046)
     - net: phy: dp83869: fix memory corruption when enabling fiber
     - tcp: fix to allow timestamp undo if no retransmits were sent
     - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
     - netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
     - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
       (CVE-2024-50044)
     - net: phy: bcm84881: Fix some error handling paths
     - thermal: int340x: processor_thermal: Set feature mask before
       proc_thermal_add
     - thermal: intel: int340x: processor: Fix warning during module unload
     - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
     - net: ethernet: adi: adin1110: Fix some error handling path in
       adin1110_read_fifo()
     - net: dsa: b53: fix jumbo frame mtu check
     - net: dsa: b53: fix max MTU for 1g switches
     - net: dsa: b53: fix max MTU for BCM5325/BCM5365
     - net: dsa: b53: allow lower MTUs on BCM5325/5365
     - net: dsa: b53: fix jumbo frames on 10/100 ports
     - gpio: aspeed: Add the flush write to ensure the write complete.
     - gpio: aspeed: Use devm_clk api to manage clock source
     - ice: Fix netif_is_ice() in Safe Mode
     - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
       (CVE-2024-50041)
     - igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
     - net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
     - net: ibm: emac: mal: fix wrong goto
     - btrfs: zoned: fix missing RCU locking in error message when loading zone
       info
     - sctp: ensure sk_state is set to CLOSED if hashing fails in
       sctp_listen_start
     - netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
     - netfilter: fib: check correct rtable in vrf setups
     - net: ibm/emac: allocate dummy net_device dynamically
     - net: ibm: emac: mal: add dcr_unmap to _remove
     - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
     - vxlan: Handle error of rtnl_register_module().
     - mctp: Handle error of rtnl_register_module().
     - ppp: fix ppp_async_encode() illegal access
     - slip: make slhc_remember() more robust against malicious packets
     - rust: macros: provide correct provenance when constructing THIS_MODULE
     - HID: multitouch: Add support for lenovo Y9000P Touchpad
     - net/mlx5: Always drain health in shutdown callback (CVE-2024-43866)
     - wifi: mac80211: Avoid address calculations via out of bounds array
       indexing (CVE-2024-41071)
     - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
     - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
     - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
     - Revert "net: ibm/emac: allocate dummy net_device dynamically"
     - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
     - HID: plantronics: Workaround for an unexcepted opposite volume key
     - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
     - usb: dwc3: core: Stop processing of pending events if controller is halted
     - usb: xhci: Fix problem with xhci resume from suspend
     - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
     - usb: gadget: core: force synchronous registration
     - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
       ish_fw_xfer_direct_dma
     - drm/v3d: Stop the active perfmon before being destroyed (CVE-2024-50031)
     - drm/vc4: Stop the active perfmon before being destroyed
     - scsi: wd33c93: Don't use stale scsi_pointer value (CVE-2024-50026)
     - mptcp: fallback when MPTCP opts are dropped after 1st data
     - ata: libata: avoid superfluous disk spin down + spin up during hibernation
     - net: explicitly clear the sk pointer, when pf->create fails
     - net: Fix an unsafe loop on the list (CVE-2024-50024)
     - net: dsa: lan9303: ensure chip reset and wait for READY status
     - mptcp: handle consistently DSS corruption
     - mptcp: pm: do not remove closing subflows
     - device-dax: correct pgoff align in dax_set_mapping() (CVE-2024-50022)
     - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
     - kthread: unpark only parked kthread (CVE-2024-50019)
     - secretmem: disable memfd_secret() if arch cannot set direct map
     - net: ethernet: cortina: Restore TSO support
     - perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
     - block, bfq: fix uaf for accessing waker_bfqq after splitting
       (CVE-2024-49854)
     - Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
     - btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
     - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
     - ksmbd: fix user-after-free from session log off (CVE-2024-50086)
     - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
     - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
     - udf: New directory iteration code
     - udf: Convert udf_expand_dir_adinicb() to new directory iteration
     - udf: Move udf_expand_dir_adinicb() to its callsite
     - udf: Implement searching for directory entry using new iteration code
     - udf: Provide function to mark entry as deleted using new directory
       iteration code
     - udf: Convert udf_rename() to new directory iteration code
     - udf: Convert udf_readdir() to new directory iteration
     - udf: Convert udf_lookup() to use new directory iteration code
     - udf: Convert udf_get_parent() to new directory iteration code
     - udf: Convert empty_dir() to new directory iteration code
     - udf: Convert udf_rmdir() to new directory iteration code
     - udf: Convert udf_unlink() to new directory iteration code
     - udf: Implement adding of dir entries using new iteration code
     - udf: Convert udf_add_nondir() to new directory iteration
     - udf: Convert udf_mkdir() to new directory iteration code
     - udf: Convert udf_link() to new directory iteration code
     - udf: Remove old directory iteration code
     - udf: Handle error when expanding directory
     - udf: Don't return bh from udf_expand_dir_adinicb()
     - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
     - net: enetc: add missing static descriptor and inline keyword
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
     - [arm64] probes: Remove broken LDR (literal) uprobe support
     - [arm64] probes: Fix simulate_ldr*_literal()
     - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
       fixed-link PHY
     - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
     - fat: fix uninitialized variable
     - mm/swapfile: skip HugeTLB pages for unuse_vma
     - devlink: drop the filter argument from devlinks_xa_find_get
     - devlink: bump the instance index directly when iterating
     - maple_tree: correct tree corruption on spanning store
     - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
       (CVE-2024-39497)
     - [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
       devices
     - [s390x] sclp: Deactivate sclp after all its users
     - [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
     - [s390x] KVM: s390: gaccess: Check if guest address is in memslot
     - [s390x] KVM: s390: Change virtual to physical address access in diag 0x258
       handler
     - [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
     - [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
     - [x86] entry: Have entry_ibpb() invalidate return predictions
     - [x86] bugs: Skip RSB fill at VMEXIT
     - [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
     - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
       (CVE-2024-50082)
     - io_uring/sqpoll: close race on waiting for sqring entries
     - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
     - drm/radeon: Fix encoder->possible_clones
     - drm/vmwgfx: Handle surface check failure correctly
     - drm/amdgpu/swsmu: Only force workload setup on init
     - drm/amdgpu: prevent BO_HANDLES error from being overwritten
     - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
     - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
     - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: hid-sensors: Fix an error handling path in
       _hid_sensor_set_report_latency()
     - iio: light: veml6030: fix ALS sensor resolution
     - iio: light: veml6030: fix IIO device retrieval from embedded device
     - iio: light: opt3001: add missing full-scale range value
     - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - Bluetooth: Call iso_exit() on module unload
     - Bluetooth: Remove debugfs directory on module init failure
     - Bluetooth: ISO: Fix multiple init when debugfs is disabled
       (CVE-2024-50077)
     - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
     - xhci: Fix incorrect stream context type macro
     - xhci: Mitigate failed set dequeue pointer commands
     - USB: serial: option: add support for Quectel EG916Q-GL
     - USB: serial: option: add Telit FN920C04 MBIM compositions
     - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
     - parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
     - [x86] resctrl: Annotate get_mem_config() functions as __init
     - [x86] apic: Always explicitly disarm TSC-deadline timer
     - [x86] entry_32: Do not clobber user EFLAGS.ZF
     - [x86] entry_32: Clear CPU buffers after register restore in NMI return
     - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073)
     - pinctrl: ocelot: fix system hang on level based interrupts
     - pinctrl: apple: check devm_kasprintf() returned value
     - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
     - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
     - tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
     - mptcp: prevent MPC handshake on port-based signal endpoints
     - nilfs2: propagate directory read errors from nilfs_find_entry()
     - [powerpc*] 64: Add big-endian ELFv2 flavour to crypto VMX asm generation
     - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
       1000 G2
     - udf: Allocate name buffer in directory iterator on heap
     - udf: Avoid directory type conversion failure due to ENOMEM
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.115
     - bpf: Use raw_spinlock_t in ringbuf
     - iio: accel: bma400: Fix uninitialized variable field_value in tap event
       handling.
     - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
     - bpf: devmap: provide rxq after redirect
     - bpf: Fix memory leak in bpf_core_apply
     - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
     - RDMA/bnxt_re: Add a check for memory allocation
     - [x86] resctrl: Avoid overflow in MB settings in bw_validate()
     - [armhf] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
     - [s390x] pci: Handle PCI error codes other than 0x3a
     - bpf: fix kfunc btf caching for modules
     - drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
     - ALSA: hda/cs8409: Fix possible NULL dereference
     - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
     - RDMA/irdma: Fix misspelling of "accept*"
     - RDMA/srpt: Make slab cache names unique
     - ipv4: give an IPv4 dev to blackhole_netdev
     - RDMA/bnxt_re: Return more meaningful error
     - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
     - [arm64] drm/msm/dpu: make sure phys resources are properly initialized
     - [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
       calculation
     - [arm64] drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
     - [arm64] drm/msm: Allocate memory for disp snapshot with kvzalloc()
     - net: usb: usbnet: fix race in probe failure
     - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
     - macsec: don't increment counters for an unrelated SA
     - netdevsim: use cond_resched() in nsim_dev_trap_report_work()
     - net: ethernet: aeroflex: fix potential memory leak in
       greth_start_xmit_gbit()
     - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
     - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
     - net: systemport: fix potential memory leak in bcm_sysport_xmit()
     - [arm64] drm/msm/dpu: Wire up DSC mask for active CTL configuration
     - [arm64] drm/msm/dpu: don't always program merge_3d block
     - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
     - genetlink: hold RCU in genlmsg_mcast()
     - ravb: Remove setting of RX software timestamp
     - net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
     - scsi: target: core: Fix null-ptr-deref in target_alloc_device()
     - smb: client: fix OOBs when building SMB2_IOCTL request
     - usb: typec: altmode should keep reference to parent
     - [s390x] Initialize psw mask in perf_arch_fetch_caller_regs()
     - Bluetooth: bnep: fix wild-memory-access in proto_unregister
     - net/mlx5: Remove redundant cmdif revision check
     - net/mlx5: split mlx5_cmd_init() to probe and reload routines
     - net/mlx5: Fix command bitmask initialization
     - net/mlx5: Unregister notifier on eswitch init failure
     - bpf: Fix iter/task tid filtering
     - [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
     - [arm64] probes: Fix uprobes for big-endian kernels
     - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
     - usb: gadget: f_uac2: fix non-newline-terminated function name
     - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
     - usb: gadget: Add function wakeup support
     - XHCI: Separate PORT and CAPs macros into dedicated file
     - [arm64,armhf] usb: dwc3: core: Fix system suspend on TI AM62 platforms
     - tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool
       active
     - serial: Make uart_handle_cts_change() status param bool active
     - serial: imx: Update mctrl old_status on RTSD interrupt
     - block, bfq: fix procress reference leakage for bfqq in merge chain
     - exec: don't WARN for racy path_noexec check (CVE-2024-50010)
     - fs/ntfs3: Add more attributes checks in mi_enum_attr() (CVE-2023-45896)
     - [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
       with real VLA
     - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
       default regs values
     - [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
     - [arm64] Force position-independent veneers
     - udf: refactor udf_current_aext() to handle error
     - udf: fix uninit-value use in udf_get_fileshortad
     - [x86] platform/x86: dell-sysman: add support for alienware products
     - jfs: Fix sanity check in dbMount
     - tracing: Consider the NULL character when validating the event length
     - xfrm: extract dst lookup parameters into a struct
     - xfrm: respect ip protocols rules criteria when performing dst lookups
     - be2net: fix potential memory leak in be_xmit()
     - net: plip: fix break; causing plip to never transmit
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix error when setting port policy on
       mv88e6393x
     - netfilter: xtables: fix typo causing some targets not to load on IPv6
     - net: wwan: fix global oob in wwan_rtnl_policy
     - docs: net: reformat driver.rst from a list to sections
     - net: provide macros for commonly copied lockless queue stop/wake code
     - net/sched: adjust device watchdog timer to detect stopped queue at right
       time
     - net: fix races in netdev_tx_sent_queue()/dev_watchdog()
     - net: usb: usbnet: fix name regression
     - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
       created by classifiers
     - net: sched: fix use-after-free in taprio_change()
     - r8169: avoid unsolicited interrupts
     - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
     - Bluetooth: SCO: Fix UAF on sco_sock_timeout
     - Bluetooth: ISO: Fix UAF on iso_sock_timeout
     - bpf,perf: Fix perf_event_detach_bpf_prog error handling
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
     - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
     - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
     - ALSA: hda/realtek: Update default depop procedure
     - cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
     - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
     - btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
     - btrfs: zoned: fix zone unusable accounting for freed reserved extent
     - drm/amd: Guard against bad data for ATIF ACPI method
     - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
     - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
     - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
       detection issue
     - nilfs2: fix kernel bug due to missing clearing of buffer delay flag
     - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
     - [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
     - [arm64] KVM: arm64: Don't eagerly teardown the vgic on init error
     - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
     - xfrm: fix one more kernel-infoleak in algo dumping
     - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
     - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
     - selinux: improve error checking in sel_write_load()
     - serial: protect uart_port_dtr_rts() in uart_shutdown() too
       (CVE-2024-50058)
     - net: phy: dp83822: Fix reset pin definitions
     - [arm64] ASoC: qcom: Fix NULL Dereference in
       asoc_qcom_lpass_cpu_platform_probe()
     - [x86] platform/x86: dell-wmi: Ignore suspend notifications
     - ACPI: PRM: Clean up guid type in struct prm_handler_info
     - [arm64] uprobes: change the uprobe_opcode_t typedef to fix the sparse
       warning
     - xfrm: validate new SA's prefixlen using SA family when sel.family is unset
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 27
   * d/config: Update with the help of kconfigeditor2
     - mm: Enable Z3FOLD_DEPRECATED instead of Z3FOLD
linux-signed-amd64 (6.1.112+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.112-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
     - tty: atmel_serial: use the correct RTS flag.
     - fuse: Initialize beyond-EOF page contents before setting uptodate
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
     - ALSA: usb-audio: Support Yamaha P-125 quirk entry
     - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
     - [x86] thunderbolt: Mark XDomain as unplugged when router is removed
     - [s390x] dasd: fix error recovery leading to data corruption on ESE devices
     - [arm64] ACPI: NUMA: initialize all values of acpi_early_node_map to
       NUMA_NO_NODE
     - dm resume: don't return EINVAL when signalled
     - dm persistent data: fix memory allocation failure
     - vfs: Don't evict inode under the inode lru traversing context
     - [s390x] cio: rename bitmap_size() -> idset_bitmap_size()
     - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
     - bitmap: introduce generic optimized bitmap_size()
     - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
     - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
     - rtla/osnoise: Prevent NULL dereference in error handling
     - fs/netfs/fscache_cookie: add missing "n_accesses" check
     - selinux: fix potential counting error in avc_add_xperms_decision()
     - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
     - btrfs: zoned: properly take lock to read/update block group's zoned
       variables
     - btrfs: tree-checker: add dev extent item checks
     - drm/amdgpu: Actually check flags for all context ops.
     - memcg_write_event_control(): fix a user-triggerable oops
     - drm/amdgpu/jpeg2: properly set atomics vmid field
     - [s390x] uv: Panic for set and remove shared access UVC errors
     - bpf: Fix updating attached freplace prog in prog_array map
     - nilfs2: prevent WARNING in nilfs_dat_commit_end()
     - ext4, jbd2: add an optimized bmap for the journal inode
     - 9P FS: Fix wild-memory-access write in v9fs_get_acl
     - nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
     - mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
     - bpf: Split off basic BPF verifier log into separate file
     - bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
     - posix-timers: Ensure timer ID search-loop limit is valid
     - pid: Replace struct pid 1-element array with flex-array
     - gfs2: Rename remaining "transaction" glock references
     - gfs2: Rename the {freeze,thaw}_super callbacks
     - gfs2: Rename gfs2_freeze_lock{ => _shared }
     - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
     - gfs2: Rework freeze / thaw logic
     - gfs2: Stop using gfs2_make_fs_ro for withdraw
     - Bluetooth: Fix hci_link_tx_to RCU lock usage
     - wifi: mac80211: take wiphy lock for MAC addr change
     - wifi: mac80211: fix change_address deadlock during unregister
     - net: sched: Print msecs when transmit queue time out
     - net: don't dump stack on queue timeout
     - jfs: fix shift-out-of-bounds in dbJoin
     - squashfs: squashfs_read_data need to check if the length is 0
     - Squashfs: fix variable overflow triggered by sysbot
     - reiserfs: fix uninit-value in comp_keys
     - erofs: avoid debugging output for (de)compressed data
     - quota: Detect loops in quota tree
     - net:rds: Fix possible deadlock in rds_message_put
     - net: sctp: fix skb leak in sctp_inq_free()
     - pppoe: Fix memory leak in pppoe_sendmsg()
     - wifi: mac80211: fix and simplify unencrypted drop check for mesh
     - wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
     - wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
     - wifi: mac80211: remove mesh forwarding congestion check
     - wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
     - wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
     - wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
     - docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
     - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
     - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
     - Bluetooth: RFCOMM: Fix not validating setsockopt user input
       (CVE-2024-35966)
     - ext4: check the return value of ext4_xattr_inode_dec_ref()
     - ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
     - ext4: do not create EA inode under buffer lock (CVE-2024-40972)
     - udf: Fix bogus checksum computation in udf_rename()
     - bpf, net: Use DEV_STAT_INC()
     - fou: remove warn in gue_gro_receive on unsupported protocol
       (CVE-2024-44940)
     - jfs: fix null ptr deref in dtInsertEntry (CVE-2024-44939)
     - jfs: Fix shift-out-of-bounds in dbDiscardAG (CVE-2024-44938)
     - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
     - igc: Correct the launchtime offset
     - igc: Fix packet still tx after gate close by reducing i226 MAC retry
       buffer
     - net/mlx5e: Take state lock during tx timeout reporter
     - net/mlx5e: Correctly report errors for ethtool rx flows
     - atm: idt77252: prevent use after free in dequeue_rx()
     - mlxbf_gige: Remove two unused function declarations
     - mlxbf_gige: disable RX filters until RX path initialized
     - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
     - netfilter: allow ipv6 fragments to arrive on different devices
     - netfilter: flowtable: initialise extack before use
     - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
       (Closes: #1070685)
     - netfilter: nf_tables: Audit log dump reset after the fact
     - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
     - netfilter: nf_tables: Unconditionally allocate nft_obj_filter
     - netfilter: nf_tables: A better name for nft_obj_filter
     - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
     - netfilter: nf_tables: nft_obj_filter fits into cb->ctx
     - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
     - netfilter: nf_tables: Introduce nf_tables_getobj_single
     - netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
     - [arm64] net: hns3: fix wrong use of semaphore up
     - [arm64] net: hns3: use the user's cfg after reset
     - [arm64] net: hns3: fix a deadlock problem when config TC during resetting
     - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
     - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible
       values can be stored
     - ssb: Fix division by zero issue in ssb_calc_clock_rate
     - wifi: cfg80211: check wiphy mutex is held for wdev mutex
     - wifi: mac80211: fix BA session teardown race
     - mm: Remove kmem_valid_obj()
     - rcu: Dump memory object info if callback function is invalid
     - rcu: Eliminate rcu_gp_slow_unregister() false positive
     - wifi: cw1200: Avoid processing an invalid TIM IE
     - cgroup: Avoid extra dereference in css_populate_dir()
     - i2c: riic: avoid potential division by zero
     - RDMA/rtrs: Fix the problem of variable not initialized fully
     - [s390x] smp,mcck: fix early IPI handling
     - drm/bridge: tc358768: Attempt to fix DSI horizontal timings
     - media: radio-isa: use dev_name to fill in bus_info
     - staging: iio: resolver: ad2s1210: fix use before initialization
     - usb: gadget: uvc: cleanup request when not in correct state
     - drm/amd/display: Validate hw_points_num before using it
     - staging: ks7010: disable bh on tx_dev_lock
     - media: s5p-mfc: Fix potential deadlock on condlock
     - md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
     - binfmt_misc: cleanup on filesystem umount
     - [arm64,armhf] drm/tegra: Zero-initialize iosys_map
     - media: qcom: venus: fix incorrect return value
     - scsi: spi: Fix sshdr use
     - gfs2: setattr_chown: Add missing initialization
     - wifi: iwlwifi: abort scan when rfkill on but device enabled
     - wifi: iwlwifi: fw: Fix debugfs command sending
     - clk: visconti: Add bounds-checking coverage for struct
       visconti_pll_provider
     - [amd64] IB/hfi1: Fix potential deadlock on &irq_src_lock and
       &dd->uctxt_lock
     - kbuild: rust_is_available: normalize version matching
     - kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
     - [arm64] Fix KASAN random tag seed initialization
     - block: Fix lockdep warning in blk_mq_mark_tag_wait
     - [arm64] drm/msm: Reduce fallout of fence signaling vs reclaim hangs
     - memory: tegra: Skip SID programming if SID registers aren't set
     - [powerpc*] xics: Check return value of kasprintf in icp_native_map_one_cpu
     - [x86] ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
     - [x86] hwmon: (pc87360) Bounds check data->innr usage
     - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at
       linear mode
     - Bluetooth: hci_conn: Check non NULL function before calling for HFP
       offload
     - gfs2: Refcounting fix in gfs2_thaw_super
     - nvmet-trace: avoid dereferencing pointer too early
     - ext4: do not trim the group with corrupted block bitmap
     - afs: fix __afs_break_callback() / afs_drop_open_mmap() race
     - fuse: fix UAF in rcu pathwalks
     - quota: Remove BUG_ON from dqget()
     - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
     - media: pci: cx23885: check cx23885_vdev_init() return
     - fs: binfmt_elf_efpic: don't use missing interpreter's properties
     - scsi: lpfc: Initialize status local variable in
       lpfc_sli4_repost_sgl_list()
     - media: drivers/media/dvb-core: copy user arrays safely
     - net/sun3_82586: Avoid reading past buffer in debug output
     - drm/lima: set gp bus_stop bit before hard reset
     - hrtimer: Select housekeeping CPU during migration
     - virtiofs: forbid newlines in tags
     - clocksource/drivers/arm_global_timer: Guard against division by zero
     - netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
     - md: clean up invalid BUG_ON in md_ioctl
     - [x86] Increase brk randomness entropy for 64-bit systems
     - memory: stm32-fmc2-ebi: check regmap_read return value
     - [powerpc*] boot: Handle allocation failure in simple_realloc()
     - [powerpc*] boot: Only free if realloc() succeeds
     - btrfs: delayed-inode: drop pointless BUG_ON in
       __btrfs_remove_delayed_item()
     - btrfs: change BUG_ON to assertion when checking for delayed_node root
     - btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
     - btrfs: handle invalid root reference found in may_destroy_subvol()
     - btrfs: send: handle unexpected data in header buffer in begin_cmd()
     - btrfs: change BUG_ON to assertion in tree_move_down()
     - btrfs: delete pointless BUG_ON check on quota root in
       btrfs_qgroup_account_extent()
     - f2fs: fix to do sanity check in update_sit_entry
     - usb: gadget: fsl: Increase size of name buffer for endpoints
     - nvme: clear caller pointer on identify failure
     - Bluetooth: bnep: Fix out-of-bound access
     - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
     - rtc: nct3018y: fix possible NULL dereference
     - [arm64] net: hns3: add checking for vf id of mailbox
     - nvmet-tcp: do not continue for invalid icreq
     - NFS: avoid infinite loop in pnfs_update_layout.
     - [s390x] iucv: fix receive buffer virtual vs physical address confusion
     - irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
     - clocksource: Make watchdog and suspend-timing multiplication overflow safe
     - [x86] platform/x86: lg-laptop: fix %s null argument warning
     - usb: dwc3: core: Skip setting event buffers for host only controllers
     - fbdev: offb: replace of_node_put with __free(device_node)
     - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
     - ext4: set the type of max_zeroout to unsigned int to avoid overflow
     - nvmet-rdma: fix possible bad dereference when freeing rsps
     - drm/amdgpu: fix dereference null return value for the function
       amdgpu_vm_pt_parent
     - hrtimer: Prevent queuing of hrtimer without a function callback
     - gtp: pull network headers in gtp_dev_xmit()
     - [arm64,armhf] i2c: tegra: allow DVC support to be compiled out
     - [arm64,armhf] i2c: tegra: allow VI support to be compiled out
     - [arm64,armhf] i2c: tegra: Do not mark ACPI devices as irq safe
     - dm suspend: return -ERESTARTSYS instead of -EINTR
     - net: mana: Fix doorbell out of order violation and avoid unnecessary
       doorbell rings
     - btrfs: replace sb::s_blocksize by fs_info::sectorsize
     - btrfs: send: allow cloning non-aligned extent if it ends at i_size
     - drm/amd/display: Adjust cursor position
     - platform/surface: aggregator: Fix warning when controller is destroyed in
       probe
     - Bluetooth: hci_core: Fix LE quote calculation
     - Bluetooth: SMP: Fix assumption of Central always being Initiator
     - [arm64] net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN
       xmit
     - [arm64] net: dsa: tag_ocelot: call only the relevant portion of
       __skb_vlan_pop() on TX
     - [arm64] net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA
       and register injection
     - [arm64] net: mscc: ocelot: fix QoS class for injected packets with
       "ocelot-8021q"
     - [arm64] net: mscc: ocelot: serialize access to the injection/extraction
       groups
     - tc-testing: don't access non-existent variable on exception
     - tcp/dccp: bypass empty buckets in inet_twsk_purge()
     - tcp/dccp: do not care about families in inet_twsk_purge()
     - tcp: prevent concurrent execution of tcp_sk_exit_batch
     - net: mctp: test: Use correct skb for route input check
     - kcm: Serialise kcm_sendmsg() for the same socket.
     - netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
     - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
     - ip6_tunnel: Fix broken GRO
     - bonding: fix bond_ipsec_offload_ok return type
     - bonding: fix null pointer deref in bond_ipsec_offload_ok
     - bonding: fix xfrm real_dev null pointer dereference
     - bonding: fix xfrm state handling when clearing active slave
     - ice: Prepare legacy-rx for upcoming XDP multi-buffer support
     - ice: Add xdp_buff to ice_rx_ring struct
     - ice: Store page count inside ice_rx_buf
     - ice: Pull out next_to_clean bump out of ice_put_rx_buf()
     - ice: fix page reuse when PAGE_SIZE is over 8k
     - ice: fix ICE_LAST_OFFSET formula
     - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
     - net: dsa: mv88e6xxx: Fix out-of-bound access
     - netem: fix return value if duplicate enqueue fails
     - ipv6: prevent UAF in ip6_send_skb()
     - ipv6: fix possible UAF in ip6_finish_output2()
     - ipv6: prevent possible UAF in ip6_xmit()
     - netfilter: flowtable: validate vlan header
     - [arm64] drm/msm/dpu: don't play tricks with debug macros
     - [arm64] drm/msm/dp: fix the max supported bpp logic
     - [arm64] drm/msm/dp: reset the link phy params before link training
     - [arm64] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
     - mmc: mmc_test: Fix NULL dereference on allocation failure
     - Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884)
     - scsi: core: Fix the return value of scsi_logical_block_count()
     - ksmbd: the buffer of smb2 query dir response has at least 1 byte
     - drm/amdgpu: Validate TA binary size
     - HID: wacom: Defer calculation of resolution until resolution_code is known
     - HID: microsoft: Add rumble support to latest xbox controllers
     - Input: i8042 - add forcenorestore quirk to leave controller untouched even
       on s3
     - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk
       combination
     - cxgb4: add forgotten u64 ivlan cast before shift
     - [arm64] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
     - mmc: dw_mmc: allow biu and ciu clocks to defer
     - pmdomain: imx: wait SSAR when i.MX93 power domain on
     - mptcp: pm: re-using ID of unused removed ADD_ADDR
     - mptcp: pm: re-using ID of unused removed subflows
     - mptcp: pm: re-using ID of unused flushed subflows
     - mptcp: pm: only decrement add_addr_accepted for MPJ req
     - Revert "usb: gadget: uvc: cleanup request when not in correct state"
     - Revert "drm/amd/display: Validate hw_points_num before using it"
     - tcp: do not export tcp_twsk_purge()
     - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
     - ALSA: timer: Relax start tick time check for slave timer elements
     - mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order
       fallback to order 0
     - mm/numa: no task_numa_fault() call if PMD is changed
     - mm/numa: no task_numa_fault() call if PTE is changed
     - nfsd: Simplify code around svc_exit_thread() call in nfsd()
     - nfsd: separate nfsd_last_thread() from nfsd_put()
     - NFSD: simplify error paths in nfsd_svc()
     - nfsd: call nfsd_last_thread() before final nfsd_put()
     - nfsd: drop the nfsd_put helper
     - nfsd: don't call locks_release_private() twice concurrently
     - nfsd: Fix a regression in nfsd_setattr()
     - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
     - drm/amdgpu/vcn: identify unified queue in sw init
     - drm/amdgpu/vcn: not pause dpg for unified queue
     - [x86] KVM: x86: fire timer when it is migrated and expired, and in oneshot
       mode
     - Revert "s390/dasd: Establish DMA alignment"
     - wifi: mac80211: add documentation for amsdu_mesh_control
     - wifi: mac80211: fix mesh path discovery based on unicast packets
     - wifi: mac80211: fix mesh forwarding
     - wifi: mac80211: fix flow dissection for forwarded packets
     - wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
     - wifi: mac80211: drop bogus static keywords in A-MSDU rx
     - wifi: mac80211: fix potential null pointer dereference
     - wifi: cfg80211: fix receiving mesh packets without RFC1042 header
     - gfs2: Fix another freeze/thaw hang
     - gfs2: don't withdraw if init_threads() got interrupted
     - gfs2: Remove LM_FLAG_PRIORITY flag
     - gfs2: Remove freeze_go_demote_ok
     - udp: fix receiving fraglist GSO packets
     - ice: fix W=1 headers mismatch
     - Revert "jfs: fix shift-out-of-bounds in dbJoin"
     - net: change maximum number of UDP segments to 128
     - selftests: net: more strict check in net_helper
     - Input: MT - limit max slots
     - tools: move alignment-related macros to new <linux/align.h>
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.108
     - drm/amdgpu: Using uninitialized value *size when calling
       amdgpu_vce_cs_reloc (CVE-2024-42228)
     - btrfs: run delayed iputs when flushing delalloc
     - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
     - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
     - pinctrl: single: fix potential NULL dereference in pcs_get_function()
     - of: Add cleanup.h based auto release via __free(device_node) markings
     - wifi: wfx: repair open network AP mode
     - wifi: mwifiex: duplicate static structs used in driver instances
     - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
     - mptcp: close subflow when receiving TCP+FIN
     - mptcp: sched: check both backup in retrans
     - mptcp: pm: skip connecting to already established sf
     - mptcp: pm: reset MPC endp ID when re-added
     - mptcp: pm: send ACK on an active subflow
     - mptcp: pm: do not remove already closed subflows
     - mptcp: pm: ADD_ADDR 0 is not a new address
     - drm/amdgpu: align pp_power_profile_mode with kernel docs
     - drm/amdgpu/swsmu: always force a state reprogram on init
     - ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)
     - usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister
       existing source caps before re-registration"
     - mmc: Avoid open coding by using mmc_op_tuning()
     - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
     - mptcp: unify pm get_local_id interfaces
     - mptcp: pm: remove mptcp_pm_remove_subflow()
     - mptcp: pm: only mark 'subflow' endp as available
     - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
     - of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put()
       handling
     - thermal: of: Fix OF node leak in thermal_of_trips_init() error path
     - thermal: of: Fix OF node leak in of_thermal_zone_find() error paths
     - ASoC: amd: acp: fix module autoloading
     - ASoC: SOF: amd: Fix for acp init sequence
     - pinctrl: mediatek: common-v2: Fix broken bias-disable for
       PULL_PU_PD_RSEL_TYPE
     - btrfs: fix extent map use-after-free when adding pages to compressed bio
       (CVE-2024-42314)
     - soundwire: stream: fix programming slave ports for non-continous port maps
     - [arm64] phy: xilinx: add runtime PM support
     - [arm64] phy: xilinx: phy-zynqmp: dynamic clock support for power-save
     - [arm64] phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume
     - [x86] dmaengine: dw: Add peripheral bus width verification
     - [x86] dmaengine: dw: Add memory bus width verification
     - Bluetooth: hci_core: Fix not handling hibernation actions
     - iommu: Do not return 0 from map_pages if it doesn't do anything
     - netfilter: nf_tables: restore IP sanity checks for netdev/egress
     - wifi: iwlwifi: fw: fix wgds rev 3 exact size
     - ethtool: check device is present when getting link settings
     - netfilter: nf_tables_ipv6: consider network offset in netdev/egress
       validation
     - bonding: implement xdo_dev_state_free and call it after deletion
     - gtp: fix a potential NULL pointer dereference
     - sctp: fix association labeling in the duplicate COOKIE-ECHO case
     - drm/amd/display: avoid using null object of framebuffer
     - net: busy-poll: use ktime_get_ns() instead of local_clock()
     - nfc: pn533: Add poll mod list filling check
     - [arm64] soc: qcom: cmd-db: Map shared memory as WC, not WB
     - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
     - USB: serial: option: add MeiG Smart SRM825L
     - [armhf] usb: dwc3: omap: add missing depopulate in probe error path
     - [arm64,armhf] usb: dwc3: core: Prevent USB core invalid event buffer
       address access
     - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
       remove_power_attributes()
     - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
     - usb: cdnsp: fix for Link TRB with TC
     - [arm64] phy: zynqmp: Enable reference clock correctly
     - igc: Fix reset adapter logics when tx mode change
     - igc: Fix qbv tx latency by setting gtxoffset
     - scsi: aacraid: Fix double-free on probe failure
     - apparmor: fix policy_unpack_test on big endian systems
     - fbdev: offb: fix up missing cleanup.h
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.109
     - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
     - scsi: ufs: core: Bypass quick recovery if force reset is needed
     - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
     - ALSA: hda/conexant: Mute speakers at suspend / shutdown
     - i2c: Fix conditional for substituting empty ACPI functions
     - dma-debug: avoid deadlock between dma debug vs printk and netconsole
     - net: usb: qmi_wwan: add MeiG Smart SRM825L
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
     - mptcp: make pm_remove_addrs_and_subflows static
     - mptcp: pm: fix RM_ADDR ID for the initial subflow
     - PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
     - f2fs: fix to truncate preallocated blocks in f2fs_file_open()
       (CVE-2024-43859)
     - mptcp: pm: fullmesh: select the right ID later
     - mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)
     - mptcp: pm: reuse ID 0 after delete and re-add
     - mptcp: pm: fix ID 0 endp usage after multiple re-creations
     - mptcp: pr_debug: add missing \n at the end
     - mptcp: avoid duplicated SUB_CLOSED events
     - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
     - drm/amd/display: Assign linear_pitch_alignment even for VM
     - drm/amdgpu: fix overflowed array index read warning
     - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
     - drm/amd/pm: fix uninitialized variable warning
     - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
     - drm/amd/pm: fix warning using uninitialized value of max_vid_step
     - drm/amd/pm: Fix negative array index read
     - drm/amd/pm: fix the Out-of-bounds read warning
     - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
     - drm/amdgpu: avoid reading vf2pf info size from FB
     - drm/amd/display: Check gpio_id before used as array index
     - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
     - drm/amd/display: Add array index check for hdcp ddc access
     - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
     - drm/amd/display: Check msg_id before processing transcation
     - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
       dal_gpio_service_create
     - drm/amd/display: Spinlock before reading event
     - drm/amd/display: Ensure index calculation will not overflow
     - drm/amd/display: Skip inactive planes within
       ModeSupportAndSystemConfiguration
     - drm/amd/amdgpu: Check tbo resource pointer
     - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
     - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
     - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
     - drm/amdgpu: Fix out-of-bounds write warning
     - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
     - drm/amdgpu: fix ucode out-of-bounds read warning
     - drm/amdgpu: fix mc_data out-of-bounds read warning
     - apparmor: fix possible NULL pointer dereference
     - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
     - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
       SOCs
     - drm/amdgpu: fix dereference after null check
     - drm/amdgpu: fix the waring dereferencing hive
     - drm/amd/pm: check specific index for aldebaran
     - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
     - drm/amd/pm: check negtive return for table entries
     - wifi: rtw89: ser: avoid multiple deinit on same CAM
     - drm/amdgpu: update type of buf size to u32 for eeprom functions
     - wifi: iwlwifi: remove fw_running op
     - cpufreq: scmi: Avoid overflow of target_freq in fast switch
     - PCI: al: Check IORESOURCE_BUS existence during probe
     - hwspinlock: Introduce hwspin_lock_bust()
     - RDMA/efa: Properly handle unexpected AQ completions
     - ionic: fix potential irq name truncation
     - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
     - rcu/nocb: Remove buggy bypass lock contention mitigation
     - usbip: Don't submit special requests twice
     - usb: typec: ucsi: Fix null pointer dereference in trace
     - fsnotify: clear PARENT_WATCHED flags lazily
     - regmap: spi: Fix potential off-by-one when calculating reserved size
     - smack: tcp: ipv4, fix incorrect labeling
     - net/mlx5e: SHAMPO, Fix incorrect page release
     - [arm64] drm/meson: plane: Add error handling
     - [x86] hwmon: (k10temp) Check return value of amd_smn_read()
     - wifi: cfg80211: make hash table duplicates more survivable
     - driver: iio: add missing checks on iio_info's callback access
     - block: remove the blk_flush_integrity call in blk_integrity_unregister
     - drm/amd/display: added NULL check at start of dc_validate_stream
     - drm/amd/display: Correct the defined value for
       AMDGPU_DMUB_NOTIFICATION_MAX
     - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
     - media: uvcvideo: Enforce alignment of frame and interval
     - virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)
     - Bluetooth: SCO: Fix possible circular locking dependency on
       sco_connect_cfm
     - Bluetooth: SCO: fix sco_conn related locking and validity issues
     - ext4: fix inode tree inconsistency caused by ENOMEM
     - udf: Limit file size to 4TB
     - ext4: reject casefold inode flag without casefold feature
     - ext4: handle redirtying in ext4_bio_write_page()
     - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
     - sch/netem: fix use after free in netem_dequeue
     - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
     - [x86] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
     - [x86] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and
       MSR_GS_BASE
     - [x86] KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is
       missing
     - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
       devices
     - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
     - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
     - ksmbd: unset the binding mark of a reused connection
     - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
     - ata: libata: Fix memory leak for error path in ata_host_alloc()
     - [x86] tdx: Fix data leak in mmio_read()
     - [x86] perf/x86/intel: Limit the period on Haswell
     - [arm64,armhf] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
     - [x86] kaslr: Expose and use the end of the physical memory address space
     - rtmutex: Drop rt_mutex::wait_lock before scheduling
     - nvme-pci: Add sleep quirk for Samsung 990 Evo
     - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
       BREDR/LE"
     - Bluetooth: MGMT: Ignore keys being loaded with invalid type
     - mmc: core: apply SD quirks earlier during probe
     - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
     - mmc: sdhci-of-aspeed: fix module autoloading
     - mmc: cqhci: Fix checking of CQHCI_HALT state
     - fuse: update stats for pages in dropped aux writeback list
     - fuse: use unsigned type for getxattr/listxattr size truncation
     - [arm64] clk: qcom: clk-alpha-pll: Fix the pll post div mask
     - [arm64] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
     - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
     - spi: rockchip: Resolve unbalanced runtime PM / system PM handling
     - tracing: Avoid possible softlockup in tracing_iter_reset()
     - net: mctp-serial: Fix missing escapes on transmit
     - [x86] fpu: Avoid writing LBR bit to IA32_XSS unless supported
     - Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
     - tcp_bpf: fix return value of tcp_bpf_sendmsg()
     - ila: call nf_unregister_net_hooks() sooner
     - sched: sch_cake: fix bulk flow accounting logic for host fairness
     - nilfs2: fix missing cleanup on rollforward recovery error
     - nilfs2: protect references to superblock parameters exposed in sysfs
     - nilfs2: fix state management in error path of log writing function
     - ALSA: control: Apply sanity check of input values for user elements
     - ALSA: hda: Add input value sanity checks to HDMI channel map controls
     - smack: unix sockets: fix accept()ed socket label
     - ELF: fix kernel.randomize_va_space double read
     - [armhf] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
     - af_unix: Remove put_pid()/put_cred() in copy_peercred().
     - [x86] kmsan: Fix hook for unaligned accesses
     - netfilter: nf_conncount: fix wrong variable type
     - udf: Avoid excessive partition lengths
     - media: vivid: fix wrong sizeimage value for mplane
     - leds: spi-byte: Call of_node_put() on error path
     - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
     - usb: uas: set host status byte on data completion error
     - usb: gadget: aspeed_udc: validate endpoint index for ast udc
     - drm/amd/display: Check HDCP returned status
     - drm/amdgpu: Fix smatch static checker warning
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
     - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
     - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
     - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
     - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
     - pcmcia: Use resource_size function on resource object
     - drm/amd/display: Check denominator pbn_div before used
     - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
     - can: bcm: Remove proc entry when dev is unregistered.
     - [arm64] can: m_can: Release irq on error in m_can_open
     - can: mcp251xfd: fix ring configuration when switching from CAN-CC to
       CAN-FD mode
     - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
     - igb: Fix not clearing TimeSync interrupts for 82580
     - ice: Add netif_device_attach/detach into PF reset flow
     - [x86] platform/x86: dell-smbios: Fix error path in dell_smbios_init()
     - regulator: Add of_regulator_bulk_get_all
     - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
     - igc: Unlock on error in igc_io_resume()
     - ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog()
     - ice: allow hot-swapping XDP programs
     - ice: do not bring the VSI up, if it was down before the XDP setup
     - usbnet: modern method to get random MAC
     - bareudp: Fix device stats updates.
     - fou: Fix null-ptr-deref in GRO.
     - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
     - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
     - firmware: cs_dsp: Don't allow writes to read-only controls
     - [arm64] phy: zynqmp: Take the phy mutex in xlate
     - [x86] ASoC: topology: Properly initialize soc_enum values
     - dm init: Handle minors larger than 255
     - [amd64] iommu/vt-d: Handle volatile descriptor status read
     - cgroup: Protect css->cgroup write under css_set_lock
     - devres: Initialize an uninitialized struct member
     - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
     - [x86] crypto: qat - fix unintentional re-enabling of error interrupts
     - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
     - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
     - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
     - drm/amdgpu: Set no_hw_access when VF request full GPU fails
     - ext4: fix possible tid_t sequence overflows
     - dma-mapping: benchmark: Don't starve others when doing the test
     - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
     - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
     - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
     - btrfs: clean up our handling of refs == 0 in snapshot delete
     - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
     - PCI: Add missing bridge lock to pci_bus_lock()
     - tcp: Don't drop SYN+ACK for simultaneous connect().
     - net: dpaa: avoid on-stack arrays of NR_CPUS elements
     - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
     - btrfs: initialize location to fix -Wmaybe-uninitialized in
       btrfs_lookup_dentry()
     - [s390x] vmlinux.lds.S: Move ro_after_init section behind rodata section
     - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
     - [amd64] HID: amd_sfh: free driver_data after destroying hid device
     - Input: uinput - reject requests with unreasonable number of slots
     - usbnet: ipheth: race between ipheth_close and error handling
     - Squashfs: sanity check symbolic link size
     - of/irq: Prevent device address out-of-bounds read in interrupt map walk
     - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
     - [mips*] cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
     - ata: pata_macio: Use WARN instead of BUG
     - NFSv4: Add missing rescheduling points in
       nfs_client_return_marked_delegations
     - io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers
     - io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads
     - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
     - iio: buffer-dmaengine: fix releasing dma channel on error
     - iio: fix scale application in iio_convert_raw_to_processed_unlocked
     - iio: adc: ad7124: fix config comparison
     - iio: adc: ad7606: remove frstdata check for serial mode
     - iio: adc: ad7124: fix chip ID mismatch
     - [arm64,armhf] usb: dwc3: core: update LC timer as per USB Spec V3.2
     - [arm*] binder: fix UAF caused by offsets overwrite
     - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
     - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
     - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
     - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
     - clocksource/drivers/timer-of: Remove percpu irq related code
     - uprobes: Use kzalloc to allocate xol area
     - perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
     - fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY
     - fuse: allow non-extending parallel direct writes on the same file
     - fuse: add request extension
     - fuse: fix memory leak in fuse_create_open
     - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
     - workqueue: wq_watchdog_touch is always called with valid CPU
     - workqueue: Improve scalability of workqueue watchdog touch
     - ACPI: processor: Return an error if acpi_processor_get_info() fails in
       processor_add()
     - ACPI: processor: Fix memory leaks in error paths of processor_add()
     - [arm64] acpi: Move get_cpu_for_acpi_id() to a header
     - [arm64] acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
     - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
       function
     - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index
       erratum
     - can: mcp251xfd: clarify the meaning of timestamp
     - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
     - drm/amd: Add gfx12 swizzle mode defs
     - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
     - [powerpc*] 64e: remove unused IBM HTW code
     - [powerpc*] 64e: split out nohash Book3E 64-bit code
     - [powerpc*] 64e: Define mmu_pte_psize static
     - nvmet-tcp: fix kernel crash if commands allocation fails
     - [x86] ASoc: SOF: topology: Clear SOF link platform name upon unload
     - [arm64,armhf] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
     - [x86] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
     - [x86] drm/i915/fence: Mark debug_fence_free() with __maybe_unused
     - [arm64,armhf] gpio: rockchip: fix OF node leak in probe()
     - [arm64] gpio: modepin: Enable module autoloading
     - [x86] mm: Fix PTI for i386 some more
     - btrfs: fix race between direct IO write and fsync when using same fd
     - bpf: Silence a warning in btf_type_id_size()
     - memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
     - regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all()
     - fuse: add feature flag for expire-only
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.111
     - ksmbd: override fsids for share path check
     - ksmbd: override fsids for smb2_query_info()
     - usbnet: ipheth: fix carrier detection in modes 1 and 4
     - net: ethernet: use ip_hdrlen() instead of bit shift
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
     - net: phy: vitesse: repair vsc73xx autonegotiation
     - [powerpc*] mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
     - btrfs: update target inode's ctime on unlink
     - Input: ads7846 - ratelimit the spi_sync error message
     - Input: synaptics - enable SMBus for HP Elitebook 840 G2
     - HID: multitouch: Add support for GT7868Q
     - scripts: kconfig: merge_config: config files: add a trailing newline
     - [x86] platform/surface: aggregator_registry: Add Support for Surface Pro
       10
     - [x86] platform/surface: aggregator_registry: Add support for Surface
       Laptop Go 3
     - [arm64] drm/msm/adreno: Fix error return if missing firmware-name
     - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
     - smb/server: fix return value of smb2_open()
     - NFSv4: Fix clearing of layout segments in layoutreturn
     - NFS: Avoid unnecessary rescanning of the per-server delegation list
     - [x86] platform/x86: panasonic-laptop: Fix SINF array out of bounds
       accesses
     - [x86] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf
       array
     - mptcp: pm: Fix uaf in __timer_delete_sync
     - [arm64] dts: rockchip: fix eMMC/SPI corruption when audio has been used on
       RK3399 Puma
     - [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
       Puma
     - net: tighten bad gso csum offset check in virtio_net_hdr
     - dm-integrity: fix a race condition when accessing recalc_sector
     - mm: avoid leaving partial pfn mappings around in error case
     - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
       (CVE-2024-35943)
     - [arm64] dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
     - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
     - cxl/core: Fix incorrect vendor debug UUID define
     - [armhf] hwmon: (pmbus) Conditionally clear individual status bits for
       pmbus rev >= 1.2
     - ice: fix accounting for filters shared by multiple VSIs
     - igb: Always call igb_xdp_ring_update_tail() under Tx lock
     - net/mlx5: Update the list of the PCI supported devices
     - net/mlx5e: Add missing link modes to ptys2ethtool_map
     - net/mlx5: Explicitly set scheduling element and TSAR type
     - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
     - net/mlx5: Correct TASR typo into TSAR
     - net/mlx5: Verify support for scheduling element and TSAR type
     - net/mlx5: Fix bridge mode operations when there are no VFs
     - fou: fix initialization of grc
     - netfilter: nft_socket: fix sk refcount leaks
     - net: dpaa: Pad packets to ETH_ZLEN
     - [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
     - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
       for non-continous port maps"
     - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
     - drm/amdgpu/atomfirmware: Silence UBSAN warning
     - [x86] drm/i915/guc: prevent a possible int overflow in wq offsets
     - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
     - [arm64] ASoC: meson: axg-card: fix 'use-after-free'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.112
     - ALSA: hda/realtek - Fixed ALC256 headphone no sound
     - ALSA: hda/realtek - FIxed ALC285 headphone no sound
     - scsi: lpfc: Fix overflow build issue
     - [x86] hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
     - [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
     - wifi: iwlwifi: lower message level for FW buffer destination
     - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
     - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
     - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
     - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap()
     - wifi: iwlwifi: clear trans->state earlier upon error
     - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration
     - [x86] ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match
       less strict
     - [x86] ASoC: intel: fix module autoloading
     - spi: spidev: Add an entry for elgin,jg10309-01
     - spi: bcm63xx: Enable module autoloading
     - smb: client: fix hang in wait_for_response() for negproto
     - [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
       frequency
     - tools: hv: rm .*.cmd when make clean
     - block: Fix where bio IO priority gets set
     - spi: spidev: Add missing spi_device_id for jg10309-01
     - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
     - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
       (CVE-2024-41016)
     - xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
     - xfs: Fix deadlock on xfs_inodegc_worker
     - xfs: fix extent busy updating
     - xfs: don't use BMBT btree split workers for IO completion
     - xfs: fix low space alloc deadlock
     - xfs: prefer free inodes at ENOSPC over chunk allocation
     - xfs: block reservation too large for minleft allocation
     - xfs: fix uninitialized variable access
     - xfs: quotacheck failure can race with background inode inactivation
     - xfs: fix BUG_ON in xfs_getbmap()
     - xfs: buffer pins need to hold a buffer reference
     - xfs: defered work could create precommits
     - xfs: fix AGF vs inode cluster buffer deadlock
     - xfs: collect errors from inodegc for unlinked inode recovery
     - xfs: fix ag count overflow during growfs
     - xfs: remove WARN when dquot cache insertion fails
     - xfs: fix the calculation for "end" and "length"
     - xfs: load uncached unlinked inodes into memory on demand
     - xfs: fix negative array access in xfs_getbmap
     - xfs: fix unlink vs cluster buffer instantiation race
     - xfs: correct calculation for agend and blockcount
     - xfs: use i_prev_unlinked to distinguish inodes that are not on the
       unlinked list
     - xfs: reload entire unlinked bucket lists
     - xfs: make inode unlinked bucket recovery work with quotacheck
     - xfs: fix reloading entire unlinked bucket lists
     - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
     - xfs: journal geometry is not properly bounds checked
     - netfilter: nft_socket: make cgroupsv2 matching work with namespaces
     - netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in
       nft_socket_cgroup_subtree_level()
     - netfilter: nft_set_pipapo: walk over current view on netlink dump
       (CVE-2024-27017)
     - netfilter: nf_tables: missing iterator type in lookup walk
     - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
     - gpiolib: cdev: Ignore reconfiguration without direction
     - gpio: prevent potential speculation leaks in gpio_device_get_desc()
       (CVE-2024-44931)
     - can: mcp251xfd: properly indent labels
     - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
       mcp251xfd_chip_start/stop()
     - btrfs: calculate the right space for delayed refs when updating global
       reserve
     - [x86] powercap: RAPL: fix invalid initialization for pl4_supported field
     - [x86] mm: Switch to new Intel CPU model defines
     - USB: serial: pl2303: add device id for Macrosilicon MS3020
     - USB: usbtmc: prevent kernel-usb-infoleak
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 26
   * [rt] Update to 6.1.107-rt39
   * [rt] Update to 6.1.111-rt42

linux-signed-arm64 (6.1.115+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.115-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
     - wifi: rtw88: always wait for both firmware loading attempts
       (CVE-2024-47718)
     - crypto: xor - fix template benchmarking
     - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
     - wifi: ath9k: fix parameter check in ath9k_init_debug()
     - wifi: ath9k: Remove error checks when creating debugfs entries
     - wifi: rtw88: remove CPT execution branch never used
     - fs/namespace: fnic: Switch to use %ptTd
     - mount: handle OOM on mnt_warn_timestamp_expiry
     - drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
       (CVE-2024-47731)
     - wifi: mac80211: don't use rate mask for offchannel TX either
       (CVE-2024-47738)
     - wifi: iwlwifi: mvm: increase the time between ranging measurements
     - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
     - ACPICA: executer/exsystem: Don't nag user about every Stall() violating
       the spec
     - padata: Honor the caller's alignment in case of chunk_size 0
     - drivers/perf: hisi_pcie: Record hardware counts correctly
     - can: j1939: use correct function name in comment
     - ACPI: CPPC: Fix MASK_VAL() usage
     - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
     - netfilter: nf_tables: reject element expiration with no timeout
     - netfilter: nf_tables: reject expiration higher than timeout
     - netfilter: nf_tables: remove annotation to access set timeout while
       holding lock
     - [arm64] perf/arm-cmn: Rework DTC counters (again)
     - [arm64] perf/arm-cmn: Improve debugfs pretty-printing for large configs
     - [arm64] perf/arm-cmn: Refactor node ID handling. Again.
     - [arm64] perf/arm-cmn: Ensure dtm_idx is big enough
     - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
     - [x86] sgx: Fix deadlock in SGX NUMA node search (CVE-2024-49856)
     - crypto: hisilicon/hpre - enable sva error interrupt event
     - crypto: hisilicon/hpre - mask cluster timeout error
     - crypto: hisilicon/qm - fix coding style issues
     - crypto: hisilicon/qm - reset device before enabling it
     - crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730)
     - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
     - wifi: mt76: mt7915: fix rx filter setting for bfee functionality
     - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
     - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
       (CVE-2024-47713)
     - wifi: wilc1000: fix potential RCU dereference issue in
       wilc_parse_join_bss_param (CVE-2024-47712)
     - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
     - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL
     - sock_map: Add a cond_resched() in sock_hash_free()
     - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
       (CVE-2024-47709)
     - can: m_can: Remove repeated check for is_peripheral
     - can: m_can: enable NAPI before enabling interrupts
     - can: m_can: m_can_close(): stop clocks after device has been shut down
     - Bluetooth: btusb: Fix not handling ZPL/short-transfer
     - bareudp: Pull inner IP header in bareudp_udp_encap_recv().
     - bareudp: Pull inner IP header on xmit.
     - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
     - r8169: disable ALDPS per default for RTL8125
     - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
     - net: tipc: avoid possible garbage value
     - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
       (CVE-2024-47707)
     - nbd: fix race between timeout and normal completion (CVE-2024-49855)
     - block, bfq: fix possible UAF for bfqq->bic with merge chain
       (CVE-2024-47706)
     - block, bfq: choose the last bfqq from merge chain in
       bfq_setup_cooperator()
     - block, bfq: don't break merge chain in bfq_split_bfqq()
     - block: print symbolic error name instead of error code
     - block: fix potential invalid pointer dereference in blk_add_partition
       (CVE-2024-47705)
     - spi: ppc4xx: handle irq_of_parse_and_map() errors
     - [arm64] dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB
     - firmware: arm_scmi: Fix double free in OPTEE transport (CVE-2024-49853)
     - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
     - regulator: Return actual error in of_regulator_bulk_get_all()
     - [arm64] dts: renesas: r9a07g043u: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g054: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g044: Correct GICD and GICR sizes
     - [arm64] dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations
     - reset: berlin: fix OF node leak in probe() error path
     - reset: k210: fix OF node leak in probe() error path
     - clocksource/drivers/qcom: Add missing iounmap() on errors in
       msm_dt_timer_init()
     - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error
     - ALSA: hda: cs35l41: fix module autoloading
     - hwmon: (max16065) Fix overflows seen when writing limits
     - i2c: Add i2c_get_match_data()
     - hwmon: (max16065) Remove use of i2c_match_id()
     - hwmon: (max16065) Fix alarm attributes
     - mtd: slram: insert break after errors in parsing the map
     - hwmon: (ntc_thermistor) fix module autoloading
     - power: supply: axp20x_battery: Remove design from min and max voltage
     - power: supply: max17042_battery: Fix SOC threshold calc w/ no current
       sense
     - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
     - [amd64] iommu/amd: Do not set the D bit on AMD v2 table entries
     - mtd: powernv: Add check devm_kasprintf() returned value
     - rcu/nocb: Fix RT throttling hrtimer armed from offline CPU
     - mtd: rawnand: mtk: Use for_each_child_of_node_scoped()
     - mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips
     - mtd: rawnand: mtk: Fix init error path
     - pmdomain: core: Harden inter-column space in debug summary
     - drm/stm: Fix an error handling path in stm_drm_platform_probe()
     - drm/stm: ltdc: check memory returned by devm_kzalloc()
     - drm/amd/display: Add null check for set_output_gamma in
       dcn30_set_output_transfer_func (CVE-2024-47720)
     - drm/amdgpu: Replace one-element array with flexible-array member
     - drm/amdgpu: properly handle vbios fake edid sizing
     - drm/radeon: Replace one-element array with flexible-array member
     - drm/radeon: properly handle vbios fake edid sizing
     - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly
     - scsi: NCR5380: Check for phase match during PDMA fixup
     - drm/amd/amdgpu: Properly tune the size of struct
     - drm/rockchip: vop: Allow 4096px width scaling
     - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
     - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
     - drm/bridge: lontium-lt8912b: Validate mode in
       drm_bridge_funcs::mode_valid()
     - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
     - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
       (CVE-2024-49852)
     - jfs: fix out-of-bounds in dbNextAG() and diAlloc()
     - drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config()
     - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
     - [powerpc*] 8xx: Fix initial memory mapping
     - [powerpc*] 8xx: Fix kernel vs user address comparison
     - drm/msm: Fix incorrect file name output in adreno_request_fw()
     - drm/msm/a5xx: disable preemption in submits by default
     - drm/msm/a5xx: properly clear preemption records on resume
     - drm/msm/a5xx: fix races in preemption evaluation stage
     - drm/msm/a5xx: workaround early ring-buffer emptiness check
     - ipmi: docs: don't advertise deprecated sysfs entries
     - drm/msm: fix %s null argument error
     - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
     - xen: use correct end address of kernel for conflict checking
     - HID: wacom: Support sequence numbers smaller than 16-bit
     - HID: wacom: Do not warn about dropped packets for first packet
     - xen/swiotlb: add alignment check for dma buffers
     - xen/swiotlb: fix allocated size
     - tpm: Clean up TPM space after command failure (CVE-2024-49851)
     - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
       (CVE-2024-49850)
     - xz: cleanup CRC32 edits from 2018
     - kthread: fix task state in kthread worker if being frozen
     - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
     - smackfs: Use rcu_assign_pointer() to ensure safe assignment in
       smk_set_cipso
     - ext4: avoid buffer_head leak in ext4_mark_inode_used()
     - ext4: avoid potential buffer_head leak in __ext4_new_inode()
     - ext4: avoid negative min_clusters in find_group_orlov()
     - ext4: return error on ext4_find_inline_entry
     - ext4: avoid OOB when system.data xattr changes underneath the filesystem
       (CVE-2024-47701)
     - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
       (CVE-2024-47699)
     - nilfs2: determine empty node blocks as corrupted
     - nilfs2: fix potential oob read in nilfs_btree_check_delete()
       (CVE-2024-47757)
     - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
     - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
     - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
       (CVE-2024-47728)
     - perf mem: Free the allocated sort string, fixing a leak
     - perf inject: Fix leader sampling inserting additional samples
     - perf sched timehist: Fix missing free of session in perf_sched__timehist()
     - perf stat: Display iostat headers correctly
     - perf sched timehist: Fixed timestamp error when unable to confirm event
       sched_in time
     - perf time-utils: Fix 32-bit nsec parsing
     - clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite()
       after error detection
     - clk: imx: composite-8m: Enable gate clk with mcore_booted
     - clk: imx: composite-7ulp: Check the PCC present bit
     - clk: imx: fracn-gppll: support integer pll
     - clk: imx: fracn-gppll: fix fractional part of PLL getting lost
     - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
     - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
     - clk: imx: imx8qxp: Parent should be initialized earlier than the clock
     - remoteproc: imx_rproc: Correct ddr alias for i.MX8M
     - remoteproc: imx_rproc: Initialize workqueue earlier
     - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
     - Input: ilitek_ts_i2c - avoid wrong input subsystem sync
     - Input: ilitek_ts_i2c - add report id message validation
     - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
       (CVE-2024-47698)
     - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
       (CVE-2024-47697)
     - PCI/PM: Increase wait time after resume
     - PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter
     - PCI: Wait for Link before restoring Downstream Buses
     - PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
       (CVE-2024-47756)
     - clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL
     - nvdimm: Fix devs leaks in scan_labels()
     - PCI: xilinx-nwl: Fix register misspelling
     - PCI: xilinx-nwl: Clean up clock on probe failure/removal
     - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
       (CVE-2024-47696)
     - pinctrl: single: fix missing error code in pcs_probe()
     - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
     - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (CVE-2024-47695)
     - clk: ti: dra7-atl: Fix leak of of_nodes
     - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
     - nfsd: fix refcount leak when file is unhashed after being found
     - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
     - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
     - IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
     - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
       (CVE-2024-47751)
     - RDMA/erdma: Return QP state in erdma_query_qp
     - watchdog: imx_sc_wdt: Don't disable WDT in suspend
     - [arm64] RDMA/hns: Don't modify rq next block addr in HIP09 QPC
     - [arm64] RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (CVE-2024-47750)
     - [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
     - [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
     - [arm64] RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
     - [arm64] RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS
     - [arm64] RDMA/hns: Optimize hem allocation performance
     - RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
     - RDMA/irdma: fix error message in irdma_modify_qp_roce()
     - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
     - ntb_perf: Fix printk format
     - ntb: Force physically contiguous allocation of rx ring buffers
     - nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
     - nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
     - f2fs: fix to update i_ctime in __f2fs_setxattr()
     - f2fs: remove unneeded check condition in __f2fs_setxattr()
     - f2fs: reduce expensive checkpoint trigger frequency
     - f2fs: factor the read/write tracing logic into a helper
     - f2fs: fix to avoid racing in between read and OPU dio write
     - f2fs: fix to wait page writeback before setting gcing flag
     - f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation
     - f2fs: clean up w/ dotdot_name
     - f2fs: get rid of online repaire on corrupted directory (CVE-2024-47690)
     - spi: atmel-quadspi: Undo runtime PM changes at driver exit time
     - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
     - lib/sbitmap: define swap_lock as raw_spinlock_t
     - nvme-multipath: system fails to create generic nvme device
     - iio: adc: ad7606: fix oversampling gpio array
     - iio: adc: ad7606: fix standby gpio state to match the documentation
     - ABI: testing: fix admv8818 attr description
     - iio: chemical: bme680: Fix read/write ops to device by adding mutexes
     - iio: magnetometer: ak8975: Convert enum->pointer for data in the match
       tables
     - iio: magnetometer: ak8975: drop incorrect AK09116 compatible
     - dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible
     - coresight: tmc: sg: Do not leak sg_table
     - cxl/pci: Break out range register decoding from cxl_hdm_decode_init()
     - cxl/pci: Fix to record only non-zero ranges
     - vdpa: Add eventfd for the vdpa callback
     - vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
     - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (CVE-2024-47686)
     - Revert "dm: requeue IO if mapping table not yet available"
     - net: xilinx: axienet: Schedule NAPI in two steps
     - net: xilinx: axienet: Fix packet counting
     - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685)
     - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
       Condition (CVE-2024-47747)
     - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
     - tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
     - net: qrtr: Update packets cloning when broadcasting
     - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
       (CVE-2024-47734)
     - net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled
     - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
     - netfilter: ctnetlink: compile ctnetlink_label_size with
       CONFIG_NF_CONNTRACK_EVENTS
     - io_uring/sqpoll: do not allow pinning outside of cpuset
     - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
     - io_uring/io-wq: do not allow pinning outside of cpuset
     - io_uring/io-wq: inherit cpuset of cgroup in io worker
     - vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
     - selinux,smack: don't bypass permissions check in inode_setsecctx hook
       (CVE-2024-46695)
     - drm/vmwgfx: Prevent unmapping active read buffers (CVE-2024-46710)
     - io_uring/sqpoll: retain test for whether the CPU is valid
     - io_uring/sqpoll: do not put cpumask on stack
     - Remove *.orig pattern from .gitignore
     - PCI: imx6: Fix missing call to phy_power_off() in error handling
     - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
     - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
     - soc: versatile: integrator: fix OF node leak in probe() error path
     - Revert "media: tuners: fix error return code of
       hybrid_tuner_request_state()"
     - Input: adp5588-keys - fix check on return code
     - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
     - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
     - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
     - [x86] KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
     - [x86] KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
       (CVE-2024-47683)
     - drm/amd/display: Round calculated vtotal
     - drm/amd/display: Validate backlight caps are sane
     - KEYS: prevent NULL pointer dereference in find_asymmetric_key()
       (CVE-2024-47743)
     - fs: Create a generic is_dot_dotdot() utility
     - ksmbd: make __dir_empty() compatible with POSIX
     - ksmbd: allow write with FILE_APPEND_DATA
     - ksmbd: handle caseless file creation
     - scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
       (CVE-2024-47682)
     - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
     - scsi: mac_scsi: Refactor polling loop
     - scsi: mac_scsi: Disallow bus errors during PDMA send
     - usbnet: fix cyclical race on disconnect with work queue
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - USB: appledisplay: close race between probe and completion handler
     - USB: misc: cypress_cy7c63: check for short transfer
     - USB: class: CDC-ACM: fix race between get_serial and set_serial
     - usb: cdnsp: Fix incorrect usb_request status
     - usb: dwc2: drd: fix clock gating on USB role switch
     - bus: integrator-lm: fix OF node leak in probe()
     - bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
     - firmware_loader: Block path traversal (CVE-2024-47742)
     - tty: rp2: Fix reset with non forgiving PCIe host bridges
     - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
     - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
     - drbd: Fix atomicity violation in drbd_uuid_set_bm()
     - drbd: Add NULL check for net_conf to prevent dereference in state
       validation
     - ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
     - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
     - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
       (CVE-2024-49858)
     - perf/x86/intel/pt: Fix sampling synchronization
     - wifi: rtw88: 8822c: Fix reported RX band width
     - wifi: mt76: mt7615: check devm_kasprintf() returned value
     - debugobjects: Fix conditions in fill_pool()
     - f2fs: fix several potential integer overflows in file offsets
     - f2fs: prevent possible int overflow in dir_block_index()
     - f2fs: avoid potential int overflow in sanity_check_area_boundary()
     - f2fs: fix to check atomic_file in f2fs ioctl interfaces (CVE-2024-49859)
     - hwrng: mtk - Use devm_pm_runtime_enable
     - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
     - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
     - [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
     - [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
     - vfs: fix race between evice_inodes() and find_inode()&iput()
     - fs: Fix file_set_fowner LSM hook inconsistencies
     - nfs: fix memory leak in error path of nfs4_do_reclaim
     - EDAC/igen6: Fix conversion of system address to physical memory address
     - padata: use integer wrap around to prevent deadlock on seq_nr overflow
       (CVE-2024-47739)
     - soc: versatile: realview: fix memory leak during device remove
     - soc: versatile: realview: fix soc_dev leak during device remove
     - [powerpc*] 64: Option to build big-endian with ELFv2 ABI
     - [powerpc*] 64: Add support to build with prefixed instructions
     - [powerpc*] atomic: Use YZ constraints for DS-form instructions
     - usb: yurex: Replace snprintf() with the safer scnprintf() variant
     - USB: misc: yurex: fix race between read and write
     - xhci: fix event ring segment table related masks and variables in header
     - xhci: remove xhci_test_trb_in_td_math early development check
     - xhci: Refactor interrupter code for initial multi interrupter support.
     - xhci: Preserve RsvdP bits in ERSTBA register correctly
     - xhci: Add a quirk for writing ERST in high-low order
     - usb: xhci: fix loss of data on Cadence xHC
     - pps: remove usage of the deprecated ida_simple_xx() API
     - pps: add an error check in parport_attach
     - [x86] idtentry: Incorporate definitions/declarations of the FRED entries
     - [x86] entry: Remove unwanted instrumentation in common_interrupt()
     - mm/filemap: return early if failed to allocate memory for split
     - lib/xarray: introduce a new helper xas_get_order
     - mm/filemap: optimize filemap folio adding
     - icmp: Add counters for rate limits
     - icmp: change the order of rate limits (CVE-2024-47678)
     - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
     - lockdep: fix deadlock issue between lockdep and rcu
     - mm: only enforce minimum stack gap size if it's sensible
     - module: Fix KCOV-ignored file name
     - mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with
       rcu read lock
     - i2c: aspeed: Update the stop sw state when the bus recovery occurs
     - i2c: isch: Add missed 'else'
     - usb: yurex: Fix inconsistent locking bug in yurex_read()
     - perf/arm-cmn: Fail DTC counter allocation correctly
     - iio: magnetometer: ak8975: Fix 'Unexpected device' error
     - [powerpc*] Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
     - PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
     - [x86*] tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
     - static_call: Handle module init failure correctly in
       static_call_del_module() (CVE-2024-50002)
     - static_call: Replace pointless WARN_ON() in static_call_module_notify()
     - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
     - jump_label: Fix static_key_slow_dec() yet again
     - scsi: pm8001: Do not overwrite PCI queue mapping
     - mailbox: rockchip: fix a typo in module autoloading
     - mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
     - ceph: remove the incorrect Fw reference check when dirtying pages
     - ieee802154: Fix build error
     - net: sparx5: Fix invalid timestamps
     - net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
     - net/mlx5: Added cond_resched() to crdump collection
     - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
     - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
     - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
     - netfilter: nf_tables: prevent nf_skb_duplicated corruption
       (CVE-2024-49952)
     - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: ethernet: lantiq_etop: fix memory disclosure (CVE-2024-49997)
     - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
     - net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
     - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
     - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
     - ppp: do not assume bh is held in ppp_channel_bridge_input()
       (CVE-2024-49946)
     - fsdax,xfs: port unshare to fsdax
     - iomap: constrain the file range passed to iomap_file_unshare
     - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
       (CVE-2024-49944)
     - i2c: xiic: improve error message when transfer fails to start
     - i2c: xiic: Try re-initialization on bus busy timeout
     - loop: don't set QUEUE_FLAG_NOMERGES
     - Bluetooth: hci_sock: Fix not validating setsockopt user input
       (CVE-2024-35963)
     - media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
     - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is
       uninitialized
     - ALSA: mixer_oss: Remove some incorrect kfree_const() usages
     - ALSA: hda/realtek: Fix the push button function for the ALC257
     - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
     - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
     - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
     - f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
     - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
     - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
     - ice: Adjust over allocation of memory in ice_sched_add_root_node() and
       ice_sched_add_node()
     - wifi: iwlwifi: mvm: Fix a race in scan abort flow
     - wifi: cfg80211: Set correct chandef when starting CAC (CVE-2024-49937)
     - net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
     - net: hisilicon: hip04: fix OF node leak in probe()
     - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
     - net: hisilicon: hns_mdio: fix OF node leak in probe()
     - ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
     - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
     - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
     - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
     - net: sched: consistently use rcu_replace_pointer() in taprio_change()
     - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
     - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
     - blk_iocost: fix more out of bound shifts (CVE-2024-49933)
     - nvme-pci: qdepth 1 quirk
     - wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
     - wifi: rtw88: select WANT_DEV_COREDUMP
     - ACPI: EC: Do not release locks during operation region accesses
     - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
       acpi_db_convert_to_package()
     - tipc: guard against string buffer overrun (CVE-2024-49995)
     - net: mvpp2: Increase size of queue_name buffer
     - bnxt_en: Extend maximum length of version string by 1 byte
     - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
     - wifi: rtw89: correct base HT rate mask for firmware
     - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
     - net: atlantic: Avoid warning about potential string truncation
     - crypto: simd - Do not call crypto_alloc_tfm during registration
     - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
     - wifi: mac80211: fix RCU list iterations
     - ACPICA: iasl: handle empty connection_node
     - proc: add config & param to block forcing mem writes
     - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_cmd_802_11_scan_ext()
     - nfp: Use IRQF_NO_AUTOEN flag in request_irq()
     - ALSA: usb-audio: Add input value sanity checks for standard types
     - [x86] ioapic: Handle allocation failures gracefully (CVE-2024-49927)
     - ALSA: usb-audio: Define macros for quirk table entries
     - ALSA: usb-audio: Replace complex quirk lines with macros
     - ALSA: usb-audio: Add logitech Audio profile quirk
     - ASoC: codecs: wsa883x: Handle reading version failure
     - [x86] kexec: Add EFI config table identity mapping for kexec kernel
     - ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
     - ALSA: hdsp: Break infinite MIDI input flush loop
     - [x86] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
     - fbdev: pxafb: Fix possible use after free in pxafb_task() (CVE-2024-49924)
     - rcuscale: Provide clear error when async specified without primitives
     - [arm64] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
     - power: reset: brcmstb: Do not go into infinite loop if reset fails
     - [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
     - [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
       count (CVE-2024-49993)
     - drm/stm: Avoid use-after-free issues with crtc and plane (CVE-2024-49992)
     - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
     - drm/amd/display: Add null check for top_pipe_to_program in
       commit_planes_for_stream (CVE-2024-49913)
     - ata: pata_serverworks: Do not use the term blacklist
     - ata: sata_sil: Rename sil_blacklist to sil_quirks
     - drm/amd/display: Handle null 'stream_status' in
       'planes_changed_for_existing_stream' (CVE-2024-49912)
     - drm/amd/display: Check null pointers before using dc->clk_mgr
       (CVE-2024-49907)
     - drm/amd/display: Add null check for 'afb' in
       amdgpu_dm_plane_handle_cursor_update (v2)
     - jfs: UBSAN: shift-out-of-bounds in dbFindBits
     - jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
     - jfs: check if leafidx greater than num leaves per dmap tree
       (CVE-2024-49902)
     - scsi: smartpqi: correct stream detection
     - jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
     - drm/amdgpu: add raven1 gfxoff quirk
     - drm/amdgpu: enable gfxoff quirk on HP 705G4
     - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
     - [x86] platform/x86: touchscreen_dmi: add nanote-next quirk
     - drm/stm: ltdc: reset plane transparency after plane disable
     - drm/amd/display: Check stream before comparing them (CVE-2024-49896)
     - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
       translation (CVE-2024-49895)
     - drm/amd/display: Fix index out of bounds in degamma hardware format
       translation (CVE-2024-49894)
     - drm/amd/display: Fix index out of bounds in DCN30 color transformation
       (CVE-2024-49969)
     - drm/amd/display: Initialize get_bytes_per_element's default to 1
       (CVE-2024-49892)
     - drm/printer: Allow NULL data in devcoredump printer
     - [x86] perf,x86: avoid missing caller address in stack traces captured in
       uprobe
     - scsi: aacraid: Rearrange order of struct aac_srb_unit
     - scsi: lpfc: Update PRLO handling in direct attached topology
     - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
     - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
     - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
     - drm/amd/pm: ensure the fw_info is not null before using it
       (CVE-2024-49890)
     - of/irq: Refer to actual buffer size in of_irq_parse_one()
     - [powerpc*] pseries: Use correct data types from pseries_hp_errorlog struct
     - ext4: ext4_search_dir should return a proper error
     - ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
     - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
     - iomap: handle a post-direct I/O invalidate race in
       iomap_write_delalloc_release
     - blk-integrity: use sysfs_emit
     - blk-integrity: convert to struct device_attribute
     - blk-integrity: register sysfs attributes on struct device
     - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
     - spi: s3c64xx: fix timeout counters in flush_fifo
     - [powerpc*] vdso: Fix VDSO data access when running in a non-root time
       namespace
     - Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
       (Closes: #1081833)
     - [x86] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
       (CVE-2024-49886)
     - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
       (CVE-2024-49985)
     - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
     - i2c: xiic: Wait for TX empty to avoid missed TX NAKs
     - media: i2c: ar0521: Use cansleep version of gpiod_set_value()
       (CVE-2024-49961)
     - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
     - spi: bcm63xx: Fix module autoloading
     - power: supply: hwmon: Fix missing temp1_max_alarm attribute
     - perf/core: Fix small negative period being ignored
     - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
     - ALSA: core: add isascii() check to card ID generator
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
     - ALSA: usb-audio: Add native DSD support for Luxman D-08u
     - ALSA: line6: add hw monitor volume control to POD HD500X
     - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
     - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
     - ext4: no need to continue when the number of entries is 1 (CVE-2024-49967)
     - ext4: correct encrypted dentry name hash when not casefolded
     - ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
     - ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
     - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
     - ext4: dax: fix overflowing extents beyond inode size when partially
       writing (CVE-2024-50015)
     - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
     - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
     - ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
     - ext4: fix double brelse() the buffer of the extents path
     - ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
     - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
     - ext4: fix incorrect tid assumption in
       jbd2_journal_shrink_checkpoint_list()
     - ext4: fix fast commit inode enqueueing during a full journal commit
     - ext4: use handle to mark fc as ineligible in __track_dentry_update()
     - ext4: mark fc as ineligible using an handle in ext4_xattr_set()
     - drm/rockchip: vop: clear DMA stop bit on RK3066
     - of/irq: Support #msi-cells=<0> in of_msi_get_domain
     - drm: omapdrm: Add missing check for alloc_ordered_workqueue
       (CVE-2024-49879)
     - resource: fix region_intersects() vs add_memory_driver_managed()
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
       error
     - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
     - mm: krealloc: consider spare memory for __GFP_ZERO
     - ocfs2: fix the la space leak when unmounting an ocfs2 volume
     - ocfs2: fix uninit-value in ocfs2_get_block()
     - ocfs2: reserve space for inline xattr before attaching reflink tree
       (CVE-2024-49958)
     - ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
     - ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
       (CVE-2024-49877)
     - exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
     - perf hist: Update hist symbol when updating maps
     - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
     - nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
     - NFSD: Fix NFSv4's PUTPUBFH operation
     - aoe: fix the potential use-after-free problem in more places
       (CVE-2024-49982)
     - clk: rockchip: fix error for unknown clocks
     - remoteproc: k3-r5: Fix error handling when power-up failed
     - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
     - media: sun4i_csi: Implement link validate for sun4i_csi subdev
     - clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
     - clk: qcom: clk-rpmh: Fix overflow in BCM vote
     - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
     - media: venus: fix use after free bug in venus_remove due to race condition
       (CVE-2024-49981)
     - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: qcom: camss: Fix ordering of pm_runtime_enable
     - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
     - clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
     - smb: client: use actual path when queryfs
     - iio: magnetometer: ak8975: Fix reading for ak099xx sensors
     - gso: fix udp gso fraglist segmentation after pull from frag_list
       (CVE-2024-49978)
     - tomoyo: fallback to realpath if symlink's pathname does not exist
       (Closes: #1082001)
     - net: stmmac: Fix zero-division error when disabling tc cbs
       (CVE-2024-49977)
     - rtc: at91sam9: fix OF node leak in probe() error path
     - Input: adp5589-keys - fix NULL pointer dereference (CVE-2024-49871)
     - Input: adp5589-keys - fix adp5589_gpio_get_value()
     - cachefiles: fix dentry leak in cachefiles_open_file() (CVE-2024-49870)
     - ACPI: resource: Add Asus Vivobook X1704VAP to
       irq1_level_low_skip_override[] (Closes: #1078696)
     - ACPI: resource: Add Asus ExpertBook B2502CVA to
       irq1_level_low_skip_override[]
     - btrfs: fix a NULL pointer dereference when failed to start a new
       trasacntion (CVE-2024-49868)
     - btrfs: send: fix invalid clone operation for file that got its size
       decreased
     - btrfs: wait for fixup workers before stopping cleaner kthread during
       umount (CVE-2024-49867)
     - gpio: davinci: fix lazy disable
     - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
       (CVE-2024-8805)
     - ceph: fix cap ref leak via netfs init_request
     - tracing/hwlat: Fix a race during cpuhp processing
     - tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866)
     - close_range(): fix the logics in descriptor table trimming
     - [x86] drm/i915/gem: fix bitwise and logical AND mixup
     - drm/sched: Add locking to drm_sched_entity_modify_sched
     - drm/amd/display: Fix system hang while resume with TBT monitor
       (CVE-2024-50003)
     - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
       (Closes: #1076483)
     - kconfig: qconf: fix buffer overflow in debug links
     - i2c: create debugfs entry per adapter
     - i2c: core: Lock address during client device instantiation
     - i2c: xiic: Use devm_clk_get_enabled()
     - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
     - dt-bindings: clock: exynos7885: Fix duplicated binding
     - spi: bcm63xx: Fix missing pm_runtime_disable()
     - [arm64] Add Cortex-715 CPU part definition
     - [arm64] cputype: Add Neoverse-N3 definitions
     - [arm64] errata: Expand speculative SSBS workaround once more
     - io_uring/net: harden multishot termination case for recv
     - uprobes: fix kernel info leak via "[uprobes]" vma
     - mm: z3fold: deprecate CONFIG_Z3FOLD
     - drm/amd/display: Allow backlight to go below
       `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
     - build-id: require program headers to be right after ELF header
     - lib/buildid: harden build ID parsing logic
     - docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
     - delayacct: improve the average delay precision of getdelay tool to
       microsecond
     - sched: psi: fix bogus pressure spikes from aggregation race
     - media: i2c: imx335: Enable regulator supplies
     - media: imx335: Fix reset-gpio handling
     - remoteproc: k3-r5: Acquire mailbox handle during probe routine
     - remoteproc: k3-r5: Delay notification of wakeup event
     - dt-bindings: clock: qcom: Add missing UFS QREF clocks
     - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
     - clk: samsung: exynos7885: do not define number of clocks in bindings
     - clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
     - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
     - r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
     - clk: qcom: gcc-sc8180x: Add GPLL9 support
     - ACPI: battery: Simplify battery hook locking
     - ACPI: battery: Fix possible crash when unregistering a battery hook
       (CVE-2024-49955)
     - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
       bindings"
     - erofs: get rid of erofs_inode_datablocks()
     - erofs: get rid of z_erofs_do_map_blocks() forward declaration
     - erofs: avoid hardcoded blocksize for subpage block support
     - erofs: set block size to the on-disk block size
     - erofs: fix incorrect symlink detection in fast symlink
     - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
     - perf report: Fix segfault when 'sym' sort key is not used
     - fsdax: dax_unshare_iter() should return a valid length
     - fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
     - unicode: Don't special case ignorable code points
     - net: ethernet: cortina: Drop TSO support
     - tracing: Remove precision vsnprintf() check from print event
     - ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
     - ALSA: hda/realtek: cs35l41: Fix device ID / model name
     - drm/crtc: fix uninitialized variable use even harder
     - tracing: Have saved_cmdlines arrays all in one allocation
     - bootconfig: Fix the kerneldoc of _xbc_exit()
     - perf lock: Dynamically allocate lockhash_table
     - perf sched: Avoid large stack allocations
     - perf sched: Move start_work_mutex and work_done_wait_mutex initialization
       to perf_sched__replay()
     - perf sched: Fix memory leak in perf_sched__map()
     - perf sched: Move curr_thread initialization to perf_sched__map()
     - perf sched: Move curr_pid and cpu_last_switched initialization to
       perf_sched__{lat|map|replay}()
     - libsubcmd: Don't free the usage string
     - Bluetooth: Fix usage of __hci_cmd_sync_status
     - virtio_console: fix misc probe bugs
     - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
     - bpf: Check percpu map value size first
     - [s390x] facility: Disable compile time optimization for decompressor code
     - [s390x] mm: Add cond_resched() to cmm_alloc/free_pages()
     - bpf, x64: Fix a jit convergence issue
     - ext4: don't set SB_RDONLY after filesystem errors
     - ext4: nested locking for xattr inode
     - [s390x] cpum_sf: Remove WARN_ON_ONCE statements
     - RDMA/mad: Improve handling of timed out WRs of mad agent
     - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
     - RDMA/rtrs-srv: Avoid null pointer deref during path establishment
       (CVE-2024-50062)
     - clk: bcm: bcm53573: fix OF node leak in init
     - PCI: Add ACS quirk for Qualcomm SA8775P
     - i2c: i801: Use a different adapter-name for IDF adapters
     - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
     - io_uring: check if we need to reschedule during overflow flush
       (CVE-2024-50060)
     - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
       switchtec_ntb_remove due to race condition (CVE-2024-50059)
     - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
     - media: videobuf2-core: clear memory related fields in
       __vb2_plane_dmabuf_put()
     - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
     - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
     - usb: chipidea: udc: enable suspend interrupt after usb reset
     - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
       Crashkernel Scenario
     - comedi: ni_routing: tools: Check when the file could not be opened
     - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
     - virtio_pmem: Check device status before requesting flush
     - tools/iio: Add memory allocation failure check for trigger_name
     - staging: vme_user: added bound check to geoid
     - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
       attribute
     - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
       lpfc_els_flush_cmd()
     - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
       instance
     - drm/amd/display: Check null pointer before dereferencing se
       (CVE-2024-50049)
     - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
       (CVE-2024-50048)
     - fbdev: sisfb: Fix strbuf array overflow
     - drm/rockchip: vop: limit maximum resolution to hardware capabilities
     - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
     - NFSD: Mark filecache "down" if init fails
     - ice: fix VLAN replay after reset
     - SUNRPC: Fix integer overflow in decode_rc_list()
     - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
       (CVE-2024-50046)
     - net: phy: dp83869: fix memory corruption when enabling fiber
     - tcp: fix to allow timestamp undo if no retransmits were sent
     - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
     - netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
     - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
       (CVE-2024-50044)
     - net: phy: bcm84881: Fix some error handling paths
     - thermal: int340x: processor_thermal: Set feature mask before
       proc_thermal_add
     - thermal: intel: int340x: processor: Fix warning during module unload
     - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
     - net: ethernet: adi: adin1110: Fix some error handling path in
       adin1110_read_fifo()
     - net: dsa: b53: fix jumbo frame mtu check
     - net: dsa: b53: fix max MTU for 1g switches
     - net: dsa: b53: fix max MTU for BCM5325/BCM5365
     - net: dsa: b53: allow lower MTUs on BCM5325/5365
     - net: dsa: b53: fix jumbo frames on 10/100 ports
     - gpio: aspeed: Add the flush write to ensure the write complete.
     - gpio: aspeed: Use devm_clk api to manage clock source
     - ice: Fix netif_is_ice() in Safe Mode
     - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
       (CVE-2024-50041)
     - igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
     - net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
     - net: ibm: emac: mal: fix wrong goto
     - btrfs: zoned: fix missing RCU locking in error message when loading zone
       info
     - sctp: ensure sk_state is set to CLOSED if hashing fails in
       sctp_listen_start
     - netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
     - netfilter: fib: check correct rtable in vrf setups
     - net: ibm/emac: allocate dummy net_device dynamically
     - net: ibm: emac: mal: add dcr_unmap to _remove
     - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
     - vxlan: Handle error of rtnl_register_module().
     - mctp: Handle error of rtnl_register_module().
     - ppp: fix ppp_async_encode() illegal access
     - slip: make slhc_remember() more robust against malicious packets
     - rust: macros: provide correct provenance when constructing THIS_MODULE
     - HID: multitouch: Add support for lenovo Y9000P Touchpad
     - net/mlx5: Always drain health in shutdown callback (CVE-2024-43866)
     - wifi: mac80211: Avoid address calculations via out of bounds array
       indexing (CVE-2024-41071)
     - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
     - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
     - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
     - Revert "net: ibm/emac: allocate dummy net_device dynamically"
     - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
     - HID: plantronics: Workaround for an unexcepted opposite volume key
     - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
     - usb: dwc3: core: Stop processing of pending events if controller is halted
     - usb: xhci: Fix problem with xhci resume from suspend
     - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
     - usb: gadget: core: force synchronous registration
     - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
       ish_fw_xfer_direct_dma
     - drm/v3d: Stop the active perfmon before being destroyed (CVE-2024-50031)
     - drm/vc4: Stop the active perfmon before being destroyed
     - scsi: wd33c93: Don't use stale scsi_pointer value (CVE-2024-50026)
     - mptcp: fallback when MPTCP opts are dropped after 1st data
     - ata: libata: avoid superfluous disk spin down + spin up during hibernation
     - net: explicitly clear the sk pointer, when pf->create fails
     - net: Fix an unsafe loop on the list (CVE-2024-50024)
     - net: dsa: lan9303: ensure chip reset and wait for READY status
     - mptcp: handle consistently DSS corruption
     - mptcp: pm: do not remove closing subflows
     - device-dax: correct pgoff align in dax_set_mapping() (CVE-2024-50022)
     - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
     - kthread: unpark only parked kthread (CVE-2024-50019)
     - secretmem: disable memfd_secret() if arch cannot set direct map
     - net: ethernet: cortina: Restore TSO support
     - perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
     - block, bfq: fix uaf for accessing waker_bfqq after splitting
       (CVE-2024-49854)
     - Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
     - btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
     - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
     - ksmbd: fix user-after-free from session log off (CVE-2024-50086)
     - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
     - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
     - udf: New directory iteration code
     - udf: Convert udf_expand_dir_adinicb() to new directory iteration
     - udf: Move udf_expand_dir_adinicb() to its callsite
     - udf: Implement searching for directory entry using new iteration code
     - udf: Provide function to mark entry as deleted using new directory
       iteration code
     - udf: Convert udf_rename() to new directory iteration code
     - udf: Convert udf_readdir() to new directory iteration
     - udf: Convert udf_lookup() to use new directory iteration code
     - udf: Convert udf_get_parent() to new directory iteration code
     - udf: Convert empty_dir() to new directory iteration code
     - udf: Convert udf_rmdir() to new directory iteration code
     - udf: Convert udf_unlink() to new directory iteration code
     - udf: Implement adding of dir entries using new iteration code
     - udf: Convert udf_add_nondir() to new directory iteration
     - udf: Convert udf_mkdir() to new directory iteration code
     - udf: Convert udf_link() to new directory iteration code
     - udf: Remove old directory iteration code
     - udf: Handle error when expanding directory
     - udf: Don't return bh from udf_expand_dir_adinicb()
     - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
     - net: enetc: add missing static descriptor and inline keyword
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
     - [arm64] probes: Remove broken LDR (literal) uprobe support
     - [arm64] probes: Fix simulate_ldr*_literal()
     - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
       fixed-link PHY
     - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
     - fat: fix uninitialized variable
     - mm/swapfile: skip HugeTLB pages for unuse_vma
     - devlink: drop the filter argument from devlinks_xa_find_get
     - devlink: bump the instance index directly when iterating
     - maple_tree: correct tree corruption on spanning store
     - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
       (CVE-2024-39497)
     - [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
       devices
     - [s390x] sclp: Deactivate sclp after all its users
     - [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
     - [s390x] KVM: s390: gaccess: Check if guest address is in memslot
     - [s390x] KVM: s390: Change virtual to physical address access in diag 0x258
       handler
     - [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
     - [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
     - [x86] entry: Have entry_ibpb() invalidate return predictions
     - [x86] bugs: Skip RSB fill at VMEXIT
     - [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
     - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
       (CVE-2024-50082)
     - io_uring/sqpoll: close race on waiting for sqring entries
     - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
     - drm/radeon: Fix encoder->possible_clones
     - drm/vmwgfx: Handle surface check failure correctly
     - drm/amdgpu/swsmu: Only force workload setup on init
     - drm/amdgpu: prevent BO_HANDLES error from being overwritten
     - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
     - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
     - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: hid-sensors: Fix an error handling path in
       _hid_sensor_set_report_latency()
     - iio: light: veml6030: fix ALS sensor resolution
     - iio: light: veml6030: fix IIO device retrieval from embedded device
     - iio: light: opt3001: add missing full-scale range value
     - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - Bluetooth: Call iso_exit() on module unload
     - Bluetooth: Remove debugfs directory on module init failure
     - Bluetooth: ISO: Fix multiple init when debugfs is disabled
       (CVE-2024-50077)
     - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
     - xhci: Fix incorrect stream context type macro
     - xhci: Mitigate failed set dequeue pointer commands
     - USB: serial: option: add support for Quectel EG916Q-GL
     - USB: serial: option: add Telit FN920C04 MBIM compositions
     - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
     - parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
     - [x86] resctrl: Annotate get_mem_config() functions as __init
     - [x86] apic: Always explicitly disarm TSC-deadline timer
     - [x86] entry_32: Do not clobber user EFLAGS.ZF
     - [x86] entry_32: Clear CPU buffers after register restore in NMI return
     - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073)
     - pinctrl: ocelot: fix system hang on level based interrupts
     - pinctrl: apple: check devm_kasprintf() returned value
     - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
     - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
     - tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
     - mptcp: prevent MPC handshake on port-based signal endpoints
     - nilfs2: propagate directory read errors from nilfs_find_entry()
     - [powerpc*] 64: Add big-endian ELFv2 flavour to crypto VMX asm generation
     - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
       1000 G2
     - udf: Allocate name buffer in directory iterator on heap
     - udf: Avoid directory type conversion failure due to ENOMEM
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.115
     - bpf: Use raw_spinlock_t in ringbuf
     - iio: accel: bma400: Fix uninitialized variable field_value in tap event
       handling.
     - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
     - bpf: devmap: provide rxq after redirect
     - bpf: Fix memory leak in bpf_core_apply
     - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
     - RDMA/bnxt_re: Add a check for memory allocation
     - [x86] resctrl: Avoid overflow in MB settings in bw_validate()
     - [armhf] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
     - [s390x] pci: Handle PCI error codes other than 0x3a
     - bpf: fix kfunc btf caching for modules
     - drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
     - ALSA: hda/cs8409: Fix possible NULL dereference
     - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
     - RDMA/irdma: Fix misspelling of "accept*"
     - RDMA/srpt: Make slab cache names unique
     - ipv4: give an IPv4 dev to blackhole_netdev
     - RDMA/bnxt_re: Return more meaningful error
     - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
     - [arm64] drm/msm/dpu: make sure phys resources are properly initialized
     - [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
       calculation
     - [arm64] drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
     - [arm64] drm/msm: Allocate memory for disp snapshot with kvzalloc()
     - net: usb: usbnet: fix race in probe failure
     - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
     - macsec: don't increment counters for an unrelated SA
     - netdevsim: use cond_resched() in nsim_dev_trap_report_work()
     - net: ethernet: aeroflex: fix potential memory leak in
       greth_start_xmit_gbit()
     - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
     - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
     - net: systemport: fix potential memory leak in bcm_sysport_xmit()
     - [arm64] drm/msm/dpu: Wire up DSC mask for active CTL configuration
     - [arm64] drm/msm/dpu: don't always program merge_3d block
     - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
     - genetlink: hold RCU in genlmsg_mcast()
     - ravb: Remove setting of RX software timestamp
     - net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
     - scsi: target: core: Fix null-ptr-deref in target_alloc_device()
     - smb: client: fix OOBs when building SMB2_IOCTL request
     - usb: typec: altmode should keep reference to parent
     - [s390x] Initialize psw mask in perf_arch_fetch_caller_regs()
     - Bluetooth: bnep: fix wild-memory-access in proto_unregister
     - net/mlx5: Remove redundant cmdif revision check
     - net/mlx5: split mlx5_cmd_init() to probe and reload routines
     - net/mlx5: Fix command bitmask initialization
     - net/mlx5: Unregister notifier on eswitch init failure
     - bpf: Fix iter/task tid filtering
     - [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
     - [arm64] probes: Fix uprobes for big-endian kernels
     - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
     - usb: gadget: f_uac2: fix non-newline-terminated function name
     - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
     - usb: gadget: Add function wakeup support
     - XHCI: Separate PORT and CAPs macros into dedicated file
     - [arm64,armhf] usb: dwc3: core: Fix system suspend on TI AM62 platforms
     - tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool
       active
     - serial: Make uart_handle_cts_change() status param bool active
     - serial: imx: Update mctrl old_status on RTSD interrupt
     - block, bfq: fix procress reference leakage for bfqq in merge chain
     - exec: don't WARN for racy path_noexec check (CVE-2024-50010)
     - fs/ntfs3: Add more attributes checks in mi_enum_attr() (CVE-2023-45896)
     - [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
       with real VLA
     - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
       default regs values
     - [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
     - [arm64] Force position-independent veneers
     - udf: refactor udf_current_aext() to handle error
     - udf: fix uninit-value use in udf_get_fileshortad
     - [x86] platform/x86: dell-sysman: add support for alienware products
     - jfs: Fix sanity check in dbMount
     - tracing: Consider the NULL character when validating the event length
     - xfrm: extract dst lookup parameters into a struct
     - xfrm: respect ip protocols rules criteria when performing dst lookups
     - be2net: fix potential memory leak in be_xmit()
     - net: plip: fix break; causing plip to never transmit
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix error when setting port policy on
       mv88e6393x
     - netfilter: xtables: fix typo causing some targets not to load on IPv6
     - net: wwan: fix global oob in wwan_rtnl_policy
     - docs: net: reformat driver.rst from a list to sections
     - net: provide macros for commonly copied lockless queue stop/wake code
     - net/sched: adjust device watchdog timer to detect stopped queue at right
       time
     - net: fix races in netdev_tx_sent_queue()/dev_watchdog()
     - net: usb: usbnet: fix name regression
     - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
       created by classifiers
     - net: sched: fix use-after-free in taprio_change()
     - r8169: avoid unsolicited interrupts
     - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
     - Bluetooth: SCO: Fix UAF on sco_sock_timeout
     - Bluetooth: ISO: Fix UAF on iso_sock_timeout
     - bpf,perf: Fix perf_event_detach_bpf_prog error handling
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
     - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
     - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
     - ALSA: hda/realtek: Update default depop procedure
     - cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
     - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
     - btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
     - btrfs: zoned: fix zone unusable accounting for freed reserved extent
     - drm/amd: Guard against bad data for ATIF ACPI method
     - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
     - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
     - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
       detection issue
     - nilfs2: fix kernel bug due to missing clearing of buffer delay flag
     - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
     - [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
     - [arm64] KVM: arm64: Don't eagerly teardown the vgic on init error
     - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
     - xfrm: fix one more kernel-infoleak in algo dumping
     - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
     - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
     - selinux: improve error checking in sel_write_load()
     - serial: protect uart_port_dtr_rts() in uart_shutdown() too
       (CVE-2024-50058)
     - net: phy: dp83822: Fix reset pin definitions
     - [arm64] ASoC: qcom: Fix NULL Dereference in
       asoc_qcom_lpass_cpu_platform_probe()
     - [x86] platform/x86: dell-wmi: Ignore suspend notifications
     - ACPI: PRM: Clean up guid type in struct prm_handler_info
     - [arm64] uprobes: change the uprobe_opcode_t typedef to fix the sparse
       warning
     - xfrm: validate new SA's prefixlen using SA family when sel.family is unset
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 27
   * d/config: Update with the help of kconfigeditor2
     - mm: Enable Z3FOLD_DEPRECATED instead of Z3FOLD
linux-signed-arm64 (6.1.112+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.112-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
     - tty: atmel_serial: use the correct RTS flag.
     - fuse: Initialize beyond-EOF page contents before setting uptodate
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
     - ALSA: usb-audio: Support Yamaha P-125 quirk entry
     - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
     - [x86] thunderbolt: Mark XDomain as unplugged when router is removed
     - [s390x] dasd: fix error recovery leading to data corruption on ESE devices
     - [arm64] ACPI: NUMA: initialize all values of acpi_early_node_map to
       NUMA_NO_NODE
     - dm resume: don't return EINVAL when signalled
     - dm persistent data: fix memory allocation failure
     - vfs: Don't evict inode under the inode lru traversing context
     - [s390x] cio: rename bitmap_size() -> idset_bitmap_size()
     - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
     - bitmap: introduce generic optimized bitmap_size()
     - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
     - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
     - rtla/osnoise: Prevent NULL dereference in error handling
     - fs/netfs/fscache_cookie: add missing "n_accesses" check
     - selinux: fix potential counting error in avc_add_xperms_decision()
     - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
     - btrfs: zoned: properly take lock to read/update block group's zoned
       variables
     - btrfs: tree-checker: add dev extent item checks
     - drm/amdgpu: Actually check flags for all context ops.
     - memcg_write_event_control(): fix a user-triggerable oops
     - drm/amdgpu/jpeg2: properly set atomics vmid field
     - [s390x] uv: Panic for set and remove shared access UVC errors
     - bpf: Fix updating attached freplace prog in prog_array map
     - nilfs2: prevent WARNING in nilfs_dat_commit_end()
     - ext4, jbd2: add an optimized bmap for the journal inode
     - 9P FS: Fix wild-memory-access write in v9fs_get_acl
     - nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
     - mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
     - bpf: Split off basic BPF verifier log into separate file
     - bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
     - posix-timers: Ensure timer ID search-loop limit is valid
     - pid: Replace struct pid 1-element array with flex-array
     - gfs2: Rename remaining "transaction" glock references
     - gfs2: Rename the {freeze,thaw}_super callbacks
     - gfs2: Rename gfs2_freeze_lock{ => _shared }
     - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
     - gfs2: Rework freeze / thaw logic
     - gfs2: Stop using gfs2_make_fs_ro for withdraw
     - Bluetooth: Fix hci_link_tx_to RCU lock usage
     - wifi: mac80211: take wiphy lock for MAC addr change
     - wifi: mac80211: fix change_address deadlock during unregister
     - net: sched: Print msecs when transmit queue time out
     - net: don't dump stack on queue timeout
     - jfs: fix shift-out-of-bounds in dbJoin
     - squashfs: squashfs_read_data need to check if the length is 0
     - Squashfs: fix variable overflow triggered by sysbot
     - reiserfs: fix uninit-value in comp_keys
     - erofs: avoid debugging output for (de)compressed data
     - quota: Detect loops in quota tree
     - net:rds: Fix possible deadlock in rds_message_put
     - net: sctp: fix skb leak in sctp_inq_free()
     - pppoe: Fix memory leak in pppoe_sendmsg()
     - wifi: mac80211: fix and simplify unencrypted drop check for mesh
     - wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
     - wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
     - wifi: mac80211: remove mesh forwarding congestion check
     - wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
     - wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
     - wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
     - docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
     - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
     - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
     - Bluetooth: RFCOMM: Fix not validating setsockopt user input
       (CVE-2024-35966)
     - ext4: check the return value of ext4_xattr_inode_dec_ref()
     - ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
     - ext4: do not create EA inode under buffer lock (CVE-2024-40972)
     - udf: Fix bogus checksum computation in udf_rename()
     - bpf, net: Use DEV_STAT_INC()
     - fou: remove warn in gue_gro_receive on unsupported protocol
       (CVE-2024-44940)
     - jfs: fix null ptr deref in dtInsertEntry (CVE-2024-44939)
     - jfs: Fix shift-out-of-bounds in dbDiscardAG (CVE-2024-44938)
     - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
     - igc: Correct the launchtime offset
     - igc: Fix packet still tx after gate close by reducing i226 MAC retry
       buffer
     - net/mlx5e: Take state lock during tx timeout reporter
     - net/mlx5e: Correctly report errors for ethtool rx flows
     - atm: idt77252: prevent use after free in dequeue_rx()
     - mlxbf_gige: Remove two unused function declarations
     - mlxbf_gige: disable RX filters until RX path initialized
     - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
     - netfilter: allow ipv6 fragments to arrive on different devices
     - netfilter: flowtable: initialise extack before use
     - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
       (Closes: #1070685)
     - netfilter: nf_tables: Audit log dump reset after the fact
     - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
     - netfilter: nf_tables: Unconditionally allocate nft_obj_filter
     - netfilter: nf_tables: A better name for nft_obj_filter
     - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
     - netfilter: nf_tables: nft_obj_filter fits into cb->ctx
     - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
     - netfilter: nf_tables: Introduce nf_tables_getobj_single
     - netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
     - [arm64] net: hns3: fix wrong use of semaphore up
     - [arm64] net: hns3: use the user's cfg after reset
     - [arm64] net: hns3: fix a deadlock problem when config TC during resetting
     - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
     - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible
       values can be stored
     - ssb: Fix division by zero issue in ssb_calc_clock_rate
     - wifi: cfg80211: check wiphy mutex is held for wdev mutex
     - wifi: mac80211: fix BA session teardown race
     - mm: Remove kmem_valid_obj()
     - rcu: Dump memory object info if callback function is invalid
     - rcu: Eliminate rcu_gp_slow_unregister() false positive
     - wifi: cw1200: Avoid processing an invalid TIM IE
     - cgroup: Avoid extra dereference in css_populate_dir()
     - i2c: riic: avoid potential division by zero
     - RDMA/rtrs: Fix the problem of variable not initialized fully
     - [s390x] smp,mcck: fix early IPI handling
     - drm/bridge: tc358768: Attempt to fix DSI horizontal timings
     - media: radio-isa: use dev_name to fill in bus_info
     - staging: iio: resolver: ad2s1210: fix use before initialization
     - usb: gadget: uvc: cleanup request when not in correct state
     - drm/amd/display: Validate hw_points_num before using it
     - staging: ks7010: disable bh on tx_dev_lock
     - media: s5p-mfc: Fix potential deadlock on condlock
     - md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
     - binfmt_misc: cleanup on filesystem umount
     - [arm64,armhf] drm/tegra: Zero-initialize iosys_map
     - media: qcom: venus: fix incorrect return value
     - scsi: spi: Fix sshdr use
     - gfs2: setattr_chown: Add missing initialization
     - wifi: iwlwifi: abort scan when rfkill on but device enabled
     - wifi: iwlwifi: fw: Fix debugfs command sending
     - clk: visconti: Add bounds-checking coverage for struct
       visconti_pll_provider
     - [amd64] IB/hfi1: Fix potential deadlock on &irq_src_lock and
       &dd->uctxt_lock
     - kbuild: rust_is_available: normalize version matching
     - kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
     - [arm64] Fix KASAN random tag seed initialization
     - block: Fix lockdep warning in blk_mq_mark_tag_wait
     - [arm64] drm/msm: Reduce fallout of fence signaling vs reclaim hangs
     - memory: tegra: Skip SID programming if SID registers aren't set
     - [powerpc*] xics: Check return value of kasprintf in icp_native_map_one_cpu
     - [x86] ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
     - [x86] hwmon: (pc87360) Bounds check data->innr usage
     - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at
       linear mode
     - Bluetooth: hci_conn: Check non NULL function before calling for HFP
       offload
     - gfs2: Refcounting fix in gfs2_thaw_super
     - nvmet-trace: avoid dereferencing pointer too early
     - ext4: do not trim the group with corrupted block bitmap
     - afs: fix __afs_break_callback() / afs_drop_open_mmap() race
     - fuse: fix UAF in rcu pathwalks
     - quota: Remove BUG_ON from dqget()
     - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
     - media: pci: cx23885: check cx23885_vdev_init() return
     - fs: binfmt_elf_efpic: don't use missing interpreter's properties
     - scsi: lpfc: Initialize status local variable in
       lpfc_sli4_repost_sgl_list()
     - media: drivers/media/dvb-core: copy user arrays safely
     - net/sun3_82586: Avoid reading past buffer in debug output
     - drm/lima: set gp bus_stop bit before hard reset
     - hrtimer: Select housekeeping CPU during migration
     - virtiofs: forbid newlines in tags
     - clocksource/drivers/arm_global_timer: Guard against division by zero
     - netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
     - md: clean up invalid BUG_ON in md_ioctl
     - [x86] Increase brk randomness entropy for 64-bit systems
     - memory: stm32-fmc2-ebi: check regmap_read return value
     - [powerpc*] boot: Handle allocation failure in simple_realloc()
     - [powerpc*] boot: Only free if realloc() succeeds
     - btrfs: delayed-inode: drop pointless BUG_ON in
       __btrfs_remove_delayed_item()
     - btrfs: change BUG_ON to assertion when checking for delayed_node root
     - btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
     - btrfs: handle invalid root reference found in may_destroy_subvol()
     - btrfs: send: handle unexpected data in header buffer in begin_cmd()
     - btrfs: change BUG_ON to assertion in tree_move_down()
     - btrfs: delete pointless BUG_ON check on quota root in
       btrfs_qgroup_account_extent()
     - f2fs: fix to do sanity check in update_sit_entry
     - usb: gadget: fsl: Increase size of name buffer for endpoints
     - nvme: clear caller pointer on identify failure
     - Bluetooth: bnep: Fix out-of-bound access
     - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
     - rtc: nct3018y: fix possible NULL dereference
     - [arm64] net: hns3: add checking for vf id of mailbox
     - nvmet-tcp: do not continue for invalid icreq
     - NFS: avoid infinite loop in pnfs_update_layout.
     - [s390x] iucv: fix receive buffer virtual vs physical address confusion
     - irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
     - clocksource: Make watchdog and suspend-timing multiplication overflow safe
     - [x86] platform/x86: lg-laptop: fix %s null argument warning
     - usb: dwc3: core: Skip setting event buffers for host only controllers
     - fbdev: offb: replace of_node_put with __free(device_node)
     - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
     - ext4: set the type of max_zeroout to unsigned int to avoid overflow
     - nvmet-rdma: fix possible bad dereference when freeing rsps
     - drm/amdgpu: fix dereference null return value for the function
       amdgpu_vm_pt_parent
     - hrtimer: Prevent queuing of hrtimer without a function callback
     - gtp: pull network headers in gtp_dev_xmit()
     - [arm64,armhf] i2c: tegra: allow DVC support to be compiled out
     - [arm64,armhf] i2c: tegra: allow VI support to be compiled out
     - [arm64,armhf] i2c: tegra: Do not mark ACPI devices as irq safe
     - dm suspend: return -ERESTARTSYS instead of -EINTR
     - net: mana: Fix doorbell out of order violation and avoid unnecessary
       doorbell rings
     - btrfs: replace sb::s_blocksize by fs_info::sectorsize
     - btrfs: send: allow cloning non-aligned extent if it ends at i_size
     - drm/amd/display: Adjust cursor position
     - platform/surface: aggregator: Fix warning when controller is destroyed in
       probe
     - Bluetooth: hci_core: Fix LE quote calculation
     - Bluetooth: SMP: Fix assumption of Central always being Initiator
     - [arm64] net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN
       xmit
     - [arm64] net: dsa: tag_ocelot: call only the relevant portion of
       __skb_vlan_pop() on TX
     - [arm64] net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA
       and register injection
     - [arm64] net: mscc: ocelot: fix QoS class for injected packets with
       "ocelot-8021q"
     - [arm64] net: mscc: ocelot: serialize access to the injection/extraction
       groups
     - tc-testing: don't access non-existent variable on exception
     - tcp/dccp: bypass empty buckets in inet_twsk_purge()
     - tcp/dccp: do not care about families in inet_twsk_purge()
     - tcp: prevent concurrent execution of tcp_sk_exit_batch
     - net: mctp: test: Use correct skb for route input check
     - kcm: Serialise kcm_sendmsg() for the same socket.
     - netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
     - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
     - ip6_tunnel: Fix broken GRO
     - bonding: fix bond_ipsec_offload_ok return type
     - bonding: fix null pointer deref in bond_ipsec_offload_ok
     - bonding: fix xfrm real_dev null pointer dereference
     - bonding: fix xfrm state handling when clearing active slave
     - ice: Prepare legacy-rx for upcoming XDP multi-buffer support
     - ice: Add xdp_buff to ice_rx_ring struct
     - ice: Store page count inside ice_rx_buf
     - ice: Pull out next_to_clean bump out of ice_put_rx_buf()
     - ice: fix page reuse when PAGE_SIZE is over 8k
     - ice: fix ICE_LAST_OFFSET formula
     - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
     - net: dsa: mv88e6xxx: Fix out-of-bound access
     - netem: fix return value if duplicate enqueue fails
     - ipv6: prevent UAF in ip6_send_skb()
     - ipv6: fix possible UAF in ip6_finish_output2()
     - ipv6: prevent possible UAF in ip6_xmit()
     - netfilter: flowtable: validate vlan header
     - [arm64] drm/msm/dpu: don't play tricks with debug macros
     - [arm64] drm/msm/dp: fix the max supported bpp logic
     - [arm64] drm/msm/dp: reset the link phy params before link training
     - [arm64] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
     - mmc: mmc_test: Fix NULL dereference on allocation failure
     - Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884)
     - scsi: core: Fix the return value of scsi_logical_block_count()
     - ksmbd: the buffer of smb2 query dir response has at least 1 byte
     - drm/amdgpu: Validate TA binary size
     - HID: wacom: Defer calculation of resolution until resolution_code is known
     - HID: microsoft: Add rumble support to latest xbox controllers
     - Input: i8042 - add forcenorestore quirk to leave controller untouched even
       on s3
     - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk
       combination
     - cxgb4: add forgotten u64 ivlan cast before shift
     - [arm64] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
     - mmc: dw_mmc: allow biu and ciu clocks to defer
     - pmdomain: imx: wait SSAR when i.MX93 power domain on
     - mptcp: pm: re-using ID of unused removed ADD_ADDR
     - mptcp: pm: re-using ID of unused removed subflows
     - mptcp: pm: re-using ID of unused flushed subflows
     - mptcp: pm: only decrement add_addr_accepted for MPJ req
     - Revert "usb: gadget: uvc: cleanup request when not in correct state"
     - Revert "drm/amd/display: Validate hw_points_num before using it"
     - tcp: do not export tcp_twsk_purge()
     - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
     - ALSA: timer: Relax start tick time check for slave timer elements
     - mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order
       fallback to order 0
     - mm/numa: no task_numa_fault() call if PMD is changed
     - mm/numa: no task_numa_fault() call if PTE is changed
     - nfsd: Simplify code around svc_exit_thread() call in nfsd()
     - nfsd: separate nfsd_last_thread() from nfsd_put()
     - NFSD: simplify error paths in nfsd_svc()
     - nfsd: call nfsd_last_thread() before final nfsd_put()
     - nfsd: drop the nfsd_put helper
     - nfsd: don't call locks_release_private() twice concurrently
     - nfsd: Fix a regression in nfsd_setattr()
     - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
     - drm/amdgpu/vcn: identify unified queue in sw init
     - drm/amdgpu/vcn: not pause dpg for unified queue
     - [x86] KVM: x86: fire timer when it is migrated and expired, and in oneshot
       mode
     - Revert "s390/dasd: Establish DMA alignment"
     - wifi: mac80211: add documentation for amsdu_mesh_control
     - wifi: mac80211: fix mesh path discovery based on unicast packets
     - wifi: mac80211: fix mesh forwarding
     - wifi: mac80211: fix flow dissection for forwarded packets
     - wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
     - wifi: mac80211: drop bogus static keywords in A-MSDU rx
     - wifi: mac80211: fix potential null pointer dereference
     - wifi: cfg80211: fix receiving mesh packets without RFC1042 header
     - gfs2: Fix another freeze/thaw hang
     - gfs2: don't withdraw if init_threads() got interrupted
     - gfs2: Remove LM_FLAG_PRIORITY flag
     - gfs2: Remove freeze_go_demote_ok
     - udp: fix receiving fraglist GSO packets
     - ice: fix W=1 headers mismatch
     - Revert "jfs: fix shift-out-of-bounds in dbJoin"
     - net: change maximum number of UDP segments to 128
     - selftests: net: more strict check in net_helper
     - Input: MT - limit max slots
     - tools: move alignment-related macros to new <linux/align.h>
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.108
     - drm/amdgpu: Using uninitialized value *size when calling
       amdgpu_vce_cs_reloc (CVE-2024-42228)
     - btrfs: run delayed iputs when flushing delalloc
     - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
     - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
     - pinctrl: single: fix potential NULL dereference in pcs_get_function()
     - of: Add cleanup.h based auto release via __free(device_node) markings
     - wifi: wfx: repair open network AP mode
     - wifi: mwifiex: duplicate static structs used in driver instances
     - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
     - mptcp: close subflow when receiving TCP+FIN
     - mptcp: sched: check both backup in retrans
     - mptcp: pm: skip connecting to already established sf
     - mptcp: pm: reset MPC endp ID when re-added
     - mptcp: pm: send ACK on an active subflow
     - mptcp: pm: do not remove already closed subflows
     - mptcp: pm: ADD_ADDR 0 is not a new address
     - drm/amdgpu: align pp_power_profile_mode with kernel docs
     - drm/amdgpu/swsmu: always force a state reprogram on init
     - ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)
     - usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister
       existing source caps before re-registration"
     - mmc: Avoid open coding by using mmc_op_tuning()
     - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
     - mptcp: unify pm get_local_id interfaces
     - mptcp: pm: remove mptcp_pm_remove_subflow()
     - mptcp: pm: only mark 'subflow' endp as available
     - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
     - of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put()
       handling
     - thermal: of: Fix OF node leak in thermal_of_trips_init() error path
     - thermal: of: Fix OF node leak in of_thermal_zone_find() error paths
     - ASoC: amd: acp: fix module autoloading
     - ASoC: SOF: amd: Fix for acp init sequence
     - pinctrl: mediatek: common-v2: Fix broken bias-disable for
       PULL_PU_PD_RSEL_TYPE
     - btrfs: fix extent map use-after-free when adding pages to compressed bio
       (CVE-2024-42314)
     - soundwire: stream: fix programming slave ports for non-continous port maps
     - [arm64] phy: xilinx: add runtime PM support
     - [arm64] phy: xilinx: phy-zynqmp: dynamic clock support for power-save
     - [arm64] phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume
     - [x86] dmaengine: dw: Add peripheral bus width verification
     - [x86] dmaengine: dw: Add memory bus width verification
     - Bluetooth: hci_core: Fix not handling hibernation actions
     - iommu: Do not return 0 from map_pages if it doesn't do anything
     - netfilter: nf_tables: restore IP sanity checks for netdev/egress
     - wifi: iwlwifi: fw: fix wgds rev 3 exact size
     - ethtool: check device is present when getting link settings
     - netfilter: nf_tables_ipv6: consider network offset in netdev/egress
       validation
     - bonding: implement xdo_dev_state_free and call it after deletion
     - gtp: fix a potential NULL pointer dereference
     - sctp: fix association labeling in the duplicate COOKIE-ECHO case
     - drm/amd/display: avoid using null object of framebuffer
     - net: busy-poll: use ktime_get_ns() instead of local_clock()
     - nfc: pn533: Add poll mod list filling check
     - [arm64] soc: qcom: cmd-db: Map shared memory as WC, not WB
     - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
     - USB: serial: option: add MeiG Smart SRM825L
     - [armhf] usb: dwc3: omap: add missing depopulate in probe error path
     - [arm64,armhf] usb: dwc3: core: Prevent USB core invalid event buffer
       address access
     - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
       remove_power_attributes()
     - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
     - usb: cdnsp: fix for Link TRB with TC
     - [arm64] phy: zynqmp: Enable reference clock correctly
     - igc: Fix reset adapter logics when tx mode change
     - igc: Fix qbv tx latency by setting gtxoffset
     - scsi: aacraid: Fix double-free on probe failure
     - apparmor: fix policy_unpack_test on big endian systems
     - fbdev: offb: fix up missing cleanup.h
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.109
     - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
     - scsi: ufs: core: Bypass quick recovery if force reset is needed
     - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
     - ALSA: hda/conexant: Mute speakers at suspend / shutdown
     - i2c: Fix conditional for substituting empty ACPI functions
     - dma-debug: avoid deadlock between dma debug vs printk and netconsole
     - net: usb: qmi_wwan: add MeiG Smart SRM825L
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
     - mptcp: make pm_remove_addrs_and_subflows static
     - mptcp: pm: fix RM_ADDR ID for the initial subflow
     - PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
     - f2fs: fix to truncate preallocated blocks in f2fs_file_open()
       (CVE-2024-43859)
     - mptcp: pm: fullmesh: select the right ID later
     - mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)
     - mptcp: pm: reuse ID 0 after delete and re-add
     - mptcp: pm: fix ID 0 endp usage after multiple re-creations
     - mptcp: pr_debug: add missing \n at the end
     - mptcp: avoid duplicated SUB_CLOSED events
     - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
     - drm/amd/display: Assign linear_pitch_alignment even for VM
     - drm/amdgpu: fix overflowed array index read warning
     - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
     - drm/amd/pm: fix uninitialized variable warning
     - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
     - drm/amd/pm: fix warning using uninitialized value of max_vid_step
     - drm/amd/pm: Fix negative array index read
     - drm/amd/pm: fix the Out-of-bounds read warning
     - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
     - drm/amdgpu: avoid reading vf2pf info size from FB
     - drm/amd/display: Check gpio_id before used as array index
     - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
     - drm/amd/display: Add array index check for hdcp ddc access
     - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
     - drm/amd/display: Check msg_id before processing transcation
     - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
       dal_gpio_service_create
     - drm/amd/display: Spinlock before reading event
     - drm/amd/display: Ensure index calculation will not overflow
     - drm/amd/display: Skip inactive planes within
       ModeSupportAndSystemConfiguration
     - drm/amd/amdgpu: Check tbo resource pointer
     - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
     - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
     - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
     - drm/amdgpu: Fix out-of-bounds write warning
     - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
     - drm/amdgpu: fix ucode out-of-bounds read warning
     - drm/amdgpu: fix mc_data out-of-bounds read warning
     - apparmor: fix possible NULL pointer dereference
     - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
     - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
       SOCs
     - drm/amdgpu: fix dereference after null check
     - drm/amdgpu: fix the waring dereferencing hive
     - drm/amd/pm: check specific index for aldebaran
     - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
     - drm/amd/pm: check negtive return for table entries
     - wifi: rtw89: ser: avoid multiple deinit on same CAM
     - drm/amdgpu: update type of buf size to u32 for eeprom functions
     - wifi: iwlwifi: remove fw_running op
     - cpufreq: scmi: Avoid overflow of target_freq in fast switch
     - PCI: al: Check IORESOURCE_BUS existence during probe
     - hwspinlock: Introduce hwspin_lock_bust()
     - RDMA/efa: Properly handle unexpected AQ completions
     - ionic: fix potential irq name truncation
     - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
     - rcu/nocb: Remove buggy bypass lock contention mitigation
     - usbip: Don't submit special requests twice
     - usb: typec: ucsi: Fix null pointer dereference in trace
     - fsnotify: clear PARENT_WATCHED flags lazily
     - regmap: spi: Fix potential off-by-one when calculating reserved size
     - smack: tcp: ipv4, fix incorrect labeling
     - net/mlx5e: SHAMPO, Fix incorrect page release
     - [arm64] drm/meson: plane: Add error handling
     - [x86] hwmon: (k10temp) Check return value of amd_smn_read()
     - wifi: cfg80211: make hash table duplicates more survivable
     - driver: iio: add missing checks on iio_info's callback access
     - block: remove the blk_flush_integrity call in blk_integrity_unregister
     - drm/amd/display: added NULL check at start of dc_validate_stream
     - drm/amd/display: Correct the defined value for
       AMDGPU_DMUB_NOTIFICATION_MAX
     - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
     - media: uvcvideo: Enforce alignment of frame and interval
     - virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)
     - Bluetooth: SCO: Fix possible circular locking dependency on
       sco_connect_cfm
     - Bluetooth: SCO: fix sco_conn related locking and validity issues
     - ext4: fix inode tree inconsistency caused by ENOMEM
     - udf: Limit file size to 4TB
     - ext4: reject casefold inode flag without casefold feature
     - ext4: handle redirtying in ext4_bio_write_page()
     - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
     - sch/netem: fix use after free in netem_dequeue
     - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
     - [x86] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
     - [x86] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and
       MSR_GS_BASE
     - [x86] KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is
       missing
     - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
       devices
     - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
     - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
     - ksmbd: unset the binding mark of a reused connection
     - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
     - ata: libata: Fix memory leak for error path in ata_host_alloc()
     - [x86] tdx: Fix data leak in mmio_read()
     - [x86] perf/x86/intel: Limit the period on Haswell
     - [arm64,armhf] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
     - [x86] kaslr: Expose and use the end of the physical memory address space
     - rtmutex: Drop rt_mutex::wait_lock before scheduling
     - nvme-pci: Add sleep quirk for Samsung 990 Evo
     - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
       BREDR/LE"
     - Bluetooth: MGMT: Ignore keys being loaded with invalid type
     - mmc: core: apply SD quirks earlier during probe
     - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
     - mmc: sdhci-of-aspeed: fix module autoloading
     - mmc: cqhci: Fix checking of CQHCI_HALT state
     - fuse: update stats for pages in dropped aux writeback list
     - fuse: use unsigned type for getxattr/listxattr size truncation
     - [arm64] clk: qcom: clk-alpha-pll: Fix the pll post div mask
     - [arm64] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
     - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
     - spi: rockchip: Resolve unbalanced runtime PM / system PM handling
     - tracing: Avoid possible softlockup in tracing_iter_reset()
     - net: mctp-serial: Fix missing escapes on transmit
     - [x86] fpu: Avoid writing LBR bit to IA32_XSS unless supported
     - Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
     - tcp_bpf: fix return value of tcp_bpf_sendmsg()
     - ila: call nf_unregister_net_hooks() sooner
     - sched: sch_cake: fix bulk flow accounting logic for host fairness
     - nilfs2: fix missing cleanup on rollforward recovery error
     - nilfs2: protect references to superblock parameters exposed in sysfs
     - nilfs2: fix state management in error path of log writing function
     - ALSA: control: Apply sanity check of input values for user elements
     - ALSA: hda: Add input value sanity checks to HDMI channel map controls
     - smack: unix sockets: fix accept()ed socket label
     - ELF: fix kernel.randomize_va_space double read
     - [armhf] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
     - af_unix: Remove put_pid()/put_cred() in copy_peercred().
     - [x86] kmsan: Fix hook for unaligned accesses
     - netfilter: nf_conncount: fix wrong variable type
     - udf: Avoid excessive partition lengths
     - media: vivid: fix wrong sizeimage value for mplane
     - leds: spi-byte: Call of_node_put() on error path
     - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
     - usb: uas: set host status byte on data completion error
     - usb: gadget: aspeed_udc: validate endpoint index for ast udc
     - drm/amd/display: Check HDCP returned status
     - drm/amdgpu: Fix smatch static checker warning
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
     - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
     - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
     - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
     - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
     - pcmcia: Use resource_size function on resource object
     - drm/amd/display: Check denominator pbn_div before used
     - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
     - can: bcm: Remove proc entry when dev is unregistered.
     - [arm64] can: m_can: Release irq on error in m_can_open
     - can: mcp251xfd: fix ring configuration when switching from CAN-CC to
       CAN-FD mode
     - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
     - igb: Fix not clearing TimeSync interrupts for 82580
     - ice: Add netif_device_attach/detach into PF reset flow
     - [x86] platform/x86: dell-smbios: Fix error path in dell_smbios_init()
     - regulator: Add of_regulator_bulk_get_all
     - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
     - igc: Unlock on error in igc_io_resume()
     - ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog()
     - ice: allow hot-swapping XDP programs
     - ice: do not bring the VSI up, if it was down before the XDP setup
     - usbnet: modern method to get random MAC
     - bareudp: Fix device stats updates.
     - fou: Fix null-ptr-deref in GRO.
     - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
     - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
     - firmware: cs_dsp: Don't allow writes to read-only controls
     - [arm64] phy: zynqmp: Take the phy mutex in xlate
     - [x86] ASoC: topology: Properly initialize soc_enum values
     - dm init: Handle minors larger than 255
     - [amd64] iommu/vt-d: Handle volatile descriptor status read
     - cgroup: Protect css->cgroup write under css_set_lock
     - devres: Initialize an uninitialized struct member
     - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
     - [x86] crypto: qat - fix unintentional re-enabling of error interrupts
     - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
     - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
     - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
     - drm/amdgpu: Set no_hw_access when VF request full GPU fails
     - ext4: fix possible tid_t sequence overflows
     - dma-mapping: benchmark: Don't starve others when doing the test
     - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
     - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
     - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
     - btrfs: clean up our handling of refs == 0 in snapshot delete
     - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
     - PCI: Add missing bridge lock to pci_bus_lock()
     - tcp: Don't drop SYN+ACK for simultaneous connect().
     - net: dpaa: avoid on-stack arrays of NR_CPUS elements
     - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
     - btrfs: initialize location to fix -Wmaybe-uninitialized in
       btrfs_lookup_dentry()
     - [s390x] vmlinux.lds.S: Move ro_after_init section behind rodata section
     - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
     - [amd64] HID: amd_sfh: free driver_data after destroying hid device
     - Input: uinput - reject requests with unreasonable number of slots
     - usbnet: ipheth: race between ipheth_close and error handling
     - Squashfs: sanity check symbolic link size
     - of/irq: Prevent device address out-of-bounds read in interrupt map walk
     - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
     - [mips*] cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
     - ata: pata_macio: Use WARN instead of BUG
     - NFSv4: Add missing rescheduling points in
       nfs_client_return_marked_delegations
     - io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers
     - io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads
     - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
     - iio: buffer-dmaengine: fix releasing dma channel on error
     - iio: fix scale application in iio_convert_raw_to_processed_unlocked
     - iio: adc: ad7124: fix config comparison
     - iio: adc: ad7606: remove frstdata check for serial mode
     - iio: adc: ad7124: fix chip ID mismatch
     - [arm64,armhf] usb: dwc3: core: update LC timer as per USB Spec V3.2
     - [arm*] binder: fix UAF caused by offsets overwrite
     - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
     - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
     - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
     - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
     - clocksource/drivers/timer-of: Remove percpu irq related code
     - uprobes: Use kzalloc to allocate xol area
     - perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
     - fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY
     - fuse: allow non-extending parallel direct writes on the same file
     - fuse: add request extension
     - fuse: fix memory leak in fuse_create_open
     - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
     - workqueue: wq_watchdog_touch is always called with valid CPU
     - workqueue: Improve scalability of workqueue watchdog touch
     - ACPI: processor: Return an error if acpi_processor_get_info() fails in
       processor_add()
     - ACPI: processor: Fix memory leaks in error paths of processor_add()
     - [arm64] acpi: Move get_cpu_for_acpi_id() to a header
     - [arm64] acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
     - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
       function
     - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index
       erratum
     - can: mcp251xfd: clarify the meaning of timestamp
     - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
     - drm/amd: Add gfx12 swizzle mode defs
     - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
     - [powerpc*] 64e: remove unused IBM HTW code
     - [powerpc*] 64e: split out nohash Book3E 64-bit code
     - [powerpc*] 64e: Define mmu_pte_psize static
     - nvmet-tcp: fix kernel crash if commands allocation fails
     - [x86] ASoc: SOF: topology: Clear SOF link platform name upon unload
     - [arm64,armhf] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
     - [x86] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
     - [x86] drm/i915/fence: Mark debug_fence_free() with __maybe_unused
     - [arm64,armhf] gpio: rockchip: fix OF node leak in probe()
     - [arm64] gpio: modepin: Enable module autoloading
     - [x86] mm: Fix PTI for i386 some more
     - btrfs: fix race between direct IO write and fsync when using same fd
     - bpf: Silence a warning in btf_type_id_size()
     - memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
     - regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all()
     - fuse: add feature flag for expire-only
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.111
     - ksmbd: override fsids for share path check
     - ksmbd: override fsids for smb2_query_info()
     - usbnet: ipheth: fix carrier detection in modes 1 and 4
     - net: ethernet: use ip_hdrlen() instead of bit shift
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
     - net: phy: vitesse: repair vsc73xx autonegotiation
     - [powerpc*] mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
     - btrfs: update target inode's ctime on unlink
     - Input: ads7846 - ratelimit the spi_sync error message
     - Input: synaptics - enable SMBus for HP Elitebook 840 G2
     - HID: multitouch: Add support for GT7868Q
     - scripts: kconfig: merge_config: config files: add a trailing newline
     - [x86] platform/surface: aggregator_registry: Add Support for Surface Pro
       10
     - [x86] platform/surface: aggregator_registry: Add support for Surface
       Laptop Go 3
     - [arm64] drm/msm/adreno: Fix error return if missing firmware-name
     - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
     - smb/server: fix return value of smb2_open()
     - NFSv4: Fix clearing of layout segments in layoutreturn
     - NFS: Avoid unnecessary rescanning of the per-server delegation list
     - [x86] platform/x86: panasonic-laptop: Fix SINF array out of bounds
       accesses
     - [x86] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf
       array
     - mptcp: pm: Fix uaf in __timer_delete_sync
     - [arm64] dts: rockchip: fix eMMC/SPI corruption when audio has been used on
       RK3399 Puma
     - [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
       Puma
     - net: tighten bad gso csum offset check in virtio_net_hdr
     - dm-integrity: fix a race condition when accessing recalc_sector
     - mm: avoid leaving partial pfn mappings around in error case
     - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
       (CVE-2024-35943)
     - [arm64] dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
     - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
     - cxl/core: Fix incorrect vendor debug UUID define
     - [armhf] hwmon: (pmbus) Conditionally clear individual status bits for
       pmbus rev >= 1.2
     - ice: fix accounting for filters shared by multiple VSIs
     - igb: Always call igb_xdp_ring_update_tail() under Tx lock
     - net/mlx5: Update the list of the PCI supported devices
     - net/mlx5e: Add missing link modes to ptys2ethtool_map
     - net/mlx5: Explicitly set scheduling element and TSAR type
     - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
     - net/mlx5: Correct TASR typo into TSAR
     - net/mlx5: Verify support for scheduling element and TSAR type
     - net/mlx5: Fix bridge mode operations when there are no VFs
     - fou: fix initialization of grc
     - netfilter: nft_socket: fix sk refcount leaks
     - net: dpaa: Pad packets to ETH_ZLEN
     - [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
     - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
       for non-continous port maps"
     - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
     - drm/amdgpu/atomfirmware: Silence UBSAN warning
     - [x86] drm/i915/guc: prevent a possible int overflow in wq offsets
     - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
     - [arm64] ASoC: meson: axg-card: fix 'use-after-free'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.112
     - ALSA: hda/realtek - Fixed ALC256 headphone no sound
     - ALSA: hda/realtek - FIxed ALC285 headphone no sound
     - scsi: lpfc: Fix overflow build issue
     - [x86] hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
     - [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
     - wifi: iwlwifi: lower message level for FW buffer destination
     - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
     - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
     - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
     - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap()
     - wifi: iwlwifi: clear trans->state earlier upon error
     - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration
     - [x86] ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match
       less strict
     - [x86] ASoC: intel: fix module autoloading
     - spi: spidev: Add an entry for elgin,jg10309-01
     - spi: bcm63xx: Enable module autoloading
     - smb: client: fix hang in wait_for_response() for negproto
     - [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
       frequency
     - tools: hv: rm .*.cmd when make clean
     - block: Fix where bio IO priority gets set
     - spi: spidev: Add missing spi_device_id for jg10309-01
     - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
     - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
       (CVE-2024-41016)
     - xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
     - xfs: Fix deadlock on xfs_inodegc_worker
     - xfs: fix extent busy updating
     - xfs: don't use BMBT btree split workers for IO completion
     - xfs: fix low space alloc deadlock
     - xfs: prefer free inodes at ENOSPC over chunk allocation
     - xfs: block reservation too large for minleft allocation
     - xfs: fix uninitialized variable access
     - xfs: quotacheck failure can race with background inode inactivation
     - xfs: fix BUG_ON in xfs_getbmap()
     - xfs: buffer pins need to hold a buffer reference
     - xfs: defered work could create precommits
     - xfs: fix AGF vs inode cluster buffer deadlock
     - xfs: collect errors from inodegc for unlinked inode recovery
     - xfs: fix ag count overflow during growfs
     - xfs: remove WARN when dquot cache insertion fails
     - xfs: fix the calculation for "end" and "length"
     - xfs: load uncached unlinked inodes into memory on demand
     - xfs: fix negative array access in xfs_getbmap
     - xfs: fix unlink vs cluster buffer instantiation race
     - xfs: correct calculation for agend and blockcount
     - xfs: use i_prev_unlinked to distinguish inodes that are not on the
       unlinked list
     - xfs: reload entire unlinked bucket lists
     - xfs: make inode unlinked bucket recovery work with quotacheck
     - xfs: fix reloading entire unlinked bucket lists
     - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
     - xfs: journal geometry is not properly bounds checked
     - netfilter: nft_socket: make cgroupsv2 matching work with namespaces
     - netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in
       nft_socket_cgroup_subtree_level()
     - netfilter: nft_set_pipapo: walk over current view on netlink dump
       (CVE-2024-27017)
     - netfilter: nf_tables: missing iterator type in lookup walk
     - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
     - gpiolib: cdev: Ignore reconfiguration without direction
     - gpio: prevent potential speculation leaks in gpio_device_get_desc()
       (CVE-2024-44931)
     - can: mcp251xfd: properly indent labels
     - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
       mcp251xfd_chip_start/stop()
     - btrfs: calculate the right space for delayed refs when updating global
       reserve
     - [x86] powercap: RAPL: fix invalid initialization for pl4_supported field
     - [x86] mm: Switch to new Intel CPU model defines
     - USB: serial: pl2303: add device id for Macrosilicon MS3020
     - USB: usbtmc: prevent kernel-usb-infoleak
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 26
   * [rt] Update to 6.1.107-rt39
   * [rt] Update to 6.1.111-rt42

linux-signed-i386 (6.1.115+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.115-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
     - wifi: rtw88: always wait for both firmware loading attempts
       (CVE-2024-47718)
     - crypto: xor - fix template benchmarking
     - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
     - wifi: ath9k: fix parameter check in ath9k_init_debug()
     - wifi: ath9k: Remove error checks when creating debugfs entries
     - wifi: rtw88: remove CPT execution branch never used
     - fs/namespace: fnic: Switch to use %ptTd
     - mount: handle OOM on mnt_warn_timestamp_expiry
     - drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
       (CVE-2024-47731)
     - wifi: mac80211: don't use rate mask for offchannel TX either
       (CVE-2024-47738)
     - wifi: iwlwifi: mvm: increase the time between ranging measurements
     - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
     - ACPICA: executer/exsystem: Don't nag user about every Stall() violating
       the spec
     - padata: Honor the caller's alignment in case of chunk_size 0
     - drivers/perf: hisi_pcie: Record hardware counts correctly
     - can: j1939: use correct function name in comment
     - ACPI: CPPC: Fix MASK_VAL() usage
     - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
     - netfilter: nf_tables: reject element expiration with no timeout
     - netfilter: nf_tables: reject expiration higher than timeout
     - netfilter: nf_tables: remove annotation to access set timeout while
       holding lock
     - [arm64] perf/arm-cmn: Rework DTC counters (again)
     - [arm64] perf/arm-cmn: Improve debugfs pretty-printing for large configs
     - [arm64] perf/arm-cmn: Refactor node ID handling. Again.
     - [arm64] perf/arm-cmn: Ensure dtm_idx is big enough
     - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
     - [x86] sgx: Fix deadlock in SGX NUMA node search (CVE-2024-49856)
     - crypto: hisilicon/hpre - enable sva error interrupt event
     - crypto: hisilicon/hpre - mask cluster timeout error
     - crypto: hisilicon/qm - fix coding style issues
     - crypto: hisilicon/qm - reset device before enabling it
     - crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730)
     - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
     - wifi: mt76: mt7915: fix rx filter setting for bfee functionality
     - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
     - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
       (CVE-2024-47713)
     - wifi: wilc1000: fix potential RCU dereference issue in
       wilc_parse_join_bss_param (CVE-2024-47712)
     - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
     - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL
     - sock_map: Add a cond_resched() in sock_hash_free()
     - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
       (CVE-2024-47709)
     - can: m_can: Remove repeated check for is_peripheral
     - can: m_can: enable NAPI before enabling interrupts
     - can: m_can: m_can_close(): stop clocks after device has been shut down
     - Bluetooth: btusb: Fix not handling ZPL/short-transfer
     - bareudp: Pull inner IP header in bareudp_udp_encap_recv().
     - bareudp: Pull inner IP header on xmit.
     - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
     - r8169: disable ALDPS per default for RTL8125
     - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
     - net: tipc: avoid possible garbage value
     - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
       (CVE-2024-47707)
     - nbd: fix race between timeout and normal completion (CVE-2024-49855)
     - block, bfq: fix possible UAF for bfqq->bic with merge chain
       (CVE-2024-47706)
     - block, bfq: choose the last bfqq from merge chain in
       bfq_setup_cooperator()
     - block, bfq: don't break merge chain in bfq_split_bfqq()
     - block: print symbolic error name instead of error code
     - block: fix potential invalid pointer dereference in blk_add_partition
       (CVE-2024-47705)
     - spi: ppc4xx: handle irq_of_parse_and_map() errors
     - [arm64] dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB
     - firmware: arm_scmi: Fix double free in OPTEE transport (CVE-2024-49853)
     - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
     - regulator: Return actual error in of_regulator_bulk_get_all()
     - [arm64] dts: renesas: r9a07g043u: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g054: Correct GICD and GICR sizes
     - [arm64] dts: renesas: r9a07g044: Correct GICD and GICR sizes
     - [arm64] dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations
     - reset: berlin: fix OF node leak in probe() error path
     - reset: k210: fix OF node leak in probe() error path
     - clocksource/drivers/qcom: Add missing iounmap() on errors in
       msm_dt_timer_init()
     - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error
     - ALSA: hda: cs35l41: fix module autoloading
     - hwmon: (max16065) Fix overflows seen when writing limits
     - i2c: Add i2c_get_match_data()
     - hwmon: (max16065) Remove use of i2c_match_id()
     - hwmon: (max16065) Fix alarm attributes
     - mtd: slram: insert break after errors in parsing the map
     - hwmon: (ntc_thermistor) fix module autoloading
     - power: supply: axp20x_battery: Remove design from min and max voltage
     - power: supply: max17042_battery: Fix SOC threshold calc w/ no current
       sense
     - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
     - [amd64] iommu/amd: Do not set the D bit on AMD v2 table entries
     - mtd: powernv: Add check devm_kasprintf() returned value
     - rcu/nocb: Fix RT throttling hrtimer armed from offline CPU
     - mtd: rawnand: mtk: Use for_each_child_of_node_scoped()
     - mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips
     - mtd: rawnand: mtk: Fix init error path
     - pmdomain: core: Harden inter-column space in debug summary
     - drm/stm: Fix an error handling path in stm_drm_platform_probe()
     - drm/stm: ltdc: check memory returned by devm_kzalloc()
     - drm/amd/display: Add null check for set_output_gamma in
       dcn30_set_output_transfer_func (CVE-2024-47720)
     - drm/amdgpu: Replace one-element array with flexible-array member
     - drm/amdgpu: properly handle vbios fake edid sizing
     - drm/radeon: Replace one-element array with flexible-array member
     - drm/radeon: properly handle vbios fake edid sizing
     - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly
     - scsi: NCR5380: Check for phase match during PDMA fixup
     - drm/amd/amdgpu: Properly tune the size of struct
     - drm/rockchip: vop: Allow 4096px width scaling
     - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
     - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
     - drm/bridge: lontium-lt8912b: Validate mode in
       drm_bridge_funcs::mode_valid()
     - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
     - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
       (CVE-2024-49852)
     - jfs: fix out-of-bounds in dbNextAG() and diAlloc()
     - drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config()
     - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
     - [powerpc*] 8xx: Fix initial memory mapping
     - [powerpc*] 8xx: Fix kernel vs user address comparison
     - drm/msm: Fix incorrect file name output in adreno_request_fw()
     - drm/msm/a5xx: disable preemption in submits by default
     - drm/msm/a5xx: properly clear preemption records on resume
     - drm/msm/a5xx: fix races in preemption evaluation stage
     - drm/msm/a5xx: workaround early ring-buffer emptiness check
     - ipmi: docs: don't advertise deprecated sysfs entries
     - drm/msm: fix %s null argument error
     - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
     - xen: use correct end address of kernel for conflict checking
     - HID: wacom: Support sequence numbers smaller than 16-bit
     - HID: wacom: Do not warn about dropped packets for first packet
     - xen/swiotlb: add alignment check for dma buffers
     - xen/swiotlb: fix allocated size
     - tpm: Clean up TPM space after command failure (CVE-2024-49851)
     - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
       (CVE-2024-49850)
     - xz: cleanup CRC32 edits from 2018
     - kthread: fix task state in kthread worker if being frozen
     - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
     - smackfs: Use rcu_assign_pointer() to ensure safe assignment in
       smk_set_cipso
     - ext4: avoid buffer_head leak in ext4_mark_inode_used()
     - ext4: avoid potential buffer_head leak in __ext4_new_inode()
     - ext4: avoid negative min_clusters in find_group_orlov()
     - ext4: return error on ext4_find_inline_entry
     - ext4: avoid OOB when system.data xattr changes underneath the filesystem
       (CVE-2024-47701)
     - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
       (CVE-2024-47699)
     - nilfs2: determine empty node blocks as corrupted
     - nilfs2: fix potential oob read in nilfs_btree_check_delete()
       (CVE-2024-47757)
     - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
     - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
     - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
       (CVE-2024-47728)
     - perf mem: Free the allocated sort string, fixing a leak
     - perf inject: Fix leader sampling inserting additional samples
     - perf sched timehist: Fix missing free of session in perf_sched__timehist()
     - perf stat: Display iostat headers correctly
     - perf sched timehist: Fixed timestamp error when unable to confirm event
       sched_in time
     - perf time-utils: Fix 32-bit nsec parsing
     - clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite()
       after error detection
     - clk: imx: composite-8m: Enable gate clk with mcore_booted
     - clk: imx: composite-7ulp: Check the PCC present bit
     - clk: imx: fracn-gppll: support integer pll
     - clk: imx: fracn-gppll: fix fractional part of PLL getting lost
     - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
     - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
     - clk: imx: imx8qxp: Parent should be initialized earlier than the clock
     - remoteproc: imx_rproc: Correct ddr alias for i.MX8M
     - remoteproc: imx_rproc: Initialize workqueue earlier
     - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
     - Input: ilitek_ts_i2c - avoid wrong input subsystem sync
     - Input: ilitek_ts_i2c - add report id message validation
     - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
       (CVE-2024-47698)
     - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
       (CVE-2024-47697)
     - PCI/PM: Increase wait time after resume
     - PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter
     - PCI: Wait for Link before restoring Downstream Buses
     - PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
       (CVE-2024-47756)
     - clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL
     - nvdimm: Fix devs leaks in scan_labels()
     - PCI: xilinx-nwl: Fix register misspelling
     - PCI: xilinx-nwl: Clean up clock on probe failure/removal
     - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
       (CVE-2024-47696)
     - pinctrl: single: fix missing error code in pcs_probe()
     - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
     - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (CVE-2024-47695)
     - clk: ti: dra7-atl: Fix leak of of_nodes
     - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
     - nfsd: fix refcount leak when file is unhashed after being found
     - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
     - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
     - IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
     - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
       (CVE-2024-47751)
     - RDMA/erdma: Return QP state in erdma_query_qp
     - watchdog: imx_sc_wdt: Don't disable WDT in suspend
     - [arm64] RDMA/hns: Don't modify rq next block addr in HIP09 QPC
     - [arm64] RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (CVE-2024-47750)
     - [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
     - [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
     - [arm64] RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
     - [arm64] RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS
     - [arm64] RDMA/hns: Optimize hem allocation performance
     - RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
     - RDMA/irdma: fix error message in irdma_modify_qp_roce()
     - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
     - ntb_perf: Fix printk format
     - ntb: Force physically contiguous allocation of rx ring buffers
     - nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
     - nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
     - f2fs: fix to update i_ctime in __f2fs_setxattr()
     - f2fs: remove unneeded check condition in __f2fs_setxattr()
     - f2fs: reduce expensive checkpoint trigger frequency
     - f2fs: factor the read/write tracing logic into a helper
     - f2fs: fix to avoid racing in between read and OPU dio write
     - f2fs: fix to wait page writeback before setting gcing flag
     - f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation
     - f2fs: clean up w/ dotdot_name
     - f2fs: get rid of online repaire on corrupted directory (CVE-2024-47690)
     - spi: atmel-quadspi: Undo runtime PM changes at driver exit time
     - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
     - lib/sbitmap: define swap_lock as raw_spinlock_t
     - nvme-multipath: system fails to create generic nvme device
     - iio: adc: ad7606: fix oversampling gpio array
     - iio: adc: ad7606: fix standby gpio state to match the documentation
     - ABI: testing: fix admv8818 attr description
     - iio: chemical: bme680: Fix read/write ops to device by adding mutexes
     - iio: magnetometer: ak8975: Convert enum->pointer for data in the match
       tables
     - iio: magnetometer: ak8975: drop incorrect AK09116 compatible
     - dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible
     - coresight: tmc: sg: Do not leak sg_table
     - cxl/pci: Break out range register decoding from cxl_hdm_decode_init()
     - cxl/pci: Fix to record only non-zero ranges
     - vdpa: Add eventfd for the vdpa callback
     - vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
     - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (CVE-2024-47686)
     - Revert "dm: requeue IO if mapping table not yet available"
     - net: xilinx: axienet: Schedule NAPI in two steps
     - net: xilinx: axienet: Fix packet counting
     - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685)
     - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
       Condition (CVE-2024-47747)
     - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
     - tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
     - net: qrtr: Update packets cloning when broadcasting
     - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
       (CVE-2024-47734)
     - net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled
     - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
     - netfilter: ctnetlink: compile ctnetlink_label_size with
       CONFIG_NF_CONNTRACK_EVENTS
     - io_uring/sqpoll: do not allow pinning outside of cpuset
     - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
     - io_uring/io-wq: do not allow pinning outside of cpuset
     - io_uring/io-wq: inherit cpuset of cgroup in io worker
     - vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
     - selinux,smack: don't bypass permissions check in inode_setsecctx hook
       (CVE-2024-46695)
     - drm/vmwgfx: Prevent unmapping active read buffers (CVE-2024-46710)
     - io_uring/sqpoll: retain test for whether the CPU is valid
     - io_uring/sqpoll: do not put cpumask on stack
     - Remove *.orig pattern from .gitignore
     - PCI: imx6: Fix missing call to phy_power_off() in error handling
     - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
     - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
     - soc: versatile: integrator: fix OF node leak in probe() error path
     - Revert "media: tuners: fix error return code of
       hybrid_tuner_request_state()"
     - Input: adp5588-keys - fix check on return code
     - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
     - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
     - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
     - [x86] KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
     - [x86] KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
       (CVE-2024-47683)
     - drm/amd/display: Round calculated vtotal
     - drm/amd/display: Validate backlight caps are sane
     - KEYS: prevent NULL pointer dereference in find_asymmetric_key()
       (CVE-2024-47743)
     - fs: Create a generic is_dot_dotdot() utility
     - ksmbd: make __dir_empty() compatible with POSIX
     - ksmbd: allow write with FILE_APPEND_DATA
     - ksmbd: handle caseless file creation
     - scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
       (CVE-2024-47682)
     - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
     - scsi: mac_scsi: Refactor polling loop
     - scsi: mac_scsi: Disallow bus errors during PDMA send
     - usbnet: fix cyclical race on disconnect with work queue
     - [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
     - USB: appledisplay: close race between probe and completion handler
     - USB: misc: cypress_cy7c63: check for short transfer
     - USB: class: CDC-ACM: fix race between get_serial and set_serial
     - usb: cdnsp: Fix incorrect usb_request status
     - usb: dwc2: drd: fix clock gating on USB role switch
     - bus: integrator-lm: fix OF node leak in probe()
     - bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
     - firmware_loader: Block path traversal (CVE-2024-47742)
     - tty: rp2: Fix reset with non forgiving PCIe host bridges
     - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
     - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
     - drbd: Fix atomicity violation in drbd_uuid_set_bm()
     - drbd: Add NULL check for net_conf to prevent dereference in state
       validation
     - ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
     - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
     - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
       (CVE-2024-49858)
     - perf/x86/intel/pt: Fix sampling synchronization
     - wifi: rtw88: 8822c: Fix reported RX band width
     - wifi: mt76: mt7615: check devm_kasprintf() returned value
     - debugobjects: Fix conditions in fill_pool()
     - f2fs: fix several potential integer overflows in file offsets
     - f2fs: prevent possible int overflow in dir_block_index()
     - f2fs: avoid potential int overflow in sanity_check_area_boundary()
     - f2fs: fix to check atomic_file in f2fs ioctl interfaces (CVE-2024-49859)
     - hwrng: mtk - Use devm_pm_runtime_enable
     - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
     - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
     - [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
     - [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
     - vfs: fix race between evice_inodes() and find_inode()&iput()
     - fs: Fix file_set_fowner LSM hook inconsistencies
     - nfs: fix memory leak in error path of nfs4_do_reclaim
     - EDAC/igen6: Fix conversion of system address to physical memory address
     - padata: use integer wrap around to prevent deadlock on seq_nr overflow
       (CVE-2024-47739)
     - soc: versatile: realview: fix memory leak during device remove
     - soc: versatile: realview: fix soc_dev leak during device remove
     - [powerpc*] 64: Option to build big-endian with ELFv2 ABI
     - [powerpc*] 64: Add support to build with prefixed instructions
     - [powerpc*] atomic: Use YZ constraints for DS-form instructions
     - usb: yurex: Replace snprintf() with the safer scnprintf() variant
     - USB: misc: yurex: fix race between read and write
     - xhci: fix event ring segment table related masks and variables in header
     - xhci: remove xhci_test_trb_in_td_math early development check
     - xhci: Refactor interrupter code for initial multi interrupter support.
     - xhci: Preserve RsvdP bits in ERSTBA register correctly
     - xhci: Add a quirk for writing ERST in high-low order
     - usb: xhci: fix loss of data on Cadence xHC
     - pps: remove usage of the deprecated ida_simple_xx() API
     - pps: add an error check in parport_attach
     - [x86] idtentry: Incorporate definitions/declarations of the FRED entries
     - [x86] entry: Remove unwanted instrumentation in common_interrupt()
     - mm/filemap: return early if failed to allocate memory for split
     - lib/xarray: introduce a new helper xas_get_order
     - mm/filemap: optimize filemap folio adding
     - icmp: Add counters for rate limits
     - icmp: change the order of rate limits (CVE-2024-47678)
     - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
     - lockdep: fix deadlock issue between lockdep and rcu
     - mm: only enforce minimum stack gap size if it's sensible
     - module: Fix KCOV-ignored file name
     - mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with
       rcu read lock
     - i2c: aspeed: Update the stop sw state when the bus recovery occurs
     - i2c: isch: Add missed 'else'
     - usb: yurex: Fix inconsistent locking bug in yurex_read()
     - perf/arm-cmn: Fail DTC counter allocation correctly
     - iio: magnetometer: ak8975: Fix 'Unexpected device' error
     - [powerpc*] Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
     - PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
     - [x86*] tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
     - static_call: Handle module init failure correctly in
       static_call_del_module() (CVE-2024-50002)
     - static_call: Replace pointless WARN_ON() in static_call_module_notify()
     - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
     - jump_label: Fix static_key_slow_dec() yet again
     - scsi: pm8001: Do not overwrite PCI queue mapping
     - mailbox: rockchip: fix a typo in module autoloading
     - mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
     - ceph: remove the incorrect Fw reference check when dirtying pages
     - ieee802154: Fix build error
     - net: sparx5: Fix invalid timestamps
     - net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
     - net/mlx5: Added cond_resched() to crdump collection
     - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
     - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
     - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
     - netfilter: nf_tables: prevent nf_skb_duplicated corruption
       (CVE-2024-49952)
     - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
     - net: ethernet: lantiq_etop: fix memory disclosure (CVE-2024-49997)
     - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
     - net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
     - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
     - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
     - ppp: do not assume bh is held in ppp_channel_bridge_input()
       (CVE-2024-49946)
     - fsdax,xfs: port unshare to fsdax
     - iomap: constrain the file range passed to iomap_file_unshare
     - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
       (CVE-2024-49944)
     - i2c: xiic: improve error message when transfer fails to start
     - i2c: xiic: Try re-initialization on bus busy timeout
     - loop: don't set QUEUE_FLAG_NOMERGES
     - Bluetooth: hci_sock: Fix not validating setsockopt user input
       (CVE-2024-35963)
     - media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
     - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is
       uninitialized
     - ALSA: mixer_oss: Remove some incorrect kfree_const() usages
     - ALSA: hda/realtek: Fix the push button function for the ALC257
     - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
     - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
     - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
     - f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
     - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
     - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
     - ice: Adjust over allocation of memory in ice_sched_add_root_node() and
       ice_sched_add_node()
     - wifi: iwlwifi: mvm: Fix a race in scan abort flow
     - wifi: cfg80211: Set correct chandef when starting CAC (CVE-2024-49937)
     - net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
     - net: hisilicon: hip04: fix OF node leak in probe()
     - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
     - net: hisilicon: hns_mdio: fix OF node leak in probe()
     - ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
     - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
     - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
     - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
     - net: sched: consistently use rcu_replace_pointer() in taprio_change()
     - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
     - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
     - blk_iocost: fix more out of bound shifts (CVE-2024-49933)
     - nvme-pci: qdepth 1 quirk
     - wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
     - wifi: rtw88: select WANT_DEV_COREDUMP
     - ACPI: EC: Do not release locks during operation region accesses
     - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
       acpi_db_convert_to_package()
     - tipc: guard against string buffer overrun (CVE-2024-49995)
     - net: mvpp2: Increase size of queue_name buffer
     - bnxt_en: Extend maximum length of version string by 1 byte
     - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
     - wifi: rtw89: correct base HT rate mask for firmware
     - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
     - net: atlantic: Avoid warning about potential string truncation
     - crypto: simd - Do not call crypto_alloc_tfm during registration
     - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
     - wifi: mac80211: fix RCU list iterations
     - ACPICA: iasl: handle empty connection_node
     - proc: add config & param to block forcing mem writes
     - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_cmd_802_11_scan_ext()
     - nfp: Use IRQF_NO_AUTOEN flag in request_irq()
     - ALSA: usb-audio: Add input value sanity checks for standard types
     - [x86] ioapic: Handle allocation failures gracefully (CVE-2024-49927)
     - ALSA: usb-audio: Define macros for quirk table entries
     - ALSA: usb-audio: Replace complex quirk lines with macros
     - ALSA: usb-audio: Add logitech Audio profile quirk
     - ASoC: codecs: wsa883x: Handle reading version failure
     - [x86] kexec: Add EFI config table identity mapping for kexec kernel
     - ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
     - ALSA: hdsp: Break infinite MIDI input flush loop
     - [x86] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
     - fbdev: pxafb: Fix possible use after free in pxafb_task() (CVE-2024-49924)
     - rcuscale: Provide clear error when async specified without primitives
     - [arm64] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
     - power: reset: brcmstb: Do not go into infinite loop if reset fails
     - [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
     - [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
       count (CVE-2024-49993)
     - drm/stm: Avoid use-after-free issues with crtc and plane (CVE-2024-49992)
     - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
     - drm/amd/display: Add null check for top_pipe_to_program in
       commit_planes_for_stream (CVE-2024-49913)
     - ata: pata_serverworks: Do not use the term blacklist
     - ata: sata_sil: Rename sil_blacklist to sil_quirks
     - drm/amd/display: Handle null 'stream_status' in
       'planes_changed_for_existing_stream' (CVE-2024-49912)
     - drm/amd/display: Check null pointers before using dc->clk_mgr
       (CVE-2024-49907)
     - drm/amd/display: Add null check for 'afb' in
       amdgpu_dm_plane_handle_cursor_update (v2)
     - jfs: UBSAN: shift-out-of-bounds in dbFindBits
     - jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
     - jfs: check if leafidx greater than num leaves per dmap tree
       (CVE-2024-49902)
     - scsi: smartpqi: correct stream detection
     - jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
     - drm/amdgpu: add raven1 gfxoff quirk
     - drm/amdgpu: enable gfxoff quirk on HP 705G4
     - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
     - [x86] platform/x86: touchscreen_dmi: add nanote-next quirk
     - drm/stm: ltdc: reset plane transparency after plane disable
     - drm/amd/display: Check stream before comparing them (CVE-2024-49896)
     - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
       translation (CVE-2024-49895)
     - drm/amd/display: Fix index out of bounds in degamma hardware format
       translation (CVE-2024-49894)
     - drm/amd/display: Fix index out of bounds in DCN30 color transformation
       (CVE-2024-49969)
     - drm/amd/display: Initialize get_bytes_per_element's default to 1
       (CVE-2024-49892)
     - drm/printer: Allow NULL data in devcoredump printer
     - [x86] perf,x86: avoid missing caller address in stack traces captured in
       uprobe
     - scsi: aacraid: Rearrange order of struct aac_srb_unit
     - scsi: lpfc: Update PRLO handling in direct attached topology
     - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
     - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
     - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
     - drm/amd/pm: ensure the fw_info is not null before using it
       (CVE-2024-49890)
     - of/irq: Refer to actual buffer size in of_irq_parse_one()
     - [powerpc*] pseries: Use correct data types from pseries_hp_errorlog struct
     - ext4: ext4_search_dir should return a proper error
     - ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
     - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
     - iomap: handle a post-direct I/O invalidate race in
       iomap_write_delalloc_release
     - blk-integrity: use sysfs_emit
     - blk-integrity: convert to struct device_attribute
     - blk-integrity: register sysfs attributes on struct device
     - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
     - spi: s3c64xx: fix timeout counters in flush_fifo
     - [powerpc*] vdso: Fix VDSO data access when running in a non-root time
       namespace
     - Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
       (Closes: #1081833)
     - [x86] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
       (CVE-2024-49886)
     - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
       (CVE-2024-49985)
     - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
     - i2c: xiic: Wait for TX empty to avoid missed TX NAKs
     - media: i2c: ar0521: Use cansleep version of gpiod_set_value()
       (CVE-2024-49961)
     - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
     - spi: bcm63xx: Fix module autoloading
     - power: supply: hwmon: Fix missing temp1_max_alarm attribute
     - perf/core: Fix small negative period being ignored
     - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
     - ALSA: core: add isascii() check to card ID generator
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
     - ALSA: usb-audio: Add native DSD support for Luxman D-08u
     - ALSA: line6: add hw monitor volume control to POD HD500X
     - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
     - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
     - ext4: no need to continue when the number of entries is 1 (CVE-2024-49967)
     - ext4: correct encrypted dentry name hash when not casefolded
     - ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
     - ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
     - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
     - ext4: dax: fix overflowing extents beyond inode size when partially
       writing (CVE-2024-50015)
     - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
     - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
     - ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
     - ext4: fix double brelse() the buffer of the extents path
     - ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
     - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
     - ext4: fix incorrect tid assumption in
       jbd2_journal_shrink_checkpoint_list()
     - ext4: fix fast commit inode enqueueing during a full journal commit
     - ext4: use handle to mark fc as ineligible in __track_dentry_update()
     - ext4: mark fc as ineligible using an handle in ext4_xattr_set()
     - drm/rockchip: vop: clear DMA stop bit on RK3066
     - of/irq: Support #msi-cells=<0> in of_msi_get_domain
     - drm: omapdrm: Add missing check for alloc_ordered_workqueue
       (CVE-2024-49879)
     - resource: fix region_intersects() vs add_memory_driver_managed()
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
       error
     - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
     - mm: krealloc: consider spare memory for __GFP_ZERO
     - ocfs2: fix the la space leak when unmounting an ocfs2 volume
     - ocfs2: fix uninit-value in ocfs2_get_block()
     - ocfs2: reserve space for inline xattr before attaching reflink tree
       (CVE-2024-49958)
     - ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
     - ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
       (CVE-2024-49877)
     - exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
     - perf hist: Update hist symbol when updating maps
     - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
     - nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
     - NFSD: Fix NFSv4's PUTPUBFH operation
     - aoe: fix the potential use-after-free problem in more places
       (CVE-2024-49982)
     - clk: rockchip: fix error for unknown clocks
     - remoteproc: k3-r5: Fix error handling when power-up failed
     - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
     - media: sun4i_csi: Implement link validate for sun4i_csi subdev
     - clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
     - clk: qcom: clk-rpmh: Fix overflow in BCM vote
     - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
     - media: venus: fix use after free bug in venus_remove due to race condition
       (CVE-2024-49981)
     - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
     - media: qcom: camss: Fix ordering of pm_runtime_enable
     - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
     - clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
     - smb: client: use actual path when queryfs
     - iio: magnetometer: ak8975: Fix reading for ak099xx sensors
     - gso: fix udp gso fraglist segmentation after pull from frag_list
       (CVE-2024-49978)
     - tomoyo: fallback to realpath if symlink's pathname does not exist
       (Closes: #1082001)
     - net: stmmac: Fix zero-division error when disabling tc cbs
       (CVE-2024-49977)
     - rtc: at91sam9: fix OF node leak in probe() error path
     - Input: adp5589-keys - fix NULL pointer dereference (CVE-2024-49871)
     - Input: adp5589-keys - fix adp5589_gpio_get_value()
     - cachefiles: fix dentry leak in cachefiles_open_file() (CVE-2024-49870)
     - ACPI: resource: Add Asus Vivobook X1704VAP to
       irq1_level_low_skip_override[] (Closes: #1078696)
     - ACPI: resource: Add Asus ExpertBook B2502CVA to
       irq1_level_low_skip_override[]
     - btrfs: fix a NULL pointer dereference when failed to start a new
       trasacntion (CVE-2024-49868)
     - btrfs: send: fix invalid clone operation for file that got its size
       decreased
     - btrfs: wait for fixup workers before stopping cleaner kthread during
       umount (CVE-2024-49867)
     - gpio: davinci: fix lazy disable
     - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
       (CVE-2024-8805)
     - ceph: fix cap ref leak via netfs init_request
     - tracing/hwlat: Fix a race during cpuhp processing
     - tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866)
     - close_range(): fix the logics in descriptor table trimming
     - [x86] drm/i915/gem: fix bitwise and logical AND mixup
     - drm/sched: Add locking to drm_sched_entity_modify_sched
     - drm/amd/display: Fix system hang while resume with TBT monitor
       (CVE-2024-50003)
     - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
       (Closes: #1076483)
     - kconfig: qconf: fix buffer overflow in debug links
     - i2c: create debugfs entry per adapter
     - i2c: core: Lock address during client device instantiation
     - i2c: xiic: Use devm_clk_get_enabled()
     - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
     - dt-bindings: clock: exynos7885: Fix duplicated binding
     - spi: bcm63xx: Fix missing pm_runtime_disable()
     - [arm64] Add Cortex-715 CPU part definition
     - [arm64] cputype: Add Neoverse-N3 definitions
     - [arm64] errata: Expand speculative SSBS workaround once more
     - io_uring/net: harden multishot termination case for recv
     - uprobes: fix kernel info leak via "[uprobes]" vma
     - mm: z3fold: deprecate CONFIG_Z3FOLD
     - drm/amd/display: Allow backlight to go below
       `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
     - build-id: require program headers to be right after ELF header
     - lib/buildid: harden build ID parsing logic
     - docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
     - delayacct: improve the average delay precision of getdelay tool to
       microsecond
     - sched: psi: fix bogus pressure spikes from aggregation race
     - media: i2c: imx335: Enable regulator supplies
     - media: imx335: Fix reset-gpio handling
     - remoteproc: k3-r5: Acquire mailbox handle during probe routine
     - remoteproc: k3-r5: Delay notification of wakeup event
     - dt-bindings: clock: qcom: Add missing UFS QREF clocks
     - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
     - clk: samsung: exynos7885: do not define number of clocks in bindings
     - clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
     - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
     - r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
     - clk: qcom: gcc-sc8180x: Add GPLL9 support
     - ACPI: battery: Simplify battery hook locking
     - ACPI: battery: Fix possible crash when unregistering a battery hook
       (CVE-2024-49955)
     - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
       bindings"
     - erofs: get rid of erofs_inode_datablocks()
     - erofs: get rid of z_erofs_do_map_blocks() forward declaration
     - erofs: avoid hardcoded blocksize for subpage block support
     - erofs: set block size to the on-disk block size
     - erofs: fix incorrect symlink detection in fast symlink
     - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
     - perf report: Fix segfault when 'sym' sort key is not used
     - fsdax: dax_unshare_iter() should return a valid length
     - fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
     - unicode: Don't special case ignorable code points
     - net: ethernet: cortina: Drop TSO support
     - tracing: Remove precision vsnprintf() check from print event
     - ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
     - ALSA: hda/realtek: cs35l41: Fix device ID / model name
     - drm/crtc: fix uninitialized variable use even harder
     - tracing: Have saved_cmdlines arrays all in one allocation
     - bootconfig: Fix the kerneldoc of _xbc_exit()
     - perf lock: Dynamically allocate lockhash_table
     - perf sched: Avoid large stack allocations
     - perf sched: Move start_work_mutex and work_done_wait_mutex initialization
       to perf_sched__replay()
     - perf sched: Fix memory leak in perf_sched__map()
     - perf sched: Move curr_thread initialization to perf_sched__map()
     - perf sched: Move curr_pid and cpu_last_switched initialization to
       perf_sched__{lat|map|replay}()
     - libsubcmd: Don't free the usage string
     - Bluetooth: Fix usage of __hci_cmd_sync_status
     - virtio_console: fix misc probe bugs
     - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
     - bpf: Check percpu map value size first
     - [s390x] facility: Disable compile time optimization for decompressor code
     - [s390x] mm: Add cond_resched() to cmm_alloc/free_pages()
     - bpf, x64: Fix a jit convergence issue
     - ext4: don't set SB_RDONLY after filesystem errors
     - ext4: nested locking for xattr inode
     - [s390x] cpum_sf: Remove WARN_ON_ONCE statements
     - RDMA/mad: Improve handling of timed out WRs of mad agent
     - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
     - RDMA/rtrs-srv: Avoid null pointer deref during path establishment
       (CVE-2024-50062)
     - clk: bcm: bcm53573: fix OF node leak in init
     - PCI: Add ACS quirk for Qualcomm SA8775P
     - i2c: i801: Use a different adapter-name for IDF adapters
     - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
     - io_uring: check if we need to reschedule during overflow flush
       (CVE-2024-50060)
     - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
       switchtec_ntb_remove due to race condition (CVE-2024-50059)
     - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
     - media: videobuf2-core: clear memory related fields in
       __vb2_plane_dmabuf_put()
     - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
     - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
     - usb: chipidea: udc: enable suspend interrupt after usb reset
     - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
       Crashkernel Scenario
     - comedi: ni_routing: tools: Check when the file could not be opened
     - netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
     - virtio_pmem: Check device status before requesting flush
     - tools/iio: Add memory allocation failure check for trigger_name
     - staging: vme_user: added bound check to geoid
     - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
       attribute
     - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
       lpfc_els_flush_cmd()
     - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
       instance
     - drm/amd/display: Check null pointer before dereferencing se
       (CVE-2024-50049)
     - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
       (CVE-2024-50048)
     - fbdev: sisfb: Fix strbuf array overflow
     - drm/rockchip: vop: limit maximum resolution to hardware capabilities
     - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
     - NFSD: Mark filecache "down" if init fails
     - ice: fix VLAN replay after reset
     - SUNRPC: Fix integer overflow in decode_rc_list()
     - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
       (CVE-2024-50046)
     - net: phy: dp83869: fix memory corruption when enabling fiber
     - tcp: fix to allow timestamp undo if no retransmits were sent
     - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
     - netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
     - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
       (CVE-2024-50044)
     - net: phy: bcm84881: Fix some error handling paths
     - thermal: int340x: processor_thermal: Set feature mask before
       proc_thermal_add
     - thermal: intel: int340x: processor: Fix warning during module unload
     - Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
     - net: ethernet: adi: adin1110: Fix some error handling path in
       adin1110_read_fifo()
     - net: dsa: b53: fix jumbo frame mtu check
     - net: dsa: b53: fix max MTU for 1g switches
     - net: dsa: b53: fix max MTU for BCM5325/BCM5365
     - net: dsa: b53: allow lower MTUs on BCM5325/5365
     - net: dsa: b53: fix jumbo frames on 10/100 ports
     - gpio: aspeed: Add the flush write to ensure the write complete.
     - gpio: aspeed: Use devm_clk api to manage clock source
     - ice: Fix netif_is_ice() in Safe Mode
     - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
       (CVE-2024-50041)
     - igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
     - net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
     - net: ibm: emac: mal: fix wrong goto
     - btrfs: zoned: fix missing RCU locking in error message when loading zone
       info
     - sctp: ensure sk_state is set to CLOSED if hashing fails in
       sctp_listen_start
     - netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
     - netfilter: fib: check correct rtable in vrf setups
     - net: ibm/emac: allocate dummy net_device dynamically
     - net: ibm: emac: mal: add dcr_unmap to _remove
     - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
     - vxlan: Handle error of rtnl_register_module().
     - mctp: Handle error of rtnl_register_module().
     - ppp: fix ppp_async_encode() illegal access
     - slip: make slhc_remember() more robust against malicious packets
     - rust: macros: provide correct provenance when constructing THIS_MODULE
     - HID: multitouch: Add support for lenovo Y9000P Touchpad
     - net/mlx5: Always drain health in shutdown callback (CVE-2024-43866)
     - wifi: mac80211: Avoid address calculations via out of bounds array
       indexing (CVE-2024-41071)
     - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
     - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
     - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
     - Revert "net: ibm/emac: allocate dummy net_device dynamically"
     - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
     - HID: plantronics: Workaround for an unexcepted opposite volume key
     - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
     - usb: dwc3: core: Stop processing of pending events if controller is halted
     - usb: xhci: Fix problem with xhci resume from suspend
     - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
     - usb: gadget: core: force synchronous registration
     - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
       ish_fw_xfer_direct_dma
     - drm/v3d: Stop the active perfmon before being destroyed (CVE-2024-50031)
     - drm/vc4: Stop the active perfmon before being destroyed
     - scsi: wd33c93: Don't use stale scsi_pointer value (CVE-2024-50026)
     - mptcp: fallback when MPTCP opts are dropped after 1st data
     - ata: libata: avoid superfluous disk spin down + spin up during hibernation
     - net: explicitly clear the sk pointer, when pf->create fails
     - net: Fix an unsafe loop on the list (CVE-2024-50024)
     - net: dsa: lan9303: ensure chip reset and wait for READY status
     - mptcp: handle consistently DSS corruption
     - mptcp: pm: do not remove closing subflows
     - device-dax: correct pgoff align in dax_set_mapping() (CVE-2024-50022)
     - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
     - kthread: unpark only parked kthread (CVE-2024-50019)
     - secretmem: disable memfd_secret() if arch cannot set direct map
     - net: ethernet: cortina: Restore TSO support
     - perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
     - block, bfq: fix uaf for accessing waker_bfqq after splitting
       (CVE-2024-49854)
     - Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
     - btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
     - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
     - ksmbd: fix user-after-free from session log off (CVE-2024-50086)
     - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
     - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
     - udf: New directory iteration code
     - udf: Convert udf_expand_dir_adinicb() to new directory iteration
     - udf: Move udf_expand_dir_adinicb() to its callsite
     - udf: Implement searching for directory entry using new iteration code
     - udf: Provide function to mark entry as deleted using new directory
       iteration code
     - udf: Convert udf_rename() to new directory iteration code
     - udf: Convert udf_readdir() to new directory iteration
     - udf: Convert udf_lookup() to use new directory iteration code
     - udf: Convert udf_get_parent() to new directory iteration code
     - udf: Convert empty_dir() to new directory iteration code
     - udf: Convert udf_rmdir() to new directory iteration code
     - udf: Convert udf_unlink() to new directory iteration code
     - udf: Implement adding of dir entries using new iteration code
     - udf: Convert udf_add_nondir() to new directory iteration
     - udf: Convert udf_mkdir() to new directory iteration code
     - udf: Convert udf_link() to new directory iteration code
     - udf: Remove old directory iteration code
     - udf: Handle error when expanding directory
     - udf: Don't return bh from udf_expand_dir_adinicb()
     - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
     - net: enetc: add missing static descriptor and inline keyword
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
     - [arm64] probes: Remove broken LDR (literal) uprobe support
     - [arm64] probes: Fix simulate_ldr*_literal()
     - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
       fixed-link PHY
     - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
     - fat: fix uninitialized variable
     - mm/swapfile: skip HugeTLB pages for unuse_vma
     - devlink: drop the filter argument from devlinks_xa_find_get
     - devlink: bump the instance index directly when iterating
     - maple_tree: correct tree corruption on spanning store
     - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
       (CVE-2024-39497)
     - [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
       devices
     - [s390x] sclp: Deactivate sclp after all its users
     - [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
     - [s390x] KVM: s390: gaccess: Check if guest address is in memslot
     - [s390x] KVM: s390: Change virtual to physical address access in diag 0x258
       handler
     - [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
     - [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
     - [x86] entry: Have entry_ibpb() invalidate return predictions
     - [x86] bugs: Skip RSB fill at VMEXIT
     - [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
     - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
       (CVE-2024-50082)
     - io_uring/sqpoll: close race on waiting for sqring entries
     - scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
     - drm/radeon: Fix encoder->possible_clones
     - drm/vmwgfx: Handle surface check failure correctly
     - drm/amdgpu/swsmu: Only force workload setup on init
     - drm/amdgpu: prevent BO_HANDLES error from being overwritten
     - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
     - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
     - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: hid-sensors: Fix an error handling path in
       _hid_sensor_set_report_latency()
     - iio: light: veml6030: fix ALS sensor resolution
     - iio: light: veml6030: fix IIO device retrieval from embedded device
     - iio: light: opt3001: add missing full-scale range value
     - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig
     - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
     - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
       Kconfig
     - Bluetooth: Call iso_exit() on module unload
     - Bluetooth: Remove debugfs directory on module init failure
     - Bluetooth: ISO: Fix multiple init when debugfs is disabled
       (CVE-2024-50077)
     - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
     - xhci: Fix incorrect stream context type macro
     - xhci: Mitigate failed set dequeue pointer commands
     - USB: serial: option: add support for Quectel EG916Q-GL
     - USB: serial: option: add Telit FN920C04 MBIM compositions
     - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
     - parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
     - [x86] resctrl: Annotate get_mem_config() functions as __init
     - [x86] apic: Always explicitly disarm TSC-deadline timer
     - [x86] entry_32: Do not clobber user EFLAGS.ZF
     - [x86] entry_32: Clear CPU buffers after register restore in NMI return
     - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073)
     - pinctrl: ocelot: fix system hang on level based interrupts
     - pinctrl: apple: check devm_kasprintf() returned value
     - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
     - irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
     - tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
     - mptcp: prevent MPC handshake on port-based signal endpoints
     - nilfs2: propagate directory read errors from nilfs_find_entry()
     - [powerpc*] 64: Add big-endian ELFv2 flavour to crypto VMX asm generation
     - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
       1000 G2
     - udf: Allocate name buffer in directory iterator on heap
     - udf: Avoid directory type conversion failure due to ENOMEM
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.115
     - bpf: Use raw_spinlock_t in ringbuf
     - iio: accel: bma400: Fix uninitialized variable field_value in tap event
       handling.
     - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
     - bpf: devmap: provide rxq after redirect
     - bpf: Fix memory leak in bpf_core_apply
     - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
     - RDMA/bnxt_re: Add a check for memory allocation
     - [x86] resctrl: Avoid overflow in MB settings in bw_validate()
     - [armhf] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
     - [s390x] pci: Handle PCI error codes other than 0x3a
     - bpf: fix kfunc btf caching for modules
     - drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
     - ALSA: hda/cs8409: Fix possible NULL dereference
     - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
     - RDMA/irdma: Fix misspelling of "accept*"
     - RDMA/srpt: Make slab cache names unique
     - ipv4: give an IPv4 dev to blackhole_netdev
     - RDMA/bnxt_re: Return more meaningful error
     - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
     - [arm64] drm/msm/dpu: make sure phys resources are properly initialized
     - [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
       calculation
     - [arm64] drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
     - [arm64] drm/msm: Allocate memory for disp snapshot with kvzalloc()
     - net: usb: usbnet: fix race in probe failure
     - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
     - macsec: don't increment counters for an unrelated SA
     - netdevsim: use cond_resched() in nsim_dev_trap_report_work()
     - net: ethernet: aeroflex: fix potential memory leak in
       greth_start_xmit_gbit()
     - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
     - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
     - net: systemport: fix potential memory leak in bcm_sysport_xmit()
     - [arm64] drm/msm/dpu: Wire up DSC mask for active CTL configuration
     - [arm64] drm/msm/dpu: don't always program merge_3d block
     - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
     - genetlink: hold RCU in genlmsg_mcast()
     - ravb: Remove setting of RX software timestamp
     - net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
     - scsi: target: core: Fix null-ptr-deref in target_alloc_device()
     - smb: client: fix OOBs when building SMB2_IOCTL request
     - usb: typec: altmode should keep reference to parent
     - [s390x] Initialize psw mask in perf_arch_fetch_caller_regs()
     - Bluetooth: bnep: fix wild-memory-access in proto_unregister
     - net/mlx5: Remove redundant cmdif revision check
     - net/mlx5: split mlx5_cmd_init() to probe and reload routines
     - net/mlx5: Fix command bitmask initialization
     - net/mlx5: Unregister notifier on eswitch init failure
     - bpf: Fix iter/task tid filtering
     - [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
     - [arm64] probes: Fix uprobes for big-endian kernels
     - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
     - usb: gadget: f_uac2: fix non-newline-terminated function name
     - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
     - usb: gadget: Add function wakeup support
     - XHCI: Separate PORT and CAPs macros into dedicated file
     - [arm64,armhf] usb: dwc3: core: Fix system suspend on TI AM62 platforms
     - tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool
       active
     - serial: Make uart_handle_cts_change() status param bool active
     - serial: imx: Update mctrl old_status on RTSD interrupt
     - block, bfq: fix procress reference leakage for bfqq in merge chain
     - exec: don't WARN for racy path_noexec check (CVE-2024-50010)
     - fs/ntfs3: Add more attributes checks in mi_enum_attr() (CVE-2023-45896)
     - [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
       with real VLA
     - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
       default regs values
     - [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
     - [arm64] Force position-independent veneers
     - udf: refactor udf_current_aext() to handle error
     - udf: fix uninit-value use in udf_get_fileshortad
     - [x86] platform/x86: dell-sysman: add support for alienware products
     - jfs: Fix sanity check in dbMount
     - tracing: Consider the NULL character when validating the event length
     - xfrm: extract dst lookup parameters into a struct
     - xfrm: respect ip protocols rules criteria when performing dst lookups
     - be2net: fix potential memory leak in be_xmit()
     - net: plip: fix break; causing plip to never transmit
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix error when setting port policy on
       mv88e6393x
     - netfilter: xtables: fix typo causing some targets not to load on IPv6
     - net: wwan: fix global oob in wwan_rtnl_policy
     - docs: net: reformat driver.rst from a list to sections
     - net: provide macros for commonly copied lockless queue stop/wake code
     - net/sched: adjust device watchdog timer to detect stopped queue at right
       time
     - net: fix races in netdev_tx_sent_queue()/dev_watchdog()
     - net: usb: usbnet: fix name regression
     - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
       created by classifiers
     - net: sched: fix use-after-free in taprio_change()
     - r8169: avoid unsolicited interrupts
     - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
     - Bluetooth: SCO: Fix UAF on sco_sock_timeout
     - Bluetooth: ISO: Fix UAF on iso_sock_timeout
     - bpf,perf: Fix perf_event_detach_bpf_prog error handling
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
     - ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
     - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
     - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
     - ALSA: hda/realtek: Update default depop procedure
     - cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
     - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
     - btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
     - btrfs: zoned: fix zone unusable accounting for freed reserved extent
     - drm/amd: Guard against bad data for ATIF ACPI method
     - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
     - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
     - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
       detection issue
     - nilfs2: fix kernel bug due to missing clearing of buffer delay flag
     - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
     - [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
     - [arm64] KVM: arm64: Don't eagerly teardown the vgic on init error
     - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
     - xfrm: fix one more kernel-infoleak in algo dumping
     - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
     - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
     - selinux: improve error checking in sel_write_load()
     - serial: protect uart_port_dtr_rts() in uart_shutdown() too
       (CVE-2024-50058)
     - net: phy: dp83822: Fix reset pin definitions
     - [arm64] ASoC: qcom: Fix NULL Dereference in
       asoc_qcom_lpass_cpu_platform_probe()
     - [x86] platform/x86: dell-wmi: Ignore suspend notifications
     - ACPI: PRM: Clean up guid type in struct prm_handler_info
     - [arm64] uprobes: change the uprobe_opcode_t typedef to fix the sparse
       warning
     - xfrm: validate new SA's prefixlen using SA family when sel.family is unset
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 27
   * d/config: Update with the help of kconfigeditor2
     - mm: Enable Z3FOLD_DEPRECATED instead of Z3FOLD
linux-signed-i386 (6.1.112+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.112-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
     - tty: atmel_serial: use the correct RTS flag.
     - fuse: Initialize beyond-EOF page contents before setting uptodate
     - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
     - ALSA: usb-audio: Support Yamaha P-125 quirk entry
     - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
     - [x86] thunderbolt: Mark XDomain as unplugged when router is removed
     - [s390x] dasd: fix error recovery leading to data corruption on ESE devices
     - [arm64] ACPI: NUMA: initialize all values of acpi_early_node_map to
       NUMA_NO_NODE
     - dm resume: don't return EINVAL when signalled
     - dm persistent data: fix memory allocation failure
     - vfs: Don't evict inode under the inode lru traversing context
     - [s390x] cio: rename bitmap_size() -> idset_bitmap_size()
     - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
     - bitmap: introduce generic optimized bitmap_size()
     - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
     - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
     - rtla/osnoise: Prevent NULL dereference in error handling
     - fs/netfs/fscache_cookie: add missing "n_accesses" check
     - selinux: fix potential counting error in avc_add_xperms_decision()
     - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
     - btrfs: zoned: properly take lock to read/update block group's zoned
       variables
     - btrfs: tree-checker: add dev extent item checks
     - drm/amdgpu: Actually check flags for all context ops.
     - memcg_write_event_control(): fix a user-triggerable oops
     - drm/amdgpu/jpeg2: properly set atomics vmid field
     - [s390x] uv: Panic for set and remove shared access UVC errors
     - bpf: Fix updating attached freplace prog in prog_array map
     - nilfs2: prevent WARNING in nilfs_dat_commit_end()
     - ext4, jbd2: add an optimized bmap for the journal inode
     - 9P FS: Fix wild-memory-access write in v9fs_get_acl
     - nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
     - mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
     - bpf: Split off basic BPF verifier log into separate file
     - bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
     - posix-timers: Ensure timer ID search-loop limit is valid
     - pid: Replace struct pid 1-element array with flex-array
     - gfs2: Rename remaining "transaction" glock references
     - gfs2: Rename the {freeze,thaw}_super callbacks
     - gfs2: Rename gfs2_freeze_lock{ => _shared }
     - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
     - gfs2: Rework freeze / thaw logic
     - gfs2: Stop using gfs2_make_fs_ro for withdraw
     - Bluetooth: Fix hci_link_tx_to RCU lock usage
     - wifi: mac80211: take wiphy lock for MAC addr change
     - wifi: mac80211: fix change_address deadlock during unregister
     - net: sched: Print msecs when transmit queue time out
     - net: don't dump stack on queue timeout
     - jfs: fix shift-out-of-bounds in dbJoin
     - squashfs: squashfs_read_data need to check if the length is 0
     - Squashfs: fix variable overflow triggered by sysbot
     - reiserfs: fix uninit-value in comp_keys
     - erofs: avoid debugging output for (de)compressed data
     - quota: Detect loops in quota tree
     - net:rds: Fix possible deadlock in rds_message_put
     - net: sctp: fix skb leak in sctp_inq_free()
     - pppoe: Fix memory leak in pppoe_sendmsg()
     - wifi: mac80211: fix and simplify unencrypted drop check for mesh
     - wifi: cfg80211: move A-MSDU check in ieee80211_data_to_8023_exthdr
     - wifi: cfg80211: factor out bridge tunnel / RFC1042 header check
     - wifi: mac80211: remove mesh forwarding congestion check
     - wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces
     - wifi: mac80211: add a workaround for receiving non-standard mesh A-MSDU
     - wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)
     - docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map
     - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
     - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
     - Bluetooth: RFCOMM: Fix not validating setsockopt user input
       (CVE-2024-35966)
     - ext4: check the return value of ext4_xattr_inode_dec_ref()
     - ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
     - ext4: do not create EA inode under buffer lock (CVE-2024-40972)
     - udf: Fix bogus checksum computation in udf_rename()
     - bpf, net: Use DEV_STAT_INC()
     - fou: remove warn in gue_gro_receive on unsupported protocol
       (CVE-2024-44940)
     - jfs: fix null ptr deref in dtInsertEntry (CVE-2024-44939)
     - jfs: Fix shift-out-of-bounds in dbDiscardAG (CVE-2024-44938)
     - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
     - igc: Correct the launchtime offset
     - igc: Fix packet still tx after gate close by reducing i226 MAC retry
       buffer
     - net/mlx5e: Take state lock during tx timeout reporter
     - net/mlx5e: Correctly report errors for ethtool rx flows
     - atm: idt77252: prevent use after free in dequeue_rx()
     - mlxbf_gige: Remove two unused function declarations
     - mlxbf_gige: disable RX filters until RX path initialized
     - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
     - netfilter: allow ipv6 fragments to arrive on different devices
     - netfilter: flowtable: initialise extack before use
     - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
       (Closes: #1070685)
     - netfilter: nf_tables: Audit log dump reset after the fact
     - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj
     - netfilter: nf_tables: Unconditionally allocate nft_obj_filter
     - netfilter: nf_tables: A better name for nft_obj_filter
     - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
     - netfilter: nf_tables: nft_obj_filter fits into cb->ctx
     - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
     - netfilter: nf_tables: Introduce nf_tables_getobj_single
     - netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
     - [arm64] net: hns3: fix wrong use of semaphore up
     - [arm64] net: hns3: use the user's cfg after reset
     - [arm64] net: hns3: fix a deadlock problem when config TC during resetting
     - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
     - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible
       values can be stored
     - ssb: Fix division by zero issue in ssb_calc_clock_rate
     - wifi: cfg80211: check wiphy mutex is held for wdev mutex
     - wifi: mac80211: fix BA session teardown race
     - mm: Remove kmem_valid_obj()
     - rcu: Dump memory object info if callback function is invalid
     - rcu: Eliminate rcu_gp_slow_unregister() false positive
     - wifi: cw1200: Avoid processing an invalid TIM IE
     - cgroup: Avoid extra dereference in css_populate_dir()
     - i2c: riic: avoid potential division by zero
     - RDMA/rtrs: Fix the problem of variable not initialized fully
     - [s390x] smp,mcck: fix early IPI handling
     - drm/bridge: tc358768: Attempt to fix DSI horizontal timings
     - media: radio-isa: use dev_name to fill in bus_info
     - staging: iio: resolver: ad2s1210: fix use before initialization
     - usb: gadget: uvc: cleanup request when not in correct state
     - drm/amd/display: Validate hw_points_num before using it
     - staging: ks7010: disable bh on tx_dev_lock
     - media: s5p-mfc: Fix potential deadlock on condlock
     - md/raid5-cache: use READ_ONCE/WRITE_ONCE for 'conf->log'
     - binfmt_misc: cleanup on filesystem umount
     - [arm64,armhf] drm/tegra: Zero-initialize iosys_map
     - media: qcom: venus: fix incorrect return value
     - scsi: spi: Fix sshdr use
     - gfs2: setattr_chown: Add missing initialization
     - wifi: iwlwifi: abort scan when rfkill on but device enabled
     - wifi: iwlwifi: fw: Fix debugfs command sending
     - clk: visconti: Add bounds-checking coverage for struct
       visconti_pll_provider
     - [amd64] IB/hfi1: Fix potential deadlock on &irq_src_lock and
       &dd->uctxt_lock
     - kbuild: rust_is_available: normalize version matching
     - kbuild: rust_is_available: handle failures calling `$RUSTC`/`$BINDGEN`
     - [arm64] Fix KASAN random tag seed initialization
     - block: Fix lockdep warning in blk_mq_mark_tag_wait
     - [arm64] drm/msm: Reduce fallout of fence signaling vs reclaim hangs
     - memory: tegra: Skip SID programming if SID registers aren't set
     - [powerpc*] xics: Check return value of kasprintf in icp_native_map_one_cpu
     - [x86] ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
     - [x86] hwmon: (pc87360) Bounds check data->innr usage
     - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at
       linear mode
     - Bluetooth: hci_conn: Check non NULL function before calling for HFP
       offload
     - gfs2: Refcounting fix in gfs2_thaw_super
     - nvmet-trace: avoid dereferencing pointer too early
     - ext4: do not trim the group with corrupted block bitmap
     - afs: fix __afs_break_callback() / afs_drop_open_mmap() race
     - fuse: fix UAF in rcu pathwalks
     - quota: Remove BUG_ON from dqget()
     - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
     - media: pci: cx23885: check cx23885_vdev_init() return
     - fs: binfmt_elf_efpic: don't use missing interpreter's properties
     - scsi: lpfc: Initialize status local variable in
       lpfc_sli4_repost_sgl_list()
     - media: drivers/media/dvb-core: copy user arrays safely
     - net/sun3_82586: Avoid reading past buffer in debug output
     - drm/lima: set gp bus_stop bit before hard reset
     - hrtimer: Select housekeeping CPU during migration
     - virtiofs: forbid newlines in tags
     - clocksource/drivers/arm_global_timer: Guard against division by zero
     - netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
     - md: clean up invalid BUG_ON in md_ioctl
     - [x86] Increase brk randomness entropy for 64-bit systems
     - memory: stm32-fmc2-ebi: check regmap_read return value
     - [powerpc*] boot: Handle allocation failure in simple_realloc()
     - [powerpc*] boot: Only free if realloc() succeeds
     - btrfs: delayed-inode: drop pointless BUG_ON in
       __btrfs_remove_delayed_item()
     - btrfs: change BUG_ON to assertion when checking for delayed_node root
     - btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
     - btrfs: handle invalid root reference found in may_destroy_subvol()
     - btrfs: send: handle unexpected data in header buffer in begin_cmd()
     - btrfs: change BUG_ON to assertion in tree_move_down()
     - btrfs: delete pointless BUG_ON check on quota root in
       btrfs_qgroup_account_extent()
     - f2fs: fix to do sanity check in update_sit_entry
     - usb: gadget: fsl: Increase size of name buffer for endpoints
     - nvme: clear caller pointer on identify failure
     - Bluetooth: bnep: Fix out-of-bound access
     - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
     - rtc: nct3018y: fix possible NULL dereference
     - [arm64] net: hns3: add checking for vf id of mailbox
     - nvmet-tcp: do not continue for invalid icreq
     - NFS: avoid infinite loop in pnfs_update_layout.
     - [s390x] iucv: fix receive buffer virtual vs physical address confusion
     - irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
     - clocksource: Make watchdog and suspend-timing multiplication overflow safe
     - [x86] platform/x86: lg-laptop: fix %s null argument warning
     - usb: dwc3: core: Skip setting event buffers for host only controllers
     - fbdev: offb: replace of_node_put with __free(device_node)
     - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
     - ext4: set the type of max_zeroout to unsigned int to avoid overflow
     - nvmet-rdma: fix possible bad dereference when freeing rsps
     - drm/amdgpu: fix dereference null return value for the function
       amdgpu_vm_pt_parent
     - hrtimer: Prevent queuing of hrtimer without a function callback
     - gtp: pull network headers in gtp_dev_xmit()
     - [arm64,armhf] i2c: tegra: allow DVC support to be compiled out
     - [arm64,armhf] i2c: tegra: allow VI support to be compiled out
     - [arm64,armhf] i2c: tegra: Do not mark ACPI devices as irq safe
     - dm suspend: return -ERESTARTSYS instead of -EINTR
     - net: mana: Fix doorbell out of order violation and avoid unnecessary
       doorbell rings
     - btrfs: replace sb::s_blocksize by fs_info::sectorsize
     - btrfs: send: allow cloning non-aligned extent if it ends at i_size
     - drm/amd/display: Adjust cursor position
     - platform/surface: aggregator: Fix warning when controller is destroyed in
       probe
     - Bluetooth: hci_core: Fix LE quote calculation
     - Bluetooth: SMP: Fix assumption of Central always being Initiator
     - [arm64] net: dsa: tag_ocelot: do not rely on skb_mac_header() for VLAN
       xmit
     - [arm64] net: dsa: tag_ocelot: call only the relevant portion of
       __skb_vlan_pop() on TX
     - [arm64] net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA
       and register injection
     - [arm64] net: mscc: ocelot: fix QoS class for injected packets with
       "ocelot-8021q"
     - [arm64] net: mscc: ocelot: serialize access to the injection/extraction
       groups
     - tc-testing: don't access non-existent variable on exception
     - tcp/dccp: bypass empty buckets in inet_twsk_purge()
     - tcp/dccp: do not care about families in inet_twsk_purge()
     - tcp: prevent concurrent execution of tcp_sk_exit_batch
     - net: mctp: test: Use correct skb for route input check
     - kcm: Serialise kcm_sendmsg() for the same socket.
     - netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
     - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
     - ip6_tunnel: Fix broken GRO
     - bonding: fix bond_ipsec_offload_ok return type
     - bonding: fix null pointer deref in bond_ipsec_offload_ok
     - bonding: fix xfrm real_dev null pointer dereference
     - bonding: fix xfrm state handling when clearing active slave
     - ice: Prepare legacy-rx for upcoming XDP multi-buffer support
     - ice: Add xdp_buff to ice_rx_ring struct
     - ice: Store page count inside ice_rx_buf
     - ice: Pull out next_to_clean bump out of ice_put_rx_buf()
     - ice: fix page reuse when PAGE_SIZE is over 8k
     - ice: fix ICE_LAST_OFFSET formula
     - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
     - net: dsa: mv88e6xxx: Fix out-of-bound access
     - netem: fix return value if duplicate enqueue fails
     - ipv6: prevent UAF in ip6_send_skb()
     - ipv6: fix possible UAF in ip6_finish_output2()
     - ipv6: prevent possible UAF in ip6_xmit()
     - netfilter: flowtable: validate vlan header
     - [arm64] drm/msm/dpu: don't play tricks with debug macros
     - [arm64] drm/msm/dp: fix the max supported bpp logic
     - [arm64] drm/msm/dp: reset the link phy params before link training
     - [arm64] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
     - mmc: mmc_test: Fix NULL dereference on allocation failure
     - Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884)
     - scsi: core: Fix the return value of scsi_logical_block_count()
     - ksmbd: the buffer of smb2 query dir response has at least 1 byte
     - drm/amdgpu: Validate TA binary size
     - HID: wacom: Defer calculation of resolution until resolution_code is known
     - HID: microsoft: Add rumble support to latest xbox controllers
     - Input: i8042 - add forcenorestore quirk to leave controller untouched even
       on s3
     - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk
       combination
     - cxgb4: add forgotten u64 ivlan cast before shift
     - [arm64] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
     - mmc: dw_mmc: allow biu and ciu clocks to defer
     - pmdomain: imx: wait SSAR when i.MX93 power domain on
     - mptcp: pm: re-using ID of unused removed ADD_ADDR
     - mptcp: pm: re-using ID of unused removed subflows
     - mptcp: pm: re-using ID of unused flushed subflows
     - mptcp: pm: only decrement add_addr_accepted for MPJ req
     - Revert "usb: gadget: uvc: cleanup request when not in correct state"
     - Revert "drm/amd/display: Validate hw_points_num before using it"
     - tcp: do not export tcp_twsk_purge()
     - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
     - ALSA: timer: Relax start tick time check for slave timer elements
     - mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order
       fallback to order 0
     - mm/numa: no task_numa_fault() call if PMD is changed
     - mm/numa: no task_numa_fault() call if PTE is changed
     - nfsd: Simplify code around svc_exit_thread() call in nfsd()
     - nfsd: separate nfsd_last_thread() from nfsd_put()
     - NFSD: simplify error paths in nfsd_svc()
     - nfsd: call nfsd_last_thread() before final nfsd_put()
     - nfsd: drop the nfsd_put helper
     - nfsd: don't call locks_release_private() twice concurrently
     - nfsd: Fix a regression in nfsd_setattr()
     - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
     - drm/amdgpu/vcn: identify unified queue in sw init
     - drm/amdgpu/vcn: not pause dpg for unified queue
     - [x86] KVM: x86: fire timer when it is migrated and expired, and in oneshot
       mode
     - Revert "s390/dasd: Establish DMA alignment"
     - wifi: mac80211: add documentation for amsdu_mesh_control
     - wifi: mac80211: fix mesh path discovery based on unicast packets
     - wifi: mac80211: fix mesh forwarding
     - wifi: mac80211: fix flow dissection for forwarded packets
     - wifi: mac80211: fix receiving mesh packets in forwarding=0 networks
     - wifi: mac80211: drop bogus static keywords in A-MSDU rx
     - wifi: mac80211: fix potential null pointer dereference
     - wifi: cfg80211: fix receiving mesh packets without RFC1042 header
     - gfs2: Fix another freeze/thaw hang
     - gfs2: don't withdraw if init_threads() got interrupted
     - gfs2: Remove LM_FLAG_PRIORITY flag
     - gfs2: Remove freeze_go_demote_ok
     - udp: fix receiving fraglist GSO packets
     - ice: fix W=1 headers mismatch
     - Revert "jfs: fix shift-out-of-bounds in dbJoin"
     - net: change maximum number of UDP segments to 128
     - selftests: net: more strict check in net_helper
     - Input: MT - limit max slots
     - tools: move alignment-related macros to new <linux/align.h>
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.108
     - drm/amdgpu: Using uninitialized value *size when calling
       amdgpu_vce_cs_reloc (CVE-2024-42228)
     - btrfs: run delayed iputs when flushing delalloc
     - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
     - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
     - pinctrl: single: fix potential NULL dereference in pcs_get_function()
     - of: Add cleanup.h based auto release via __free(device_node) markings
     - wifi: wfx: repair open network AP mode
     - wifi: mwifiex: duplicate static structs used in driver instances
     - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
     - mptcp: close subflow when receiving TCP+FIN
     - mptcp: sched: check both backup in retrans
     - mptcp: pm: skip connecting to already established sf
     - mptcp: pm: reset MPC endp ID when re-added
     - mptcp: pm: send ACK on an active subflow
     - mptcp: pm: do not remove already closed subflows
     - mptcp: pm: ADD_ADDR 0 is not a new address
     - drm/amdgpu: align pp_power_profile_mode with kernel docs
     - drm/amdgpu/swsmu: always force a state reprogram on init
     - ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)
     - usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister
       existing source caps before re-registration"
     - mmc: Avoid open coding by using mmc_op_tuning()
     - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
     - mptcp: unify pm get_local_id interfaces
     - mptcp: pm: remove mptcp_pm_remove_subflow()
     - mptcp: pm: only mark 'subflow' endp as available
     - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
     - of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put()
       handling
     - thermal: of: Fix OF node leak in thermal_of_trips_init() error path
     - thermal: of: Fix OF node leak in of_thermal_zone_find() error paths
     - ASoC: amd: acp: fix module autoloading
     - ASoC: SOF: amd: Fix for acp init sequence
     - pinctrl: mediatek: common-v2: Fix broken bias-disable for
       PULL_PU_PD_RSEL_TYPE
     - btrfs: fix extent map use-after-free when adding pages to compressed bio
       (CVE-2024-42314)
     - soundwire: stream: fix programming slave ports for non-continous port maps
     - [arm64] phy: xilinx: add runtime PM support
     - [arm64] phy: xilinx: phy-zynqmp: dynamic clock support for power-save
     - [arm64] phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume
     - [x86] dmaengine: dw: Add peripheral bus width verification
     - [x86] dmaengine: dw: Add memory bus width verification
     - Bluetooth: hci_core: Fix not handling hibernation actions
     - iommu: Do not return 0 from map_pages if it doesn't do anything
     - netfilter: nf_tables: restore IP sanity checks for netdev/egress
     - wifi: iwlwifi: fw: fix wgds rev 3 exact size
     - ethtool: check device is present when getting link settings
     - netfilter: nf_tables_ipv6: consider network offset in netdev/egress
       validation
     - bonding: implement xdo_dev_state_free and call it after deletion
     - gtp: fix a potential NULL pointer dereference
     - sctp: fix association labeling in the duplicate COOKIE-ECHO case
     - drm/amd/display: avoid using null object of framebuffer
     - net: busy-poll: use ktime_get_ns() instead of local_clock()
     - nfc: pn533: Add poll mod list filling check
     - [arm64] soc: qcom: cmd-db: Map shared memory as WC, not WB
     - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
     - USB: serial: option: add MeiG Smart SRM825L
     - [armhf] usb: dwc3: omap: add missing depopulate in probe error path
     - [arm64,armhf] usb: dwc3: core: Prevent USB core invalid event buffer
       address access
     - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
       remove_power_attributes()
     - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
     - usb: cdnsp: fix for Link TRB with TC
     - [arm64] phy: zynqmp: Enable reference clock correctly
     - igc: Fix reset adapter logics when tx mode change
     - igc: Fix qbv tx latency by setting gtxoffset
     - scsi: aacraid: Fix double-free on probe failure
     - apparmor: fix policy_unpack_test on big endian systems
     - fbdev: offb: fix up missing cleanup.h
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.109
     - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
     - scsi: ufs: core: Bypass quick recovery if force reset is needed
     - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
     - ALSA: hda/conexant: Mute speakers at suspend / shutdown
     - i2c: Fix conditional for substituting empty ACPI functions
     - dma-debug: avoid deadlock between dma debug vs printk and netconsole
     - net: usb: qmi_wwan: add MeiG Smart SRM825L
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
     - mptcp: make pm_remove_addrs_and_subflows static
     - mptcp: pm: fix RM_ADDR ID for the initial subflow
     - PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
     - f2fs: fix to truncate preallocated blocks in f2fs_file_open()
       (CVE-2024-43859)
     - mptcp: pm: fullmesh: select the right ID later
     - mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)
     - mptcp: pm: reuse ID 0 after delete and re-add
     - mptcp: pm: fix ID 0 endp usage after multiple re-creations
     - mptcp: pr_debug: add missing \n at the end
     - mptcp: avoid duplicated SUB_CLOSED events
     - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
     - drm/amd/display: Assign linear_pitch_alignment even for VM
     - drm/amdgpu: fix overflowed array index read warning
     - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
     - drm/amd/pm: fix uninitialized variable warning
     - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
     - drm/amd/pm: fix warning using uninitialized value of max_vid_step
     - drm/amd/pm: Fix negative array index read
     - drm/amd/pm: fix the Out-of-bounds read warning
     - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
     - drm/amdgpu: avoid reading vf2pf info size from FB
     - drm/amd/display: Check gpio_id before used as array index
     - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
     - drm/amd/display: Add array index check for hdcp ddc access
     - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
     - drm/amd/display: Check msg_id before processing transcation
     - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
       dal_gpio_service_create
     - drm/amd/display: Spinlock before reading event
     - drm/amd/display: Ensure index calculation will not overflow
     - drm/amd/display: Skip inactive planes within
       ModeSupportAndSystemConfiguration
     - drm/amd/amdgpu: Check tbo resource pointer
     - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
     - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
     - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
     - drm/amdgpu: Fix out-of-bounds write warning
     - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
     - drm/amdgpu: fix ucode out-of-bounds read warning
     - drm/amdgpu: fix mc_data out-of-bounds read warning
     - apparmor: fix possible NULL pointer dereference
     - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
     - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
       SOCs
     - drm/amdgpu: fix dereference after null check
     - drm/amdgpu: fix the waring dereferencing hive
     - drm/amd/pm: check specific index for aldebaran
     - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
     - drm/amd/pm: check negtive return for table entries
     - wifi: rtw89: ser: avoid multiple deinit on same CAM
     - drm/amdgpu: update type of buf size to u32 for eeprom functions
     - wifi: iwlwifi: remove fw_running op
     - cpufreq: scmi: Avoid overflow of target_freq in fast switch
     - PCI: al: Check IORESOURCE_BUS existence during probe
     - hwspinlock: Introduce hwspin_lock_bust()
     - RDMA/efa: Properly handle unexpected AQ completions
     - ionic: fix potential irq name truncation
     - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
     - rcu/nocb: Remove buggy bypass lock contention mitigation
     - usbip: Don't submit special requests twice
     - usb: typec: ucsi: Fix null pointer dereference in trace
     - fsnotify: clear PARENT_WATCHED flags lazily
     - regmap: spi: Fix potential off-by-one when calculating reserved size
     - smack: tcp: ipv4, fix incorrect labeling
     - net/mlx5e: SHAMPO, Fix incorrect page release
     - [arm64] drm/meson: plane: Add error handling
     - [x86] hwmon: (k10temp) Check return value of amd_smn_read()
     - wifi: cfg80211: make hash table duplicates more survivable
     - driver: iio: add missing checks on iio_info's callback access
     - block: remove the blk_flush_integrity call in blk_integrity_unregister
     - drm/amd/display: added NULL check at start of dc_validate_stream
     - drm/amd/display: Correct the defined value for
       AMDGPU_DMUB_NOTIFICATION_MAX
     - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
     - media: uvcvideo: Enforce alignment of frame and interval
     - virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)
     - Bluetooth: SCO: Fix possible circular locking dependency on
       sco_connect_cfm
     - Bluetooth: SCO: fix sco_conn related locking and validity issues
     - ext4: fix inode tree inconsistency caused by ENOMEM
     - udf: Limit file size to 4TB
     - ext4: reject casefold inode flag without casefold feature
     - ext4: handle redirtying in ext4_bio_write_page()
     - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
     - sch/netem: fix use after free in netem_dequeue
     - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
     - [x86] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
     - [x86] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and
       MSR_GS_BASE
     - [x86] KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is
       missing
     - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
       devices
     - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
     - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
     - ksmbd: unset the binding mark of a reused connection
     - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
     - ata: libata: Fix memory leak for error path in ata_host_alloc()
     - [x86] tdx: Fix data leak in mmio_read()
     - [x86] perf/x86/intel: Limit the period on Haswell
     - [arm64,armhf] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
     - [x86] kaslr: Expose and use the end of the physical memory address space
     - rtmutex: Drop rt_mutex::wait_lock before scheduling
     - nvme-pci: Add sleep quirk for Samsung 990 Evo
     - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
       BREDR/LE"
     - Bluetooth: MGMT: Ignore keys being loaded with invalid type
     - mmc: core: apply SD quirks earlier during probe
     - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
     - mmc: sdhci-of-aspeed: fix module autoloading
     - mmc: cqhci: Fix checking of CQHCI_HALT state
     - fuse: update stats for pages in dropped aux writeback list
     - fuse: use unsigned type for getxattr/listxattr size truncation
     - [arm64] clk: qcom: clk-alpha-pll: Fix the pll post div mask
     - [arm64] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
     - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
     - spi: rockchip: Resolve unbalanced runtime PM / system PM handling
     - tracing: Avoid possible softlockup in tracing_iter_reset()
     - net: mctp-serial: Fix missing escapes on transmit
     - [x86] fpu: Avoid writing LBR bit to IA32_XSS unless supported
     - Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
     - tcp_bpf: fix return value of tcp_bpf_sendmsg()
     - ila: call nf_unregister_net_hooks() sooner
     - sched: sch_cake: fix bulk flow accounting logic for host fairness
     - nilfs2: fix missing cleanup on rollforward recovery error
     - nilfs2: protect references to superblock parameters exposed in sysfs
     - nilfs2: fix state management in error path of log writing function
     - ALSA: control: Apply sanity check of input values for user elements
     - ALSA: hda: Add input value sanity checks to HDMI channel map controls
     - smack: unix sockets: fix accept()ed socket label
     - ELF: fix kernel.randomize_va_space double read
     - [armhf] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
     - af_unix: Remove put_pid()/put_cred() in copy_peercred().
     - [x86] kmsan: Fix hook for unaligned accesses
     - netfilter: nf_conncount: fix wrong variable type
     - udf: Avoid excessive partition lengths
     - media: vivid: fix wrong sizeimage value for mplane
     - leds: spi-byte: Call of_node_put() on error path
     - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
     - usb: uas: set host status byte on data completion error
     - usb: gadget: aspeed_udc: validate endpoint index for ast udc
     - drm/amd/display: Check HDCP returned status
     - drm/amdgpu: Fix smatch static checker warning
     - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
     - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
     - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
     - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
     - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
     - pcmcia: Use resource_size function on resource object
     - drm/amd/display: Check denominator pbn_div before used
     - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
     - can: bcm: Remove proc entry when dev is unregistered.
     - [arm64] can: m_can: Release irq on error in m_can_open
     - can: mcp251xfd: fix ring configuration when switching from CAN-CC to
       CAN-FD mode
     - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
     - igb: Fix not clearing TimeSync interrupts for 82580
     - ice: Add netif_device_attach/detach into PF reset flow
     - [x86] platform/x86: dell-smbios: Fix error path in dell_smbios_init()
     - regulator: Add of_regulator_bulk_get_all
     - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
     - igc: Unlock on error in igc_io_resume()
     - ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog()
     - ice: allow hot-swapping XDP programs
     - ice: do not bring the VSI up, if it was down before the XDP setup
     - usbnet: modern method to get random MAC
     - bareudp: Fix device stats updates.
     - fou: Fix null-ptr-deref in GRO.
     - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
     - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
     - firmware: cs_dsp: Don't allow writes to read-only controls
     - [arm64] phy: zynqmp: Take the phy mutex in xlate
     - [x86] ASoC: topology: Properly initialize soc_enum values
     - dm init: Handle minors larger than 255
     - [amd64] iommu/vt-d: Handle volatile descriptor status read
     - cgroup: Protect css->cgroup write under css_set_lock
     - devres: Initialize an uninitialized struct member
     - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
     - [x86] crypto: qat - fix unintentional re-enabling of error interrupts
     - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
     - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
     - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
     - drm/amdgpu: Set no_hw_access when VF request full GPU fails
     - ext4: fix possible tid_t sequence overflows
     - dma-mapping: benchmark: Don't starve others when doing the test
     - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
     - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
     - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
     - btrfs: clean up our handling of refs == 0 in snapshot delete
     - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
     - PCI: Add missing bridge lock to pci_bus_lock()
     - tcp: Don't drop SYN+ACK for simultaneous connect().
     - net: dpaa: avoid on-stack arrays of NR_CPUS elements
     - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
     - btrfs: initialize location to fix -Wmaybe-uninitialized in
       btrfs_lookup_dentry()
     - [s390x] vmlinux.lds.S: Move ro_after_init section behind rodata section
     - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
     - [amd64] HID: amd_sfh: free driver_data after destroying hid device
     - Input: uinput - reject requests with unreasonable number of slots
     - usbnet: ipheth: race between ipheth_close and error handling
     - Squashfs: sanity check symbolic link size
     - of/irq: Prevent device address out-of-bounds read in interrupt map walk
     - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
     - [mips*] cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
     - ata: pata_macio: Use WARN instead of BUG
     - NFSv4: Add missing rescheduling points in
       nfs_client_return_marked_delegations
     - io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers
     - io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads
     - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
     - iio: buffer-dmaengine: fix releasing dma channel on error
     - iio: fix scale application in iio_convert_raw_to_processed_unlocked
     - iio: adc: ad7124: fix config comparison
     - iio: adc: ad7606: remove frstdata check for serial mode
     - iio: adc: ad7124: fix chip ID mismatch
     - [arm64,armhf] usb: dwc3: core: update LC timer as per USB Spec V3.2
     - [arm*] binder: fix UAF caused by offsets overwrite
     - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
     - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
     - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
     - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
     - clocksource/drivers/timer-of: Remove percpu irq related code
     - uprobes: Use kzalloc to allocate xol area
     - perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
     - fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY
     - fuse: allow non-extending parallel direct writes on the same file
     - fuse: add request extension
     - fuse: fix memory leak in fuse_create_open
     - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
     - workqueue: wq_watchdog_touch is always called with valid CPU
     - workqueue: Improve scalability of workqueue watchdog touch
     - ACPI: processor: Return an error if acpi_processor_get_info() fails in
       processor_add()
     - ACPI: processor: Fix memory leaks in error paths of processor_add()
     - [arm64] acpi: Move get_cpu_for_acpi_id() to a header
     - [arm64] acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
     - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
       function
     - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index
       erratum
     - can: mcp251xfd: clarify the meaning of timestamp
     - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
     - drm/amd: Add gfx12 swizzle mode defs
     - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
     - [powerpc*] 64e: remove unused IBM HTW code
     - [powerpc*] 64e: split out nohash Book3E 64-bit code
     - [powerpc*] 64e: Define mmu_pte_psize static
     - nvmet-tcp: fix kernel crash if commands allocation fails
     - [x86] ASoc: SOF: topology: Clear SOF link platform name upon unload
     - [arm64,armhf] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
     - [x86] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
     - [x86] drm/i915/fence: Mark debug_fence_free() with __maybe_unused
     - [arm64,armhf] gpio: rockchip: fix OF node leak in probe()
     - [arm64] gpio: modepin: Enable module autoloading
     - [x86] mm: Fix PTI for i386 some more
     - btrfs: fix race between direct IO write and fsync when using same fd
     - bpf: Silence a warning in btf_type_id_size()
     - memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
     - regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all()
     - fuse: add feature flag for expire-only
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.111
     - ksmbd: override fsids for share path check
     - ksmbd: override fsids for smb2_query_info()
     - usbnet: ipheth: fix carrier detection in modes 1 and 4
     - net: ethernet: use ip_hdrlen() instead of bit shift
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
     - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
     - net: phy: vitesse: repair vsc73xx autonegotiation
     - [powerpc*] mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
     - btrfs: update target inode's ctime on unlink
     - Input: ads7846 - ratelimit the spi_sync error message
     - Input: synaptics - enable SMBus for HP Elitebook 840 G2
     - HID: multitouch: Add support for GT7868Q
     - scripts: kconfig: merge_config: config files: add a trailing newline
     - [x86] platform/surface: aggregator_registry: Add Support for Surface Pro
       10
     - [x86] platform/surface: aggregator_registry: Add support for Surface
       Laptop Go 3
     - [arm64] drm/msm/adreno: Fix error return if missing firmware-name
     - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
     - smb/server: fix return value of smb2_open()
     - NFSv4: Fix clearing of layout segments in layoutreturn
     - NFS: Avoid unnecessary rescanning of the per-server delegation list
     - [x86] platform/x86: panasonic-laptop: Fix SINF array out of bounds
       accesses
     - [x86] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf
       array
     - mptcp: pm: Fix uaf in __timer_delete_sync
     - [arm64] dts: rockchip: fix eMMC/SPI corruption when audio has been used on
       RK3399 Puma
     - [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
       Puma
     - net: tighten bad gso csum offset check in virtio_net_hdr
     - dm-integrity: fix a race condition when accessing recalc_sector
     - mm: avoid leaving partial pfn mappings around in error case
     - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
       (CVE-2024-35943)
     - [arm64] dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
     - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
     - cxl/core: Fix incorrect vendor debug UUID define
     - [armhf] hwmon: (pmbus) Conditionally clear individual status bits for
       pmbus rev >= 1.2
     - ice: fix accounting for filters shared by multiple VSIs
     - igb: Always call igb_xdp_ring_update_tail() under Tx lock
     - net/mlx5: Update the list of the PCI supported devices
     - net/mlx5e: Add missing link modes to ptys2ethtool_map
     - net/mlx5: Explicitly set scheduling element and TSAR type
     - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
     - net/mlx5: Correct TASR typo into TSAR
     - net/mlx5: Verify support for scheduling element and TSAR type
     - net/mlx5: Fix bridge mode operations when there are no VFs
     - fou: fix initialization of grc
     - netfilter: nft_socket: fix sk refcount leaks
     - net: dpaa: Pad packets to ETH_ZLEN
     - [arm64] spi: nxp-fspi: fix the KASAN report out-of-bounds bug
     - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
       for non-continous port maps"
     - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
     - drm/amdgpu/atomfirmware: Silence UBSAN warning
     - [x86] drm/i915/guc: prevent a possible int overflow in wq offsets
     - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
     - [arm64] ASoC: meson: axg-card: fix 'use-after-free'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.112
     - ALSA: hda/realtek - Fixed ALC256 headphone no sound
     - ALSA: hda/realtek - FIxed ALC285 headphone no sound
     - scsi: lpfc: Fix overflow build issue
     - [x86] hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
     - [armhf] net: ftgmac100: Ensure tx descriptor updates are visible
     - wifi: iwlwifi: lower message level for FW buffer destination
     - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
     - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
     - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
     - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap()
     - wifi: iwlwifi: clear trans->state earlier upon error
     - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration
     - [x86] ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match
       less strict
     - [x86] ASoC: intel: fix module autoloading
     - spi: spidev: Add an entry for elgin,jg10309-01
     - spi: bcm63xx: Enable module autoloading
     - smb: client: fix hang in wait_for_response() for negproto
     - [x86] hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides
       frequency
     - tools: hv: rm .*.cmd when make clean
     - block: Fix where bio IO priority gets set
     - spi: spidev: Add missing spi_device_id for jg10309-01
     - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
     - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
       (CVE-2024-41016)
     - xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
     - xfs: Fix deadlock on xfs_inodegc_worker
     - xfs: fix extent busy updating
     - xfs: don't use BMBT btree split workers for IO completion
     - xfs: fix low space alloc deadlock
     - xfs: prefer free inodes at ENOSPC over chunk allocation
     - xfs: block reservation too large for minleft allocation
     - xfs: fix uninitialized variable access
     - xfs: quotacheck failure can race with background inode inactivation
     - xfs: fix BUG_ON in xfs_getbmap()
     - xfs: buffer pins need to hold a buffer reference
     - xfs: defered work could create precommits
     - xfs: fix AGF vs inode cluster buffer deadlock
     - xfs: collect errors from inodegc for unlinked inode recovery
     - xfs: fix ag count overflow during growfs
     - xfs: remove WARN when dquot cache insertion fails
     - xfs: fix the calculation for "end" and "length"
     - xfs: load uncached unlinked inodes into memory on demand
     - xfs: fix negative array access in xfs_getbmap
     - xfs: fix unlink vs cluster buffer instantiation race
     - xfs: correct calculation for agend and blockcount
     - xfs: use i_prev_unlinked to distinguish inodes that are not on the
       unlinked list
     - xfs: reload entire unlinked bucket lists
     - xfs: make inode unlinked bucket recovery work with quotacheck
     - xfs: fix reloading entire unlinked bucket lists
     - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
     - xfs: journal geometry is not properly bounds checked
     - netfilter: nft_socket: make cgroupsv2 matching work with namespaces
     - netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in
       nft_socket_cgroup_subtree_level()
     - netfilter: nft_set_pipapo: walk over current view on netlink dump
       (CVE-2024-27017)
     - netfilter: nf_tables: missing iterator type in lookup walk
     - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
     - gpiolib: cdev: Ignore reconfiguration without direction
     - gpio: prevent potential speculation leaks in gpio_device_get_desc()
       (CVE-2024-44931)
     - can: mcp251xfd: properly indent labels
     - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
       mcp251xfd_chip_start/stop()
     - btrfs: calculate the right space for delayed refs when updating global
       reserve
     - [x86] powercap: RAPL: fix invalid initialization for pl4_supported field
     - [x86] mm: Switch to new Intel CPU model defines
     - USB: serial: pl2303: add device id for Macrosilicon MS3020
     - USB: usbtmc: prevent kernel-usb-infoleak
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 26
   * [rt] Update to 6.1.107-rt39
   * [rt] Update to 6.1.111-rt42

mediawiki (1:1.39.10-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 1.39.10, fixing T372998 (AbuseFilter API not
     properly checking permissions, CVE pending).
mediawiki (1:1.39.8-1) unstable; urgency=medium
 .
   [ Taavi Väänänen ]
   * Update my email address
 .
   [ Kunal Mehta ]
   * New upstream version 1.39.8
mediawiki (1:1.39.7-1) unstable; urgency=medium
 .
   * New upstream version 1.39.7. (Closes: #1064797)
   * Drop obsolete Lintian override for
     package-supports-alternative-init-but-no-init.d-script.
   * Fix ordering in debian/changelog to fix the
     globbing-patterns-out-of-order lintian warning.

nghttp2 (1.52.0-1+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-28182: unbounded number of HTTP/2 CONTINUATION frames DoS
     (Closes: #1068415)
   * nghttp2_option_set_stream_reset_rate_limit was added in
     1.52.0-1+deb12u1, add to debian/libnghttp2-14.symbols

ninja-build (1.11.1-2~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 ninja-build (1.11.1-2) unstable; urgency=medium
 .
   * Support large inode numbers on 32-bit systems. (Closes: #1041897)
     - Cherry-pick upstream commit as support_32bit_system_like_i386.patch

node-dompurify (2.4.1+dfsg+~2.4.0-2+deb12u1) bookworm; urgency=medium
 .
   * Fix prototype pollutions (Closes: CVE-2024-45801, CVE-2024-48910)
node-dompurify (2.4.1+dfsg+~2.4.0-2) bookworm-security; urgency=medium
 .
   * Team upload
   * Fix mXSS issue (Closes: #1084983, CVE-2024-47875)

node-es-module-lexer (1.1.0+dfsg-2+deb12u1) bookworm; urgency=medium
 .
   * Backport: update build command (Closes: #1078885)

node-globby (13.1.3+~cs16.25.40-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Upload to bookworm
   * Backport patch to fix build with node 18. Closes: #1072599.

node-mdn-browser-compat-data (5.2.20+~3.33.0-1+deb12u1) bookworm; urgency=medium
 .
   * Backport workaround ts-node bug (Closes: #1078890)

node-rollup-plugin-node-polyfills (0.2.1+dfsg+~0.11.0-1+deb12u1) bookworm; urgency=medium
 .
   * Backport: update build (Closes: #1078896)

node-tap (16.3.2+ds1+~cs50.8.16-1+deb12u1) bookworm; urgency=medium
 .
   * Backport patch to support tsnode imports by default.
     Closes: #1078897.

node-xterm (3.8.1+~cs0.9.0-1+deb12u1) bookworm; urgency=medium
 .
   * Upload to bookworm
   * Team upload
   * Fix Typescript declarations with new stable Node.js (Closes: #1076378)

node-y-protocols (1.0.5-6+deb12u1) bookworm; urgency=medium
 .
   * gbp: switch to debian/bookworm
   * Fix build links (Closes: #1078898)

node-y-websocket (1.4.5-4+deb12u1) bookworm; urgency=medium
 .
   * gbp: debian/bookworm
   * Backport fix build links (Closes: #1078900)

node-ytdl-core (4.11.2+dfsg+~cs4.10.8-1+deb12u1) bookworm; urgency=medium
 .
   * Backport tsc patch (Closes: #1078899)

notify-osd (0.9.35+15.04.20150126-3+deb12u1) bookworm; urgency=medium
 .
   * debian/rules, debian/notify-osd.desktop{,in}: Dynamically generate
     the Exec path in notify-osd.desktop with DEB_HOST_MULTIARCH to fix
     the incorrect executable path in /etc/xdg/autostart/notify-osd.desktop.
     (Closes: #1027272)

ntfs-3g (1:2022.10.3-1+deb12u2) bookworm; urgency=medium
 .
   * Move fuse to simple dependency (closes: #983359).
ntfs-3g (1:2022.10.3-1+deb12u1) bookworm; urgency=medium
 .
   * Fix use-after-free in 'ntfs_uppercase_mbs' (CVE-2023-52890)
     (closes: #1073248).

oath-toolkit (2.6.7-3.1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-47191 (pam_oath priv escalation with usersfile ${HOME}).

openjdk-17 (17.0.13+11-2~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm
openjdk-17 (17.0.13+11-1) unstable; urgency=high
 .
   * OpenJDK 17.0.13 release, build 11.
     - CVE-2024-21208
     - CVE-2024-21210
     - CVE-2024-21217
     - CVE-2024-21235
 .
   [ Vladimir Petko ]
   * d/rules: do not include dtrace support for S390x (JDK-8305174).
   * d/t/problems.csv: Disable jdk/sun/security/util/Debug/DebugOptions.java
     due to JDK-8339713.
openjdk-17 (17.0.13+11-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm
openjdk-17 (17.0.13~6ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.13 early access, build 6.
 .
   [ Vladimir Petko ]
   * d/copyright-generator/strip-common-licenses.sh: Add GPLv3 to the
     list of common licenses.
   * d/JB-*.override.in: Update lintian overrides.
   * d/s/lintian-override: Add source-contains-prebuilt-javascript-object
     due to LP: 2032992.
   * d/p/jdk-8334895-proposed.patch: Fix typo in the patch description.
   * d/t/problemlist.csv: Update problemlist.csv for July release
   * d/t/jtreg-autopkgtest.{in,sh}: Increase jtreg test timeouts.
   * Enable dtrace support.
openjdk-17 (17.0.12+7-2) unstable; urgency=medium
 .
   [ Vladimir Petko ]
   * d/p/jdk-8312488.patch: Add upstream patch to resolve jpackage crash.
   * d/copyright: Regenerate copyright.
   * d/rules, d/t/*: Collate all excluded tests into d/t/problemlist.csv.
   * d/rules: Enable fallback linker for Foreign Function and Memory API
     on i386 and armhf.
   * d/watch: Use fixed googletest version.
   * d/p/jdk-8336529-proposed.patch: Fix time_t migration issue on armhf.
     openjdk is unable to set file last modified timestamp.
   * d/p/jdk-8334895-proposed.patch: Refresh patch.
   * d/rules: Relax jtreg7 version condition for backports.
   * d/rules, d/control.in: Depend on pkgconf rather than pkg-config in
     bookworm and later releases. This resolves lintian warning
     build-depends-on-obsolete-package Build-Depends: pkg-config => pkgconf.
   * d/rules: Drop autotools-dev dependency for the modern debhelper.
     This resolves obsolete autotools-dev dependency lintian warning.
     See #844191.

openssl (3.0.15-1~deb12u1) bookworm; urgency=medium
 .
   * Import 3.0.15
     - CVE-2024-5535 (SSL_select_next_proto buffer overread)
       (Closes: #1074487).
     - CVE-2024-9143 (Low-level invalid GF(2^m) parameters lead to OOB memory
       access) (Closes: #1085378).
openssl (3.0.14-1~deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2024-6119 (Possible denial of service in X.509 name checks).

ostree (2022.7-2+deb12u1) bookworm; urgency=medium
 .
   * d/control, d/gbp.conf: Configure for stable updates
   * d/p/curl-Assert-that-curl_multi_assign-worked.patch,
     d/p/curl-Make-socket-callback-during-cleanup-into-no-op.patch:
     Add patches from upstream 2024.8 to avoid libflatpak crash with an
     assertion failure when using curl 8.10.x.
     This was originally reported in testing/unstable, but can affect
     bookworm if using libcurl3-gnutls from bookworm-backports.
     (Closes: #1082121)

php-twig (3.5.1-1+deb12u1) bookworm-security; urgency=medium
 .
   * Fix a security issue when an included sandboxed template has been loaded
     before without the sandbox context [CVE-2024-45411] (Closes: #1081561)
   * Track bookworm

php8.2 (8.2.24-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.24
    + [CVE-2024-8926]: Bypass of CVE-2024-4577, Parameter Injection
      Vulnerability
    + [CVE-2024-8927]: cgi.force_redirect configuration is bypassable due
      to the environment variable collision
    + [CVE-2024-8927]: Logs from FPM childrens may be altered
    + [CVE-2024-8925]: Erroneous parsing of multipart form data
php8.2 (8.2.23-1) unstable; urgency=medium
 .
   * New upstream version 8.2.23
php8.2 (8.2.21-1) unstable; urgency=medium
 .
   * New upstream version 8.2.21
   * Add Restart=on-failure to the systemd service file
   * Remove the patch that fixed GH-14480 (merged upstream)
php8.2 (8.2.20-3) unstable; urgency=medium
 .
   * Add Breaks on extensions using php_strlcpy (Closes: #1074167)
php8.2 (8.2.20-2) unstable; urgency=medium
 .
   * Fix GH-14480: Method visibility issue introduced in version 8.3.8 (#14484)

puppetserver (7.9.5-2+deb12u1) bookworm; urgency=medium
 .
   * ship cronjob to clean up reportdir automatically (Closes: #1078911,
     #1080489)

puredata (0.53.1+ds-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-47480: Terminate if canceling setuid() privilege fails

pymatgen (2022.11.7+dfsg1-11+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-23346 (Closes: #1064514)

python-cryptography (38.0.4-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-49083: NULL dereference when loading PKCS7 certificates
     (Closes: #1057108)
   * CVE-2024-26130: NULL dereference when PKCS#12 key and cert don't match
     (Closes: #1064778)

python-reportlab (3.6.12-1+deb12u1) bookworm-security; urgency=high
 .
   * Team upload
   * Fix CVE-2023-33733
     Reportlab was vulnerable to Remote Code Execution (RCE)
     via crafted PDF file.
   * Add SalsaCI

python-sql (1.4.0-1+deb12u1) bookworm-security; urgency=high
 .
   * Add 01-escape_non_expressions.patch.
     Description: Escape non expressions for unary operators
     This patch fixes CVE-2024-9774 vulnerability for SQL injection attacks
     from https://discuss.tryton.org/t/security-release-for-issue-93

python3.11 (3.11.2-6+deb12u4) bookworm; urgency=medium
 .
   * Fix zipfile.Path regression introduced by 3.11.2-6+deb12u3
     (Closes: 1080245)
   * Fix CVE-2024-6232: Regular expressions that allowed excessive backtracking
     during tarfile.TarFile header parsing are vulnerable to ReDoS via
     specifically-crafted tar archives
python3.11 (3.11.2-6+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2024-0397
   * CVE-2024-4032
   * CVE-2024-8088

reprepro (5.3.1-1+deb12u2) bookworm; urgency=medium
 .
   * uncompress: prevent reprepro from hanging on unzstd
     (Closes: #1056380, LP: #2047775)

ruby-saml (1.13.0-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * SAML authentication bypass via Incorrect XPath selector (CVE-2024-45409)
     (Closes: #1081560)

sqlite3 (3.40.1-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-7104: Session extension buffer overread
   * Backport fix for a stack overflow that could be caused by a
     recursively defined WINDOW() with a strategically embedded error.
   * Backport fix for a technically undefined signed integer overflow
     in fts5.

sumo (1.15.0+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Remove bashism from CMakeLists.txt. Closes: #1082135.

systemd (252.31-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.31
   * Drop journald.conf patch merged upstream
   * Refresh patches to remove fuzz from update

tgt (1:1.0.85-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * chap: Use proper entropy source (CVE-2024-45751) (Closes: #1081158)

thunderbird (1:115.16.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * [3801b51] New upstream version 115.16.0esr
     Fixed CVE issues in upstream version 115.16 (MFSA 2024-52):
     CVE-2024-9680: Use-after-free in Animation timeline
thunderbird (1:115.15.0-1~deb12u1) bookworm-security; urgency=medium
 .
   * [912dd3c] New upstream version 115.15.0
     Fixed CVE issues in upstream version 115.15 (MFSA 2024-44):
     CVE-2024-8381: Type confusion when looking up a property name in a
                    &quot;with&quot; block
     CVE-2024-8382: Internal event interfaces were exposed to web content
                    when browser EventHandler listener callbacks ran
     CVE-2024-8383: Thunderbird did not ask before openings news: links in
                    an external application
     CVE-2024-8384: Garbage collection could mis-color cross-compartment
                    objects in OOM conditions
   * [1b87bc9] d/changelog: Fix version number (connected to MFSA 2024-38)
thunderbird (1:115.14.0-1~deb12u1) bookworm-security; urgency=medium
 .
   * [d608c75] New upstream version 115.14.0
     Fixed CVE issues in upstream version 115.1 (MFSA 2024-38):
     CVE-2024-7519: Out of bounds memory access in graphics shared memory
                    handling
     CVE-2024-7521: Incomplete WebAssembly exception handing
     CVE-2024-7522: Out of bounds read in editor component
     CVE-2024-7525: Missing permission check when creating a StreamFilter
     CVE-2024-7526: Uninitialized memory used by WebGL
     CVE-2024-7527: Use-after-free in JavaScript garbage collection
     CVE-2024-7529: Document content could partially obscure security prompts
thunderbird (1:115.14.0-1~deb11u1) bullseye-security; urgency=medium
 .
   * Rebuild for bullseye-security
thunderbird (1:115.13.0-1) unstable; urgency=medium
 .
   * [83b5833] d/create-upstream-tarballs.py: Need to check for esr now
   * [5268d14] New upstream version 115.13.0
     Fixed CVE issues in upstream version 115.13 (MFSA 2024-31):
     CVE-2024-6600: Memory corruption in WebGL API
     CVE-2024-6601: Race condition in permission assignment
     CVE-2024-6602: Memory corruption in NSS
     CVE-2024-6603: Memory corruption in thread creation
     CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
                    Thunderbird 128, and Thunderbird 115.13
   * [8097b55] Rebuild patch queue from patch-queue branch
     Dropped patch (not needed anymore):
     debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch
   * [eab5143] d/watch: Now watch out for 'esr' suffixed versions
thunderbird (1:115.13.0-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security
thunderbird (1:115.13.0-1~deb11u1) bullseye-security; urgency=medium
 .
   * Rebuild for bullseye-security
thunderbird (1:115.12.0-1) unstable; urgency=medium
 .
   * [3d303c4] d/c-u-t.py: Ignore one more version
   * [2e7f143] New upstream version 115.12.0
     Fixed CVE issues in upstream version 115.12 (MFSA 2024-28):
     CVE-2024-5702: Use-after-free in networking
     CVE-2024-5688: Use-after-free in JavaScript object transplant
     CVE-2024-5690: External protocol handlers leaked by timing attack
     CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions
                    to open a new window
     CVE-2024-5692: Bypass of file name restrictions during saving
     CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
     CVE-2024-5696: Memory Corruption in Text Fragments
     CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
                    and Thunderbird 115.12
   * [9afc3a0] d/logo/thunderbird: Update PNG files from newer SVG
     (Closes: #1071824)
   * [a92c8d1] d/thunderbird.install: Install the newer correct SVG graphic

timeshift (22.11.2-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * debian/control: Add missing dependency on pkexec. (Closes: #1069676)

trafficserver (9.2.5+ds-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 9.2.5+ds
   * CVEs fix (Closes: #1077141)
     - CVE-2023-38522: Incomplete field name check allows request smuggling
     - CVE-2024-35161: Incomplete check for chunked trailer section allows
       request smuggling
     - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests
trafficserver (9.2.4+ds-2) unstable; urgency=medium
 .
   * Disable plugin dynamic reload by default (Closes: #1020989)
   * Improve d/trafficserver.service security
   * Update d/copyright to fix lintian warning
trafficserver (9.2.4+ds-1) unstable; urgency=medium
 .
   * New upstream version 9.2.4+ds
   * Refresh d/patches for 9.2.4 release
   * Update Debian Policy version
   * Update d/copyright fixing lintian superfluous-file-pattern warning
   * Update d/control to fix lintian build-depends-on-obsolete-package warning
   * CVEs fix (Closes: #1068417)
     - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack

tryton-server (6.0.29-2+deb12u3) bookworm-security; urgency=high
 .
   * Add patches for security release
     https://discuss.tryton.org/t/security-release-for-
     issues-13505-and-13506.
     - Add 04_check_read_access_of_reports_records_13505.patch:
      Check read access of report records.
      Since 982a131026e7 the access rights are no more checked on instances.
      So anyone who has access to the report action, can execute the report
      for any records.
 .
     - Add 05_retrieve_groups_actions_wo_check_access_13506.patch:
      Check read access of report records.
      get_groups does not always returns the group of the action.
      When the method is called with access checked as there is a record rule
      on ir.action, the method returns an empty set of group ids. This is
      because no actions were found if the user does not share a group.
      This makes that check access of Report and Wizard never raise an error.

twisted (22.4.0-4+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-41671 (Closes: #1077679)
   * CVE-2024-41810 (Closes: #1077680)
   * CVE-2023-46137 (Closes: #1054913)

util-linux (2.38.1-5+deb12u2) bookworm; urgency=medium
 .
   * Add the following upstream patches to identify new Arm cores:
     - 0027-lscpu-Add-Neoverse-V2-Cortex-R82.patch
     - 0028-lscpu-Add-2023-Cortex.patch
     - 0029-lscpu-Add-Neoverse-V3-N3.patch

vmdb2 (0.27+really.0.26-1+deb12u1) bookworm; urgency=medium
 .
   * Set the locale to UTF-8, as Ansible fails otherwise (Closes: #1032363)

webkit2gtk (2.46.0-2~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable sysprof profiling integration to avoid new dependencies:
     - debian/control.in: Don't depend on libsysprof-capture-4-dev.
     - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG, USE_OLD_JSCBIN_PKG and
       USE_OLD_WEBDRIVER_PKG to keep using the old package names.
   * debian/control-common.in:
     - Make the -dev packages depend on the gir packages.
   * debian/control.in:
     - Build depend on ccache.
webkit2gtk (2.46.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bring all changes from the 2.45 (experimental) branch.
   * Enable sysprof profiling integration on available architectures.
   * Rename webkit2gtk-driver to webkitgtk-webdriver.
     - debian/control.in: add the necessary Conflicts / Breaks / Replaces.
     - debian/control-webdriver.in: control file for the transitional
       package.
     - debian/rules: Add USE_OLD_WEBDRIVER_PKG and the logic to decide
       which packages to build.
   * debian/rules:
     - Disable bmalloc in armhf (WebKit bug #278858).
     - Stop limiting parallel builds on Ubuntu.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/gbp.conf:
     - Update upstream branch name.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * debian/patches/dont-detect-sse2.patch:
     - Update this patch.
   * Remove the following patches:
     - disable-dmabuf-nvidia.patch: all Nvidia-related bugs are supposed to
       be fixed upstream.
     - prefer-pthread.patch: this should not be needed anymore.
     - reduce-memory-overheads.patch: Override LDFLAGS instead.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
webkit2gtk (2.45.92-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Refresh all patches.
   * Disable dont-detect-sse2.patch since it breaks the i386 build
     (WebKit bug #278661).
   * debian/rules:
     - Disable bmalloc in armhf (WebKit bug #278858).
webkit2gtk (2.45.91-1) experimental; urgency=medium
 .
   [ Alberto Garcia ]
   * New upstream development release.
   * Refresh all patches.
   * debian/copyright:
     - Update copyright information of all files.
 .
   [ Jeremy Bícha ]
   * Enable sysprof profiling integration on available architectures.
webkit2gtk (2.45.6-1) experimental; urgency=medium
 .
   * New upstream development release.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/control.in:
     - Update Standards-Version to 4.7.0 (no changes).
     - Replace gobject-introspection-bin with gobject-introspection. This
       fixes a lintian error: missing-build-dependency-for-dh-addon gir
       (does not satisfy gobject-introspection:any | dh-sequence-gir:any)
webkit2gtk (2.45.5-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Refresh all patches.
   * debian/copyright:
     - Update copyright information of all files.
   * Rename webkit2gtk-driver to webkitgtk-webdriver.
     - debian/control.in: add the necessary Conflicts / Breaks / Replaces.
     - debian/control-webdriver.in: control file for the transitional
       package.
     - debian/rules: Add USE_OLD_WEBDRIVER_PKG and the logic to decide
       which packages to build.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
webkit2gtk (2.45.4-1) experimental; urgency=medium
 .
   [ Alberto Garcia ]
   * New upstream development release.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * Disable clang in all architectures since it fails to build this
     release (WebKit bug #275872).
 .
   [ Jeremy Bicha ]
   * Treat riscv64 as an unknown CPU (again!) to fix a FTBFS (see webkit
     bugs #274826 and #271371).
webkit2gtk (2.45.3-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Building with clang failed in armel, armhf, mips64el, ppc64el and
     riscv64, so use gcc again in those.
   * Refresh all patches and remove fix-riscv-include.patch.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
webkit2gtk (2.45.2-1) experimental; urgency=medium
 .
   * New upstream development release.
   * Remove disable-skia-big-endian.patch and fix-riscv-include.patch.
   * debian/patches/fix-clang-build.patch:
     - Fix build with clang in (at least) i386 and s390x.
   * Use clang in all architectures where it's available.
   * debian/copyright:
     - Update copyright information of all files.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
webkit2gtk (2.45.1-2) experimental; urgency=medium
 .
   * debian/patches/disable-skia-big-endian.patch:
     - Don't use Skia on big-endian machines since it's not supported
       (Closes: #1070865)
   * debian/patches/fix-riscv-include.patch:
     - Fix typo in header name.
   * Use clang on amd64 since it's strongly recommended to build Skia
     (Closes: #1032443).
   * debian/rules:
     - Disable dh_dwz since it causes several build failures with clang
       (see e.g. #1016936 or #946255).
webkit2gtk (2.45.1-1) experimental; urgency=medium
 .
   * New upstream development release.
   * debian/watch, debian/gbp.conf:
     - Branch for 2.45.x in experimental.
   * debian/upstream/signing-key.asc:
     - Replace Carlos Garcia's DSA key with the new RSA one.
   * debian/rules:
     - Build with -DENABLE_JIT=OFF in riscv64. This replaces
       fix-ftbfs-riscv64.patch.
     - Add -Wl,--reduce-memory-overheads to LDFLAGS. This replaces
       reduce-memory-overheads.patch.
   * Remove the following patches:
     - disable-dmabuf-nvidia.patch: all Nvidia-related bugs are supposed to
       be fixed upstream.
     - prefer-pthread.patch: this should not be needed anymore.
     - fix-ftbfs-riscv64.patch: Use -DENABLE_JIT=OFF instead.
     - reduce-memory-overheads.patch: Override LDFLAGS instead.
   * debian/source/lintian-overrides:
     - Update source-is-missing overrides.
   * debian/copyright:
     - Update copyright information of all files.
webkit2gtk (2.44.4-1) unstable; urgency=medium
 .
   * New upstream release.
   * Drop fix-clang-build.patch and fix-webasm-crash.patch.
   * debian/rules:
     - Disable dh_dwz, it breaks the build in at least i386 and amd64
       (see #1081000).
webkit2gtk (2.44.3-1) unstable; urgency=high
 .
   * New upstream release.
   * The WebKitGTK security advisory WSA-2024-0004 lists the following
     security fixes in the latest versions of WebKitGTK:
     - CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782,
       CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558
       (fixed in 2.44.3).
   * debian/patches/fix-clang-build.patch,
     debian/patches/fix-webasm-crash.patch:
     - Patches recommended by upstream after 2.44.3 was released.
   * debian/libwebkit2gtk-4.0-37.symbols:
     - Update symbols.
   * debian/control.in:
     - Update Standards-Version to 4.7.0 (no changes).
     - Replace gobject-introspection-bin with gobject-introspection. This
       fixes a lintian error: missing-build-dependency-for-dh-addon gir
       (does not satisfy gobject-introspection:any | dh-sequence-gir:any)
webkit2gtk (2.44.3-1~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm-security.
   * Disable JPEG XL to avoid adding new dependencies.
     - debian/control.in: Remove build dependency on libjxl-dev.
     - debian/rules: Build with -DUSE_JPEGXL=OFF.
   * debian/rules:
     - Enable ENABLE_SOUP2, USE_OLD_DOC_PKG and USE_OLD_JSCBIN_PKG to keep
       using the old package names.
   * debian/control.in:
     - Make the -dev packages depend on the gir packages.
     - Build depend on ccache.
webkit2gtk (2.44.2-1) unstable; urgency=high
 .
   * New upstream release.
   * debian/upstream/signing-key.asc:
     - Replace Carlos Garcia's DSA key with the new RSA one.

wireshark (4.0.17-0+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2024-0208: GVCP dissector crash
     - CVE-2024-0209: IEEE 1609.2 dissector crash
     - CVE-2024-2955: T.38 dissector crash (Closes: #1068111)
     - CVE-2024-4853: Editcap byte chopping crash
     - CVE-2024-4854: MONGO dissector infinite loop
     - CVE-2024-4855: Editcap use-after-free
     - CVE-2024-8250: NTLMSSP dissector crash (Closes: #1080298)
     - CVE-2024-8645: SPRT dissector crash
   * CVE-2024-0211: DOCSIS dissector crash
   * Closes: #1059925
wireshark (4.0.11-1) unstable; urgency=medium
 .
   * New upstream version
     - security fixes:
       - SSH dissector crash
       - NetScreen file parser crash

xfpt (0.11-1+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick 30-Diagnose-error-if-macro-expansion-makes-a-line-too-l.patch
     from upstream GIT master to fix buffer overflow CVE-2024-43700.
     Closes: #1080219

xorg-server (2:21.1.7-3+deb12u8) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * xkb: Fix buffer overflow in _XkbSetCompatMap() (CVE-2024-9632)
=======================================
Sat, 31 Aug 2024 - Debian 12.7 released
=======================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:36:19 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
btrfs-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
btrfs-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
cdrom-core-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
cdrom-core-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
cdrom-core-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
crc-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
crc-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
crc-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
crypto-dm-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
crypto-dm-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
crypto-dm-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
crypto-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
crypto-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
crypto-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
dasd-extra-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
dasd-extra-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
dasd-extra-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
dasd-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
dasd-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
dasd-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
ext4-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
ext4-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
ext4-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
f2fs-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
f2fs-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
f2fs-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
fat-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
fat-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
fat-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
fuse-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
fuse-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
fuse-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
isofs-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
isofs-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
isofs-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
kernel-image-6.1.0-18-s390x-di |   6.1.76-1 | s390x
kernel-image-6.1.0-23-s390x-di |   6.1.99-1 | s390x
kernel-image-6.1.0-24-s390x-di |  6.1.106-2 | s390x
linux-headers-6.1.0-18-s390x |   6.1.76-1 | s390x
linux-headers-6.1.0-23-s390x |   6.1.99-1 | s390x
linux-headers-6.1.0-24-s390x |  6.1.106-2 | s390x
linux-image-6.1.0-18-s390x |   6.1.76-1 | s390x
linux-image-6.1.0-18-s390x-dbg |   6.1.76-1 | s390x
linux-image-6.1.0-23-s390x |   6.1.99-1 | s390x
linux-image-6.1.0-23-s390x-dbg |   6.1.99-1 | s390x
linux-image-6.1.0-24-s390x |  6.1.106-2 | s390x
linux-image-6.1.0-24-s390x-dbg |  6.1.106-2 | s390x
loop-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
loop-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
loop-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
md-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
md-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
md-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
mtd-core-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
mtd-core-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
mtd-core-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
multipath-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
multipath-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
multipath-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
nbd-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
nbd-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
nbd-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
nic-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
nic-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
nic-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
scsi-core-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
scsi-core-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
scsi-core-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
scsi-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
scsi-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
scsi-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
udf-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
udf-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
udf-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x
xfs-modules-6.1.0-18-s390x-di |   6.1.76-1 | s390x
xfs-modules-6.1.0-23-s390x-di |   6.1.99-1 | s390x
xfs-modules-6.1.0-24-s390x-di |  6.1.106-2 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:36:32 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
affs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
affs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
affs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
affs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
affs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
ata-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
ata-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
ata-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
ata-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
ata-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
ata-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
btrfs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
btrfs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
btrfs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
btrfs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
btrfs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
btrfs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
cdrom-core-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
cdrom-core-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
crc-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
crc-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
crc-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
crc-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
crc-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
crc-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
crypto-dm-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
crypto-dm-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
crypto-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
crypto-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
crypto-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
crypto-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
crypto-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
crypto-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
event-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
event-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
event-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
event-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
event-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
event-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
ext4-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
ext4-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
ext4-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
ext4-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
ext4-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
ext4-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
f2fs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
f2fs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
f2fs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
f2fs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
f2fs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
f2fs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
fat-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
fat-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
fat-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
fat-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
fat-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
fat-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
fb-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
fb-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
fb-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
fb-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
fb-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
fb-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
firewire-core-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
firewire-core-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
firewire-core-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
firewire-core-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
firewire-core-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
firewire-core-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
fuse-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
fuse-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
fuse-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
fuse-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
fuse-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
fuse-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
input-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
input-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
input-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
input-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
input-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
input-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
isofs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
isofs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
isofs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
isofs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
isofs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
isofs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
jfs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
jfs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
jfs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
jfs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
jfs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
jfs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
kernel-image-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
kernel-image-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
kernel-image-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
kernel-image-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
kernel-image-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
kernel-image-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
linux-headers-6.1.0-18-loongson-3 |   6.1.76-1 | mips64el, mipsel
linux-headers-6.1.0-18-octeon |   6.1.76-1 | mips64el, mipsel
linux-headers-6.1.0-23-loongson-3 |   6.1.99-1 | mips64el, mipsel
linux-headers-6.1.0-23-octeon |   6.1.99-1 | mips64el, mipsel
linux-headers-6.1.0-24-loongson-3 |  6.1.106-2 | mips64el, mipsel
linux-headers-6.1.0-24-octeon |  6.1.106-2 | mips64el, mipsel
linux-image-6.1.0-18-loongson-3 |   6.1.76-1 | mips64el, mipsel
linux-image-6.1.0-18-loongson-3-dbg |   6.1.76-1 | mips64el, mipsel
linux-image-6.1.0-18-octeon |   6.1.76-1 | mips64el, mipsel
linux-image-6.1.0-18-octeon-dbg |   6.1.76-1 | mips64el, mipsel
linux-image-6.1.0-23-loongson-3 |   6.1.99-1 | mips64el, mipsel
linux-image-6.1.0-23-loongson-3-dbg |   6.1.99-1 | mips64el, mipsel
linux-image-6.1.0-23-octeon |   6.1.99-1 | mips64el, mipsel
linux-image-6.1.0-23-octeon-dbg |   6.1.99-1 | mips64el, mipsel
linux-image-6.1.0-24-loongson-3 |  6.1.106-2 | mips64el, mipsel
linux-image-6.1.0-24-loongson-3-dbg |  6.1.106-2 | mips64el, mipsel
linux-image-6.1.0-24-octeon |  6.1.106-2 | mips64el, mipsel
linux-image-6.1.0-24-octeon-dbg |  6.1.106-2 | mips64el, mipsel
loop-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
loop-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
loop-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
loop-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
loop-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
loop-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
md-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
md-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
md-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
md-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
md-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
md-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
minix-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
minix-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
minix-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
minix-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
minix-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
minix-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
mmc-core-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
mmc-core-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
mmc-core-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
mmc-core-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
mmc-core-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
mmc-core-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
mmc-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
mmc-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
mmc-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
mmc-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
mmc-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
mmc-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
mouse-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
mouse-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
mouse-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
mouse-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
mouse-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
mouse-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
multipath-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
multipath-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
multipath-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
multipath-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
multipath-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
multipath-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nbd-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nbd-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nbd-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nbd-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nbd-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nbd-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nfs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nfs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nfs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nfs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nfs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nfs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nic-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nic-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nic-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nic-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nic-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nic-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nic-shared-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nic-shared-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nic-shared-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nic-shared-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nic-shared-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nic-shared-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nic-usb-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nic-usb-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nic-usb-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nic-usb-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nic-usb-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nic-usb-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
nic-wireless-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
nic-wireless-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
pata-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
pata-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
pata-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
pata-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
pata-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
pata-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
ppp-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
ppp-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
ppp-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
ppp-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
ppp-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
ppp-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
sata-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
sata-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
sata-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
sata-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
sata-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
sata-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
scsi-core-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
scsi-core-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
scsi-core-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
scsi-core-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
scsi-core-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
scsi-core-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
scsi-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
scsi-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
scsi-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
scsi-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
scsi-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
scsi-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
scsi-nic-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
scsi-nic-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
sound-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
sound-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
sound-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
sound-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
sound-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
sound-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
speakup-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
speakup-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
speakup-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
speakup-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
speakup-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
speakup-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
squashfs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
squashfs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
squashfs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
squashfs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
squashfs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
squashfs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
udf-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
udf-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
udf-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
udf-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
udf-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
udf-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
usb-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
usb-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
usb-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
usb-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
usb-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
usb-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
usb-serial-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
usb-serial-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
usb-serial-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
usb-serial-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
usb-serial-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
usb-serial-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
usb-storage-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
usb-storage-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
usb-storage-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
usb-storage-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
usb-storage-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
usb-storage-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel
xfs-modules-6.1.0-18-loongson-3-di |   6.1.76-1 | mips64el, mipsel
xfs-modules-6.1.0-18-octeon-di |   6.1.76-1 | mips64el, mipsel
xfs-modules-6.1.0-23-loongson-3-di |   6.1.99-1 | mips64el, mipsel
xfs-modules-6.1.0-23-octeon-di |   6.1.99-1 | mips64el, mipsel
xfs-modules-6.1.0-24-loongson-3-di |  6.1.106-2 | mips64el, mipsel
xfs-modules-6.1.0-24-octeon-di |  6.1.106-2 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:36:45 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
affs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
affs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
affs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
affs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
affs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
ata-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
ata-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
ata-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
ata-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
ata-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
ata-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
btrfs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
btrfs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
btrfs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
btrfs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
btrfs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
btrfs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
cdrom-core-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
cdrom-core-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
cdrom-core-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
cdrom-core-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
cdrom-core-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
cdrom-core-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
crc-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
crc-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
crc-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
crc-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
crc-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
crc-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
crypto-dm-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
crypto-dm-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
crypto-dm-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
crypto-dm-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
crypto-dm-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
crypto-dm-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
crypto-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
crypto-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
crypto-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
crypto-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
crypto-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
crypto-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
event-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
event-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
event-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
event-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
event-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
event-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
ext4-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
ext4-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
ext4-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
ext4-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
ext4-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
ext4-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
f2fs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
f2fs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
f2fs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
f2fs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
f2fs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
f2fs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
fat-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
fat-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
fat-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
fat-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
fat-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
fat-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
fb-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
fb-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
fb-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
fb-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
fb-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
fb-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
firewire-core-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
firewire-core-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
firewire-core-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
firewire-core-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
firewire-core-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
firewire-core-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
fuse-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
fuse-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
fuse-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
fuse-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
fuse-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
fuse-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
input-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
input-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
input-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
input-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
input-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
input-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
isofs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
isofs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
isofs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
isofs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
isofs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
isofs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
jfs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
jfs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
jfs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
jfs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
jfs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
jfs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
kernel-image-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
kernel-image-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
kernel-image-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
kernel-image-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
kernel-image-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
kernel-image-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
linux-headers-6.1.0-18-4kc-malta |   6.1.76-1 | mipsel
linux-headers-6.1.0-18-mips32r2el |   6.1.76-1 | mipsel
linux-headers-6.1.0-23-4kc-malta |   6.1.99-1 | mipsel
linux-headers-6.1.0-23-mips32r2el |   6.1.99-1 | mipsel
linux-headers-6.1.0-24-4kc-malta |  6.1.106-2 | mipsel
linux-headers-6.1.0-24-mips32r2el |  6.1.106-2 | mipsel
linux-image-6.1.0-18-4kc-malta |   6.1.76-1 | mipsel
linux-image-6.1.0-18-4kc-malta-dbg |   6.1.76-1 | mipsel
linux-image-6.1.0-18-mips32r2el |   6.1.76-1 | mipsel
linux-image-6.1.0-18-mips32r2el-dbg |   6.1.76-1 | mipsel
linux-image-6.1.0-23-4kc-malta |   6.1.99-1 | mipsel
linux-image-6.1.0-23-4kc-malta-dbg |   6.1.99-1 | mipsel
linux-image-6.1.0-23-mips32r2el |   6.1.99-1 | mipsel
linux-image-6.1.0-23-mips32r2el-dbg |   6.1.99-1 | mipsel
linux-image-6.1.0-24-4kc-malta |  6.1.106-2 | mipsel
linux-image-6.1.0-24-4kc-malta-dbg |  6.1.106-2 | mipsel
linux-image-6.1.0-24-mips32r2el |  6.1.106-2 | mipsel
linux-image-6.1.0-24-mips32r2el-dbg |  6.1.106-2 | mipsel
loop-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
loop-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
loop-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
loop-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
loop-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
loop-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
md-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
md-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
md-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
md-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
md-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
md-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
minix-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
minix-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
minix-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
minix-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
minix-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
minix-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
mmc-core-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
mmc-core-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
mmc-core-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
mmc-core-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
mmc-core-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
mmc-core-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
mmc-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
mmc-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
mmc-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
mmc-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
mmc-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
mmc-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
mouse-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
mouse-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
mouse-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
mouse-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
mouse-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
mouse-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
multipath-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
multipath-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
multipath-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
multipath-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
multipath-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
multipath-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nbd-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nbd-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nbd-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nbd-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nbd-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nbd-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nfs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nfs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nfs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nfs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nfs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nfs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nic-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nic-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nic-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nic-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nic-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nic-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nic-shared-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nic-shared-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nic-shared-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nic-shared-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nic-shared-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nic-shared-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nic-usb-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nic-usb-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nic-usb-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nic-usb-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nic-usb-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nic-usb-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
nic-wireless-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
nic-wireless-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
nic-wireless-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
nic-wireless-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
nic-wireless-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
nic-wireless-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
pata-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
pata-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
pata-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
pata-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
pata-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
pata-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
ppp-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
ppp-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
ppp-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
ppp-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
ppp-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
ppp-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
sata-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
sata-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
sata-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
sata-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
sata-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
sata-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
scsi-core-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
scsi-core-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
scsi-core-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
scsi-core-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
scsi-core-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
scsi-core-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
scsi-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
scsi-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
scsi-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
scsi-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
scsi-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
scsi-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
scsi-nic-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
scsi-nic-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
scsi-nic-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
scsi-nic-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
scsi-nic-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
scsi-nic-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
sound-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
sound-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
sound-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
sound-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
sound-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
sound-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
speakup-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
speakup-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
speakup-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
speakup-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
speakup-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
speakup-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
squashfs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
squashfs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
squashfs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
squashfs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
squashfs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
squashfs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
udf-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
udf-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
udf-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
udf-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
udf-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
udf-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
usb-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
usb-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
usb-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
usb-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
usb-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
usb-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
usb-serial-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
usb-serial-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
usb-serial-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
usb-serial-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
usb-serial-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
usb-serial-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
usb-storage-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
usb-storage-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
usb-storage-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
usb-storage-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
usb-storage-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
usb-storage-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel
xfs-modules-6.1.0-18-4kc-malta-di |   6.1.76-1 | mipsel
xfs-modules-6.1.0-18-mips32r2el-di |   6.1.76-1 | mipsel
xfs-modules-6.1.0-23-4kc-malta-di |   6.1.99-1 | mipsel
xfs-modules-6.1.0-23-mips32r2el-di |   6.1.99-1 | mipsel
xfs-modules-6.1.0-24-4kc-malta-di |  6.1.106-2 | mipsel
xfs-modules-6.1.0-24-mips32r2el-di |  6.1.106-2 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:36:55 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
ata-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
ata-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
btrfs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
btrfs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
btrfs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
cdrom-core-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
cdrom-core-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
cdrom-core-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
crc-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
crc-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
crc-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
crypto-dm-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
crypto-dm-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
crypto-dm-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
crypto-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
crypto-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
crypto-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
event-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
event-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
event-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
ext4-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
ext4-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
ext4-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
f2fs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
f2fs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
f2fs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
fancontrol-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
fancontrol-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
fancontrol-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
fat-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
fat-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
fat-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
fb-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
fb-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
fb-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
firewire-core-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
firewire-core-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
firewire-core-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
fuse-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
fuse-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
fuse-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
hypervisor-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
hypervisor-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
hypervisor-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
i2c-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
i2c-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
i2c-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
input-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
input-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
input-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
isofs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
isofs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
isofs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
jfs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
jfs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
jfs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
kernel-image-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
kernel-image-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
kernel-image-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
linux-headers-6.1.0-18-powerpc64le |   6.1.76-1 | ppc64el
linux-headers-6.1.0-23-powerpc64le |   6.1.99-1 | ppc64el
linux-headers-6.1.0-24-powerpc64le |  6.1.106-2 | ppc64el
linux-image-6.1.0-18-powerpc64le |   6.1.76-1 | ppc64el
linux-image-6.1.0-18-powerpc64le-dbg |   6.1.76-1 | ppc64el
linux-image-6.1.0-23-powerpc64le |   6.1.99-1 | ppc64el
linux-image-6.1.0-23-powerpc64le-dbg |   6.1.99-1 | ppc64el
linux-image-6.1.0-24-powerpc64le |  6.1.106-2 | ppc64el
linux-image-6.1.0-24-powerpc64le-dbg |  6.1.106-2 | ppc64el
loop-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
loop-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
loop-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
md-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
md-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
md-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
mouse-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
mouse-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
mouse-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
mtd-core-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
mtd-core-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
mtd-core-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
multipath-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
multipath-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
multipath-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
nbd-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
nbd-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
nbd-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
nic-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
nic-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
nic-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
nic-shared-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
nic-shared-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
nic-shared-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
nic-usb-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
nic-usb-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
nic-usb-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
nic-wireless-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
nic-wireless-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
nic-wireless-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
ppp-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
ppp-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
ppp-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
sata-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
sata-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
sata-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
scsi-core-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
scsi-core-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
scsi-core-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
scsi-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
scsi-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
scsi-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
scsi-nic-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
scsi-nic-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
scsi-nic-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
serial-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
serial-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
serial-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
squashfs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
squashfs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
squashfs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
udf-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
udf-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
udf-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
uinput-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
uinput-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
uinput-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
usb-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
usb-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
usb-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
usb-serial-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
usb-serial-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
usb-serial-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
usb-storage-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
usb-storage-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
usb-storage-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el
xfs-modules-6.1.0-18-powerpc64le-di |   6.1.76-1 | ppc64el
xfs-modules-6.1.0-23-powerpc64le-di |   6.1.99-1 | ppc64el
xfs-modules-6.1.0-24-powerpc64le-di |  6.1.106-2 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:37:07 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-18-amd64 |   6.1.76-1 | amd64
linux-headers-6.1.0-18-cloud-amd64 |   6.1.76-1 | amd64
linux-headers-6.1.0-18-rt-amd64 |   6.1.76-1 | amd64
linux-headers-6.1.0-23-amd64 |   6.1.99-1 | amd64
linux-headers-6.1.0-23-cloud-amd64 |   6.1.99-1 | amd64
linux-headers-6.1.0-23-rt-amd64 |   6.1.99-1 | amd64
linux-headers-6.1.0-24-amd64 |  6.1.106-2 | amd64
linux-headers-6.1.0-24-cloud-amd64 |  6.1.106-2 | amd64
linux-headers-6.1.0-24-rt-amd64 |  6.1.106-2 | amd64
linux-image-6.1.0-18-amd64-dbg |   6.1.76-1 | amd64
linux-image-6.1.0-18-amd64-unsigned |   6.1.76-1 | amd64
linux-image-6.1.0-18-cloud-amd64-dbg |   6.1.76-1 | amd64
linux-image-6.1.0-18-cloud-amd64-unsigned |   6.1.76-1 | amd64
linux-image-6.1.0-18-rt-amd64-dbg |   6.1.76-1 | amd64
linux-image-6.1.0-18-rt-amd64-unsigned |   6.1.76-1 | amd64
linux-image-6.1.0-23-amd64-dbg |   6.1.99-1 | amd64
linux-image-6.1.0-23-amd64-unsigned |   6.1.99-1 | amd64
linux-image-6.1.0-23-cloud-amd64-dbg |   6.1.99-1 | amd64
linux-image-6.1.0-23-cloud-amd64-unsigned |   6.1.99-1 | amd64
linux-image-6.1.0-23-rt-amd64-dbg |   6.1.99-1 | amd64
linux-image-6.1.0-23-rt-amd64-unsigned |   6.1.99-1 | amd64
linux-image-6.1.0-24-amd64-dbg |  6.1.106-2 | amd64
linux-image-6.1.0-24-amd64-unsigned |  6.1.106-2 | amd64
linux-image-6.1.0-24-cloud-amd64-dbg |  6.1.106-2 | amd64
linux-image-6.1.0-24-cloud-amd64-unsigned |  6.1.106-2 | amd64
linux-image-6.1.0-24-rt-amd64-dbg |  6.1.106-2 | amd64
linux-image-6.1.0-24-rt-amd64-unsigned |  6.1.106-2 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:37:24 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-18-arm64 |   6.1.76-1 | arm64
linux-headers-6.1.0-18-cloud-arm64 |   6.1.76-1 | arm64
linux-headers-6.1.0-18-rt-arm64 |   6.1.76-1 | arm64
linux-headers-6.1.0-23-arm64 |   6.1.99-1 | arm64
linux-headers-6.1.0-23-cloud-arm64 |   6.1.99-1 | arm64
linux-headers-6.1.0-23-rt-arm64 |   6.1.99-1 | arm64
linux-headers-6.1.0-24-arm64 |  6.1.106-2 | arm64
linux-headers-6.1.0-24-cloud-arm64 |  6.1.106-2 | arm64
linux-headers-6.1.0-24-rt-arm64 |  6.1.106-2 | arm64
linux-image-6.1.0-18-arm64-dbg |   6.1.76-1 | arm64
linux-image-6.1.0-18-arm64-unsigned |   6.1.76-1 | arm64
linux-image-6.1.0-18-cloud-arm64-dbg |   6.1.76-1 | arm64
linux-image-6.1.0-18-cloud-arm64-unsigned |   6.1.76-1 | arm64
linux-image-6.1.0-18-rt-arm64-dbg |   6.1.76-1 | arm64
linux-image-6.1.0-18-rt-arm64-unsigned |   6.1.76-1 | arm64
linux-image-6.1.0-23-arm64-dbg |   6.1.99-1 | arm64
linux-image-6.1.0-23-arm64-unsigned |   6.1.99-1 | arm64
linux-image-6.1.0-23-cloud-arm64-dbg |   6.1.99-1 | arm64
linux-image-6.1.0-23-cloud-arm64-unsigned |   6.1.99-1 | arm64
linux-image-6.1.0-23-rt-arm64-dbg |   6.1.99-1 | arm64
linux-image-6.1.0-23-rt-arm64-unsigned |   6.1.99-1 | arm64
linux-image-6.1.0-24-arm64-dbg |  6.1.106-2 | arm64
linux-image-6.1.0-24-arm64-unsigned |  6.1.106-2 | arm64
linux-image-6.1.0-24-cloud-arm64-dbg |  6.1.106-2 | arm64
linux-image-6.1.0-24-cloud-arm64-unsigned |  6.1.106-2 | arm64
linux-image-6.1.0-24-rt-arm64-dbg |  6.1.106-2 | arm64
linux-image-6.1.0-24-rt-arm64-unsigned |  6.1.106-2 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:37:37 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

btrfs-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
btrfs-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
btrfs-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
cdrom-core-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
cdrom-core-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
cdrom-core-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
crc-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
crc-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
crc-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
crypto-dm-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
crypto-dm-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
crypto-dm-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
crypto-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
crypto-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
crypto-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
event-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
event-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
event-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
ext4-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
ext4-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
ext4-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
f2fs-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
f2fs-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
f2fs-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
fat-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
fat-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
fat-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
fb-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
fb-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
fb-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
fuse-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
fuse-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
fuse-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
input-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
input-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
input-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
ipv6-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
ipv6-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
ipv6-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
isofs-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
isofs-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
isofs-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
jffs2-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
jffs2-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
jffs2-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
jfs-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
jfs-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
jfs-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
kernel-image-6.1.0-18-marvell-di |   6.1.76-1 | armel
kernel-image-6.1.0-23-marvell-di |   6.1.99-1 | armel
kernel-image-6.1.0-24-marvell-di |  6.1.106-2 | armel
leds-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
leds-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
leds-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
linux-headers-6.1.0-18-marvell |   6.1.76-1 | armel
linux-headers-6.1.0-18-rpi |   6.1.76-1 | armel
linux-headers-6.1.0-23-marvell |   6.1.99-1 | armel
linux-headers-6.1.0-23-rpi |   6.1.99-1 | armel
linux-headers-6.1.0-24-marvell |  6.1.106-2 | armel
linux-headers-6.1.0-24-rpi |  6.1.106-2 | armel
linux-image-6.1.0-18-marvell |   6.1.76-1 | armel
linux-image-6.1.0-18-marvell-dbg |   6.1.76-1 | armel
linux-image-6.1.0-18-rpi |   6.1.76-1 | armel
linux-image-6.1.0-18-rpi-dbg |   6.1.76-1 | armel
linux-image-6.1.0-23-marvell |   6.1.99-1 | armel
linux-image-6.1.0-23-marvell-dbg |   6.1.99-1 | armel
linux-image-6.1.0-23-rpi |   6.1.99-1 | armel
linux-image-6.1.0-23-rpi-dbg |   6.1.99-1 | armel
linux-image-6.1.0-24-marvell |  6.1.106-2 | armel
linux-image-6.1.0-24-marvell-dbg |  6.1.106-2 | armel
linux-image-6.1.0-24-rpi |  6.1.106-2 | armel
linux-image-6.1.0-24-rpi-dbg |  6.1.106-2 | armel
loop-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
loop-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
loop-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
md-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
md-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
md-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
minix-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
minix-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
minix-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
mmc-core-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
mmc-core-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
mmc-core-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
mmc-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
mmc-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
mmc-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
mouse-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
mouse-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
mouse-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
mtd-core-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
mtd-core-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
mtd-core-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
mtd-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
mtd-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
mtd-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
multipath-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
multipath-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
multipath-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
nbd-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
nbd-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
nbd-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
nic-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
nic-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
nic-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
nic-shared-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
nic-shared-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
nic-shared-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
nic-usb-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
nic-usb-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
nic-usb-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
ppp-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
ppp-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
ppp-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
sata-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
sata-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
sata-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
scsi-core-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
scsi-core-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
scsi-core-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
squashfs-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
squashfs-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
squashfs-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
udf-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
udf-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
udf-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
uinput-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
uinput-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
uinput-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
usb-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
usb-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
usb-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
usb-serial-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
usb-serial-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
usb-serial-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel
usb-storage-modules-6.1.0-18-marvell-di |   6.1.76-1 | armel
usb-storage-modules-6.1.0-23-marvell-di |   6.1.99-1 | armel
usb-storage-modules-6.1.0-24-marvell-di |  6.1.106-2 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:37:48 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
ata-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
ata-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
btrfs-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
btrfs-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
btrfs-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
cdrom-core-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
cdrom-core-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
cdrom-core-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
crc-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
crc-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
crc-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
crypto-dm-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
crypto-dm-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
crypto-dm-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
crypto-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
crypto-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
crypto-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
efi-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
efi-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
efi-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
event-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
event-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
event-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
ext4-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
ext4-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
ext4-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
f2fs-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
f2fs-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
f2fs-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
fat-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
fat-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
fat-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
fb-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
fb-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
fb-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
fuse-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
fuse-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
fuse-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
i2c-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
i2c-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
i2c-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
input-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
input-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
input-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
isofs-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
isofs-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
isofs-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
jfs-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
jfs-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
jfs-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
kernel-image-6.1.0-18-armmp-di |   6.1.76-1 | armhf
kernel-image-6.1.0-23-armmp-di |   6.1.99-1 | armhf
kernel-image-6.1.0-24-armmp-di |  6.1.106-2 | armhf
leds-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
leds-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
leds-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
linux-headers-6.1.0-18-armmp |   6.1.76-1 | armhf
linux-headers-6.1.0-18-armmp-lpae |   6.1.76-1 | armhf
linux-headers-6.1.0-18-rt-armmp |   6.1.76-1 | armhf
linux-headers-6.1.0-23-armmp |   6.1.99-1 | armhf
linux-headers-6.1.0-23-armmp-lpae |   6.1.99-1 | armhf
linux-headers-6.1.0-23-rt-armmp |   6.1.99-1 | armhf
linux-headers-6.1.0-24-armmp |  6.1.106-2 | armhf
linux-headers-6.1.0-24-armmp-lpae |  6.1.106-2 | armhf
linux-headers-6.1.0-24-rt-armmp |  6.1.106-2 | armhf
linux-image-6.1.0-18-armmp |   6.1.76-1 | armhf
linux-image-6.1.0-18-armmp-dbg |   6.1.76-1 | armhf
linux-image-6.1.0-18-armmp-lpae |   6.1.76-1 | armhf
linux-image-6.1.0-18-armmp-lpae-dbg |   6.1.76-1 | armhf
linux-image-6.1.0-18-rt-armmp |   6.1.76-1 | armhf
linux-image-6.1.0-18-rt-armmp-dbg |   6.1.76-1 | armhf
linux-image-6.1.0-23-armmp |   6.1.99-1 | armhf
linux-image-6.1.0-23-armmp-dbg |   6.1.99-1 | armhf
linux-image-6.1.0-23-armmp-lpae |   6.1.99-1 | armhf
linux-image-6.1.0-23-armmp-lpae-dbg |   6.1.99-1 | armhf
linux-image-6.1.0-23-rt-armmp |   6.1.99-1 | armhf
linux-image-6.1.0-23-rt-armmp-dbg |   6.1.99-1 | armhf
linux-image-6.1.0-24-armmp |  6.1.106-2 | armhf
linux-image-6.1.0-24-armmp-dbg |  6.1.106-2 | armhf
linux-image-6.1.0-24-armmp-lpae |  6.1.106-2 | armhf
linux-image-6.1.0-24-armmp-lpae-dbg |  6.1.106-2 | armhf
linux-image-6.1.0-24-rt-armmp |  6.1.106-2 | armhf
linux-image-6.1.0-24-rt-armmp-dbg |  6.1.106-2 | armhf
loop-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
loop-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
loop-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
md-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
md-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
md-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
mmc-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
mmc-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
mmc-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
mtd-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
mtd-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
mtd-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
multipath-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
multipath-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
multipath-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
nbd-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
nbd-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
nbd-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
nic-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
nic-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
nic-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
nic-shared-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
nic-shared-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
nic-shared-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
nic-usb-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
nic-usb-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
nic-usb-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
nic-wireless-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
nic-wireless-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
nic-wireless-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
pata-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
pata-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
pata-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
ppp-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
ppp-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
ppp-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
sata-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
sata-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
sata-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
scsi-core-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
scsi-core-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
scsi-core-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
scsi-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
scsi-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
scsi-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
scsi-nic-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
scsi-nic-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
scsi-nic-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
sound-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
sound-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
sound-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
speakup-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
speakup-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
speakup-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
squashfs-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
squashfs-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
squashfs-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
udf-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
udf-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
udf-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
uinput-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
uinput-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
uinput-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
usb-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
usb-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
usb-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
usb-serial-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
usb-serial-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
usb-serial-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf
usb-storage-modules-6.1.0-18-armmp-di |   6.1.76-1 | armhf
usb-storage-modules-6.1.0-23-armmp-di |   6.1.99-1 | armhf
usb-storage-modules-6.1.0-24-armmp-di |  6.1.106-2 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:37:59 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-18-686 |   6.1.76-1 | i386
linux-headers-6.1.0-18-686-pae |   6.1.76-1 | i386
linux-headers-6.1.0-18-rt-686-pae |   6.1.76-1 | i386
linux-headers-6.1.0-23-686 |   6.1.99-1 | i386
linux-headers-6.1.0-23-686-pae |   6.1.99-1 | i386
linux-headers-6.1.0-23-rt-686-pae |   6.1.99-1 | i386
linux-headers-6.1.0-24-686 |  6.1.106-2 | i386
linux-headers-6.1.0-24-686-pae |  6.1.106-2 | i386
linux-headers-6.1.0-24-rt-686-pae |  6.1.106-2 | i386
linux-image-6.1.0-18-686-dbg |   6.1.76-1 | i386
linux-image-6.1.0-18-686-pae-dbg |   6.1.76-1 | i386
linux-image-6.1.0-18-686-pae-unsigned |   6.1.76-1 | i386
linux-image-6.1.0-18-686-unsigned |   6.1.76-1 | i386
linux-image-6.1.0-18-rt-686-pae-dbg |   6.1.76-1 | i386
linux-image-6.1.0-18-rt-686-pae-unsigned |   6.1.76-1 | i386
linux-image-6.1.0-23-686-dbg |   6.1.99-1 | i386
linux-image-6.1.0-23-686-pae-dbg |   6.1.99-1 | i386
linux-image-6.1.0-23-686-pae-unsigned |   6.1.99-1 | i386
linux-image-6.1.0-23-686-unsigned |   6.1.99-1 | i386
linux-image-6.1.0-23-rt-686-pae-dbg |   6.1.99-1 | i386
linux-image-6.1.0-23-rt-686-pae-unsigned |   6.1.99-1 | i386
linux-image-6.1.0-24-686-dbg |  6.1.106-2 | i386
linux-image-6.1.0-24-686-pae-dbg |  6.1.106-2 | i386
linux-image-6.1.0-24-686-pae-unsigned |  6.1.106-2 | i386
linux-image-6.1.0-24-686-unsigned |  6.1.106-2 | i386
linux-image-6.1.0-24-rt-686-pae-dbg |  6.1.106-2 | i386
linux-image-6.1.0-24-rt-686-pae-unsigned |  6.1.106-2 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:38:11 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

affs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
affs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
affs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
affs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
affs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
affs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
ata-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
ata-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
ata-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
ata-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
ata-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
ata-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
btrfs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
btrfs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
btrfs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
btrfs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
btrfs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
btrfs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
cdrom-core-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
cdrom-core-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
cdrom-core-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
cdrom-core-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
cdrom-core-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
cdrom-core-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
crc-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
crc-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
crc-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
crc-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
crc-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
crc-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
crypto-dm-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
crypto-dm-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
crypto-dm-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
crypto-dm-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
crypto-dm-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
crypto-dm-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
crypto-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
crypto-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
crypto-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
crypto-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
crypto-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
crypto-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
event-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
event-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
event-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
event-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
event-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
event-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
ext4-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
ext4-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
ext4-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
ext4-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
ext4-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
ext4-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
f2fs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
f2fs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
f2fs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
f2fs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
f2fs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
f2fs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
fat-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
fat-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
fat-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
fat-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
fat-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
fat-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
fb-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
fb-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
fb-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
fb-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
fb-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
fb-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
firewire-core-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
firewire-core-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
firewire-core-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
firewire-core-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
firewire-core-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
firewire-core-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
fuse-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
fuse-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
fuse-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
fuse-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
fuse-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
fuse-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
input-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
input-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
input-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
input-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
input-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
input-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
isofs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
isofs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
isofs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
isofs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
isofs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
isofs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
jfs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
jfs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
jfs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
jfs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
jfs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
jfs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
kernel-image-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
kernel-image-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
kernel-image-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
kernel-image-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
kernel-image-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
kernel-image-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
linux-headers-6.1.0-18-5kc-malta |   6.1.76-1 | mips64el
linux-headers-6.1.0-18-mips64r2el |   6.1.76-1 | mips64el
linux-headers-6.1.0-23-5kc-malta |   6.1.99-1 | mips64el
linux-headers-6.1.0-23-mips64r2el |   6.1.99-1 | mips64el
linux-headers-6.1.0-24-5kc-malta |  6.1.106-2 | mips64el
linux-headers-6.1.0-24-mips64r2el |  6.1.106-2 | mips64el
linux-image-6.1.0-18-5kc-malta |   6.1.76-1 | mips64el
linux-image-6.1.0-18-5kc-malta-dbg |   6.1.76-1 | mips64el
linux-image-6.1.0-18-mips64r2el |   6.1.76-1 | mips64el
linux-image-6.1.0-18-mips64r2el-dbg |   6.1.76-1 | mips64el
linux-image-6.1.0-23-5kc-malta |   6.1.99-1 | mips64el
linux-image-6.1.0-23-5kc-malta-dbg |   6.1.99-1 | mips64el
linux-image-6.1.0-23-mips64r2el |   6.1.99-1 | mips64el
linux-image-6.1.0-23-mips64r2el-dbg |   6.1.99-1 | mips64el
linux-image-6.1.0-24-5kc-malta |  6.1.106-2 | mips64el
linux-image-6.1.0-24-5kc-malta-dbg |  6.1.106-2 | mips64el
linux-image-6.1.0-24-mips64r2el |  6.1.106-2 | mips64el
linux-image-6.1.0-24-mips64r2el-dbg |  6.1.106-2 | mips64el
loop-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
loop-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
loop-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
loop-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
loop-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
loop-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
md-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
md-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
md-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
md-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
md-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
md-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
minix-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
minix-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
minix-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
minix-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
minix-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
minix-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
mmc-core-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
mmc-core-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
mmc-core-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
mmc-core-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
mmc-core-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
mmc-core-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
mmc-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
mmc-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
mmc-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
mmc-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
mmc-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
mmc-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
mouse-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
mouse-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
mouse-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
mouse-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
mouse-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
mouse-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
multipath-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
multipath-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
multipath-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
multipath-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
multipath-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
multipath-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nbd-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nbd-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nbd-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nbd-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nbd-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nbd-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nfs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nfs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nfs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nfs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nfs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nfs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nic-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nic-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nic-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nic-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nic-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nic-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nic-shared-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nic-shared-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nic-shared-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nic-shared-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nic-shared-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nic-shared-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nic-usb-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nic-usb-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nic-usb-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nic-usb-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nic-usb-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nic-usb-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
nic-wireless-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
nic-wireless-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
nic-wireless-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
nic-wireless-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
nic-wireless-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
nic-wireless-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
pata-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
pata-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
pata-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
pata-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
pata-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
pata-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
ppp-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
ppp-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
ppp-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
ppp-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
ppp-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
ppp-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
sata-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
sata-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
sata-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
sata-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
sata-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
sata-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
scsi-core-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
scsi-core-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
scsi-core-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
scsi-core-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
scsi-core-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
scsi-core-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
scsi-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
scsi-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
scsi-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
scsi-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
scsi-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
scsi-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
scsi-nic-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
scsi-nic-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
scsi-nic-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
scsi-nic-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
scsi-nic-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
scsi-nic-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
sound-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
sound-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
sound-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
sound-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
sound-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
sound-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
speakup-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
speakup-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
speakup-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
speakup-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
speakup-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
speakup-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
squashfs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
squashfs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
squashfs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
squashfs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
squashfs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
squashfs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
udf-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
udf-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
udf-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
udf-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
udf-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
udf-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
usb-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
usb-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
usb-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
usb-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
usb-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
usb-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
usb-serial-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
usb-serial-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
usb-serial-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
usb-serial-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
usb-serial-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
usb-serial-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
usb-storage-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
usb-storage-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
usb-storage-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
usb-storage-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
usb-storage-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
usb-storage-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el
xfs-modules-6.1.0-18-5kc-malta-di |   6.1.76-1 | mips64el
xfs-modules-6.1.0-18-mips64r2el-di |   6.1.76-1 | mips64el
xfs-modules-6.1.0-23-5kc-malta-di |   6.1.99-1 | mips64el
xfs-modules-6.1.0-23-mips64r2el-di |   6.1.99-1 | mips64el
xfs-modules-6.1.0-24-5kc-malta-di |  6.1.106-2 | mips64el
xfs-modules-6.1.0-24-mips64r2el-di |  6.1.106-2 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:38:23 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
acpi-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
acpi-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
ata-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
ata-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
ata-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
btrfs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
btrfs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
btrfs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
cdrom-core-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
cdrom-core-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
cdrom-core-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
crc-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
crc-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
crc-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
crypto-dm-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
crypto-dm-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
crypto-dm-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
crypto-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
crypto-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
crypto-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
efi-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
efi-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
efi-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
event-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
event-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
event-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
ext4-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
ext4-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
ext4-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
f2fs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
f2fs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
f2fs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
fat-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
fat-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
fat-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
fb-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
fb-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
fb-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
firewire-core-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
firewire-core-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
firewire-core-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
fuse-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
fuse-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
fuse-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
i2c-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
i2c-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
i2c-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
input-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
input-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
input-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
isofs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
isofs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
isofs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
jfs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
jfs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
jfs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
kernel-image-6.1.0-18-amd64-di |   6.1.76-1 | amd64
kernel-image-6.1.0-23-amd64-di |   6.1.99-1 | amd64
kernel-image-6.1.0-24-amd64-di |  6.1.106-2 | amd64
linux-image-6.1.0-18-amd64 |   6.1.76-1 | amd64
linux-image-6.1.0-18-cloud-amd64 |   6.1.76-1 | amd64
linux-image-6.1.0-18-rt-amd64 |   6.1.76-1 | amd64
linux-image-6.1.0-23-amd64 |   6.1.99-1 | amd64
linux-image-6.1.0-23-cloud-amd64 |   6.1.99-1 | amd64
linux-image-6.1.0-23-rt-amd64 |   6.1.99-1 | amd64
linux-image-6.1.0-24-amd64 |  6.1.106-2 | amd64
linux-image-6.1.0-24-cloud-amd64 |  6.1.106-2 | amd64
linux-image-6.1.0-24-rt-amd64 |  6.1.106-2 | amd64
loop-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
loop-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
loop-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
md-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
md-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
md-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
mmc-core-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
mmc-core-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
mmc-core-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
mmc-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
mmc-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
mmc-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
mouse-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
mouse-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
mouse-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
mtd-core-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
mtd-core-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
mtd-core-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
multipath-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
multipath-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
multipath-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nbd-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nbd-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nbd-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nic-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nic-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nic-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nic-pcmcia-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nic-pcmcia-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nic-pcmcia-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nic-shared-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nic-shared-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nic-shared-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nic-usb-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nic-usb-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nic-usb-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
nic-wireless-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
nic-wireless-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
nic-wireless-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
pata-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
pata-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
pata-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
pcmcia-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
pcmcia-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
pcmcia-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
pcmcia-storage-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
pcmcia-storage-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
pcmcia-storage-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
ppp-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
ppp-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
ppp-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
rfkill-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
rfkill-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
rfkill-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
sata-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
sata-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
sata-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
scsi-core-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
scsi-core-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
scsi-core-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
scsi-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
scsi-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
scsi-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
scsi-nic-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
scsi-nic-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
scsi-nic-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
serial-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
serial-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
serial-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
sound-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
sound-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
sound-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
speakup-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
speakup-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
speakup-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
squashfs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
squashfs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
squashfs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
udf-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
udf-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
udf-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
uinput-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
uinput-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
uinput-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
usb-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
usb-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
usb-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
usb-serial-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
usb-serial-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
usb-serial-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
usb-storage-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
usb-storage-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
usb-storage-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64
xfs-modules-6.1.0-18-amd64-di |   6.1.76-1 | amd64
xfs-modules-6.1.0-23-amd64-di |   6.1.99-1 | amd64
xfs-modules-6.1.0-24-amd64-di |  6.1.106-2 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:38:34 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

ata-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
ata-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
ata-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
btrfs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
btrfs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
btrfs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
cdrom-core-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
cdrom-core-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
cdrom-core-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
crc-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
crc-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
crc-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
crypto-dm-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
crypto-dm-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
crypto-dm-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
crypto-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
crypto-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
crypto-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
efi-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
efi-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
efi-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
event-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
event-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
event-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
ext4-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
ext4-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
ext4-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
f2fs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
f2fs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
f2fs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
fat-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
fat-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
fat-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
fb-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
fb-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
fb-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
fuse-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
fuse-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
fuse-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
i2c-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
i2c-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
i2c-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
input-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
input-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
input-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
isofs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
isofs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
isofs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
jfs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
jfs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
jfs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
kernel-image-6.1.0-18-arm64-di |   6.1.76-1 | arm64
kernel-image-6.1.0-23-arm64-di |   6.1.99-1 | arm64
kernel-image-6.1.0-24-arm64-di |  6.1.106-2 | arm64
leds-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
leds-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
leds-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
linux-image-6.1.0-18-arm64 |   6.1.76-1 | arm64
linux-image-6.1.0-18-cloud-arm64 |   6.1.76-1 | arm64
linux-image-6.1.0-18-rt-arm64 |   6.1.76-1 | arm64
linux-image-6.1.0-23-arm64 |   6.1.99-1 | arm64
linux-image-6.1.0-23-cloud-arm64 |   6.1.99-1 | arm64
linux-image-6.1.0-23-rt-arm64 |   6.1.99-1 | arm64
linux-image-6.1.0-24-arm64 |  6.1.106-2 | arm64
linux-image-6.1.0-24-cloud-arm64 |  6.1.106-2 | arm64
linux-image-6.1.0-24-rt-arm64 |  6.1.106-2 | arm64
loop-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
loop-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
loop-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
md-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
md-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
md-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
mmc-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
mmc-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
mmc-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
mtd-core-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
mtd-core-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
mtd-core-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
multipath-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
multipath-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
multipath-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
nbd-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
nbd-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
nbd-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
nic-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
nic-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
nic-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
nic-shared-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
nic-shared-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
nic-shared-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
nic-usb-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
nic-usb-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
nic-usb-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
nic-wireless-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
nic-wireless-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
nic-wireless-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
ppp-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
ppp-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
ppp-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
sata-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
sata-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
sata-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
scsi-core-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
scsi-core-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
scsi-core-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
scsi-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
scsi-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
scsi-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
scsi-nic-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
scsi-nic-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
scsi-nic-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
sound-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
sound-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
sound-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
speakup-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
speakup-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
speakup-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
squashfs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
squashfs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
squashfs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
udf-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
udf-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
udf-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
uinput-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
uinput-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
uinput-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
usb-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
usb-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
usb-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
usb-serial-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
usb-serial-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
usb-serial-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
usb-storage-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
usb-storage-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
usb-storage-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64
xfs-modules-6.1.0-18-arm64-di |   6.1.76-1 | arm64
xfs-modules-6.1.0-23-arm64-di |   6.1.99-1 | arm64
xfs-modules-6.1.0-24-arm64-di |  6.1.106-2 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:38:47 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

acpi-modules-6.1.0-18-686-di |   6.1.76-1 | i386
acpi-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
acpi-modules-6.1.0-23-686-di |   6.1.99-1 | i386
acpi-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
acpi-modules-6.1.0-24-686-di |  6.1.106-2 | i386
acpi-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
ata-modules-6.1.0-18-686-di |   6.1.76-1 | i386
ata-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
ata-modules-6.1.0-23-686-di |   6.1.99-1 | i386
ata-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
ata-modules-6.1.0-24-686-di |  6.1.106-2 | i386
ata-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
btrfs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
btrfs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
btrfs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
btrfs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
btrfs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
btrfs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
cdrom-core-modules-6.1.0-18-686-di |   6.1.76-1 | i386
cdrom-core-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
cdrom-core-modules-6.1.0-23-686-di |   6.1.99-1 | i386
cdrom-core-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
cdrom-core-modules-6.1.0-24-686-di |  6.1.106-2 | i386
cdrom-core-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
crc-modules-6.1.0-18-686-di |   6.1.76-1 | i386
crc-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
crc-modules-6.1.0-23-686-di |   6.1.99-1 | i386
crc-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
crc-modules-6.1.0-24-686-di |  6.1.106-2 | i386
crc-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
crypto-dm-modules-6.1.0-18-686-di |   6.1.76-1 | i386
crypto-dm-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
crypto-dm-modules-6.1.0-23-686-di |   6.1.99-1 | i386
crypto-dm-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
crypto-dm-modules-6.1.0-24-686-di |  6.1.106-2 | i386
crypto-dm-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
crypto-modules-6.1.0-18-686-di |   6.1.76-1 | i386
crypto-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
crypto-modules-6.1.0-23-686-di |   6.1.99-1 | i386
crypto-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
crypto-modules-6.1.0-24-686-di |  6.1.106-2 | i386
crypto-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
efi-modules-6.1.0-18-686-di |   6.1.76-1 | i386
efi-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
efi-modules-6.1.0-23-686-di |   6.1.99-1 | i386
efi-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
efi-modules-6.1.0-24-686-di |  6.1.106-2 | i386
efi-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
event-modules-6.1.0-18-686-di |   6.1.76-1 | i386
event-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
event-modules-6.1.0-23-686-di |   6.1.99-1 | i386
event-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
event-modules-6.1.0-24-686-di |  6.1.106-2 | i386
event-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
ext4-modules-6.1.0-18-686-di |   6.1.76-1 | i386
ext4-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
ext4-modules-6.1.0-23-686-di |   6.1.99-1 | i386
ext4-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
ext4-modules-6.1.0-24-686-di |  6.1.106-2 | i386
ext4-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
f2fs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
f2fs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
f2fs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
f2fs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
f2fs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
f2fs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
fat-modules-6.1.0-18-686-di |   6.1.76-1 | i386
fat-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
fat-modules-6.1.0-23-686-di |   6.1.99-1 | i386
fat-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
fat-modules-6.1.0-24-686-di |  6.1.106-2 | i386
fat-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
fb-modules-6.1.0-18-686-di |   6.1.76-1 | i386
fb-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
fb-modules-6.1.0-23-686-di |   6.1.99-1 | i386
fb-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
fb-modules-6.1.0-24-686-di |  6.1.106-2 | i386
fb-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
firewire-core-modules-6.1.0-18-686-di |   6.1.76-1 | i386
firewire-core-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
firewire-core-modules-6.1.0-23-686-di |   6.1.99-1 | i386
firewire-core-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
firewire-core-modules-6.1.0-24-686-di |  6.1.106-2 | i386
firewire-core-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
fuse-modules-6.1.0-18-686-di |   6.1.76-1 | i386
fuse-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
fuse-modules-6.1.0-23-686-di |   6.1.99-1 | i386
fuse-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
fuse-modules-6.1.0-24-686-di |  6.1.106-2 | i386
fuse-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
i2c-modules-6.1.0-18-686-di |   6.1.76-1 | i386
i2c-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
i2c-modules-6.1.0-23-686-di |   6.1.99-1 | i386
i2c-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
i2c-modules-6.1.0-24-686-di |  6.1.106-2 | i386
i2c-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
input-modules-6.1.0-18-686-di |   6.1.76-1 | i386
input-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
input-modules-6.1.0-23-686-di |   6.1.99-1 | i386
input-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
input-modules-6.1.0-24-686-di |  6.1.106-2 | i386
input-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
isofs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
isofs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
isofs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
isofs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
isofs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
isofs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
jfs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
jfs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
jfs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
jfs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
jfs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
jfs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
kernel-image-6.1.0-18-686-di |   6.1.76-1 | i386
kernel-image-6.1.0-18-686-pae-di |   6.1.76-1 | i386
kernel-image-6.1.0-23-686-di |   6.1.99-1 | i386
kernel-image-6.1.0-23-686-pae-di |   6.1.99-1 | i386
kernel-image-6.1.0-24-686-di |  6.1.106-2 | i386
kernel-image-6.1.0-24-686-pae-di |  6.1.106-2 | i386
linux-image-6.1.0-18-686 |   6.1.76-1 | i386
linux-image-6.1.0-18-686-pae |   6.1.76-1 | i386
linux-image-6.1.0-18-rt-686-pae |   6.1.76-1 | i386
linux-image-6.1.0-23-686 |   6.1.99-1 | i386
linux-image-6.1.0-23-686-pae |   6.1.99-1 | i386
linux-image-6.1.0-23-rt-686-pae |   6.1.99-1 | i386
linux-image-6.1.0-24-686 |  6.1.106-2 | i386
linux-image-6.1.0-24-686-pae |  6.1.106-2 | i386
linux-image-6.1.0-24-rt-686-pae |  6.1.106-2 | i386
loop-modules-6.1.0-18-686-di |   6.1.76-1 | i386
loop-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
loop-modules-6.1.0-23-686-di |   6.1.99-1 | i386
loop-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
loop-modules-6.1.0-24-686-di |  6.1.106-2 | i386
loop-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
md-modules-6.1.0-18-686-di |   6.1.76-1 | i386
md-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
md-modules-6.1.0-23-686-di |   6.1.99-1 | i386
md-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
md-modules-6.1.0-24-686-di |  6.1.106-2 | i386
md-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
mmc-core-modules-6.1.0-18-686-di |   6.1.76-1 | i386
mmc-core-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
mmc-core-modules-6.1.0-23-686-di |   6.1.99-1 | i386
mmc-core-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
mmc-core-modules-6.1.0-24-686-di |  6.1.106-2 | i386
mmc-core-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
mmc-modules-6.1.0-18-686-di |   6.1.76-1 | i386
mmc-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
mmc-modules-6.1.0-23-686-di |   6.1.99-1 | i386
mmc-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
mmc-modules-6.1.0-24-686-di |  6.1.106-2 | i386
mmc-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
mouse-modules-6.1.0-18-686-di |   6.1.76-1 | i386
mouse-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
mouse-modules-6.1.0-23-686-di |   6.1.99-1 | i386
mouse-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
mouse-modules-6.1.0-24-686-di |  6.1.106-2 | i386
mouse-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
mtd-core-modules-6.1.0-18-686-di |   6.1.76-1 | i386
mtd-core-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
mtd-core-modules-6.1.0-23-686-di |   6.1.99-1 | i386
mtd-core-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
mtd-core-modules-6.1.0-24-686-di |  6.1.106-2 | i386
mtd-core-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
multipath-modules-6.1.0-18-686-di |   6.1.76-1 | i386
multipath-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
multipath-modules-6.1.0-23-686-di |   6.1.99-1 | i386
multipath-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
multipath-modules-6.1.0-24-686-di |  6.1.106-2 | i386
multipath-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nbd-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nbd-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nbd-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nbd-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nbd-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nbd-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nic-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nic-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nic-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nic-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nic-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nic-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nic-pcmcia-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nic-pcmcia-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nic-pcmcia-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nic-pcmcia-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nic-pcmcia-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nic-pcmcia-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nic-shared-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nic-shared-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nic-shared-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nic-shared-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nic-shared-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nic-shared-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nic-usb-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nic-usb-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nic-usb-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nic-usb-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nic-usb-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nic-usb-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
nic-wireless-modules-6.1.0-18-686-di |   6.1.76-1 | i386
nic-wireless-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
nic-wireless-modules-6.1.0-23-686-di |   6.1.99-1 | i386
nic-wireless-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
nic-wireless-modules-6.1.0-24-686-di |  6.1.106-2 | i386
nic-wireless-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
pata-modules-6.1.0-18-686-di |   6.1.76-1 | i386
pata-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
pata-modules-6.1.0-23-686-di |   6.1.99-1 | i386
pata-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
pata-modules-6.1.0-24-686-di |  6.1.106-2 | i386
pata-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
pcmcia-modules-6.1.0-18-686-di |   6.1.76-1 | i386
pcmcia-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
pcmcia-modules-6.1.0-23-686-di |   6.1.99-1 | i386
pcmcia-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
pcmcia-modules-6.1.0-24-686-di |  6.1.106-2 | i386
pcmcia-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
pcmcia-storage-modules-6.1.0-18-686-di |   6.1.76-1 | i386
pcmcia-storage-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
pcmcia-storage-modules-6.1.0-23-686-di |   6.1.99-1 | i386
pcmcia-storage-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
pcmcia-storage-modules-6.1.0-24-686-di |  6.1.106-2 | i386
pcmcia-storage-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
ppp-modules-6.1.0-18-686-di |   6.1.76-1 | i386
ppp-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
ppp-modules-6.1.0-23-686-di |   6.1.99-1 | i386
ppp-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
ppp-modules-6.1.0-24-686-di |  6.1.106-2 | i386
ppp-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
rfkill-modules-6.1.0-18-686-di |   6.1.76-1 | i386
rfkill-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
rfkill-modules-6.1.0-23-686-di |   6.1.99-1 | i386
rfkill-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
rfkill-modules-6.1.0-24-686-di |  6.1.106-2 | i386
rfkill-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
sata-modules-6.1.0-18-686-di |   6.1.76-1 | i386
sata-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
sata-modules-6.1.0-23-686-di |   6.1.99-1 | i386
sata-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
sata-modules-6.1.0-24-686-di |  6.1.106-2 | i386
sata-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
scsi-core-modules-6.1.0-18-686-di |   6.1.76-1 | i386
scsi-core-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
scsi-core-modules-6.1.0-23-686-di |   6.1.99-1 | i386
scsi-core-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
scsi-core-modules-6.1.0-24-686-di |  6.1.106-2 | i386
scsi-core-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
scsi-modules-6.1.0-18-686-di |   6.1.76-1 | i386
scsi-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
scsi-modules-6.1.0-23-686-di |   6.1.99-1 | i386
scsi-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
scsi-modules-6.1.0-24-686-di |  6.1.106-2 | i386
scsi-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
scsi-nic-modules-6.1.0-18-686-di |   6.1.76-1 | i386
scsi-nic-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
scsi-nic-modules-6.1.0-23-686-di |   6.1.99-1 | i386
scsi-nic-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
scsi-nic-modules-6.1.0-24-686-di |  6.1.106-2 | i386
scsi-nic-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
serial-modules-6.1.0-18-686-di |   6.1.76-1 | i386
serial-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
serial-modules-6.1.0-23-686-di |   6.1.99-1 | i386
serial-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
serial-modules-6.1.0-24-686-di |  6.1.106-2 | i386
serial-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
sound-modules-6.1.0-18-686-di |   6.1.76-1 | i386
sound-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
sound-modules-6.1.0-23-686-di |   6.1.99-1 | i386
sound-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
sound-modules-6.1.0-24-686-di |  6.1.106-2 | i386
sound-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
speakup-modules-6.1.0-18-686-di |   6.1.76-1 | i386
speakup-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
speakup-modules-6.1.0-23-686-di |   6.1.99-1 | i386
speakup-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
speakup-modules-6.1.0-24-686-di |  6.1.106-2 | i386
speakup-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
squashfs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
squashfs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
squashfs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
squashfs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
squashfs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
squashfs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
udf-modules-6.1.0-18-686-di |   6.1.76-1 | i386
udf-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
udf-modules-6.1.0-23-686-di |   6.1.99-1 | i386
udf-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
udf-modules-6.1.0-24-686-di |  6.1.106-2 | i386
udf-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
uinput-modules-6.1.0-18-686-di |   6.1.76-1 | i386
uinput-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
uinput-modules-6.1.0-23-686-di |   6.1.99-1 | i386
uinput-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
uinput-modules-6.1.0-24-686-di |  6.1.106-2 | i386
uinput-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
usb-modules-6.1.0-18-686-di |   6.1.76-1 | i386
usb-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
usb-modules-6.1.0-23-686-di |   6.1.99-1 | i386
usb-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
usb-modules-6.1.0-24-686-di |  6.1.106-2 | i386
usb-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
usb-serial-modules-6.1.0-18-686-di |   6.1.76-1 | i386
usb-serial-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
usb-serial-modules-6.1.0-23-686-di |   6.1.99-1 | i386
usb-serial-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
usb-serial-modules-6.1.0-24-686-di |  6.1.106-2 | i386
usb-serial-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
usb-storage-modules-6.1.0-18-686-di |   6.1.76-1 | i386
usb-storage-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
usb-storage-modules-6.1.0-23-686-di |   6.1.99-1 | i386
usb-storage-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
usb-storage-modules-6.1.0-24-686-di |  6.1.106-2 | i386
usb-storage-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386
xfs-modules-6.1.0-18-686-di |   6.1.76-1 | i386
xfs-modules-6.1.0-18-686-pae-di |   6.1.76-1 | i386
xfs-modules-6.1.0-23-686-di |   6.1.99-1 | i386
xfs-modules-6.1.0-23-686-pae-di |   6.1.99-1 | i386
xfs-modules-6.1.0-24-686-di |  6.1.106-2 | i386
xfs-modules-6.1.0-24-686-pae-di |  6.1.106-2 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:39:17 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

linux-headers-6.1.0-18-common |   6.1.76-1 | all
linux-headers-6.1.0-18-common-rt |   6.1.76-1 | all
linux-headers-6.1.0-23-common |   6.1.99-1 | all
linux-headers-6.1.0-23-common-rt |   6.1.99-1 | all
linux-headers-6.1.0-24-common |  6.1.106-2 | all
linux-headers-6.1.0-24-common-rt |  6.1.106-2 | all
linux-support-6.1.0-18 |   6.1.76-1 | all
linux-support-6.1.0-23 |   6.1.99-1 | all
linux-support-6.1.0-24 |  6.1.106-2 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:40:35 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:41:16 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:41:45 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:42:12 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:42:57 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:43:17 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:

libstd-rust-web-1.70 | 1.70.0+dfsg1-7~deb12u2 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc-web - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 31 Aug 2024 08:27:30 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

bcachefs-tools |       24-1 | source, amd64, arm64, armel, armhf, i386, ppc64el, s390x
Closed bugs: 1078543

------------------- Reason -------------------
RoM; buggy, obsolete
----------------------------------------------
=========================================================================
amd64-microcode (3.20240820.1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm (revert merged-usr changes from unstable)
 .
 amd64-microcode (3.20240820.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240820
     * New AMD-SEV firmware from AMD upstream (20240820)
       + Updated SEV firmware:
         Family 17h models 30h-3fh: version 0.24 build 20
         Family 19h models 00h-0fh: version 1.55 build 21
         Family 19h models 10h-1fh: version 1.55 build 37
       + New SEV firmware:
         Family 19h models a0h-afh: version 1.55 build 37
   * SECURITY UPDATE (AMD-SB-3003):
     * Mitigates CVE-2023-20584: IOMMU improperly handles certain special
       address ranges with invalid device table entries (DTEs), which may allow
       an attacker with privileges and a compromised Hypervisor to induce DTE
       faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of
       guest integrity.
     * Mitigates CVE-2023-31356: Incomplete system memory cleanup in SEV
       firmware could allow a privileged attacker to corrupt guest private
       memory, potentially resulting in a loss of data integrity.
amd64-microcode (3.20240820.1~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye
   * Revert merged-usr changes from unstable
   * Revert move to non-free-firmware
 .
 amd64-microcode (3.20240820.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240820
     * New AMD-SEV firmware from AMD upstream (20240820)
       + Updated SEV firmware:
         Family 17h models 30h-3fh: version 0.24 build 20
         Family 19h models 00h-0fh: version 1.55 build 21
         Family 19h models 10h-1fh: version 1.55 build 37
       + New SEV firmware:
         Family 19h models a0h-afh: version 1.55 build 37
   * SECURITY UPDATE (AMD-SB-3003):
     * Mitigates CVE-2023-20584: IOMMU improperly handles certain special
       address ranges with invalid device table entries (DTEs), which may allow
       an attacker with privileges and a compromised Hypervisor to induce DTE
       faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of
       guest integrity.
     * Mitigates CVE-2023-31356: Incomplete system memory cleanup in SEV
       firmware could allow a privileged attacker to corrupt guest private
       memory, potentially resulting in a loss of data integrity.
amd64-microcode (3.20240710.2) unstable; urgency=high
 .
   * postrm: activate the update-initramfs dpkg trigger on remove/purge
     instead of always executing update-initramfs directly, just like it
     was done for postinst in 3.20240710.1: call update-initramfs directly
     only if the dpkg-trigger activation call fails.
amd64-microcode (3.20240710.2~deb12u1) bookworm; urgency=high
 .
   * Rebuild for bookworm (revert merged-usr changes from unstable)
 .
 amd64-microcode (3.20240710.2) unstable; urgency=high
 .
   * postrm: activate the update-initramfs dpkg trigger on remove/purge
     instead of always executing update-initramfs directly, just like it
     was done for postinst in 3.20240710.1: call update-initramfs directly
     only if the dpkg-trigger activation call fails.
 .
 amd64-microcode (3.20240710.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240709-141-g59460076
     (closes: #1076128)
   * SECURITY UPDATE: Mitigates "Sinkclose" CVE-2023-31315 (AMD-SB-7014) on
     AMD Epyc processors: SMM lock bypass - Improper validation in a model
     specific register (MSR) could allow a malicious program with ring 0
     access (kernel) to modify SMM configuration while SMI lock is enabled,
     potentially leading to arbitrary code execution.
     Note: a firmware update is recommended for AMD Epyc (to protect the
     system as early as possible).  Many other AMD processor models are
     also vulnerable to SinkClose, and can only be fixed by a firmware
     update at this time.
   * Updated Microcode patches:
     + Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c
     + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5
   * README.Debian: "late" microcode updates are unsupported in Debian
     (closes: #1074514)
   * postinst: use dpkg-trigger to activate update-initramfs, this enables
     dracut integration (closes: #1000193)
 .
 amd64-microcode (3.20240116.2) unstable; urgency=medium
 .
   * Add AMD-TEE firmware to the package (closes: #1062678)
     + amdtee: add amd_pmf TA firmware 20230906
   * debian: install amdtee to /lib/firmware/amdtee
   * debian/control: update short and long descriptions
   * debian/copyright: update with amd-pmf license
 .
 amd64-microcode (3.20240116.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20240115-80-gb4b04a5c
   * Updated Microcode patches:
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d3
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001236
 .
 amd64-microcode (3.20231019.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20231019
   * Updated Microcode patches:
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213
 .
 amd64-microcode (3.20230823.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20230919
     * New AMD-SEV firmware from AMD upstream (20230823)
       + Updated SEV firmware:
         Family 19h models 00h-0fh: version 1.55 build 8
       + New SEV firmware:
         Family 19h models 10h-1fh: version 1.55 build 21
   * amd-ucode: Add note on fam19h warnings.
amd64-microcode (3.20240710.2~deb11u1) bullseye; urgency=high
 .
   * Rebuild for bullseye
   * Revert merged-usr changes from unstable
   * Revert move to non-free-firmware
 .
 amd64-microcode (3.20240710.2) unstable; urgency=high
 .
   * postrm: activate the update-initramfs dpkg trigger on remove/purge
     instead of always executing update-initramfs directly, just like it
     was done for postinst in 3.20240710.1: call update-initramfs directly
     only if the dpkg-trigger activation call fails.
 .
 amd64-microcode (3.20240710.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240709-141-g59460076
     (closes: #1076128)
   * SECURITY UPDATE: Mitigates "Sinkclose" CVE-2023-31315 (AMD-SB-7014) on
     AMD Epyc processors: SMM lock bypass - Improper validation in a model
     specific register (MSR) could allow a malicious program with ring 0
     access (kernel) to modify SMM configuration while SMI lock is enabled,
     potentially leading to arbitrary code execution.
     Note: a firmware update is recommended for AMD Epyc (to protect the
     system as early as possible).  Many other AMD processor models are
     also vulnerable to SinkClose, and can only be fixed by a firmware
     update at this time.
   * Updated Microcode patches:
     + Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c
     + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5
   * README.Debian: "late" microcode updates are unsupported in Debian
     (closes: #1074514)
   * postinst: use dpkg-trigger to activate update-initramfs, this enables
     dracut integration (closes: #1000193)
 .
 amd64-microcode (3.20240116.2) unstable; urgency=medium
 .
   * Add AMD-TEE firmware to the package (closes: #1062678)
     + amdtee: add amd_pmf TA firmware 20230906
   * debian: install amdtee to /lib/firmware/amdtee
   * debian/control: update short and long descriptions
   * debian/copyright: update with amd-pmf license
 .
 amd64-microcode (3.20240116.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20240115-80-gb4b04a5c
   * Updated Microcode patches:
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d3
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001236
 .
 amd64-microcode (3.20231019.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20231019
   * Updated Microcode patches:
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213
 .
 amd64-microcode (3.20230823.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20230919
     * New AMD-SEV firmware from AMD upstream (20230823)
       + Updated SEV firmware:
         Family 19h models 00h-0fh: version 1.55 build 8
       + New SEV firmware:
         Family 19h models 10h-1fh: version 1.55 build 21
   * amd-ucode: Add note on fam19h warnings.
amd64-microcode (3.20240710.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20240709-141-g59460076
     (closes: #1076128)
   * SECURITY UPDATE: Mitigates "Sinkclose" CVE-2023-31315 (AMD-SB-7014) on
     AMD Epyc processors: SMM lock bypass - Improper validation in a model
     specific register (MSR) could allow a malicious program with ring 0
     access (kernel) to modify SMM configuration while SMI lock is enabled,
     potentially leading to arbitrary code execution.
     Note: a firmware update is recommended for AMD Epyc (to protect the
     system as early as possible).  Many other AMD processor models are
     also vulnerable to SinkClose, and can only be fixed by a firmware
     update at this time.
   * Updated Microcode patches:
     + Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c
     + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5
   * README.Debian: "late" microcode updates are unsupported in Debian
     (closes: #1074514)
   * postinst: use dpkg-trigger to activate update-initramfs, this enables
     dracut integration (closes: #1000193)
amd64-microcode (3.20240116.2+nmu1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Install files into /usr instead of /. (Closes: 1059372)
amd64-microcode (3.20240116.2) unstable; urgency=medium
 .
   * Add AMD-TEE firmware to the package (closes: #1062678)
     + amdtee: add amd_pmf TA firmware 20230906
   * debian: install amdtee to /lib/firmware/amdtee
   * debian/control: update short and long descriptions
   * debian/copyright: update with amd-pmf license
 .
 amd64-microcode (3.20240116.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20240115-80-gb4b04a5c
   * Updated Microcode patches:
     + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b
     + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d3
     + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001236
amd64-microcode (3.20231019.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20231019
   * Updated Microcode patches:
     + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144
     + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244
     + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213
amd64-microcode (3.20230823.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20230919
     * New AMD-SEV firmware from AMD upstream (20230823)
       + Updated SEV firmware:
         Family 19h models 00h-0fh: version 1.55 build 8
       + New SEV firmware:
         Family 19h models 10h-1fh: version 1.55 build 21
   * amd-ucode: Add note on fam19h warnings.
amd64-microcode (3.20230808.1.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20230804-6-gf2eb058a
     * Fixes for CVE-2023-20569 "AMD Inception" on AMD Zen4 processors
     (closes: #1043381)
   * WARNING: for proper operation on AMD Genoa and Bergamo processors,
     either up-to-date BIOS (with AGESA 1.0.0.8 or newer) or up-to-date
     Linux kernels (minimal versions on each active Linux stable branch:
     v4.19.289 v5.4.250 v5.10.187 v5.15.120 v6.1.37 v6.3.11 v6.4.1)
     are *required*
   * New Microcode patches:
     +  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e
     +  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e
     +  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212
     +  Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116
   * README: update for new release
   * debian/NEWS: AMD Genoa/Bergamo kernel version restrictions
   * debian/changelog: update entry for release 3.20230719.1, noting
     that it included fixes for "AMD Inception" for Zen3 processors.
     We did not know about AMD Inception at the time, but we always
     include all available microcode updates when issuing a new
     package, so we lucked out.
   * debian/changelog: correct some information in 3.20230808.1
     entry and reupload as 3.20230808.1.1.  There's no Zenbleed
     for Zen4... oops!

ansible (7.7.0+dfsg-3+deb12u1) bookworm; urgency=medium
 .
   * New stable release (Closes: #1069891)
   * Put ansible under the Debian Python Team umbrella
   * d/gbp.conf: set merge-mode replace by default
   * d/gbp.conf: Switch to DEP-14 branch layout
   * d/gbp.conf: Sign tags by default
   * d/gitlab-ci.yml: Run CI/CD tests against bookworm
   * autopkgtests: Use the same scripts as from the unstable branch
   * autopkgtests: Update package dependencies
   * autopkgtests: Update list of flaky tests
   * Update amazon.aws ec2_key module documentation to fix CVE-2023-4237.
   * d/control: update VCS links
ansible (7.7.0+dfsg-3) unstable; urgency=medium
 .
   * Fix issue with ansible.builtin.copy when using libvirt connection plugin
     upstream bug:
     https://github.com/ansible-collections/community.libvirt/issues/161
   * Update lintian overrides
ansible (7.7.0+dfsg-2) unstable; urgency=medium
 .
   * Fix warning when using libvirt connection plugin
   * Fix libvirt connection plugin encoding errors on Windows guests
ansible (7.7.0+dfsg-1) unstable; urgency=medium
 .
   * d/watch: Lock into v7.x.x for now.
   * New upstream release

ansible-core (2.14.16-0+deb12u1) bookworm; urgency=medium
 .
   * New stable release (Closes: #1070193)
   * New upstream version 2.14.16
   * Bugfix-only release to bookworm, fixing the following security issues:
     - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)
     - Address issues where internal templating can cause unsafe variables to
       lose their unsafe designation (CVE-2023-5764)
     - Prevent roles from using symlinks to overwrite files outside of the
       installation directory (CVE-2023-5115)
   * Update d/gbp.conf to point to bookworm
   * Update d/control Vcs-Git field to point to bookworm
   * Update watch file to accomodate a common upstream typo
   * d/gbp.conf: Update upstream branch
   * d/gbp.conf: set merge-mode replace by default
   * d/gbp.conf: Sign tags by default
   * autopkgtests: Add dep to python3-systemd
ansible-core (2.14.13-1) unstable; urgency=medium
 .
   * New upstream version 2.14.13
   * Update package to conform to DEP-14 packaging layout
   * Update dep3 patch headers
ansible-core (2.14.11-2) unstable; urgency=medium
 .
   * Enforce locale to ensure it builds reproducibly
   * Fix facter when puppet not present (Closes: #1055616)
ansible-core (2.14.11-1) unstable; urgency=medium
 .
   * New upstream version 2.14.11
   * Fix galaxy tests
   * Fix lintian override
   * Update changelog and release to unstable
ansible-core (2.14.10-1) unstable; urgency=medium
 .
   * New upstream release
ansible-core (2.14.9-2) unstable; urgency=medium
 .
   * Fix unit tests
ansible-core (2.14.9-1) unstable; urgency=medium
 .
   * New upstream version 2.14.9
   * Refresh patches
   * Adapt to upstream change of man page building
   * Fix double-build failure (Closes: #1043680)
ansible-core (2.14.8-1) unstable; urgency=medium
 .
   * New upstream release
ansible-core (2.14.7-1) unstable; urgency=medium
 .
   * New upstream release
   * Refresh 0005-use-py3.patch
   * Drop 0010-fix-json-uri-subtype.patch (applied upstream)
ansible-core (2.14.6-1) unstable; urgency=medium
 .
   * New upstream release
   * d/watch: Remove signature check
   * d/control: Recommend python3-passlib (Closes: #1034251)
   * d/control: Update python3-resolvelib version dependency (Closes: #1037932, #1037443)
   * uri: fix search for json types to include strings in the format xxx/yyy+json
     (Closes: #1037126)

aom (3.6.0-1+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-5171

apache2 (2.4.62-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898)
apache2 (2.4.62-1~deb11u1) bullseye; urgency=medium
 .
   * New upstream version (Closes: CVE-2024-40725, CVE-2024-40898)
apache2 (2.4.61-1) unstable; urgency=medium
 .
   * New upstream version 2.4.61
apache2 (2.4.61-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
     CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
     CVE-2024-38477, CVE-2024-39573, CVE-2024-39884)
   * Unfuzz patches
apache2 (2.4.61-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
     CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
     CVE-2024-38477, CVE-2024-39573, CVE-2024-39884)
   * Update test framework
   * Unfuzz patches
apache2 (2.4.60-1) unstable; urgency=medium
 .
   [ Bastien Roucariès ]
   * Forward port CVE-2023-25690 uwsgi tests
   * Fix depends of uwsgi test
   * Use python3 uwsgi plugin
   * Encode bytes for uwsgi test
 .
   [ Bryce Harrington ]
   * Add UFW profile integration (Closes: #1071705)
 .
   [Chris Murray]
   * Use https instead of http in doc (LP: #2045055)
 .
   [ Yadd ]
   * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
   * Update test framework
   * releasing package apache2 version 2.4.59-1~deb12u1
   * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
     CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
     CVE-2024-38477, CVE-2024-39573)
   * Unfuzz patches
apache2 (2.4.59-2) unstable; urgency=medium
 .
   * Breaks against fossil due to CVE-2024-24795 follows up
apache2 (2.4.59-1) unstable; urgency=medium
 .
   [ Stefan Fritsch ]
   * Remove old transitional packages libapache2-mod-md and
     libapache2-mod-proxy-uwsgi. Closes: #1032628
 .
   [ Yadd ]
   * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
   * Refresh patches
   * New upstream version 2.4.59
   * Refresh patches
   * Update patches
   * Update test framework

base-files (12.4+deb12u7) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.7, for Debian 12.7 point release.

bind9 (1:9.18.28-1~deb12u2) bookworm-security; urgency=medium
 .
   * Fix the assertion failure in samba-libs DLZ module. (Closes #1074378)
bind9 (1:9.18.28-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 9.18.28
    - CVE-2024-0760: A flood of DNS messages over TCP may make the server
      unstable
    - CVE-2024-1737: BIND's database will be slow if a very large number of
      RRs exist at the same name
    - CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
    - CVE-2024-4076: Assertion failure when serving both stale cache data
      and authoritative zone content

bubblewrap (0.8.0-2+deb12u1) bookworm-security; urgency=high
 .
   * d/gbp.conf: Use debian/bookworm packaging branch for Debian 12
   * d/p/Add-bind-fd-and-ro-bind-fd-to-let-you-bind-a-O_PATH-fd.patch:
     Backport new --[ro-]bind-fd feature from upstream release 0.10.0.
     This is necessary to resolve CVE-2024-42472 in Flatpak without
     introducing a potentially exploitable race condition.

cacti (1.2.24+ds1-1+deb12u4) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Add SALSA-CI.
   * Backport autopkgtest from trixie.
cacti (1.2.24+ds1-1+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CVE-2024-25641: RCE vulnerability when importing packages
     An arbitrary file write vulnerability, exploitable through the
     "Package Import" feature, allows authenticated users having
     the "Import Templates" permission to execute arbitrary PHP
     code on the web server (RCE).
   * Fix CVE-2024-29894: XSS vulnerability when using JavaScript
     based messaging API.
     raise_message_javascript from lib/functions.php now uses purify.js
     to fix CVE-2023-50250 (among others).
     However it still generates the code out of unescaped
     PHP variables $title and $header.
     If those variables contain single quotes, they can be used
     to inject JavaScript code.
   * Fix CVE-2024-31443. XSS vulnerability when managing data queries
     Some of the data stored in form_save() function in data_queries.php
     is not thoroughly checked and is used to concatenate the
     HTML statement in grow_right_pane_tree() function from lib/html.php,
     finally resulting in XSS.
   * Fix CVE-2024-31444: XSS vulnerability when reading tree rules with
     Automation API.
     Some of the data stored in automation_tree_rules_form_save() function
     in automation_tree_rules.php is not thoroughly checked and is used
     to concatenate the HTML statement in form_confirm() function from
     lib/html.php , finally resulting in XSS.
   * Fix CVE-2024-31445: SQL injection vulnerability
     A SQL injection vulnerability in `automation_get_new_graphs_sql`
     function of `api_automation.php` allows authenticated users to exploit
     these SQL injection vulnerabilities to perform privilege escalation
     and remote code execution. In `api_automation.php` line 856, the
     `get_request_var('filter')` is being concatenated into the SQL
     statement without any sanitization. In `api_automation.php` line 717,
     The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no
     filter for it
   * Fix CVE-2024-31458: SQL injection vulnerability
     Some of the data stored in `form_save()` function in
     `graph_template_inputs.php` is not thoroughly checked and is used to
     concatenate the SQL statement in
     `draw_nontemplated_fields_graph_item()` function from
     `lib/html_form_templates.php` , finally resulting in SQL injection
   * Fix CVE-2024-31459: Remote code execution
     There is a file inclusion issue in the lib/plugin.php file.
     Combined with SQL injection vulnerabilities, RCE can be implemented.
   * Fix CVE-2024-31460: SQL code injection
     Some of the data stored in `automation_tree_rules.php` is not
     thoroughly checked and is used to concatenate the SQL statement in
     `create_all_header_nodes()` function from `lib/api_automation.php` ,
     finally resulting in SQL injection. Using SQL based secondary
     injection technology, attackers can modify the contents of the Cacti
     database, and based on the modified content, it may be possible to
     achieve further impact, such as arbitrary file reading, and even
     remote code execution through arbitrary file writing
   * Fix CVE-2024-34340: type juggling vulnerability
     Cacti calls `compat_password_hash` when users set their
     password. `compat_password_hash` use `password_hash` if there is it,
     else use `md5`. When verifying password, it calls
     `compat_password_verify`. In `compat_password_verify`,
     `password_verify` is called if there is it, else use
     `md5`. `password_verify` and `password_hash` are supported on PHP <
     5.5.0, following PHP manual. The vulnerability is in
     `compat_password_verify`. Md5-hashed user input is compared with
     correct password in database by `$md5 == $hash`. It is a loose
     comparison, not `===`.

calamares-settings-debian (12.0.9-1+deb12u1) bookworm; urgency=medium
 .
   * Fix Xfce launcher permission issue (Closes: #1037299)
     - Add new dependency: libglib2.0-bin

calibre (6.13.0+repack-2+deb12u4) bookworm; urgency=medium
 .
   * Fix #2075131 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075131)
     (Fix for CVE-2024-7009)
   * Fix #2075130 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075130)
     (Fix for CVE-2024-7008)
   * Fix #2075128 [Private bug](https://bugs.launchpad.net/calibre/+bug/2075128)
     (Fix for CVE-2024-6782)
   * Fix #2076515 [calibredb list command ignores fields
     option](https://bugs.launchpad.net/calibre/+bug/2076515)
     Add fixup to CVE-2024-6782 .
     See also Debian bug 1079277.
     > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079277

choose-mirror (2.123+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Update Mirrors.masterlist.

chromium (128.0.6613.84-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-7964: Use after free in Passwords. Reported by Anonymous.
     - CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog.
     - CVE-2024-7966: Out of bounds memory access in Skia.
       Reported by Renan Rios (@HyHy100).
     - CVE-2024-7967: Heap buffer overflow in Fonts.
       Reported by Tashita Software Security.
     - CVE-2024-7968: Use after free in Autofill.
       Reported by Han Zheng (HexHive).
     - CVE-2024-7969: Type Confusion in V8.
       Reported by CFF of Topsec Alpha Team.
     - CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat
       Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC).
     - CVE-2024-7972: Inappropriate implementation in V8.
       Reported by Simon Gerst (intrigus-lgtm).
     - CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax.
     - CVE-2024-7974: Insufficient data validation in V8 API.
       Reported by bowu(@gocrashed).
     - CVE-2024-7975: Inappropriate implementation in Permissions.
       Reported by Thomas Orlita.
     - CVE-2024-7976: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7977: Insufficient data validation in Installer.
       Reported by Kim Dong-uk (@justlikebono).
     - CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
       Reported by NDevTK.
     - CVE-2024-7979: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7980: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7981: Inappropriate implementation in Views.
       Reported by Thomas Orlita.
     - CVE-2024-8033: Inappropriate implementation in WebApp Installs.
       Reported by Lijo A.T.
     - CVE-2024-8034: Inappropriate implementation in Custom Tabs.
       Reported by Bharat (mrnoob).
     - CVE-2024-8035: Inappropriate implementation in Extensions.
       Reported by Microsoft.
   * d/copyright: delete third_party/siso/ which contains binaries.
   * d/rules: set safe_browsing_use_unrar=false to disable unrar.
   * d/patches:
     - fixes/blink-frags.patch: drop, merged upstream.
     - fixes/stats-collector.patch: drop, upstream deleted broken code.
     - fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream.
     - upstream/armhf-ftbfs.patch: drop, merged upstream.
     - upstream/containers-header.patch: drop, merged upstream.
     - upstream/crabbyav1f.patch: drop, merged upstream.
     - upstream/lock-impl.patch: drop, merged upstream.
     - upstream/paint-layer-header.patch: drop, merged upstream.
     - disable/unrar.patch: drop, merged upstream w/ build arg.
     - bookworm/nvt.patch: drop, no longer needed.
     - fixes/ps-print.patch: refresh.
     - system/openjpeg.patch: refresh.
     - bookworm/clang16.patch: refresh & remove another unsupported option.
     - bookworm/constexpr.patch: refresh & add more fixes.
     - bookworm/lex-3way.patch: pull in another STL function from clang-17.
     - bookworm/blink-attrib.patch: add build fix to reorder __attribute__.
     - fixes/highway-include-path.patch: upstream fixed the original issue
       in a broken way, making this worse. Add more to this patch to work
       around that.
     - bookworm/bubble-contents.patch: refresh.
     - bookworm/crabbyav1f.patch: refresh.
     - bookworm/gn-absl.patch: refresh.
 .
   [ Daniel Richard G. ]
   * d/rules: Parameterize Rust sysroot to simplify using a different one.
   * d/patches:
     - bookworm/highway-blink.patch: Avoid armhf/arm64 FTBFS by disabling
       Blink feature that requires newer libhwy-dev version.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/dawn-fix-typos.patch: Refresh for upstream changes
     - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
       Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable
       musttail on ppc64el platforms
 .
 chromium (127.0.6533.119-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
   * d/patches/upstream/armhf-ftbfs.patch: armhf FTBFS fix from upstream.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - ppc64le/crashpad/0002-Include-cstddef-to-fix-build.patch: Drop, as
       the original FTBFS that this fixed is no longer reproducible.
   * d/rules: Add to ppc64el CXXFLAGS to quash copious AltiVec warnings.
chromium (127.0.6533.119-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
   * d/patches/upstream/armhf-ftbfs.patch: armhf FTBFS fix from upstream.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - ppc64le/crashpad/0002-Include-cstddef-to-fix-build.patch: Drop, as
       the original FTBFS that this fixed is no longer reproducible.
     - ppc64le/fixes/fix-different-data-layouts.patch: Fix ppc64el FTBFS due
       to minor LLVM data-layout clash between older clang and newer rustc.
   * d/rules: Add to ppc64el CXXFLAGS to quash copious AltiVec warnings.
chromium (127.0.6533.119-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie.
   * Revert libxml2-dev versioned build-dep, and re-add
     d/patches/bookworm/libxml/parseerr.patch.
chromium (127.0.6533.99-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-7532: Out of bounds memory access in ANGLE.
       Reported by wgslfuzz.
     - CVE-2024-7533: Use after free in Sharing. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-7550: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-7534: Heap buffer overflow in Layout.
       Reported by Tashita Software Security.
     - CVE-2024-7535: Inappropriate implementation in V8.
       Reported by Tashita Software Security.
     - CVE-2024-7536: Use after free in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion
       trap on ppc64el systems
 .
   [ Daniel Richard G. ]
   * Enable ThinLTO (slower linking, faster runtime) on archs that can
     support it (closes: #1033305).
   * Avoid some hard-coded Debian references to simplify package builds for
     other distributions, e.g. Ubuntu.
   * d/patches:
     - bookworm/constexpr.patch: Add no_destroy attributes to quash many
       "declaration requires an exit-time destructor" warnings.
     - fixes/highway-include-path.patch: New patch to fix highway.h path.
 .
   [ Grzegorz Szymaszek ]
   * Use https instead of http in initial_bookmarks.html.
chromium (127.0.6533.99-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2024-7532: Out of bounds memory access in ANGLE.
       Reported by wgslfuzz.
     - CVE-2024-7533: Use after free in Sharing. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-7550: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-7534: Heap buffer overflow in Layout.
       Reported by Tashita Software Security.
     - CVE-2024-7535: Inappropriate implementation in V8.
       Reported by Tashita Software Security.
     - CVE-2024-7536: Use after free in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion
       trap on ppc64el systems
 .
   [ Daniel Richard G. ]
   * Enable ThinLTO (slower linking, faster runtime) on archs that can
     support it (closes: #1033305).
   * Avoid some hard-coded Debian references to simplify package builds for
     other distributions, e.g. Ubuntu.
   * d/patches:
     - bookworm/constexpr.patch: Add no_destroy attributes to quash many
       "declaration requires an exit-time destructor" warnings.
     - fixes/highway-include-path.patch: New patch to fix highway.h path.
 .
   [ Grzegorz Szymaszek ]
   * Use https instead of http in initial_bookmarks.html.
chromium (127.0.6533.88-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-6988: Use after free in Downloads. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-6989: Use after free in Loader. Reported by Anonymous.
     - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6992: Out of bounds memory access in ANGLE.
       Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
     - CVE-2024-6993: Inappropriate implementation in Canvas.
       Reported by Anonymous.
     - CVE-2024-6994: Heap buffer overflow in Layout.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
     - CVE-2024-6995: Inappropriate implementation in Fullscreen.
       Reported by Alesandro Ortiz.
     - CVE-2024-6996: Race in Frames.
       Reported by Louis Jannett (Ruhr University Bochum).
     - CVE-2024-6997: Use after free in Tabs.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6998: Use after free in User Education.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6999: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7000: Use after free in CSS. Reported by Anonymous.
     - CVE-2024-7001: Inappropriate implementation in HTML.
       Reported by Jake Archibald.
     - CVE-2024-7003: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7004: Insufficient validation of untrusted input in Safe
       Browsing. Reported by Anonymous.
     - CVE-2024-7005: Insufficient validation of untrusted input in Safe
       Browsing. Reported by Umar Farooq.
     - CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert.
     - CVE-2024-7255: Out of bounds read in WebTransport.
       Reported by Marten Richter.
     - CVE-2024-7256: Insufficient data validation in Dawn.
       Reported by gelatin dessert.
   * Switch from building against (gcc's) libstdc++ to (clang's) libc++.
     Upstream is playing fast and loose with memory in ways that results
     in crashes with gcc's stricter libstdc++, but not with clang's libc++
     (which allows accessing deleting memory apparently). We can't maintain
     workarounds any more, and upstream really doesn't care (see, for
     example, https://crbug.com/346174906 , where they add workarounds only
     for their ASAN memory checker).
   * d/copyright:
     - delete new rust, cargo, llvm, and node binaries.
     - delete third_party/zstd so we can link against system zstd.
     - stop deleting the bundled woff, snappy, and jsoncpp; those can't be
       dynamically linked against with clang's libc++.
   * d/control:
     - build-dep against libzstd-dev and bindgen.
     - drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and
       add build-deps on libc++-16-dev / libc++abi-16-dev.
   * d/rules:
     - drop use_goma=false (upstream switched to rbe).
     - set rust_bindgen_root.
     - rework get-orig-source to not use mk-origtargz, which is
     incredibly slow (total run 45 mins for the current 6.2G upstream
     release). Instead, use d/scripts/get-exludes.pl and tar's
     --exclude-from to drastically speed things up (total run now takes
     8 mins).
   * d/patches:
     - upstream/tabstrip-include.patch: drop, merged upstream.
     - upstream/quiche-deque.patch: drop, merged upstream.
     - upstream/gpu-header.patch: drop, merged upstream.
     - upstream/blink-header.patch: drop, merged upstream.
     - upstream/blink-header2.patch: drop, merged upstream.
     - upstream/blink-header3.patch: drop, merged upstream.
     - upstream/realtime-reporting.patch: drop, merged upstream.
     - upstream/urlvisit-header.patch: drop, merged upstream.
     - upstream/accessibility-format.patch: drop, merged upstream.
     - upstream/observer.patch: drop, merged upstream.
     - bookworm/clang16.patch: refresh.
     - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - disable/signin.patch: upstream dropped prefs::kAutologinEnabled.
     - upstream/crabbyav1f.patch: add build fix pulled from upstream.
     - upstream/lock-impl.patch: add build fix pulled from upstream.
     - upstream/containers-header.patch: add build fix pulled from upstream.
     - upstream/paint-layer-header.patch: add build fix pulled from upstream
     - fixes/bindgen.patch: work around bindgen-related things (hopefully
       correctly?)
     - bookworm/lex-3way.patch: add patch to support
       std::lexicographical_compare_three_way, which was added in clang-17.
     - bookworm/traitors.patch: another clang-16 hack; backport
       pointer_traits.h from libc++-18-dev to work around clang
       std::to_address() issue.
     - bookworm/constexpr.patch: add more of the usual constexpr
       workarounds; only needed for clang-16.
     - fixes/absl-optional.patch: drop, only needed for libstdc++-dev.
     - fixes/bad-font-gc*: drop, only needed for libstdc++-dev.
     - fixes/chromium-browser-ui-missing-deps.patch: add a bunch of
       mojo-related dependency build fixes.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on
       64k page systems such as aarch64 and ppc64el
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed
     - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
       changes
chromium (127.0.6533.88-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-6988: Use after free in Downloads. Reported by
       lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-6989: Use after free in Loader. Reported by Anonymous.
     - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6992: Out of bounds memory access in ANGLE.
       Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
     - CVE-2024-6993: Inappropriate implementation in Canvas.
       Reported by Anonymous.
     - CVE-2024-6994: Heap buffer overflow in Layout.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
     - CVE-2024-6995: Inappropriate implementation in Fullscreen.
       Reported by Alesandro Ortiz.
     - CVE-2024-6996: Race in Frames.
       Reported by Louis Jannett (Ruhr University Bochum).
     - CVE-2024-6997: Use after free in Tabs.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6998: Use after free in User Education.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6999: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7000: Use after free in CSS. Reported by Anonymous.
     - CVE-2024-7001: Inappropriate implementation in HTML.
       Reported by Jake Archibald.
     - CVE-2024-7003: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7004: Insufficient validation of untrusted input in Safe
       Browsing. Reported by Anonymous.
     - CVE-2024-7005: Insufficient validation of untrusted input in Safe
       Browsing. Reported by Umar Farooq.
     - CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert.
     - CVE-2024-7255: Out of bounds read in WebTransport.
       Reported by Marten Richter.
     - CVE-2024-7256: Insufficient data validation in Dawn.
       Reported by gelatin dessert.
   * Switch from building against (gcc's) libstdc++ to (clang's) libc++.
     Upstream is playing fast and loose with memory in ways that results
     in crashes with gcc's stricter libstdc++, but not with clang's libc++
     (which allows accessing deleting memory apparently). We can't maintain
     workarounds any more, and upstream really doesn't care (see, for
     example, https://crbug.com/346174906 , where they add workarounds only
     for their ASAN memory checker).
   * d/copyright:
     - delete new rust, cargo, llvm, and node binaries.
     - delete third_party/zstd so we can link against system zstd.
     - stop deleting the bundled woff, snappy, and jsoncpp; those can't be
       dynamically linked against with clang's libc++.
   * d/control:
     - build-dep against libzstd-dev and bindgen.
     - drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and
       add build-deps on libc++-16-dev / libc++abi-16-dev.
   * d/rules:
     - drop use_goma=false (upstream switched to rbe).
     - set rust_bindgen_root.
     - rework get-orig-source to not use mk-origtargz, which is
     incredibly slow (total run 45 mins for the current 6.2G upstream
     release). Instead, use d/scripts/get-exludes.pl and tar's
     --exclude-from to drastically speed things up (total run now takes
     8 mins).
     - include bindgen 0.66.1-3 packages from snapshot.debian.org, as
       bookworm's bindgen 0.60.1 is too old. The packages are
       unpacked during build.
   * d/patches:
     - upstream/tabstrip-include.patch: drop, merged upstream.
     - upstream/quiche-deque.patch: drop, merged upstream.
     - upstream/gpu-header.patch: drop, merged upstream.
     - upstream/blink-header.patch: drop, merged upstream.
     - upstream/blink-header2.patch: drop, merged upstream.
     - upstream/blink-header3.patch: drop, merged upstream.
     - upstream/realtime-reporting.patch: drop, merged upstream.
     - upstream/urlvisit-header.patch: drop, merged upstream.
     - upstream/accessibility-format.patch: drop, merged upstream.
     - upstream/observer.patch: drop, merged upstream.
     - bookworm/clang16.patch: refresh.
     - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - disable/signin.patch: upstream dropped prefs::kAutologinEnabled.
     - upstream/crabbyav1f.patch: add build fix pulled from upstream.
     - upstream/lock-impl.patch: add build fix pulled from upstream.
     - upstream/containers-header.patch: add build fix pulled from upstream.
     - upstream/paint-layer-header.patch: add build fix pulled from upstream
     - fixes/bindgen.patch: work around bindgen-related things (hopefully
       correctly?)
     - bookworm/lex-3way.patch: add patch to support
       std::lexicographical_compare_three_way, which was added in clang-17.
     - bookworm/traitors.patch: another clang-16 hack; backport
       pointer_traits.h from libc++-18-dev to work around clang
       std::to_address() issue.
     - bookworm/constexpr.patch: add more of the usual constexpr
       workarounds; only needed for clang-16.
     - bookworm/constcountrycode.patch, bookworm/omnibox-constexpr.patch:
       remove, now part of bookworm/constexpr.patch.
     - fixes/absl-optional.patch: drop, only needed for libstdc++-dev.
     - fixes/bad-font-gc*: drop, only needed for libstdc++-dev.
     - fixes/chromium-browser-ui-missing-deps.patch: add a bunch of
       mojo-related dependency build fixes.
     - bookworm/bubble-contents.patch: refresh.
     - bookworm/gn-funcs.patch: add workarounds for missing functions in
       bookworm's older generate-ninja.
     - bookworm/gn-absl.patch: add workarounds for absl changes that rely
       on newer gn.
     - bookworm/crabbyav1f.patch: add experimental feature toggle, needed
       for older rustc.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on
       64k page systems such as aarch64 and ppc64el
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed
     - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
       changes
chromium (126.0.6478.182-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6772: Inappropriate implementation in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo.
     - CVE-2024-6774: Use after free in Screen Capture. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
       at QI-ANXIN Group.
     - CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous.
     - CVE-2024-6776: Use after free in Audio. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
       at QI-ANXIN Group.
     - CVE-2024-6777: Use after free in Navigation.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6778: Race in DevTools. Reported by Allen Ding.
     - CVE-2024-6779: Out of bounds memory access in V8.
       Reported by Seunghyun Lee (@0x10n).
chromium (126.0.6478.182-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6772: Inappropriate implementation in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo.
     - CVE-2024-6774: Use after free in Screen Capture. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
       at QI-ANXIN Group.
     - CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous.
     - CVE-2024-6776: Use after free in Audio. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
       at QI-ANXIN Group.
     - CVE-2024-6777: Use after free in Navigation.
       Reported by Sven Dysthe (@svn-dys).
     - CVE-2024-6778: Race in DevTools. Reported by Allen Ding.
     - CVE-2024-6779: Out of bounds memory access in V8.
       Reported by Seunghyun Lee (@0x10n).
chromium (126.0.6478.126-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6291: Use after free in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
   * d/patches/upstream/observer.patch: add crash-on-exit fix from
     upstream (closes: #1073378).
chromium (126.0.6478.126-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie.
   * Revert libxml2-dev versioned build dep, and re-add
     d/patches/fixes/libxml-parseerr.patch.
 .
 chromium (126.0.6478.126-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6291: Use after free in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
   * d/patches/upstream/observer.patch: add crash-on-exit fix from
     upstream (closes: #1073378).
 .
 chromium (126.0.6478.114-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
       (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024.
     - CVE-2024-6101: Inappropriate implementation in WebAssembly.
       Reported by @ginggilBesel.
     - CVE-2024-6102: Out of bounds memory access in Dawn.
       Reported by wgslfuzz.
     - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
 .
 chromium (126.0.6478.56-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
 .
 chromium (125.0.6422.141-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5493: Heap buffer overflow in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5496: Use after free in Media Session.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
     - CVE-2024-5498: Use after free in Presentation API.
     - CVE-2024-5499: Out of bounds write in Streams API.
   * d/patches/fixes/libxml-parseerr.patch: delete, now that we have a
     newer libxml2.
   * d/control: add versioned build-dep on libxml2-dev >= 2.12.
 .
 chromium (125.0.6422.112-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
       Google's Threat Analysis Group and Brendon Tiszka of Chrome Security.
   * Fix handling of quoted arguments (closes: #1071662).
 .
 chromium (125.0.6422.76-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
     - CVE-2024-5158: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5159: Heap buffer overflow in ANGLE.
       Reported by David Sievers (@loknop).
     - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
   * Don't silently ignore arguments meant for the wrapper script if chromium
     args happen to come first (closes: #1068096).
   * d/patches:
     - upstream/tabstrip-include.patch: add header build fix.
chromium (126.0.6478.126-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6291: Use after free in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
   * d/patches/upstream/observer.patch: add crash-on-exit fix from
     upstream (closes: #1073378).
chromium (126.0.6478.114-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
       (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024.
     - CVE-2024-6101: Inappropriate implementation in WebAssembly.
       Reported by @ginggilBesel.
     - CVE-2024-6102: Out of bounds memory access in Dawn.
       Reported by wgslfuzz.
     - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
chromium (126.0.6478.114-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
       (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024.
     - CVE-2024-6101: Inappropriate implementation in WebAssembly.
       Reported by @ginggilBesel.
     - CVE-2024-6102: Out of bounds memory access in Dawn.
       Reported by wgslfuzz.
     - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
chromium (126.0.6478.56-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
chromium (125.0.6422.141-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5493: Heap buffer overflow in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5496: Use after free in Media Session.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
     - CVE-2024-5498: Use after free in Presentation API.
     - CVE-2024-5499: Out of bounds write in Streams API.
   * d/patches/fixes/libxml-parseerr.patch: delete, now that we have a
     newer libxml2.
   * d/control: add versioned build-dep on libxml2-dev >= 2.12.
chromium (125.0.6422.141-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5493: Heap buffer overflow in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5496: Use after free in Media Session.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
     - CVE-2024-5498: Use after free in Presentation API.
     - CVE-2024-5499: Out of bounds write in Streams API.
   * d/patches/fixes/libxml-parseerr.patch: move to bookworm directory.
   * d/control: add versioned build-dep on libxml2-dev < 2.10.
chromium (125.0.6422.112-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
       Google's Threat Analysis Group and Brendon Tiszka of Chrome Security.
   * Fix handling of quoted arguments (closes: #1071662).
chromium (125.0.6422.112-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
       Google's Threat Analysis Group and Brendon Tiszka of Chrome Security.
   * Fix handling of quoted arguments (closes: #1071662).
chromium (125.0.6422.76-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
     - CVE-2024-5158: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5159: Heap buffer overflow in ANGLE.
       Reported by David Sievers (@loknop).
     - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
   * Don't silently ignore arguments meant for the wrapper script if chromium
     args happen to come first (closes: #1068096).
   * d/patches:
     - upstream/tabstrip-include.patch: add header build fix.
chromium (125.0.6422.76-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
     - CVE-2024-5158: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5159: Heap buffer overflow in ANGLE.
       Reported by David Sievers (@loknop).
     - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
   * Don't silently ignore arguments meant for the wrapper script if chromium
     args happen to come first (closes: #1068096).
chromium (125.0.6422.60-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-4947: Type Confusion in V8. Reported by Vasily
       Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky.
     - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-4949: Use after free in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-4950: Inappropriate implementation in Downloads.
       Reported by Shaheen Fazim.
   * d/copyright: fix instrumented_libs deletion; upstream renamed it.
   * d/scripts/unbundle: bundle new requirement absl_crc (which is
     unavailable in bookworm).
   * d/patches:
     - upstream/uint-includes.patch: drop,merged upstream.
     - upstream/fps-optional.patch: drop, merged upstream.
     - upstream/span-optional.patch: drop, merged upstream.
     - upstream/extractor-bitset.patch: drop, merged upstream.
     - upstream/atomic.patch: drop, merged upstream.
     - upstream/webgpu-optional.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - i386/angle-lockfree.patch: drop, I _think_ it's no longer needed.
     - upstream/ruy-include.patch: add header build fix.
     - upstream/vulkan-include.patch: add header build fix.
     - upstream/mojo-bindings-include.patch: add header build fix.
     - upstream/appservice-include.patch: add header build fix.
     - upstream/no-vector-consts.patch: add build fix; gnu libstdc++
       doesn't allow const types inside vectors.
     - upstream/lens-include.patch: add header build fix.
     - bookworm/nvt2.patch: drop (replace with a better non-revert patch).
     - bookworm/v8-wrappable.patch: add nvt2.patch build fix replacement
       that just defines a single struct member.
     - upstream/ninja.patch: add build fix for failure triggered by
       ninja-1.12 (closes: #1071197).
     - fixes/bad-font-gc00000.patch: add formatting patch revert to make
       other patches easier to apply.
     - fixes/bad-font-gc2.patch: add a build failure fix & refresh.
     - fixes/bad-font-gc11.patch: add a build failure fix & refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Modify for
       upstream changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Add
       pregenerated configuration for ppc64el support in BoringSSL
     - third_party/0002-third-party-boringssl-add-generated-files.patch:
       Rename to third_party/0002-Add-PPC64-generated-files-for-boringssl.patch
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - ffmpeg/0001-Add-support-for-ppc64.patch: Refresh for upstream changes
chromium (125.0.6422.60-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-4947: Type Confusion in V8. Reported by Vasily
       Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky.
     - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-4949: Use after free in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-4950: Inappropriate implementation in Downloads.
       Reported by Shaheen Fazim.
   * d/copyright: fix instrumented_libs deletion; upstream renamed it.
   * d/scripts/unbundle: bundle new requirement absl_crc (which is
     unavailable in bookworm).
   * d/patches:
     - upstream/uint-includes.patch: drop,merged upstream.
     - upstream/fps-optional.patch: drop, merged upstream.
     - upstream/span-optional.patch: drop, merged upstream.
     - upstream/extractor-bitset.patch: drop, merged upstream.
     - upstream/atomic.patch: drop, merged upstream.
     - upstream/webgpu-optional.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - i386/angle-lockfree.patch: drop, I _think_ it's no longer needed.
     - upstream/ruy-include.patch: add header build fix.
     - upstream/vulkan-include.patch: add header build fix.
     - upstream/mojo-bindings-include.patch: add header build fix.
     - upstream/appservice-include.patch: add header build fix.
     - upstream/no-vector-consts.patch: add build fix; gnu libstdc++
       doesn't allow const types inside vectors.
     - upstream/lens-include.patch: add header build fix.
     - bookworm/nvt2.patch: drop (replace with a better non-revert patch).
     - bookworm/v8-wrappable.patch: add nvt2.patch build fix replacement
       that just defines a single struct member.
     - upstream/ninja.patch: add build fix for failure triggered by
       ninja-1.12.
     - fixes/bad-font-gc00000.patch: add formatting patch revert to make
       other patches easier to apply.
     - fixes/bad-font-gc2.patch: add a build failure fix & refresh.
     - fixes/bad-font-gc11.patch: add a build failure fix & refresh.
     - bookworm/bubble-contents.patch: refresh.
     - bookworm/omnibox-constexpr.patch: add constexpr -> const build fix.
     - upstream/tabstrip-include.patch: add header build fix.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Modify for
       upstream changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Add
       pregenerated configuration for ppc64el support in BoringSSL
     - third_party/0002-third-party-boringssl-add-generated-files.patch:
       Rename to third_party/0002-Add-PPC64-generated-files-for-boringssl.patch
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - ffmpeg/0001-Add-support-for-ppc64.patch: Refresh for upstream changes
chromium (124.0.6367.207-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous.
chromium (124.0.6367.207-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous.
chromium (124.0.6367.201-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4671: Use after free in Visuals. Reported by Anonymous.
chromium (124.0.6367.201-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4671: Use after free in Visuals. Reported by Anonymous.
chromium (124.0.6367.155-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert.
     - CVE-2024-4559: Heap buffer overflow in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
   * d/control: replace libu2f-udev recommends with udev (closes: #1070283).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/skia-vsx-instructions.patch: fix various issues.
chromium (124.0.6367.155-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert.
     - CVE-2024-4559: Heap buffer overflow in WebAudio.
       Reported by Cassidy Kim(@cassidy6564).
   * d/control: replace libu2f-udev recommends with udev (closes: #1070283).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/skia-vsx-instructions.patch: fix various issues.
chromium (124.0.6367.118-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4331: Use after free in Picture In Picture.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz.
   * Build-dep on libhwy-dev and delete the bundled third_party/highway.
   * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng.
   * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d.
   * d/patches:
     - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch,
       ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch,
       ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch,
       fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed
       for bundled libdav1d.
     - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch,
       ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop
       these two patches that were needed for bundled highway.
     - upstream/ozone1.patch: drop, merged upstream.
     - upstream/ozone2.patch: drop, merged upstream.
     - fixes/bad-font-gc2.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent
       breakage of i386 build
chromium (124.0.6367.118-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4331: Use after free in Picture In Picture.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz.
   * Build-dep on libhwy-dev and delete the bundled third_party/highway.
   * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng.
   * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d.
   * d/patches:
     - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch,
       ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch,
       ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch,
       fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed
       for bundled libdav1d.
     - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch,
       ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop
       these two patches that were needed for bundled highway.
     - upstream/ozone1.patch: drop, merged upstream.
     - upstream/ozone2.patch: drop, merged upstream.
     - fixes/bad-font-gc2.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent
       breakage of i386 build
chromium (124.0.6367.78-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4058: Type Confusion in ANGLE.
       Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure.
     - CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik.
     - CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz.
chromium (124.0.6367.78-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4058: Type Confusion in ANGLE.
       Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure.
     - CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik.
     - CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz.
 .
 chromium (124.0.6367.60-2~deb12u1) bookworm-security; urgency=high
 .
   * d/patches/ppc64le:
      - third_party/0001-Add-PPC64-support-for-boringssl.patch: update for
        upstream boringssl changes and reenable
      - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
        regenerate from new ffmpeg source tree
      - third_party/skia-vsx-instructions.patch: update for upstream changes
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/arm64-ftbfs.patch: add arm64-specific ftbfs fix for libdav1d.
     - upstream/ozone1.patch, upstream/ozone2.patch: backport fixes for
       broken wayland support (closes: #1069586).
chromium (124.0.6367.60-2) unstable; urgency=high
 .
   * d/patches/ppc64le:
      - third_party/0001-Add-PPC64-support-for-boringssl.patch: update for
        upstream boringssl changes and reenable
      - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
        regenerate from new ffmpeg source tree
      - third_party/skia-vsx-instructions.patch: update for upstream changes
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/arm64-ftbfs.patch: add arm64-specific ftbfs fix for libdav1d.
     - upstream/ozone1.patch, upstream/ozone2.patch: backport fixes for
       broken wayland support (closes: #1069586).
chromium (124.0.6367.60-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
chromium (124.0.6367.60-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
chromium (123.0.6312.122-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3157: Out of bounds write in Compositing.
       Reported by DarkNavy.
     - CVE-2024-3516: Heap buffer overflow in ANGLE.
       Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure.
     - CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz.
chromium (123.0.6312.122-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3157: Out of bounds write in Compositing.
       Reported by DarkNavy.
     - CVE-2024-3516: Heap buffer overflow in ANGLE.
       Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure.
     - CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz.
chromium (123.0.6312.105-2) unstable; urgency=high
 .
   * Depend on libgtk-3-0t64 instead of libgtk-3-0 for time_t transition
     (closes: #1068540).
chromium (123.0.6312.105-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3156: Inappropriate implementation in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish.
     - CVE-2024-3159: Out of bounds memory access in V8. Reported by
       Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto
       Networks, via Pwn2Own 2024.
chromium (123.0.6312.105-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie.
 .
 chromium (123.0.6312.105-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3156: Inappropriate implementation in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish.
     - CVE-2024-3159: Out of bounds memory access in V8. Reported by
       Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto
       Networks, via Pwn2Own 2024.
 .
 chromium (123.0.6312.86-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2883: Use after free in ANGLE.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-2886: Use after free in WebCodecs. Reported by
       Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024.
     - CVE-2024-2887: Type Confusion in WebAssembly.
       Reported by Manfred Paul, via Pwn2Own 2024.
   * d/patches/ppc64le:
     - fixes/fix-clang-selection.patch: select clang on ppc64 platforms
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix
       ARM builds.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of
       upstream commits that result in blink's garbage collector frequently
       deadlocking and crashing (closes: #1067886).
 .
 chromium (123.0.6312.58-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2625: Object lifecycle issue in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-2626: Out of bounds read in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-2628: Inappropriate implementation in Downloads.
       Reported by Ath3r1s.
     - CVE-2024-2629: Incorrect security UI in iOS.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-2630: Inappropriate implementation in iOS.
       Reported by James Lee (@Windowsrcer).
     - CVE-2024-2631: Inappropriate implementation in iOS.
       Reported by Ramit Gangwar.
   * d/patches:
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/bookmarknode.patch: drop, merged upstream.
     - upstream/optional.patch: drop, merged upstream.
     - upstream/uniqptr.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/material-utils.patch: drop part that was merged upstream.
     - disable/catapult.patch: refresh.
     - bookworm/constexpr-equality.patch: include another similar fix.
     - bookworm/nvt.patch: refresh.
     - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - disable/angle-perftests.patch: drop, replace with a gn build argument.
     - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
       clap-lex crate, as it's using 1.74 features and we only have 1.70.
     - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
     - fixes/optional2.patch: add another missing <optional> inclusion.
     - fixes/stats-collector.patch: add build fix for wrong header.
     - disable/screen-ai-blob.patch: add patch to not register the
       ScreenAI component. Previously, if you opened a PDF and clicked
       "open in reader mode", it would download a binary blob to
       ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
       what else) in that opaque blob without warning you. We, uh, don't
       want that. (closes: #1066910).
   * d/rules: add angle_build_tests=false build argument, which allows us to
     drop angle-perftests.patch.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/blink-fonts-shape-result.patch: pull in upstream patch for
       compilation failure in Blink SameSizeAsShapeResult class
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/skia-vsx-instructions.patch: refresh & harden Skia against
       timing attacks.
 .
 chromium (122.0.6261.128-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2400: Use after free in Performance Manager.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
 .
 chromium (122.0.6261.111-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2173: Out of bounds memory access in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-2174: Inappropriate implementation in V8.
       Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - CVE-2024-2176: Use after free in FedCM. Reported by Anonymous.
 .
 chromium (122.0.6261.94-1) unstable; urgency=high
 .
   * New upstream security release.
     - Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - Type Confusion in V8. Reported by
       Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab.
chromium (123.0.6312.105-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3156: Inappropriate implementation in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish.
     - CVE-2024-3159: Out of bounds memory access in V8. Reported by
       Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto
       Networks, via Pwn2Own 2024.
chromium (123.0.6312.86-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2883: Use after free in ANGLE.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-2886: Use after free in WebCodecs. Reported by
       Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024.
     - CVE-2024-2887: Type Confusion in WebAssembly.
       Reported by Manfred Paul, via Pwn2Own 2024.
   * d/patches/ppc64le:
     - fixes/fix-clang-selection.patch: select clang on ppc64 platforms
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix
       ARM builds.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of
       upstream commits that result in blink's garbage collector frequently
       deadlocking and crashing (closes: #1067886).
chromium (123.0.6312.86-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2883: Use after free in ANGLE.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-2886: Use after free in WebCodecs. Reported by
       Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024.
     - CVE-2024-2887: Type Confusion in WebAssembly.
       Reported by Manfred Paul, via Pwn2Own 2024.
   * d/patches/ppc64le:
     - fixes/fix-clang-selection.patch: select clang on ppc64 platforms
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix
       ARM builds.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of
       upstream commits that result in blink's garbage collector frequently
       deadlocking and crashing (closes: #1067886).
 .
 chromium (123.0.6312.58-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2625: Object lifecycle issue in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-2626: Out of bounds read in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-2628: Inappropriate implementation in Downloads.
       Reported by Ath3r1s.
     - CVE-2024-2629: Incorrect security UI in iOS.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-2630: Inappropriate implementation in iOS.
       Reported by James Lee (@Windowsrcer).
     - CVE-2024-2631: Inappropriate implementation in iOS.
       Reported by Ramit Gangwar.
   * d/patches:
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/bookmarknode.patch: drop, merged upstream.
     - upstream/optional.patch: drop, merged upstream.
     - upstream/uniqptr.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/material-utils.patch: drop part that was merged upstream.
     - disable/catapult.patch: refresh.
     - bookworm/constexpr-equality.patch: include another similar fix.
     - bookworm/nvt.patch: refresh.
     - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - disable/angle-perftests.patch: drop, replace with a gn build argument.
     - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
       clap-lex crate, as it's using 1.74 features and we only have 1.70.
     - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
     - fixes/optional2.patch: add another missing <optional> inclusion.
     - fixes/stats-collector.patch: add build fix for wrong header.
     - disable/screen-ai-blob.patch: add patch to not register the
       ScreenAI component. Previously, if you opened a PDF and clicked
       "open in reader mode", it would download a binary blob to
       ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
       what else) in that opaque blob without warning you. We, uh, don't
       want that. (closes: #1066910).
     - bookworm/generate-ninja.patch: drop, merged upstream.
     - bookworm/bubble-contents.patch: update for renamed header.
     - bookworm/eraseif0.patch, eraseif-lambda.patch: drop, upstream merged
       a fix for g++-12 compilation.
     - bookworm/constexpr.patch: add yet another constexpr g++-12 fix.
     - bookworm/sizet.patch: another simple g++-12 build fix.
   * d/rules: add angle_build_tests=false build argument, which allows us to
     drop angle-perftests.patch.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/blink-fonts-shape-result.patch: pull in upstream patch for
       compilation failure in Blink SameSizeAsShapeResult class
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/skia-vsx-instructions.patch: refresh & harden Skia against
       timing attacks.
chromium (123.0.6312.58-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2625: Object lifecycle issue in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-2626: Out of bounds read in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-2628: Inappropriate implementation in Downloads.
       Reported by Ath3r1s.
     - CVE-2024-2629: Incorrect security UI in iOS.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-2630: Inappropriate implementation in iOS.
       Reported by James Lee (@Windowsrcer).
     - CVE-2024-2631: Inappropriate implementation in iOS.
       Reported by Ramit Gangwar.
   * d/patches:
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/bookmarknode.patch: drop, merged upstream.
     - upstream/optional.patch: drop, merged upstream.
     - upstream/uniqptr.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/material-utils.patch: drop part that was merged upstream.
     - disable/catapult.patch: refresh.
     - bookworm/constexpr-equality.patch: include another similar fix.
     - bookworm/nvt.patch: refresh.
     - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - disable/angle-perftests.patch: drop, replace with a gn build argument.
     - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
       clap-lex crate, as it's using 1.74 features and we only have 1.70.
     - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
     - fixes/optional2.patch: add another missing <optional> inclusion.
     - fixes/stats-collector.patch: add build fix for wrong header.
     - disable/screen-ai-blob.patch: add patch to not register the
       ScreenAI component. Previously, if you opened a PDF and clicked
       "open in reader mode", it would download a binary blob to
       ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
       what else) in that opaque blob without warning you. We, uh, don't
       want that. (closes: #1066910).
   * d/rules: add angle_build_tests=false build argument, which allows us to
     drop angle-perftests.patch.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/blink-fonts-shape-result.patch: pull in upstream patch for
       compilation failure in Blink SameSizeAsShapeResult class
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/skia-vsx-instructions.patch: refresh & harden Skia against
       timing attacks.
chromium (122.0.6261.128-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2400: Use after free in Performance Manager.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
chromium (122.0.6261.128-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2400: Use after free in Performance Manager.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
chromium (122.0.6261.111-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2173: Out of bounds memory access in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-2174: Inappropriate implementation in V8.
       Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - CVE-2024-2176: Use after free in FedCM. Reported by Anonymous.
chromium (122.0.6261.111-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2173: Out of bounds memory access in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-2174: Inappropriate implementation in V8.
       Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - CVE-2024-2176: Use after free in FedCM. Reported by Anonymous.
   * d/rules: drop bullseye nodejs workaround.
   * Add a build-dep on (the newly backported) rustc-web, drop
     d/patches/bookworm/undo-rust-req.patch, and enable rust.
chromium (122.0.6261.94-1) unstable; urgency=high
 .
   * New upstream security release.
     - Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - Type Confusion in V8. Reported by
       Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab.
chromium (122.0.6261.94-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - Type Confusion in V8. Reported by
       Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab.
chromium (122.0.6261.57-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-1669: Out of bounds memory access in Blink.
       Reported by Anonymous.
     - CVE-2024-1670: Use after free in Mojo.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-1671: Inappropriate implementation in Site Isolation.
       Reported by Harry Chen.
     - CVE-2024-1672: Inappropriate implementation in Content Security Policy.
       Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien).
     - CVE-2024-1673: Use after free in Accessibility.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-1674: Inappropriate implementation in Navigation.
       Reported by David Erceg.
     - CVE-2024-1675: Insufficient policy enforcement in Download.
       Reported by Bartłomiej Wacko.
     - CVE-2024-1676: Inappropriate implementation in Navigation.
       Reported by Khalil Zhani.
   * d/patches:
     - fixes/v8-compressed-ptrs.patch: drop, merged upstream.
     - fixes/stdint.patch: drop, merged upstream.
     - upstream/vector.patch: drop, merged upstream.
     - upstream/display-header.patch: drop, merged upstream.
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/once_flag.patch: drop, merged upstream.
     - fixes/std-to-address.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - bookworm/clang16.patch: refresh, and change
       -Wno-c++11-narrowing-const-reference to -Wno-c++11-narrowing.
     - bookworm/nvt.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - bookworm/undo-internal-alloc.patch: revert a commit that confuses
       clang16 w/ libstdc++. We need a better workaround than this.
     - upstream/mojo.patch: update from git.
     - bookworm/constexpr-equality.patch: add a few more build fixes
       (constexpr removals).
     - upstream/uniqptr.patch: add missing include.
     - upstream/optional.patch: add missing include.
     - upstream/bookmarknode.patch: add comparison equality fix pulled from
       upstream.
     - fixes/optional.patch: add missing includes.
     - bookworm/nvt2.patch: revert another upstream c++-20 change for clang-16.
     - upstream/bitset.patch: add missing include.
     - ppc64le/v8/0002-Add-ppc64-trap-instructions.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Properly-detect-little-endian-PPC64-systems.patch: drop, upstream
       fix in GIT hash 25a6e6
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
       upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
chromium (122.0.6261.57-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-1669: Out of bounds memory access in Blink.
       Reported by Anonymous.
     - CVE-2024-1670: Use after free in Mojo.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-1671: Inappropriate implementation in Site Isolation.
       Reported by Harry Chen.
     - CVE-2024-1672: Inappropriate implementation in Content Security Policy.
       Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien).
     - CVE-2024-1673: Use after free in Accessibility.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-1674: Inappropriate implementation in Navigation.
       Reported by David Erceg.
     - CVE-2024-1675: Insufficient policy enforcement in Download.
       Reported by Bartłomiej Wacko.
     - CVE-2024-1676: Inappropriate implementation in Navigation.
       Reported by Khalil Zhani.
   * d/patches:
     - fixes/v8-compressed-ptrs.patch: drop, merged upstream.
     - fixes/stdint.patch: drop, merged upstream.
     - upstream/vector.patch: drop, merged upstream.
     - upstream/display-header.patch: drop, merged upstream.
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/once_flag.patch: drop, merged upstream.
     - fixes/std-to-address.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - bookworm/clang16.patch: refresh, and change
       -Wno-c++11-narrowing-const-reference to -Wno-c++11-narrowing.
     - bookworm/nvt.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - bookworm/undo-internal-alloc.patch: revert a commit that confuses
       clang16 w/ libstdc++. We need a better workaround than this.
     - upstream/mojo.patch: update from git.
     - bookworm/constexpr-equality.patch: add a few more build fixes
       (constexpr removals).
     - upstream/uniqptr.patch: add missing include.
     - upstream/optional.patch: add missing include.
     - upstream/bookmarknode.patch: add comparison equality fix pulled from
       upstream.
     - fixes/optional.patch: add missing includes.
     - bookworm/nvt2.patch: revert another upstream c++-20 change for clang-16.
     - upstream/bitset.patch: add missing include.
     - ppc64le/v8/0002-Add-ppc64-trap-instructions.patch: refresh.
     - bookworm/eraseif0.patch: revert another commit; needed by
       eraseif-lambda.patch.
     - bookworm/eraseif-lamba.patch: refresh.
     - bookworm/undo-rust-req.patch: refresh.
     - bookworm/bubble-contents.patch: remove static_assert() that fails with
       libstdc++12.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Properly-detect-little-endian-PPC64-systems.patch: drop, upstream
       fix in GIT hash 25a6e6
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
       upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
chromium (121.0.6167.160-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-1284: Use after free in Mojo. Reported by Anonymous.
     - CVE-2024-1283: Heap buffer overflow in Skia.
       Reported by Jorge Buzeti (@r3tr074).
chromium (121.0.6167.160-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-1284: Use after free in Mojo. Reported by Anonymous.
     - CVE-2024-1283: Heap buffer overflow in Skia.
       Reported by Jorge Buzeti (@r3tr074).
chromium (121.0.6167.139-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-1060: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-1059: Use after free in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-1077: Use after free in Network.
       Reported by Microsoft Security Research Center.

cinder (2:21.3.1-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream release.
   * Drop CVE-2023-2088_Reject_unsafe_delete_attachment_calls.patch applied
     upstream.
   * Blacklist RBDISCSITestCase.test_unsupported_client_version().
   * Add add-params-thin_provisioning-equal-one.patch.
   * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data.
     Add upstream patch (Closes: #1074763):
     - cve-2024-32498-cinder-stable-2023.1.patch
   * Build-depends on qemu-utils.
   * Correctly calls manage_glance_api_servers() in config script.

cockpit (287.1-0+deb12u3) bookworm; urgency=medium
 .
   * Add 0002-pam-ssh-add-Fix-insecure-killing-of-session-ssh-agen.patch:
     Cockpit’s pam_ssh_add module had a vulnerability when user_readenv is
     enabled in /etc/pam.d/cockpit (which is the default on Debian). This could
     cause a Denial of Service if a locally-authenticated user crafted a
     ~/.pam_environment file: it would kill an arbitrary process on the
     system with root privileges when logging out of a Cockpit session.
     Patch cherry-picked from upstream (08965365ac311f906a5).
     [CVE-2024-6126]

cups (2.4.2-3+deb12u7) bookworm; urgency=medium
 .
   * fix regression of CVE-2024-35235 in case only domain sockets
     are used
cups (2.4.2-3+deb12u6) bookworm; urgency=medium
 .
   * CVE-2024-35235 (Closes: #1073002)
     fix domain socket handling

curl (7.88.1-10+deb12u7) bookworm; urgency=medium
 .
   * Team upload.
   * debian/patches/CVE-2024-7264*: import and backport upstream patches to fix
     CVE-2024-7264 - ASN.1 date parser overread. (Closes: #1077656)

cyrus-imapd (3.6.1-4+deb12u3) bookworm; urgency=medium
 .
   * Fix regression introduced in CVE-2024-34055 fix (Closes: #1075853)

dcm2niix (1.0.20220720-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * CVE-2024-27629.patch: new: fix risk of arbitrary code execution.
     Fixes: CVE-2024-27629 (Closes: #1074534)

debian-installer (20230607+deb12u7) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-25.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u7) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u7, from bookworm-proposed-updates.

dmitry (1.3a-1.2+deb12u1) bookworm; urgency=medium
 .
   * QA upload.
 .
   * Fix format string bug (#3).
   * Fix handling externally-controlled format strings and buffer overflows
   * Do not let frmtdbuff overflow in nic_format_buff.
   * Switched maintainer to QA group, to reflect the packages orphaned state.
   * Solves CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938.

dovecot (1:2.3.19.1+dfsg1-2.1+deb12u1) bookworm-security; urgency=medium
 .
   * Security team upload:
   * [4fb8905] Import upstream fix for CVE-2024-23184 (Closes: #1078876)
   * [f428c53] Import upstream fix for CVE-2024-23185 (Closes: #1078877)

dropbear (2022.83-1+deb12u2) bookworm; urgency=medium
 .
   * Fix noremotetcp behavior.  Keepalive packets were being ignored when the
     ‛-k’ flag (or ‛no-port-forwarding’ authorized_keys(5) restriction) was
     used.  (Closes: #1069768)

emacs (1:28.2+1-15+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
     (CVE-2024-39331) (Closes: #1074137)

exim4 (4.96-15+deb12u5) bookworm-security; urgency=high
 .
   * Fix parsing of multiline RFC 2231 header filename parameter in mime ACL.
     CVE-2024-39929 Closes: #1075785

ffmpeg (7:5.1.6-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 5.1.6
     - Fixes CVE-2024-7055, CVE-2024-7272

firefox-esr (115.14.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-34, also known as:
     CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
     CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
     CVE-2024-7531.
firefox-esr (115.14.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-34, also known as:
     CVE-2024-7519, CVE-2024-7521, CVE-2024-7522, CVE-2024-7524,
     CVE-2024-7525, CVE-2024-7526, CVE-2024-7527, CVE-2024-7529,
     CVE-2024-7531.
firefox-esr (115.13.0esr-2) unstable; urgency=medium
 .
   * gfx/cairo/libpixman/src/pixman-arm-simd-asm.S: Adjust arm assembly for
     binutils change.
firefox-esr (115.13.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-30, also known as:
     CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
     CVE-2024-6604.
 .
   * debian/repack.py, debian/upstream.mk: Handle the upstream l10n migration
     to github.
firefox-esr (115.13.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-30, also known as:
     CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
     CVE-2024-6604.
 .
   * debian/repack.py, debian/upstream.mk: Handle the upstream l10n migration
     to github.
firefox-esr (115.13.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-30, also known as:
     CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603,
     CVE-2024-6604.
 .
   * debian/repack.py, debian/upstream.mk: Handle the upstream l10n migration
     to github.
firefox-esr (115.12.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-26, also known as:
     CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
     CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.

flatpak (1.14.10-1~deb12u1) bookworm-security; urgency=high
 .
   * Backport upstream stable release into Debian 12 (CVE-2024-42472)
   * d/control: Relax required bubblewrap version to 0.8.0-2+deb12u1.
     This version has a backport of the required --bind-fd option.
   * Other changes relative to 1.14.10-1 in unstable:
     - Revert polkitd dependencies to polkitd | policykit-1 as previously
       used in bookworm
     - Revert pkgconf dependencies to pkg-config as previously used in
       bookworm
     - Revert location of systemd unit to /lib/systemd/system as previously
       used in bookworm, dropping versioned dependency on debhelper 13.11.6~
     - Revert changes related to Debian 13 GIR XML packaging policy
 .
 flatpak (1.14.10-1) unstable; urgency=high
 .
   * New upstream stable release
     - Don't follow symbolic links when mounting persistent directories
       (--persist option). This prevents a sandbox escape where a malicious
       or compromised app could edit the symlink to point to a directory
       that the app should not have been allowed to read or write.
       (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
   * d/control: Bump required bubblewrap version to 0.10.0.
     This adds the new --bind-fd option, required to solve CVE-2024-42472
     without introducing a race condition.
flatpak (1.14.8-1) unstable; urgency=medium
 .
   * New upstream stable release 1.14.7
     - Automatically reload D-Bus session bus configuration when apps are
       installed or upgraded, ensuring that any new .service files get
       picked up
     - Allow apps to be run if the D-Bus system bus is missing or
       non-functional
     - Add several more environment variables to the list not inherited
       into the sandbox:
       + $LD_AUDIT, $LD_PRELOAD for ld.so
       + $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL
       + $VK_ADD_DRIVER_FILES, etc. for Vulkan
       + $container, when running Flatpak inside a container manager
     - Use xdg-desktop-portal-gnome, if installed, to detect whether apps
       are running in the background
     - If an app's data is migrated to a new name and then deleted, don't
       try to migrate it again, avoiding a recursive symlink loop
     - Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh
       into user shell sessions
     - Avoid an out-of-bounds left-shift (which is technically undefined
       behaviour) when hashing object names
     - Fix critical warnings "GFileInfo created without
       standard::is-symlink" when using /var/lib/flatpak/extension with
       testing/unstable glib2.0
     - Fix validation of documentation against Docbook DTD
     - Fix a misleading comment in the test for CVE-2024-32462
     - Fix a double-free in the test suite
     - Skip more tests if bubblewrap works but FUSE doesn't
   * New upstream stable release 1.14.8
     - Respin of 1.14.7 reverting unintended submodule changes
   * d/control: Replace one more polkitd|policykit-1 dependency with polkitd
   * d/control: Move dbus-system-bus from Depends to Recommends.
     `flatpak run` no longer has a working system bus as a hard requirement.

gettext.js (0.7.0-3+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Fix SSRF issue (Closes: #1078880, CVE-2024-43370)

glance (2:25.1.0-2+deb12u1) bookworm-security; urgency=high
 .
   * CVE-2024-32498: Arbitrary file access through custom QCOW2 external data.
     Add upstream patch (Closes: #1074761):
     - CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch
     - CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch
     - CVE-2024-32498_3_1_glance-stable-2023.1.patch
     - CVE-2024-32498_3_2_glance-stable-2023.1.patch
     - CVE-2024-32498_3_3_glance-stable-2023.1.patch
     - CVE-2024-32498_3_4_glance-stable-2023.1.patch
     - CVE-2024-32498_3_5_glance-stable-2023.1.patch
     - CVE-2024-32498_3_6_glance-stable-2023.1.patch
     - CVE-2024-32498_3_7_glance-stable-2023.1.patch

glibc (2.36-9+deb12u8) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - debian/patches/kfreebsd/submitted-auxv.diff: refreshed.
     - debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: upstreamed.
     - debian/patches/any/local-CVE-2024-33599-nscd.diff: upstreamed.
     - debian/patches/any/local-CVE-2024-33600-nscd.diff: upstreamed.
     - debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: upstreamed.
     - Fixes ffsll() performance issue depending on code alignment.
     - Fixes memmove/memset on sparc32.
     - Fixes pthread_cancel on sparc32.
     - Fixes a possible crash in _dl_start_user on arm32.
     - Fixes poor malloc/free performance due to lock contentions between
       threads when using core pinning.
     - Uses 64-bit time_t in testsuite on 32-bit systems.
     - Fixes rseq support when built against newer kernel headers.
     - Performance improvements for string functions on arm64.
     - Disables arm64 SVE functions on kernel <= 6.2.0 due to performance
       issues.
     - Fixes ld.so crash on powerpc64* when built with GCC 14.
     - Fixes ld.so crash on amd64 when built with APX enabled.
     - Fixes __WORDSIZE definition on sparc32 with sparcv9.
     - Fixes getutxent() on 32-bit architecture with _TIME_BITS=64.
     - Fixes y2038 regression in nscd following CVE-2024-33601 and
       CVE-2024-33602 fix.
     - Fixes build with --enable-hardcoded-path-in-tests with newer linkers.
     - Fixes crash in wcsncmp() in z13/vector-optimized s390 implementation.
     - Fixes rseq extension mechanism.
     - Fixes misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 with kernel
       6.9+.
     - Fixes freeing uninitialized memory in libc_freeres_fn().  Closes:
       #1073916.

glogic (2.6-6+deb12u1) bookworm; urgency=medium
 .
   * Add patch to require Gtk 3.0 and PangoCairo 1.0
     (Closes: #1058575)

graphviz (2.42.2-7+deb12u1) bookworm; urgency=medium
 .
   * Apply fix for broken scale (closes: #1075904).

gtk+2.0 (2.24.33-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * d/control.in, d/gbp.conf: Set packaging branch for Debian 12 updates
   * d/control.in: Freeze previous Uploaders
   * d/p/CVE-2024-6655.patch:
     Add patch backported from 3.24.43 to avoid looking for modules in
     current working directory (CVE-2024-6655)
gtk+2.0 (2.24.33-2+deb11u1) bullseye; urgency=medium
 .
   * Team upload
   * d/control.in, d/gbp.conf: Set packaging branch for Debian 11 updates
   * d/control.in: Freeze previous Uploaders
   * d/p/CVE-2024-6655.patch:
     Add patch backported from 3.24.43 to avoid looking for modules in
     current working directory (CVE-2024-6655)

gtk+3.0 (3.24.38-2~deb12u2) bookworm; urgency=medium
 .
   * d/p/Stop-looking-for-modules-in-cwd.patch:
     Add patch backported from 3.24.43 to avoid looking for modules in
     current working directory (CVE-2024-6655)

imagemagick (8:6.9.11.60+dfsg-1.6+deb12u2) bookworm; urgency=medium
 .
   * CVE-2023-34151 fix was incomplete (Closes: #1070340)
   * Fix variation of CVE-2023-1289 found by testing.

initramfs-tools (0.142+deb12u1) bookworm; urgency=medium
 .
   [ Ben Hutchings ]
   * [522d475] d/salsa-ci.yml: Set RELEASE to bookworm
   * [05e5fb9] hook_functions: Fix copy_file with source including a directory
     symlink (Closes: #1076539)
   * [f52ae2d] hook-functions: copy_file: Canonicalise target filename
     (Closes: #1079276)
 .
   [ szubersk ]
   * [d502a7f] Fix/ignore ShellCheck findings
 .
   [ Benjamin Drung ]
   * [ce185c3] test: Fix too small ext2 block count
   * [cd5e8e8] install hid-multitouch module for Surface Pro 4 Keyboard
     (LP: #1772094)
 .
   [ Arnaud Rebillout ]
   * [4cc2bc7] Add hyper-keyboard module, needed to enter LUKS password in
     Hyper-V (Closes: #1028511)
 .
   [ Alper Nebi Yasak ]
   * [5d28dad] hook-functions: auto_add_modules: Add onboard_usb_hub,
     onboard_usb_dev

intel-microcode (3.20240813.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm (no changes from 3.20240813.1)
 .
 intel-microcode (3.20240813.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240813 (closes: #1078742)
     - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
       Incorrect behavior order in transition between executive monitor and SMI
       transfer monitor (STM) in some Intel Processors may allow a privileged
       user to potentially enable escalation of privilege via local access.
     - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
       Mirrored regions with different values in 3rd Generation Intel Xeon
       Scalable Processors may allow a privileged user to potentially enable
       denial of service via local access.
     - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
       Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
       Xeon Processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
       Improper isolation in the Intel Core Ultra Processor stream cache
       mechanism may allow an authenticated user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
       Improper isolation in some Intel® Processors stream cache mechanism may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Fix for unspecified functional issues on several processor models
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
     sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
     sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
     sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
     sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
     sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
     sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
     sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
     sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
     sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
     sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
   * source: update symlinks to reflect id of the latest release, 20240813
   * postinst, postrm: switch to dpkg-trigger to run update-initramfs
 .
 intel-microcode (3.20240531.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240531
     * Fix unspecified functional issues on Pentium Silver N/J5xxx,
       Celeron N/J4xxx
     * Updated Microcodes:
       sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
   * source: update symlinks to reflect id of the latest release, 20240531
intel-microcode (3.20240813.1~deb11u1) bullseye; urgency=medium
 .
   * Build for bullseye (no changes from 3.20240813.1)
 .
 intel-microcode (3.20240813.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240813 (closes: #1078742)
     - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
       Incorrect behavior order in transition between executive monitor and SMI
       transfer monitor (STM) in some Intel Processors may allow a privileged
       user to potentially enable escalation of privilege via local access.
     - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
       Mirrored regions with different values in 3rd Generation Intel Xeon
       Scalable Processors may allow a privileged user to potentially enable
       denial of service via local access.
     - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
       Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
       Xeon Processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
       Improper isolation in the Intel Core Ultra Processor stream cache
       mechanism may allow an authenticated user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
       Improper isolation in some Intel® Processors stream cache mechanism may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Fix for unspecified functional issues on several processor models
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
     sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
     sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
     sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
     sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
     sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
     sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
     sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
     sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
     sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
     sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
   * source: update symlinks to reflect id of the latest release, 20240813
   * postinst, postrm: switch to dpkg-trigger to run update-initramfs
 .
 intel-microcode (3.20240531.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240531
     * Fix unspecified functional issues on Pentium Silver N/J5xxx,
       Celeron N/J4xxx
     * Updated Microcodes:
       sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
   * source: update symlinks to reflect id of the latest release, 20240531
intel-microcode (3.20240531.1+nmu1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Install aliased files into /usr (DEP17 M2) (Closes: #1060200)
   * Add superficial autopkgtest for initramfs hook.
intel-microcode (3.20240531.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240531
     * Fix unspecified functional issues on Pentium Silver N/J5xxx,
       Celeron N/J4xxx
     * Updated Microcodes:
       sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
   * source: update symlinks to reflect id of the latest release, 20240531
intel-microcode (3.20240514.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240514
     * Mitigations for INTEL-SA-01051 (CVE-2023-45733)
       Hardware logic contains race conditions in some Intel Processors may
       allow an authenticated user to potentially enable partial information
       disclosure via local access.
     * Mitigations for INTEL-SA-01052 (CVE-2023-46103)
       Sequence of processor instructions leads to unexpected behavior in
       Intel Core Ultra Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     * Mitigations for INTEL-SA-01036 (CVE-2023-45745,  CVE-2023-47855)
       Improper input validation in some Intel TDX module software before
       version 1.5.05.46.698 may allow a privileged user to potentially enable
       escalation of privilege via local access.
     * Fix for unspecified functional issues on 4th gen and 5th gen Xeon
       Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
       Core i3 N-series processors.
     * Updated microcodes:
       sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
       sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
       sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
       sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
       sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
       sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
       sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
       sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
       sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
       sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
   * source: update symlinks to reflect id of the latest release, 20240514

ipmitool (1.8.19-4+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Add missing enterprise-numbers.txt file (Closes: #1040186).

krb5 (1.20.1-2+deb12u2) bookworm-security; urgency=high
 .
   * CVE-2024-37370: an unauthenticated attacker can modify the
     extra count in an RFC 4121 GSS token, causing the token to appear
     truncated.
   *  CVE-2024-37371: an attacker can cause invalid memory reads by
     sending an invalid GSS token.

libapache2-mod-auth-openidc (2.4.12.3-2+deb12u2) bookworm; urgency=medium
 .
   * Add patch for "oidc_check_x_forwarded_hdr check segfaults"
     (Closes: #1076429)

libnvme (1.3-1+deb12u1) bookworm; urgency=medium
 .
   * Uploading to bookworm.
   * Cherry-picking upstream commits to fix buffer overflow during scanning
     devices that do not support sub-4k reads (Closes: #1054631).

libreoffice (4:7.4.7-1+deb12u4) bookworm-security; urgency=medium
 .
   * remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff:
     as name says (CVE-2024-6472)
 .
   * debian/rules:
     - fix kio sed call introduced in last upload

libvirt (9.0.0-4+deb12u1) bookworm; urgency=medium
 .
   [ Cyril Brulebois ]
   * [6a7f95a] patches: Add backports
     - backport/virsh-Make-domif-setlink-work-more-than-once.patch
       - Closes: #1075718
 .
   [ Andrea Bolognani ]
   * [56f1ae3] patches: Add backports
     - backport/Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
       - Fixes CVE-2024-1441
     - backport/interface-fix-udev_device_get_sysattr_value-return-value-.patch
       - Fixes CVE-2024-2496
     - backport/remote-check-for-negative-array-lengths-before-allocation.patch
       - Fixes CVE-2024-2494
     - backport/storage-Fix-returning-of-locked-objects-from-virStoragePo.patch
       - Fixes CVE-2023-3750
 .
   [ Lee Garrett ]
   * [7dc22f9] patches: Add backports
     - backport/qemu-domain-Fix-logic-when-tainting-domain.patch
       - Closes: #1052405

libvpx (1.12.0-1+deb12u3) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-5197: Integer overflows

linux (6.1.106-3) bookworm; urgency=medium
 .
   * udp: allow header check for dodgy GSO_UDP_L4 packets.
   * gso: fix dodgy bit handling for GSO_UDP_L4
   * net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
   * net: drop bad gso csum_start and offset in virtio_net_hdr (Closes: #1079684)
   * Bump ABI to 25
linux (6.1.106-2) bookworm; urgency=medium
 .
   * media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
linux (6.1.106-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
     - Compiler Attributes: Add __uninitialized macro
     - mm: prevent derefencing NULL ptr in pfn_section_valid()
     - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop
     - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode
     - cachefiles: stop sending new request when dropping object
     - cachefiles: cancel all requests for the object that is being dropped
     - cachefiles: wait for ondemand_object_worker to finish when dropping object
     - cachefiles: cyclic allocation of msg_id to avoid reuse
     - cachefiles: add missing lock protection when polling
     - filelock: fix potential use-after-free in posix_lock_inode
     - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
     - vfs: don't mod negative dentry count when on shrinker list
     - tcp: fix incorrect undo caused by DSACK of TLP retransmit
     - net: phy: microchip: lan87xx: reinit PHY after cable test
     - skmsg: Skip zero length skb in sk_msg_recvmsg
     - net: fix rc7's __skb_datagram_iter()
     - i40e: Fix XDP program unloading while removing the driver
     - net: ethernet: lantiq_etop: fix double free in detach
     - bpf: Refactor some inode/task/sk storage functions for reuse
     - bpf: Reduce smap->elem_size
     - bpf: use bpf_map_kvcalloc in bpf_local_storage
     - bpf: Remove __bpf_local_storage_map_alloc
     - bpf: fix order of args in call to bpf_map_kvcalloc
     - net: ethernet: mtk-star-emac: set mac_managed_pm when probing
     - ppp: reject claimed-as-LCP but actually malformed packets
     - ethtool: netlink: do not return SQI value if link is down
     - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
     - net/sched: Fix UAF when resolving a clash
     - net, sunrpc: Remap EPERM in case of connection failure in
       xs_tcp_setup_socket
     - [s390x] Mark psw in __load_psw_mask() as __unitialized
     - firmware: cs_dsp: Fix overflow checking of wmfw header
     - firmware: cs_dsp: Return error if block header overflows file
     - firmware: cs_dsp: Validate payload length before processing block
     - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
     - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
     - cifs: fix setting SecurityFlags to true
     - Revert "sched/fair: Make sure to try to detach at least one movable task"
     - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
     - tcp: avoid too many retransmit packets (CVE-2024-41007)
     - USB: serial: option: add Telit generic core-dump composition
     - USB: serial: option: add Telit FN912 rmnet compositions
     - USB: serial: option: add Fibocom FM350-GL
     - USB: serial: option: add support for Foxconn T99W651
     - USB: serial: option: add Netprisma LCUK54 series modules
     - USB: serial: option: add Rolling RW350-GL variants
     - USB: serial: mos7840: fix crash on resume
     - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
     - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
     - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
       descriptor
     - hpet: Support 32-bit userspace
     - xhci: always resume roothubs if xHC was reset during resume
     - ksmbd: discard write access to the directory open
     - nvmem: rmem: Fix return value of rmem_read()
     - nvmem: meson-efuse: Fix return value of nvmem callbacks
     - nvmem: core: only change name to fram for current attribute
     - [x86] platform/x86: toshiba_acpi: Fix array out-of-bounds access
     - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU
     - ALSA: hda/realtek: Enable Mute LED on HP 250 G7
     - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
     - Fix userfaultfd_api to return EINVAL as expected
     - libceph: fix race between delayed_work() and ceph_monc_stop()
     - ACPI: processor_idle: Fix invalid comparison with insertion sort for
       latency
     - wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
     - wireguard: allowedips: avoid unaligned 64-bit memory accesses
     - wireguard: queueing: annotate intentional data race in cpu round robin
     - wireguard: send: annotate intentional data race in checking empty queue
     - [x86] retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk
     - bpf: Allow reads from uninit stack
     - nilfs2: fix kernel bug on rename operation of broken directory
     - sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath
     - i2c: mark HostNotify target address as used
     - [x86] entry/64: Remove obsolete comment on tracing vs. SYSRET
     - [x86] bhi: Avoid warning in #DB handler due to BHI mitigation
     - kbuild: Make ld-version.sh more robust against version string changes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
     - minmax: sanity check constant bounds when clamping
     - minmax: clamp more efficiently by avoiding extra comparison
     - minmax: fix header inclusions
     - minmax: allow min()/max()/clamp() if the arguments have the same
       signedness.
     - minmax: allow comparisons of 'int' against 'unsigned char/short'
     - minmax: relax check to allow comparison between unsigned arguments and
       signed constants
     - gcc-plugins: Rename last_stmt() for GCC 14+
     - filelock: Remove locks reliably when fcntl/close race is detected
       (CVE-2024-41012)
     - scsi: core: alua: I/O errors for ALUA state transitions
     - scsi: qedf: Don't process stag work during unload and recovery
     - scsi: qedf: Wait for stag work during unload
     - scsi: qedf: Set qed_slowpath_params to zero before use
     - efi/libstub: zboot.lds: Discard .discard sections
     - ACPI: EC: Abort address space access upon error
     - ACPI: EC: Avoid returning AE_OK on errors in address space handler
     - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah
       CPUs
     - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
     - wifi: mac80211: apply mcast rate only if interface is up
     - wifi: mac80211: handle tasklet frames before stopping
     - wifi: cfg80211: fix 6 GHz scan request building
     - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
     - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
     - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option
     - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill
     - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
     - of/irq: Factor out parsing of interrupt-map parent phandle+args from
       of_irq_parse_raw()
     - Input: silead - Always support 10 fingers
     - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
     - ila: block BH in ila_output()
     - null_blk: fix validation of block size
     - kconfig: gconf: give a proper initial state to the Save button
     - kconfig: remove wrong expr_trans_bool()
     - HID: Ignore battery for ELAN touchscreens 2F2C and 4116
     - NFSv4: Fix memory leak in nfs4_set_security_label
     - nfs: propagate readlink errors in nfs_symlink_filler
     - nfs: don't invalidate dentries on transient errors
     - cachefiles: add consistency check for copen/cread
     - cachefiles: Set object to close if ondemand_id < 0 in copen
     - cachefiles: make on-demand read killable
     - fs/file: fix the check in find_next_fd()
     - mei: demote client disconnect warning on suspend to debug
     - iomap: Fix iomap_adjust_read_range for plen calculation
     - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
     - nvme: avoid double free special payload
     - nvmet: always initialize cqe.result
     - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
     - [powerpc*] KVM: PPC: Book3S HV: Prevent UAF in
       kvm_spapr_tce_attach_iommu_group()
     - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
     - ALSA: hda/realtek: Add more codec ID to no shutup pins list
     - [mips*] fix compat_sys_lseek syscall
     - Input: elantech - fix touchpad state on resume for Lenovo N24
     - Input: i8042 - add Ayaneo Kun to i8042 quirk table
     - ASoC: topology: Fix references to freed memory
     - ASoC: topology: Do not assign fields that are already set
     - bytcr_rt5640 : inverse jack detect for Archos 101 cesium
     - ALSA: dmaengine: Synchronize dma channel after drop()
     - ASoC: ti: davinci-mcasp: Set min period size using FIFO config
     - ASoC: ti: omap-hdmi: Fix too long driver name
     - [x86] ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error
       rollback
     - can: kvaser_usb: fix return value for hif_usb_send_regout
     - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
     - [s390x] sclp: Fix sclp_init() cleanup on failure
     - [x86] platform/x86: wireless-hotkey: Add support for LG Airplane Button
     - [x86] platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
     - [x86] platform/x86: lg-laptop: Change ACPI device id
     - [x86] platform/x86: lg-laptop: Use ACPI device handle when evaluating
       WMAB/WMBB
     - btrfs: qgroup: fix quota root leak after quota disable failure
     - ALSA: PCM: Allow resume only for suspended streams
     - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
     - ALSA: dmaengine_pcm: terminate dmaengine before synchronize
     - [x86] ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA
     - net: usb: qmi_wwan: add Telit FN912 compositions
     - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and
       DEV_STATS_ADD()
     - [powerpc*] pseries: Whitelist dtl slub object for copying to userspace
     - [powerpc*] eeh: avoid possible crash when edev->pdev changes
     - scsi: libsas: Fix exp-attached device scan after probe failure scanned in
       again after probe failed
     - [arm64] tee: optee: ffa: Fix missing-field-initializers warning
     - Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
     - bluetooth/l2cap: sync sock recv cb and release
     - erofs: ensure m_llen is reset to 0 if metadata is invalid
     - drm/amd/display: Account for cursor prefetch BW in DML1 mode support
     - drm/radeon: check bo_va->bo is non-NULL before using it
     - fs: better handle deep ancestor chains in is_subdir()
     - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK
     - drivers/perf: riscv: Reset the counter to hpmevent mapping while starting
       cpus
     - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
     - ksmbd: return FILE_DEVICE_DISK instead of super magic
     - hfsplus: fix uninit-value in copy_name
     - spi: mux: set ctlr->bits_per_word_mask
     - cifs: fix noisy message on copy_file_range
     - [arm*] 9324/1: fix get_user() broken with veneer
     - Bluetooth: L2CAP: Fix deadlock
     - of/irq: Disable "interrupt-map" parsing for PASEMI Nemo
     - wifi: cfg80211: wext: set ssids=NULL for passive scans
     - wifi: mac80211: disable softirqs for queued frame handling
     - netfs, fscache: export fscache_put_volume() and add
       fscache_try_get_volume()
     - cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
     - cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.102
     - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
     - f2fs: avoid dead loop in f2fs_issue_checkpoint()
     - ocfs2: add bounds checking to ocfs2_check_dir_entry()
     - jfs: don't walk off the end of ealist
     - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
     - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
     - [arm64] dts: qcom: msm8996: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq6018: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: sdm630: Disable SS instance in Parkmode for USB
     - [arm64,armhf] ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
       is paused
     - filelock: Fix fcntl/close race recovery compat path
     - btrfs: do not BUG_ON on failure to get dir index for new snapshot
     - tun: add missing verification for short frame (CVE-2024-41091)
     - tap: add missing verification for short frame (CVE-2024-41090)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.103
     - [amd64] EDAC, i10nm: make skx_common.o a separate module
     - rcu/tasks: Fix stale task snaphot for Tasks Trace
     - md: fix deadlock between mddev_suspend and flush bio
     - platform/chrome: cros_ec_debugfs: fix wrong EC message version
     - block: refactor to use helper
     - block: cleanup bio_integrity_prep
     - block: initialize integrity buffer to zero before writing it to media
     - hfsplus: fix to avoid false alarm of circular locking
     - [x86] of: Return consistent error type from x86_of_pci_irq_enable()
     - [x86] pci/intel_mid_pci: Fix PCIBIOS_* return code handling
     - [x86] pci/xen: Fix PCIBIOS_* return code handling
     - [x86] platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
     - kernfs: fix all kernel-doc warnings and multiple typos
     - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()
     - cgroup/cpuset: Prevent UAF in proc_cpuset_show()
     - hwmon: (adt7475) Fix default duty on fan is disabled
     - nvmet-auth: fix nvmet_auth hash error handling
     - [arm64] drm/meson: fix canvas release in bind function
     - [arm64] dts: qcom: sdm845: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm6350: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings
     - [arm64] dts: qcom: sm8250: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8450: add power-domain to UFS PHY
     - [arm64] dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
     - [arm64] dts: qcom: msm8998: enable adreno_smmu by default
     - [arm64] soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by
       rpmh_rsc_send_data() callers
     - [arm64] dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
     - [arm64] dts: qcom: msm8996: specify UFS core_clk frequencies
     - [arm64] soc: xilinx: rename cpu_number1 to dummy_cpu_number
     - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
     - [armhf] OPP: ti: Fix ti_opp_supply_probe wrong return values
     - [arm64] dts: rockchip: Increase VOP clk rate on RK3328
     - [arm64] dts: amlogic: sm1: fix spdif compatibles
     - [arm64] dts: mediatek: mt8183-kukui: Drop bogus output-enable property
     - [arm64] dts: mediatek: mt7622: fix "emmc" pinctrl mux
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
     - [arm64] dts: amlogic: gx: correct hdmi clocks
     - [arm64] dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
     - [arm64] dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
     - [arm64] dts: renesas: r8a779g0: Add L3 cache controller
     - [arm64] dts: renesas: r8a779g0: Add secondary CA76 CPU cores
     - [arm64] dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3
       systems
     - [arm64] dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
     - [x86] xen: Convert comma to semicolon
     - [arm64] dts: rockchip: Add missing power-domains for rk356x vop_mmu
     - [arm64] dts: qcom: sm6350: Add missing qcom,non-secure-domain property
     - vmlinux.lds.h: catch .bss..L* sections into BSS")
     - [arm64] firmware: turris-mox-rwtm: Do not complete if there are no waiters
     - [arm64] firmware: turris-mox-rwtm: Fix checking return value of
       wait_for_completion_timeout()
     - [arm64] firmware: turris-mox-rwtm: Initialize completion before mailbox
     - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
     - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
     - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
     - tcp: annotate lockless accesses to sk->sk_err_soft
     - tcp: annotate lockless access to sk->sk_err
     - tcp: add tcp_done_with_error() helper
     - tcp: fix race in tcp_write_err()
     - tcp: fix races in tcp_v[46]_err()
     - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when
       CONFIG_ARCH_NO_SG_CHAIN is defined
     - lib: objagg: Fix general protection fault
     - [x86] perf/x86: Serialize set_attr_rdpmc()
     - jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked()
     - jump_label: Prevent key->enabled int overflow
     - jump_label: Fix concurrency issues in static_key_slow_dec()
     - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
     - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
     - wifi: cfg80211: handle 2x996 RU allocation in
       cfg80211_calculate_bitrate_he()
     - net: fec: Refactor: #define magic constants
     - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
     - libbpf: Checking the btf_type kind when fixing variable offsets
     - ipvs: Avoid unnecessary calls to skb_is_gso_sctp
     - netfilter: nf_tables: rise cap on SELinux secmark context
     - bpftool: Mount bpffs when pinmaps path not under the bpffs
     - [x86] perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
     - perf: Fix perf_aux_size() for greater-than 32-bit size
     - perf: Prevent passing zero nr_pages to rb_alloc_aux()
     - perf: Fix default aux_watermark calculation
     - [x86] perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
     - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
     - wifi: virt_wifi: avoid reporting connection success with wrong SSID
     - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
     - wifi: virt_wifi: don't use strlen() in const context
     - locking/rwsem: Add __always_inline annotation to __down_write_common() and
       inlined callers
     - bpf: annotate BTF show functions with __printf
     - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
     - bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
     - bpf: Fix null pointer dereference in resolve_prog_type() for
       BPF_PROG_TYPE_EXT
     - xdp: fix invalid wait context of page_pool_destroy()
     - net: bridge: mst: Check vlan state for egress decision
     - [arm64] drm/rockchip: vop2: Fix the port mux of VP2
     - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format
     - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
     - drm/amd/pm: Fix aldebaran pcie speed reporting
     - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
     - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
     - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before
       regulators
     - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
     - media: pci: ivtv: Add check for DMA map result
     - media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()
     - media: imon: Fix race getting ictx->lock
     - media: i2c: Fix imx412 exposure control
     - media: v4l: async: Fix NULL pointer dereference in adding ancillary links
     - [s390x] mm: Convert make_page_secure to use a folio
     - [s390x] mm: Convert gmap_make_secure to use a folio
     - [s390x] uv: Don't call folio_wait_writeback() without a folio reference
     - saa7134: Unchecked i2c_transfer function result fixed
     - media: uvcvideo: Override default flags
     - media: renesas: vsp1: Fix _irqsave and _irq mix
     - media: renesas: vsp1: Store RPF partition configuration per RPF instance
     - leds: trigger: Unregister sysfs attributes before calling deactivate()
     - [arm64] drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
     - [arm64] drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
     - perf test: Replace arm callgraph fp test workload with leafloop
     - perf tests arm_callgraph_fp: Address shellcheck warnings about signal
       names and adding double quotes for expression
     - perf tests: Fix test_arm_callgraph_fp variable expansion
     - perf test: Make test_arm_callgraph_fp.sh more robust
     - perf report: Fix condition in sort__sym_cmp()
     - [arm64,armhf] drm/etnaviv: fix DMA direction handling for cached RW
       buffers
     - drm/qxl: Add check for drm_cvt_mode
     - Revert "leds: led-core: Fix refcount leak in of_led_get()"
     - ext4: fix infinite loop when replaying fast_commit
     - media: venus: flush all buffers in output plane streamoff
     - perf intel-pt: Fix aux_watermark calculation for 64-bit size
     - perf intel-pt: Fix exclude_guest setting
     - mfd: rsmu: Split core code into separate module
     - mfd: omap-usb-tll: Use struct_size to allocate tll
     - xprtrdma: Fix rpcrdma_reqs_reset()
     - SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
     - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
     - ext4: don't track ranges in fast_commit if inode has inlined data
       (Closes: #1039883)
     - ext4: avoid writing unitialized memory to disk in EA inodes
     - SUNRPC: Fixup gss_status tracepoint error output
     - PCI: Fix resource double counting on remove & rescan
     - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
     - PCI: keystone: Don't enable BAR 0 for AM654x
     - PCI: keystone: Fix NULL pointer dereference in case of DT error in
       ks_pcie_setup_rc_app_regs()
     - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
     - clk: qcom: branch: Add helper functions for setting retain bits
     - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
     - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
     - iio: frequency: adrf6780: rm clk provider include
     - coresight: Fix ref leak when of_coresight_parse_endpoint() fails
     - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
     - [powerpc*] pseries: Fix alignment of PLPKS structures and buffers
     - [powerpc*] pseries: Move plpks.h to include directory
     - [powerpc*] pseries: Expose PLPKS config values, support additional fields
     - [powerpc*] pseries: Add helper to get PLPKS password length
     - [powerpc*] kexec: make the update_cpus_node() function public
     - [powerpc*] kexec_file: fix cpus node update to FDT
     - RDMA/cache: Release GID table even if leak is detected
     - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
     - Input: qt1050 - handle CHIP_ID reading error
     - RDMA/mlx4: Fix truncated output warning in mad.c
     - RDMA/mlx4: Fix truncated output warning in alias_GUID.c
     - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
     - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
     - [arm64] ASoC: qcom: Adjust issues in case of DT error in
       asoc_qcom_lpass_cpu_platform_probe()
     - [powerpc*] prom: Add CPU info to hardware description string later
     - mtd: make mtd_test.c a separate module
     - RDMA/device: Return error earlier if port in not valid
     - Input: elan_i2c - do not leave interrupt disabled on suspend failure
     - ASoC: amd: Adjust error handling in case of absent codec device
     - PCI: endpoint: Clean up error handling in vpci_scan_bus()
     - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
     - vhost/vsock: always initialize seqpacket_allow
     - net: missing check virtio
     - [x86] crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
     - clk: qcom: Park shared RCGs upon registration
     - clk: en7523: fix rate divider for slic and spi clocks
     - PCI: qcom-ep: Disable resources unconditionally during PERST# assert
     - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
     - [powerpc*] xmon: Fix disassembly CPU feature checks
     - [arm64] RDMA/hns: Check atomic wr length
     - [arm64] RDMA/hns: Fix unmatch exception handling when init eq table fails
     - [arm64] RDMA/hns: Fix missing pagesize and alignment check in FRMR
     - [arm64] RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
     - [arm64] RDMA/hns: Fix undifined behavior caused by invalid max_sge
     - [arm64] RDMA/hns: Fix insufficient extend DB for VFs.
     - [amd64] iommu/vt-d: Fix to convert mm pfn to dma pfn
     - [amd64] iommu/vt-d: Fix identity map bounds in si_domain_init()
     - bnxt_re: Fix imm_data endianness
     - netfilter: ctnetlink: use helper function to calculate expect ID
     - netfilter: nft_set_pipapo: constify lookup fn args where possible
     - netfilter: nf_set_pipapo: fix initial map fill
     - net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
     - ipv4: Fix incorrect TOS in route get reply
     - ipv4: Fix incorrect TOS in fibmatch route get reply
     - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
     - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
     - pinctrl: rockchip: update rk3308 iomux routes
     - pinctrl: core: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: single: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: ti: ti-iodelay: Drop if block with always false condition
     - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable()
       fails
     - pinctrl: freescale: mxs: Fix refcount of child
     - fs/ntfs3: Replace inode_trylock with inode_lock
     - fs/ntfs3: Fix field-spanning write in INDEX_HDR
     - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
     - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
     - pinctrl: renesas: r8a779g0: Fix IRQ suffixes
     - pinctrl: renesas: r8a779g0: FIX PWM suffixes
     - pinctrl: renesas: r8a779g0: Fix TCLK suffixes
     - pinctrl: renesas: r8a779g0: Fix TPU suffixes
     - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
     - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
     - rtc: interface: Add RTC offset to alarm after fix-up
     - [s390x] dasd: fix error checks in dasd_copy_pair_store()
     - sbitmap: remove unnecessary calculation of alloc_hint in
       __sbitmap_get_shallow
     - sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code
     - sbitmap: use READ_ONCE to access map->word
     - sbitmap: fix io hung due to race on sbitmap_word::cleared
     - landlock: Don't lose track of restrictions on cred_transfer
     - mm/hugetlb: fix possible recursive locking detected warning
     - mm/mglru: fix div-by-zero in vmpressure_calc_level()
     - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
     - [x86] efistub: Avoid returning EFI_SUCCESS on error
     - [x86] efistub: Revert to heap allocated boot_params for PE entrypoint
     - dt-bindings: thermal: correct thermal zone node name limit
     - tick/broadcast: Make takeover of broadcast hrtimer reliable
     - net: netconsole: Disable target before netpoll cleanup
     - af_packet: Handle outgoing VLAN packets without hardware offloading
     - kernel: rerun task_work while freezing in get_signal()
     - ipv4: fix source address selection with route leak
     - ipv6: take care of scope when choosing the src addr
     - sched/fair: set_load_weight() must also call reweight_task() for
       SCHED_IDLE tasks
     - fuse: verify {g,u}id mount options correctly
     - char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
     - media: venus: fix use after free in vdec_close
     - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error
     - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
     - [x86] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
     - [x86] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
     - scsi: qla2xxx: Fix optrom version displayed in FDMI
     - drm/amd/display: Check for NULL pointer
     - sched/fair: Use all little CPUs for CPU-bound workloads
     - apparmor: use kvfree_sensitive to free data->data
     - cifs: fix potential null pointer use in destroy_workqueue in init_cifs
       error path
     - cifs: fix reconnect with SMB1 UNIX Extensions
     - cifs: mount with "unix" mount option for SMB1 incorrectly handled
     - task_work: s/task_work_cancel()/task_work_cancel_func()/
     - task_work: Introduce task_work_cancel() again
     - udf: Avoid using corrupted block bitmap buffer
     - ext4: check dot and dotdot of dx_root before making dir indexed
     - ext4: make sure the first directory block is not a hole
     - io_uring: tighten task exit cancellations
     - trace/pid_list: Change gfp flags in pid_list_fill_irq()
     - wifi: mwifiex: Fix interface type change
     - drivers: soc: xilinx: check return status of get_api_version()
     - leds: ss4200: Convert PCIBIOS_* return codes to errnos
     - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
     - jbd2: make jbd2_journal_get_max_txn_bufs() internal
     - media: uvcvideo: Fix integer overflow calculating timestamp
     - [x86] KVM: VMX: Split out the non-virtualization part of
       vmx_interrupt_blocked()
     - [x86] KVM: nVMX: Request immediate exit iff pending nested event needs
       injection
     - ALSA: usb-audio: Fix microphone sound on HD webcam.
     - ALSA: usb-audio: Move HD Webcam quirk to the right place
     - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
     - tools/memory-model: Fix bug in lock.cat
     - hwrng: amd - Convert PCIBIOS_* return codes to errnos
     - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
     - PCI: dw-rockchip: Fix initial PERST# GPIO value
     - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
     - PCI: loongson: Enable MSI in LS7A Root Complex
     - [arm*] binder: fix hang of unregistered readers
     - dev/parport: fix the array out-of-bounds risk
     - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
     - f2fs: fix to force buffered IO on inline_data inode
     - f2fs: fix to don't dirty inode for readonly filesystem
     - f2fs: fix return value of f2fs_convert_inline_inode()
     - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
     - ubi: eba: properly rollback inside self_check_eba
     - decompress_bunzip2: fix rare decompression failure
     - kbuild: Fix '-S -c' in x86 stack protector scripts
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
     - kobject_uevent: Fix OOB access within zap_modalias_env()
     - gve: Fix an edge case for TSO skb validity check
     - ice: Add a per-VF limit on number of FDIR filters
     - devres: Fix devm_krealloc() wasting memory
     - devres: Fix memory leakage caused by driver API devm_free_percpu()
     - irqchip/imx-irqsteer: Handle runtime power management correctly
     - mm/numa_balancing: teach mpol_to_str about the balancing mode
     - rtc: cmos: Fix return value of nvmem callbacks
     - scsi: qla2xxx: During vport delete send async logout explicitly
     - scsi: qla2xxx: Unable to act on RSCN for port online
     - scsi: qla2xxx: Fix for possible memory corruption
     - scsi: qla2xxx: Use QP lock to search for bsg
     - scsi: qla2xxx: Fix flash read failure
     - scsi: qla2xxx: Complete command early within lock
     - scsi: qla2xxx: validate nvme_local_port correctly
     - perf: Fix event leak upon exit
     - perf: Fix event leak upon exec and file release
     - [x86] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for
       SPR
     - [x86] perf/x86/intel/pt: Fix topa_entry base length
     - [x86] perf/x86/intel/pt: Fix a topa_entry base address calculation
     - [x86] drm/i915/gt: Do not consider preemption during execlists_dequeue for
       gen8
     - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
     - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
     - drm/i915/dp: Reset intel_dp->link_trained before retraining the link
     - rtc: isl1208: Fix return value of nvmem callbacks
     - watchdog/perf: properly initialize the turbo mode timestamp and rearm
       counter
     - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
     - dm-verity: fix dm_is_verity_target() when dm-verity is builtin
     - rbd: don't assume rbd_is_lock_owner() for exclusive mappings
     - remoteproc: stm32_rproc: Fix mailbox interrupts queuing
     - remoteproc: imx_rproc: Skip over memory region when node value is NULL
     - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
     - [arm64,armhf] drm/etnaviv: don't block scheduler when GPU is still active
     - [arm64,armhf] drm/panfrost: Mark simple_ondemand governor as softdep
     - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
     - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
     - bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func
     - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
     - nilfs2: handle inconsistent state in nilfs_btnode_create_block()
     - PCI: Introduce cleanup helpers for device reference counts and locks
     - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
     - io_uring/io-wq: limit retrying worker initialisation
     - wifi: mac80211: Allow NSS change only up to capability
     - wifi: mac80211: track capability/opmode NSS separately
     - wifi: mac80211: check basic rates validity
     - jfs: Fix array-index-out-of-bounds in diFree
     - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
     - phy: cadence-torrent: Check return value on register read
     - f2fs: fix start segno of large section
     - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
     - watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
     - f2fs: fix to update user block counts in block_operations()
     - kbuild: avoid build error when single DTB is turned into composite DTB
     - libbpf: Fix no-args func prototype BTF dumping syntax
     - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
     - dma: fix call order in dmam_free_coherent
     - bpf, events: Use prog to emit ksymbol event for main program
     - ipv4: Fix incorrect source address in Record Route option
     - net: bonding: correctly annotate RCU in bond_should_notify_peers()
     - netfilter: nft_set_pipapo_avx2: disable softinterrupts
     - tipc: Return non-zero value from tipc_udp_addr2str() on error
     - net: stmmac: Correct byte order of perfect_match
     - net: nexthop: Initialize all fields in dumped nexthops
     - bpf: Fix a segment issue when downgrading gso_size
     - mISDN: Fix a use after free in hfcmulti_tx()
     - apparmor: Fix null pointer deref when receiving skb during sock creation
     - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
     - lirc: rc_dev_get_from_fd(): fix file leak
     - auxdisplay: ht16k33: Drop reference after LED registration
     - spi: microchip-core: fix the issues in the isr
     - spi: microchip-core: only disable SPI controller when register value
       change requires it
     - spi: microchip-core: switch to use modern name
     - spi: microchip-core: fix init function not setting the master and motorola
       modes
     - nvme-pci: Fix the instructions for disabling power management
     - spidev: Add Silicon Labs EM3581 device compatible
     - spi: spidev: order compatibles alphabetically
     - spi: spidev: add correct compatible for Rohm BH2228FV
     - [x86] ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is
       reachable
     - ceph: fix incorrect kmalloc size of pagevec mempool
     - [s390x] pci: Refactor arch_setup_msi_irqs()
     - [s390x] pci: Allow allocation of more than 1 MSI interrupt
     - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
     - io_uring: fix io_match_task must_hold
     - nvme-pci: add missing condition check for existence of mapped data
     - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
     - [powerpc*] pseries: Avoid hcall in plpks_is_available() on non-pseries
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.104
     - [arm64] dts: qcom: msm8998: switch USB QMP PHY to new style of bindings
     - [arm64] dts: qcom: msm8998: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq8074: Disable SS instance in Parkmode for USB
     - sysctl: allow change system v ipc sysctls inside ipc namespace
     - sysctl: allow to change limits for posix messages queues
     - sysctl: treewide: drop unused argument
       ctl_table_root::set_ownership(table)
     - sysctl: always initialize i_uid/i_gid
     - ext4: make ext4_es_insert_extent() return void
     - ext4: refactor ext4_da_map_blocks()
     - ext4: convert to exclusive lock while inserting delalloc extents
     - ext4: factor out a common helper to query extent map
     - ext4: check the extent status again before inserting delalloc block
     - leds: trigger: Remove unused function led_trigger_rename_static()
     - leds: trigger: Store brightness set by led_trigger_event()
     - leds: trigger: Call synchronize_rcu() before calling trig->activate()
     - leds: triggers: Flush pending brightness before activating trigger
     - mm: restrict the pcp batch scale factor to avoid too long latency
     - mm: page_alloc: control latency caused by zone PCP draining
     - mm/page_alloc: fix pcp->count race between drain_pages_zone() vs
       __rmqueue_pcplist()
     - f2fs: fix to avoid use SSR allocate when do defragment
     - f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
     - irqdomain: Fixed unbalanced fwnode get and put
     - drm/udl: Rename struct udl_drm_connector to struct udl_connector
     - drm/udl: Test pixel limit in mode-config's mode-valid function
     - drm/udl: Use USB timeout constant when reading EDID
     - drm/udl: Various improvements to the connector
     - drm/udl: Move connector to modesetting code
     - drm/udl: Remove DRM_CONNECTOR_POLL_HPD
     - [x86] drm/i915/dp: Don't switch the LTTPR mode on an active link
     - [amd64] HID: amd_sfh: Remove duplicate cleanup
     - [amd64] HID: amd_sfh: Split sensor and HID initialization
     - [amd64] HID: amd_sfh: Move sensor discovery before HID device
       initialization
     - drm/nouveau: prime: fix refcount underflow
     - drm/vmwgfx: Fix overlay when using Screen Targets
     - drm/vmwgfx: Trigger a modeset when the screen moves
     - sched: act_ct: take care of padding in struct zones_ht_key
     - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode
     - Bluetooth: hci_sync: Fix suspending with wrong filter policy
     - net: axienet: start napi before enabling Rx/Tx
     - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in
       rtnl_dellink().
     - ice: respect netif readiness in AF_XDP ZC related ndo's
     - ice: don't busy wait for Rx queue disable in ice_qp_dis()
     - ice: replace synchronize_rcu with synchronize_net
     - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog
     - net/iucv: fix use after free in iucv_sock_close()
     - [x86] drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro
     - net: mvpp2: Don't re-use loop iterator
     - ALSA: hda: Conditionally use snooping for AMD HDMI
     - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
     - netfilter: iptables: Fix potential null-ptr-deref in
       ip6table_nat_table_init().
     - net/mlx5: Lag, don't use the hardcoded value of the first port
     - net/mlx5: Fix missing lock on sync reset reload
     - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
     - ipv6: fix ndisc_is_useropt() handling for PIO
     - [arm64] jump_label: Ensure patched jump_labels are visible to all CPUs
     - platform/chrome: cros_ec_proto: Lock device when updating MKBP version
     - HID: wacom: Modify pen IDs
     - btrfs: zoned: fix zone_unusable accounting on making block group
       read-write again
     - protect the fetch of ->fd[fd] in do_dup2() from mispredictions
     - mptcp: sched: check both directions for backup
     - ALSA: usb-audio: Correct surround channels in UAC1 channel map
     - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
     - Revert "ALSA: firewire-lib: obsolete workqueue for period update"
     - Revert "ALSA: firewire-lib: operate for period elapse event in process
       context"
     - drm/vmwgfx: Fix a deadlock in dma buf fence polling
     - [x86] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
     - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
     - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
     - mptcp: fix user-space PM announced address accounting
     - mptcp: distinguish rcv vs sent backup flag in requests
     - mptcp: fix NL PM announced address accounting
     - mptcp: fix bad RCVPRUNED mib accounting
     - mptcp: pm: only set request_bkup flag when sending MP_PRIO
     - mptcp: fix duplicate data handling
     - netfilter: ipset: Add list flush to cancel_gc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
     - irqchip/mbigen: Fix mbigen node address layout
     - [x86] platform/x86/intel/ifs: Gen2 Scan test support
     - [x86] platform/x86/intel/ifs: Initialize union ifs_status to zero
     - jump_label: Fix the fix, brown paper bags galore
     - [x86] mm: Fix pti_clone_pgtable() alignment assumption
     - [x86] mm: Fix pti_clone_entry_text() for i386
     - sctp: Fix null-ptr-deref in reuseport_add_sock().
     - net: usb: qmi_wwan: fix memory leak for not ip packets
     - net: bridge: mcast: wait for previous gc cycles when removing port
     - net: linkwatch: use system_unbound_wq
     - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
     - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv
       monitor
     - [armhf] net: dsa: bcm_sf2: Fix a possible memory leak in
       bcm_sf2_mdio_register()
     - l2tp: fix lockdep splat
     - net: fec: Stop PPS on driver remove
     - rcutorture: Fix rcu_torture_fwd_cb_cr() data race
     - md: do not delete safemode_timer in mddev_suspend
     - md/raid5: avoid BUG_ON() while continue reshape after reassembling
     - block: change rq_integrity_vec to respect the iterator
     - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation
     - clocksouqrce/drivers/sh_cmt: Address race condition for clock events
     - ACPI: battery: create alarm sysfs attribute atomically
     - [x86] ACPI: SBS: manage alarm sysfs attribute through psy core
     - wifi: nl80211: disallow setting special AP channel widths
     - net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
     - af_unix: Don't retry after unix_state_lock_nested() in
       unix_stream_connect().
     - PCI: Add Edimax Vendor ID to pci_ids.h
     - udf: prevent integer overflow in udf_bitmap_free_blocks()
     - wifi: nl80211: don't give key data to userspace
     - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index
       erratum
     - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of
       mcp2518fd
     - btrfs: fix bitmap leak when loading free space cache on duplicate entry
     - drm/amdgpu/pm: Fix the param type of set_power_profile_mode
     - drm/amdgpu/pm: Fix the null pointer dereference for smu7
     - drm/amdgpu: Fix the null pointer dereference to ras_manager
     - drm/amdgpu/pm: Fix the null pointer dereference in
       apply_state_adjust_rules
     - drm/amdgpu: Add lock around VF RLCG interface
     - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
     - media: amphion: Remove lock in s_ctrl callback
     - drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update
     - drm/amd/display: Add null checker before passing variables
     - media: uvcvideo: Ignore empty TS packets
     - media: uvcvideo: Fix the bandwdith quirk on USB 3.x
     - media: xc2028: avoid use-after-free in load_firmware_cb()
     - ext4: fix uninitialized variable in ext4_inlinedir_to_tree
     - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
     - [s390x] sclp: Prevent release of buffer in I/O
     - SUNRPC: Fix a race to wake a sync task
     - bus: mhi: host: pci_generic: add support for Telit FE990 modem
     - Revert "bpftool: Mount bpffs when pinmaps path not under the bpffs"
     - profiling: remove profile=sleep support
     - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
     - [arm64,armhf] irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock
       to 'raw_spinlock_t'
     - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
     - ext4: fix wrong unit use in ext4_mb_find_by_goal
     - [arm64] Add Neoverse-V2 part
     - [arm64] barrier: Restore spec_bar() macro
     - [arm64] cputype: Add Cortex-X4 definitions
     - [arm64] cputype: Add Neoverse-V3 definitions
     - [arm64] errata: Add workaround for Arm errata 3194386 and 3312417
     - [arm64] cputype: Add Cortex-X3 definitions
     - [arm64] cputype: Add Cortex-A720 definitions
     - [arm64] cputype: Add Cortex-X925 definitions
     - [arm64] errata: Unify speculative SSBS errata logic
     - [arm64] errata: Expand speculative SSBS workaround
     - [arm64] cputype: Add Cortex-X1C definitions
     - [arm64] cputype: Add Cortex-A725 definitions
     - [arm64] errata: Expand speculative SSBS workaround (again)
     - i2c: smbus: Improve handling of stuck alerts
     - spi: spidev: Add missing spi_device_id for bh2228fv
     - i2c: smbus: Send alert notifications to all devices if source not found
     - bpf: kprobe: remove unused declaring of bpf_kprobe_override
     - kprobes: Fix to check symbol prefixes correctly
     - [arm64] i2c: qcom-geni: add desc struct to prepare support for I2C Master
       Hub variant
     - [arm64] i2c: qcom-geni: Add missing clk_disable_unprepare in
       geni_i2c_runtime_resume
     - [arm64] i2c: qcom-geni: Add missing geni_icc_disable in
       geni_i2c_runtime_resume
     - spi: spi-fsl-lpspi: Fix scldiv calculation
     - ALSA: usb-audio: Re-add ScratchAmp quirk entries
     - [arm64] ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
     - drm/client: fix null pointer dereference in drm_client_modeset_probe
     - ALSA: line6: Fix racy access to midibuf
     - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
     - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks
     - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
     - usb: vhci-hcd: Do not drop references before new references are gained
     - USB: serial: debug: do not echo input by default
     - usb: gadget: core: Check for unset descriptor
     - usb: gadget: u_serial: Set start_delayed during suspend
     - usb: gadget: u_audio: Check return codes from usb_ep_enable and
       config_ep_by_speed.
     - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
     - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
     - tick/broadcast: Move per CPU pointer access into the atomic section
     - ntp: Clamp maxerror and esterror to operating range
     - torture: Enable clocksource watchdog with "tsc=watchdog"
     - clocksource: Scale the watchdog read retries automatically
     - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
     - driver core: Fix uevent_show() vs driver detach race
     - ntp: Safeguard against time_constant overflow
     - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex()
     - serial: core: check uartclk for zero to avoid divide by zero
     - [x86] ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx
     - kcov: properly check for softirq context
     - irqchip/xilinx: Fix shift out of bounds
     - genirq/irqdesc: Honor caller provided affinity in alloc_desc()
     - [x86] power: supply: axp288_charger: Fix constant_charge_voltage writes
     - [x86] power: supply: axp288_charger: Round constant_charge_voltage writes
       down
     - tracing: Fix overflow in get_free_elt()
     - padata: Fix possible divide-by-0 panic in padata_mt_helper()
     - smb3: fix setting SecurityFlags when encryption is required
     - btrfs: avoid using fixed char array size for tree names
     - [x86] mtrr: Check if fixed MTRRs exist before saving them
     - sched/smt: Introduce sched_smt_present_inc/dec() helper
     - sched/smt: Fix unbalance sched_smt_present dec/inc
     - drm/bridge: analogix_dp: properly handle zero sized AUX transactions
     - drm/dp_mst: Skip CSN if topology probing is not done yet
     - [arm64,armhf] drm/lima: Mark simple_ondemand governor as softdep
     - [x86] drm/mgag200: Set DDC timeout in milliseconds
     - [x86] drm/mgag200: Bind I2C lifetime to DRM device
     - mptcp: mib: count MPJ with backup flag
     - mptcp: export local_address
     - mptcp: pm: fix backup support in signal endpoints
     - mptcp: pm: deny endp with signal + subflow + port
     - block: use the right type for stub rq_integrity_vec()
     - Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update"
     - mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit
       machines (CVE-2024-42258)
     - btrfs: fix corruption after buffer fault in during direct IO append write
     - ipv6: fix source address selection with route leak
     - tools headers arm64: Sync arm64's cputype.h with the kernel sources
     - mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio()
     - block: Call .limit_depth() after .hctx has been set
     - block/mq-deadline: Fix the tag reservation code
     - xfs: fix log recovery buffer allocation for the legacy h_size fixup
       (CVE-2024-39472)
     - netfilter: nf_tables: bail out if stateful expression provides no .clone
     - netfilter: nf_tables: allow clone callbacks to sleep
     - netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
     - i2c: qcom-geni: fix missing clk_disable_unprepare() and
       geni_se_resources_off()
     - btrfs: fix double inode unlock for direct IO sync writes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.106
     - mptcp: pass addr to mptcp_pm_alloc_anno_list
     - mptcp: pm: reduce indentation blocks
     - mptcp: pm: don't try to create sf if alloc failed
     - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set
     - [x86] ASoC: topology: Clean up route loading
     - [x86] ASoC: topology: Fix route memory corruption
     - exec: Fix ToCToU between perm check and set-uid/gid usage
     - nfsd: move reply cache initialization into nfsd startup
     - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
     - NFSD: Refactor nfsd_reply_cache_free_locked()
     - NFSD: Rename nfsd_reply_cache_alloc()
     - NFSD: Replace nfsd_prune_bucket()
     - NFSD: Refactor the duplicate reply cache shrinker
     - NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
     - NFSD: Fix frame size warning in svc_export_parse()
     - sunrpc: don't change ->sv_stats if it doesn't exist
     - nfsd: stop setting ->pg_stats for unused stats
     - sunrpc: pass in the sv_stats struct through svc_create_pooled
     - sunrpc: remove ->pg_stats from svc_program
     - sunrpc: use the struct net as the svc proc private
     - nfsd: rename NFSD_NET_* to NFSD_STATS_*
     - nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
     - nfsd: make all of the nfsd stats per-network namespace
     - nfsd: remove nfsd_stats, make th_cnt a global counter
     - nfsd: make svc_stat per-network namespace instead of global
     - nvme/pci: Add APST quirk for Lenovo N60z laptop
     - mptcp: fully established after ADD_ADDR echo on MPJ
     - [x86] drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
       (CVE-2024-42259)
     - cgroup: Make operations on the cgroup root_list RCU safe
     - [x86] drm/i915: Add a function to mmap framebuffer obj
     - [x86] drm/i915: Fix a NULL vs IS_ERR() bug
     - [x86] drm/i915/gem: Adjust vma offset for framebuffer mmap offset
     - binfmt_flat: Fix corruption when not offsetting data start
     - cgroup: Move rcu_head up near the top of cgroup_root
     - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (CVE-2024-42114)
     - [arm64] KVM: arm64: Don't pass a TLBI level hint when zapping table
       entries
     - media: Revert "media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()"
     - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no
       error"
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 24
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.10.
     (closes: #1076576)
   * [arm64] Enable MICROSOFT_MANA.
linux (6.1.99-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.99
     - Revert "usb: xhci: prevent potential failure in handle_tx_event() for
       Transfer events without TRB"
linux (6.1.98-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
     - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
     - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
     - wifi: cfg80211: fully move wiphy work to unbound workqueue
     - wifi: cfg80211: Lock wiphy in cfg80211_get_station
     - wifi: cfg80211: pmsr: use correct nla_get_uX functions
     - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
     - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
     - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
     - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
     - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
     - ax25: Fix refcount imbalance on inbound connections
     - ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
     - [armhf] net/ncsi: Simplify Kconfig/dts control flow
     - [armhf] net/ncsi: Fix the multi thread manner of NCSI driver
     - ipv6: ioam: block BH from ioam6_output()
     - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
     - bpf: Set run context for rawtp test_run callback
     - net/smc: avoid overwriting when adjusting sock bufsizes
     - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
       (CVE-2024-36978)
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
     - net/mlx5: Stop waiting for PCI up if teardown was triggered
     - net/mlx5: Stop waiting for PCI if pci channel is offline
     - net/mlx5: Split function_setup() to enable and open functions
     - net/mlx5: Always stop health timer during driver removal
     - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
     - ptp: Fix error message on failed pin verification
     - ice: fix iteration of TLVs in Preserved Fields Area
     - ice: Introduce new parameters in ice_sched_node
     - ice: remove null checks before devm_kfree() calls
     - ice: remove af_xdp_zc_qps bitmap
     - net: wwan: iosm: Fix tainted pointer delete is case of region creation
       fail
     - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted
       peer.
     - af_unix: Annodate data-races around sk->sk_state for writers.
     - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
     - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
       poll().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
     - af_unix: Annotate data-races around sk->sk_state in sendmsg() and
       recvmsg().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
     - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
     - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
     - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
     - af_unix: annotate lockless accesses to sk->sk_err
     - af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
     - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
     - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
     - ipv6: fix possible race in __fib6_drop_pcpu_from()
     - Bluetooth: qca: fix invalid device address check
     - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()
     - usb: gadget: f_fs: use io_data->status consistently
     - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
     - iio: accel: mxc4005: allow module autoloading via OF compatible
     - iio: accel: mxc4005: Reset chip on probe() and resume()
     - xtensa: stacktrace: include <asm/ftrace.h> for prototype
     - xtensa: fix MAKE_PC_FROM_RA second argument
     - drm/amd/display: drop unnecessary NULL checks in debugfs
     - drm/amd/display: Fix incorrect DSC instance for MST
     - [arm64] dts: qcom: sm8150: align TLMM pin configuration with DT schema
     - [arm64] dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration
     - misc/pvpanic: deduplicate common code
     - misc/pvpanic-pci: register attributes via pci_driver
     - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
     - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
     - mmc: davinci: Don't strip remove function when driver is builtin
     - firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails
     - HID: i2c-hid: elan: Add ili9882t timing
     - HID: i2c-hid: elan: fix reset suspend current leakage
     - i2c: add fwnode APIs
     - i2c: acpi: Unbind mux adapters before delete
     - mm, vmalloc: fix high order __GFP_NOFAIL allocations
     - mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
     - wifi: ath10k: fix QCOM_RPROC_COMMON dependency
     - btrfs: remove unnecessary prototype declarations at disk-io.c
     - btrfs: make btrfs_destroy_delayed_refs() return void
     - btrfs: fix leak of qgroup extent records after transaction abort
     - nilfs2: return the mapped address from nilfs_get_page()
     - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
     - io_uring: check for non-NULL file pointer in io_file_can_poll()
     - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
     - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
     - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
     - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
     - mei: me: release irq in mei_me_pci_resume error path
     - tty: n_tty: Fix buffer offsets when lookahead is used
     - landlock: Fix d_parent walk
     - jfs: xattr: fix buffer overflow for invalid xattr
     - xhci: Set correct transferred length for cancelled bulk transfers
     - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
     - xhci: Handle TD clearing for multiple streams case
     - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
     - [x86] thunderbolt: debugfs: Fix margin debugfs node creation condition
     - scsi: mpi3mr: Fix ATA NCQ priority support
     - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
     - scsi: sd: Use READ(16) when reading block zero on large capacity disks
       (Closes: #1067858)
     - gve: Clear napi->skb before dev_kfree_skb_any()
     - [powerpc*] uaccess: Fix build errors seen with GCC 13/14
     - Input: try trimming too long modalias strings (Closes: #983357)
     - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c
     - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
     - cachefiles: remove requests from xarray during flushing requests
     - cachefiles: introduce object ondemand state
     - cachefiles: extract ondemand info field from cachefiles_object
     - cachefiles: resend an open request if the read request's object is closed
     - cachefiles: add spin_lock for cachefiles_ondemand_info
     - cachefiles: add restore command to recover inflight ondemand read requests
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
     - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
     - cachefiles: never get a new anonymous fd if ondemand_id is valid
     - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
     - cachefiles: flush all requests after setting CACHEFILES_DEAD
     - selftests/ftrace: Fix to check required event file
     - clk: sifive: Do not register clkdevs for PRCI clocks
     - NFSv4.1 enforce rootpath check in fs_location query
     - SUNRPC: return proper error from gss_wrap_req_priv
     - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (Closes: #1071501)
     - [x86] platform/x86: dell-smbios: Fix wrong token data in sysfs
     - gpio: tqmx86: fix typo in Kconfig label
     - gpio: tqmx86: remove unneeded call to platform_set_drvdata()
     - gpio: tqmx86: introduce shadow register for GPIO output value
     - gpio: tqmx86: Convert to immutable irq_chip
     - gpio: tqmx86: store IRQ trigger type and unmask status separately
     - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type
     - HID: core: remove unnecessary WARN_ON() in implement()
     - iommu/amd: Fix sysfs leak in iommu init
     - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
     - drm/vmwgfx: Port the framebuffer code to drm fb helpers
     - drm/vmwgfx: Refactor drm connector probing for display modes
     - drm/vmwgfx: Filter modes which exceed graphics memory
     - drm/vmwgfx: 3D disabled should not effect STDU memory limits
     - drm/vmwgfx: Remove STDU logic from generic mode_valid function
     - net: sfp: Always call `sfp_sm_mod_remove()` on remove
     - net: hns3: fix kernel crash problem in concurrent scenario
     - net: hns3: add cond_resched() to hns3 ring buffer init process
     - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
     - drm/komeda: check for error-valued pointer
     - drm/bridge/panel: Fix runtime warning on panel bridge release
     - tcp: fix race in tcp_v6_syn_recv_sock()
     - geneve: Fix incorrect inner network header offset when innerprotoinherit
       is set
     - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
       packets
     - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
     - netfilter: ipset: Fix race between namespace cleanup and gc in the
       list:set type
     - net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP
     - gve: ignore nonrelevant GSO type bits when processing TSO headers
     - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs
       parameters
     - nvmet-passthru: propagate status from id override functions
     - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
     - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
     - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
     - ionic: fix use after netif_napi_del()
     - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
     - bnxt_en: Adjust logging of firmware messages in case of released token in
       __hwrm_send()
     - misc: microchip: pci1xxxx: fix double free in the error handling of
       gp_aux_bus_probe() (CVE-2024-36973)
     - [x86] boot: Don't add the EFI stub to targets, again
     - iio: adc: ad9467: fix scan type sign
     - iio: dac: ad5592r: fix temperature channel scaling value
     - iio: imu: inv_icm42600: delete unneeded update watermark call
     - drivers: core: synchronize really_probe() and dev_uevent()
     - drm/exynos/vidi: fix memory leak in .get_modes()
     - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID
       found
     - mptcp: ensure snd_una is properly initialized on connect
     - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
     - irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()
     - [x86] amd_nb: Check for invalid SMN reads
     - perf/core: Fix missing wakeup when waiting for context reference
     - riscv: fix overlap of allocated page and PTR_ERR
     - tracing/selftests: Fix kprobe event name test for .isra. functions
     - null_blk: Print correct max open zones limit in null_init_zoned_dev()
     - sock_map: avoid race between sock_map_close and sk_psock_put
     - vmci: prevent speculation leaks by sanitizing event in event_deliver()
     - spmi: hisi-spmi-controller: Do not override device identifier
     - knfsd: LOOKUP can return an illegal error value
     - fs/proc: fix softlockup in __read_vmcore
     - ocfs2: use coarse time for new created files
     - ocfs2: fix races between hole punching and AIO+DIO
     - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
     - dmaengine: axi-dmac: fix possible race in remove()
     - remoteproc: k3-r5: Wait for core0 power-up before powering up core1
     - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
     - [x86] drm/i915/gt: Disarm breadcrumbs if engines are already idle
     - [x86] drm/i915/dpt: Make DPT object unshrinkable
     - [x86] intel_th: pci: Add Granite Rapids support
     - [x86] intel_th: pci: Add Granite Rapids SOC support
     - [x86] intel_th: pci: Add Sapphire Rapids SOC support
     - [x86] intel_th: pci: Add Meteor Lake-S support
     - [x86] intel_th: pci: Add Lunar Lake support
     - btrfs: zoned: introduce a zone_info struct in
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out per-zone logic from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out single bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out DUP bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: fix use-after-free due to race with dev replace
     - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
     - tick/nohz_full: Don't abuse smp_call_function_single() in
       tick_setup_device()
     - mm/huge_memory: don't unpoison huge_zero_folio
     - mm/memory-failure: fix handling of dissolved but not taken off from buddy
       pages
     - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
     - mptcp: pm: update add_addr counters after connect
     - Revert "fork: defer linking file vma until vma is fully initialized"
     - remoteproc: k3-r5: Jump to error handling labels in start/stop errors
     - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing
       ondemand-mode
     - Bluetooth: qca: fix wcn3991 device address check
     - Bluetooth: qca: generalise device address check
     - greybus: Fix use-after-free bug in gb_interface_release due to race
       condition.
     - serial: 8250_dw: fall back to poll if there's no interrupt
     - serial: core: Add UPIO_UNKNOWN constant for unknown port type
     - usb-storage: alauda: Check whether the media is initialized
       (CVE-2024-38619)
     - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of
       gp_aux_bus_probe()
     - i2c: at91: Fix the functionality flags of the slave-only interface
     - i2c: designware: Fix the functionality flags of the slave-only interface
     - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
     - padata: Disable BH when taking works lock on MT path
     - io_uring/sqpoll: work around a potential audit memory leak
     - block/ioctl: prefer different overflow check
     - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
     - wifi: ath9k: work around memset overflow warning
     - af_packet: avoid a false positive warning in packet_setsockopt()
     - drop_monitor: replace spin_lock by raw_spin_lock
     - scsi: qedi: Fix crash while reading debugfs attribute
     - net/sched: fix false lockdep warning on qdisc root lock
     - net: dsa: realtek: keep default LED state in rtl8366rb
     - netpoll: Fix race condition in netpoll_owner_active
     - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
     - HID: Add quirk for Logitech Casa touchpad
     - HID: asus: fix more n-key report descriptors if n-key quirked
     - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
     - drm/amd/display: Exit idle optimizations before HDCP execution
     - [x86] platform/x86: toshiba_acpi: Add quirk for buttons on Z830
     - [x86] ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14
     - [arm64,armhf] drm/lima: add mask irq callback to gp and pp
     - [arm64,armhf] drm/lima: mask irqs in timeout path before hard reset
     - ALSA: hda/realtek: Add quirks for Lenovo 13X
     - [powerpc*] pseries: Enforce hcall result buffer validity and size
     - [powerpc*] io: Avoid clang null pointer arithmetic warnings
     - [x86] platform/x86: p2sb: Don't init until unassigned resources have been
       assigned
     - power: supply: cros_usbpd: provide ID table for avoiding fallback match
     - [arm64] iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
     - f2fs: remove clear SB_INLINECRYPT flag in default_options
     - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
     - [arm64] usb: dwc3: pci: Don't set "linux,phy_charger_detect" property on
       Lenovo Yoga Tab2 1380
     - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
     - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
     - [arm64,armhf] serial: imx: Introduce timeout when waiting on transmitter
       empty
     - serial: exar: adding missing CTI and Exar PCI ids
     - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API
     - tty: add the option to have a tty reject a new ldisc
     - tracing: Build event generation tests only as modules
     - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
     - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
     - ice: move RDMA init to ice_idc.c
     - ice: avoid IRQ collision to fix init failure on ACPI S3 resume
     - cipso: fix total option length computation
     - bpf: Avoid splat in pskb_pull_reason
     - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
     - netrom: Fix a memory leak in nr_heartbeat_expiry()
     - ipv6: prevent possible NULL deref in fib6_nh_init()
     - ipv6: prevent possible NULL dereference in rt6_probe()
     - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
     - netns: Make get_net_ns() handle zero refcount net
     - qca_spi: Make interrupt remembering atomic
     - net: lan743x: disable WOL upon resume to restore full data path operation
     - net: lan743x: Support WOL at both the PHY and MAC appropriately
     - net: phy: mxl-gpy: enhance delay time required by loopback disable
       function
     - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init
     - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
     - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
     - tipc: force a dst refcount before doing decryption
     - sched: act_ct: add netns into the key of tcf_ct_flow_table
     - ptp: fix integer overflow in max_vclocks_store
     - net: stmmac: No need to calculate speed divider when offload is disabled
     - virtio_net: checksum offloading handling fix
     - octeontx2-pf: Add error handling to VLAN unoffload handling
     - netfilter: ipset: Fix suspicious rcu_dereference_protected()
     - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6
       behaviors
     - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type
     - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
     - net: usb: rtl8150 fix unintiatilzed variables in
       rtl8150_get_link_ksettings
     - regulator: core: Fix modpost error "regulator_get_regmap" undefined
     - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
     - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting()
     - dmaengine: ioatdma: Fix leaking on version mismatch
     - dmaengine: ioat: use PCI core macros for PCIe Capability
     - dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
     - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
     - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
     - regulator: bd71815: fix ramp values
     - [arm64] dts: imx93-11x11-evk: Remove the 'no-sdio' property
     - [arm64] dts: freescale: imx8mm-verdin: enable hysteresis on slow input pin
     - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
       fine."
     - firmware: psci: Fix return value from psci_system_suspend()
     - RDMA/mlx5: Add check for srq max_sge attribute
     - net: stmmac: Assign configured channel value to EXTTS event
     - net: usb: ax88179_178a: improve reset check
     - net: do not leave a dangling sk pointer, when socket creation fails
     - btrfs: retry block group reclaim without infinite loop
     - cifs: fix typo in module parameter enable_gcm_256
     - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
     - [arm64] KVM: arm64: Disassociate vcpus from redistributor region on
       teardown
     - [x86] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 445/465
       G11.
     - ALSA: hda/realtek: Limit mic boost on N14AP7
     - drm/i915/mso: using joiner is not possible with eDP MSO
     - drm/radeon: fix UBSAN warning in kv_dpm.c
     - drm/amdgpu: fix UBSAN warning in kv_dpm.c
     - gcov: add support for GCC 14
     - kcov: don't lose track of remote references during softirqs
     - mm: mmap: allow for the maximum number of bits for randomizing mmap_base
       by default
     - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
     - mm/page_table_check: fix crash on ZONE_DEVICE
     - i2c: ocores: set IACK bit after core is enabled
     - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to
       i2c-controller schema
     - [armhf] spi: stm32: qspi: Fix dual flash mode sanity test in
       stm32_qspi_setup()
     - [arm64] dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
     - [armhf] spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to
       CCR_BUSWIDTH_4
     - perf: script: add raw|disasm arguments to --insn-trace option
     - perf script: Show also errors for --insn-trace option
     - [armhf] dts: samsung: smdkv310: fix keypad no-autorepeat
     - [armhf] dts: samsung: exynos4412-origen: fix keypad no-autorepeat
     - [armhf] dts: samsung: smdk4412: fix keypad no-autorepeat
     - pmdomain: ti-sci: Fix duplicate PD referrals
     - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
     - [x86] cpu/vfm: Add new macros to work with (vendor/family/model) values
     - [x86] cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
     - Revert "kheaders: substituting --sort in archive creation"
     - kheaders: explicitly define file modes for archived headers
     - drm/amd/display: revert Exit idle optimizations before HDCP execution
     - net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
     - hid: asus: asus_report_fixup: fix potential read out of bounds
     - Revert "mm: mmap: allow for the maximum number of bits for randomizing
       mmap_base by default"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
     - usb: typec: ucsi: Never send a lone connector change ack
     - usb: typec: ucsi: Ack also failed Get Error commands
     - [x86] ACPI: x86: utils: Add Picasso to the list for forcing
       StorageD3Enable
     - [x86] ACPI: x86: Force StorageD3Enable on more products
     - Input: ili210x - fix ili251x_read_touch_data() return value
     - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
     - [arm64,armhf] pinctrl: rockchip: use dedicated pinctrl type for RK3328
     - [arm64,armhf] pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
     - [mips*] pci: lantiq: restore reset gpio polarity
     - dt-bindings: i2c: Drop unneeded quotes
     - dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema
     - netfilter: nf_tables: use timestamp to check for set element timeout
       (CVE-2024-27397)
     - [arm64] ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right
       mclk
     - [s390x] pci: Add missing virt_to_phys() for directed DIBV
     - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe()
     - [arm64] ASoC: fsl-asoc-card: set priv->pdev before using it
     - net: dsa: microchip: fix initial port flush problem
     - bpf: Fix overrunning reservations in ringbuf
     - ibmvnic: Free any outstanding tx skbs during scrq reset
     - net: phy: micrel: add Microchip KSZ 9477 to the device table
     - net: dsa: microchip: use collision based back pressure mode
     - xdp: Remove WARN() from __xdp_reg_mem_model()
     - Fix race for duplicate reqsk on identical SYN
     - net: dsa: microchip: fix wrong register write when masking interrupt
     - [powerpc*] restore some missing spu syscalls
     - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
     - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
       registers
     - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
     - [x86] fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
     - mtd: partitions: redboot: Added conversion of operands to a larger type
     - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok()
     - bpf: Add a check for struct bpf_fib_lookup size
     - bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
     - RDMA/restrack: Fix potential invalid address access
     - net/iucv: Avoid explicit cpumask var allocation on stack
     - net/dpaa2: Avoid explicit cpumask var allocation on stack
     - crypto: ecdh - explicitly zeroize private_key
     - ALSA: emux: improve patch ioctl data validation
     - media: dvbdev: Initialize sbuf
     - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
     - drm/radeon/radeon_display: Decrease the size of allocated memory
     - nvme: fixup comment for nvme RDMA Provider Type
     - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
     - [arm64] gpio: davinci: Validate the obtained number of IRQs
     - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c
     - drm/amdgpu: Fix pci state save during mode-1 reset
     - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
     - randomize_kstack: Remove non-functional per-arch entropy filtering
     - ima: Fix use-after-free on a dentry's dname.name
     - [x86] stop playing stack games in profile_pc()
     - Revert "MIPS: pci: lantiq: restore reset gpio polarity"
     - [arm64] pinctrl: qcom: spmi-gpio: drop broken pm8008 support
     - ocfs2: fix DIO failure due to insufficient transaction credits
     - nfs: drop the incorrect assertion in nfs_swap_rw()
     - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
     - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
     - mmc: sdhci: Do not invert write-protect twice
     - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
     - iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
     - counter: ti-eqep: enable clock at probe
     - i2c: testunit: don't erase registers after STOP
     - i2c: testunit: discard write requests while old command is running
     - iio: adc: ad7266: Fix variable checking bug
     - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
     - net: usb: ax88179_178a: improve link status logs
     - usb: gadget: printer: SS+ support
     - usb: gadget: printer: fix races against disable (CVE-2024-25741)
     - usb: musb: da8xx: fix a resource leak in probe()
     - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
     - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
       avoid deadlock
     - usb: gadget: aspeed_udc: fix device address configuration
     - usb: ucsi: stm32: fix command completion handling
     - serial: 8250_omap: Implementation of Errata i2310
     - serial: imx: set receiver level before starting uart
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665
       G11.
     - tty: mcf: MCF54418 has 10 UARTS
     - net: can: j1939: Initialize unused data in j1939_send_one()
     - net: can: j1939: recover socket queue on CAN bus error during BAM
       transmission
     - net: can: j1939: enhanced error handling for tightly received RTS messages
       in xtp_rx_rts_session_new
     - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing
     - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
     - irqchip/loongson-liointc: Set different ISRs for different cores
     - kbuild: Install dtb files as 0644 in Makefile.dtbinst
     - btrfs: zoned: fix initial free space detection
     - csky, hexagon: fix broken sys_sync_file_range
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
     - drm/amdgpu: avoid using null object of framebuffer
     - [x86] drm/i915/gt: Fix potential UAF by revoke of fence registers
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
     - drm/amdgpu/atomfirmware: fix parsing of vram_info
     - batman-adv: Don't accept TT entries for out-of-spec VIDs
     - can: mcp251xfd: fix infinite loop when xmit fails
     - ata: ahci: Clean up sysfs file on error
     - ata: libata-core: Fix double free on error
     - ftruncate: pass a signed offset
     - syscalls: fix compat_sys_io_pgetevents_time64 usage
     - syscalls: fix sys_fanotify_mark prototype
     - Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units"
     - mm/page_alloc: Separate THP PCP into movable and non-movable categories
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
     - efi: memmap: Move manipulation routines into x86 arch tree
     - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
     - [x86] efi/x86: Free EFI memory map only when installing a new one.
     - [arm64] dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Rename LED related pinctrl nodes on
       rk3308-rock-pi-s
     - [arm64] dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
     - [arm64] dts: rockchip: Add sound-dai-cells for RK3368
     - serial: imx: only set receiver level if it is zero
     - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
     - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
     - locking/mutex: Introduce devm_mutex_init()
     - crypto: hisilicon/debugfs - Fix debugfs uninit process issue
     - [arm64,armhf] drm/lima: fix shared irq handling on driver remove
     - [powerpc*] Avoid nmi_enter/nmi_exit in real mode interrupt.
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - crypto: aead,cipher - zeroize key buffer after use
     - drm/amdgpu: Fix uninitialized variable warnings
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Check index msg_id before read or write
     - drm/amd/display: Check pipe offset before setting vblank
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - drm/amdgpu: fix uninitialized scalar variable warning
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - usb: xhci: prevent potential failure in handle_tx_event() for Transfer
       events without TRB
     - wifi: mt76: replace skb_put with skb_put_zero
     - [arm64,armhf] net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - [powerpc*] 64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - kunit: Fix timeout message
     - [powerpc*] xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - igc: fix a log entry using uninitialized netdev
     - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
     - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
     - scsi: mpi3mr: Sanitise num_phys
     - serial: imx: Raise TX trigger level to 8
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - [s390x] pkey: Wipe sensitive data on failure
     - btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation
       warning
     - cdrom: rearrange last_media_change check to avoid unintentional overflow
     - mac802154: fix time calculation in ieee802154_configure_durations()
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - net/mlx5: E-switch, Create ingress ACL when needed
     - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup()
     - tcp_metrics: validate source addr length
     - [s390x] KVM: s390: fix LPSWEY handling
     - e1000e: Fix S0ix residency on corporate systems
     - net: allow skb_datagram_iter to be called from any context
     - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from
       __netif_rx()
     - wifi: wilc1000: fix ies_len type in connect path
     - netfilter: nf_tables: unconditionally flush pending work before notifier
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
       (CVE-2024-39487)
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - [x86] platform/x86: toshiba_acpi: Fix quickstart quirk handling
     - Revert "igc: fix a log entry using uninitialized netdev"
     - nilfs2: fix inode number range checks
     - nilfs2: add missing check for inode numbers on directory entries
     - mm: optimize the redundant loop of mm_update_owner_next()
     - mm: avoid overflows in dirty throttling logic
     - btrfs: fix adding block group to a reclaim list and the unused list during
       reclaim
     - f2fs: Add inline to f2fs_build_fault_attr() stub
     - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
     - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
     - can: kvaser_usb: Explicitly initialize family in leafimx driver_info
       struct
     - fsnotify: Do not generate events for O_PATH file descriptors
     - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
       again"
     - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
     - drm/amdgpu/atomfirmware: silence UBSAN warning
     - drm: panel-orientation-quirks: Add quirk for Valve Galileo
     - [powerpc*] pseries: Fix scv instruction crash with kexec
     - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
     - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
     - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
     - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
     - [arm64] dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model
       B
     - ima: Avoid blocking in RCU read-side critical section
     - media: dw2102: fix a potential buffer overflow
     - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
     - clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe()
     - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
     - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
     - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
     - nvme-multipath: find NUMA path only for online numa-node
     - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
     - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
     - regmap-i2c: Subtract reg size from max_write
     - [x86] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW
       11.6" tablet
     - [x86] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
     - nvmet: fix a possible leak when destroy a ctrl during qp establishment
     - kbuild: fix short log for AS in link-vmlinux.sh
     - nfc/nci: Add the inconsistency check between the input data length and
       count
     - spi: cadence: Ensure data lines set to low during dummy-cycle period
     - null_blk: Do not allow runt zone with zone capacity smaller then zone size
     - nilfs2: fix incorrect inode allocation from reserved inodes
 .
   [ Salvatore Bonaccorso ]
   * [rt] Drop "drm/i915/gt: Queue and wait for the irq_work item."
   *  Bump ABI to 23
   * Drop now unknown config options for DRM_VMWGFX_FBCON
   * Refresh "firmware: Remove redundant log messages from drivers"
   * d/rules.real: Revert workaround to explicitly remove executable bits from
     dtb files (implemented upstream)
   * [rt] Update to 6.1.96-rt35

linux-signed-amd64 (6.1.106+3) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-3
 .
   * udp: allow header check for dodgy GSO_UDP_L4 packets.
   * gso: fix dodgy bit handling for GSO_UDP_L4
   * net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
   * net: drop bad gso csum_start and offset in virtio_net_hdr (Closes: #1079684)
   * Bump ABI to 25
linux-signed-amd64 (6.1.106+2) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-2
 .
   * media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
linux-signed-amd64 (6.1.106+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
     - Compiler Attributes: Add __uninitialized macro
     - mm: prevent derefencing NULL ptr in pfn_section_valid()
     - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop
     - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode
     - cachefiles: stop sending new request when dropping object
     - cachefiles: cancel all requests for the object that is being dropped
     - cachefiles: wait for ondemand_object_worker to finish when dropping object
     - cachefiles: cyclic allocation of msg_id to avoid reuse
     - cachefiles: add missing lock protection when polling
     - filelock: fix potential use-after-free in posix_lock_inode
     - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
     - vfs: don't mod negative dentry count when on shrinker list
     - tcp: fix incorrect undo caused by DSACK of TLP retransmit
     - net: phy: microchip: lan87xx: reinit PHY after cable test
     - skmsg: Skip zero length skb in sk_msg_recvmsg
     - net: fix rc7's __skb_datagram_iter()
     - i40e: Fix XDP program unloading while removing the driver
     - net: ethernet: lantiq_etop: fix double free in detach
     - bpf: Refactor some inode/task/sk storage functions for reuse
     - bpf: Reduce smap->elem_size
     - bpf: use bpf_map_kvcalloc in bpf_local_storage
     - bpf: Remove __bpf_local_storage_map_alloc
     - bpf: fix order of args in call to bpf_map_kvcalloc
     - net: ethernet: mtk-star-emac: set mac_managed_pm when probing
     - ppp: reject claimed-as-LCP but actually malformed packets
     - ethtool: netlink: do not return SQI value if link is down
     - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
     - net/sched: Fix UAF when resolving a clash
     - net, sunrpc: Remap EPERM in case of connection failure in
       xs_tcp_setup_socket
     - [s390x] Mark psw in __load_psw_mask() as __unitialized
     - firmware: cs_dsp: Fix overflow checking of wmfw header
     - firmware: cs_dsp: Return error if block header overflows file
     - firmware: cs_dsp: Validate payload length before processing block
     - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
     - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
     - cifs: fix setting SecurityFlags to true
     - Revert "sched/fair: Make sure to try to detach at least one movable task"
     - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
     - tcp: avoid too many retransmit packets (CVE-2024-41007)
     - USB: serial: option: add Telit generic core-dump composition
     - USB: serial: option: add Telit FN912 rmnet compositions
     - USB: serial: option: add Fibocom FM350-GL
     - USB: serial: option: add support for Foxconn T99W651
     - USB: serial: option: add Netprisma LCUK54 series modules
     - USB: serial: option: add Rolling RW350-GL variants
     - USB: serial: mos7840: fix crash on resume
     - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
     - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
     - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
       descriptor
     - hpet: Support 32-bit userspace
     - xhci: always resume roothubs if xHC was reset during resume
     - ksmbd: discard write access to the directory open
     - nvmem: rmem: Fix return value of rmem_read()
     - nvmem: meson-efuse: Fix return value of nvmem callbacks
     - nvmem: core: only change name to fram for current attribute
     - [x86] platform/x86: toshiba_acpi: Fix array out-of-bounds access
     - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU
     - ALSA: hda/realtek: Enable Mute LED on HP 250 G7
     - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
     - Fix userfaultfd_api to return EINVAL as expected
     - libceph: fix race between delayed_work() and ceph_monc_stop()
     - ACPI: processor_idle: Fix invalid comparison with insertion sort for
       latency
     - wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
     - wireguard: allowedips: avoid unaligned 64-bit memory accesses
     - wireguard: queueing: annotate intentional data race in cpu round robin
     - wireguard: send: annotate intentional data race in checking empty queue
     - [x86] retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk
     - bpf: Allow reads from uninit stack
     - nilfs2: fix kernel bug on rename operation of broken directory
     - sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath
     - i2c: mark HostNotify target address as used
     - [x86] entry/64: Remove obsolete comment on tracing vs. SYSRET
     - [x86] bhi: Avoid warning in #DB handler due to BHI mitigation
     - kbuild: Make ld-version.sh more robust against version string changes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
     - minmax: sanity check constant bounds when clamping
     - minmax: clamp more efficiently by avoiding extra comparison
     - minmax: fix header inclusions
     - minmax: allow min()/max()/clamp() if the arguments have the same
       signedness.
     - minmax: allow comparisons of 'int' against 'unsigned char/short'
     - minmax: relax check to allow comparison between unsigned arguments and
       signed constants
     - gcc-plugins: Rename last_stmt() for GCC 14+
     - filelock: Remove locks reliably when fcntl/close race is detected
       (CVE-2024-41012)
     - scsi: core: alua: I/O errors for ALUA state transitions
     - scsi: qedf: Don't process stag work during unload and recovery
     - scsi: qedf: Wait for stag work during unload
     - scsi: qedf: Set qed_slowpath_params to zero before use
     - efi/libstub: zboot.lds: Discard .discard sections
     - ACPI: EC: Abort address space access upon error
     - ACPI: EC: Avoid returning AE_OK on errors in address space handler
     - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah
       CPUs
     - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
     - wifi: mac80211: apply mcast rate only if interface is up
     - wifi: mac80211: handle tasklet frames before stopping
     - wifi: cfg80211: fix 6 GHz scan request building
     - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
     - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
     - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option
     - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill
     - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
     - of/irq: Factor out parsing of interrupt-map parent phandle+args from
       of_irq_parse_raw()
     - Input: silead - Always support 10 fingers
     - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
     - ila: block BH in ila_output()
     - null_blk: fix validation of block size
     - kconfig: gconf: give a proper initial state to the Save button
     - kconfig: remove wrong expr_trans_bool()
     - HID: Ignore battery for ELAN touchscreens 2F2C and 4116
     - NFSv4: Fix memory leak in nfs4_set_security_label
     - nfs: propagate readlink errors in nfs_symlink_filler
     - nfs: don't invalidate dentries on transient errors
     - cachefiles: add consistency check for copen/cread
     - cachefiles: Set object to close if ondemand_id < 0 in copen
     - cachefiles: make on-demand read killable
     - fs/file: fix the check in find_next_fd()
     - mei: demote client disconnect warning on suspend to debug
     - iomap: Fix iomap_adjust_read_range for plen calculation
     - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
     - nvme: avoid double free special payload
     - nvmet: always initialize cqe.result
     - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
     - [powerpc*] KVM: PPC: Book3S HV: Prevent UAF in
       kvm_spapr_tce_attach_iommu_group()
     - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
     - ALSA: hda/realtek: Add more codec ID to no shutup pins list
     - [mips*] fix compat_sys_lseek syscall
     - Input: elantech - fix touchpad state on resume for Lenovo N24
     - Input: i8042 - add Ayaneo Kun to i8042 quirk table
     - ASoC: topology: Fix references to freed memory
     - ASoC: topology: Do not assign fields that are already set
     - bytcr_rt5640 : inverse jack detect for Archos 101 cesium
     - ALSA: dmaengine: Synchronize dma channel after drop()
     - ASoC: ti: davinci-mcasp: Set min period size using FIFO config
     - ASoC: ti: omap-hdmi: Fix too long driver name
     - [x86] ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error
       rollback
     - can: kvaser_usb: fix return value for hif_usb_send_regout
     - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
     - [s390x] sclp: Fix sclp_init() cleanup on failure
     - [x86] platform/x86: wireless-hotkey: Add support for LG Airplane Button
     - [x86] platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
     - [x86] platform/x86: lg-laptop: Change ACPI device id
     - [x86] platform/x86: lg-laptop: Use ACPI device handle when evaluating
       WMAB/WMBB
     - btrfs: qgroup: fix quota root leak after quota disable failure
     - ALSA: PCM: Allow resume only for suspended streams
     - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
     - ALSA: dmaengine_pcm: terminate dmaengine before synchronize
     - [x86] ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA
     - net: usb: qmi_wwan: add Telit FN912 compositions
     - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and
       DEV_STATS_ADD()
     - [powerpc*] pseries: Whitelist dtl slub object for copying to userspace
     - [powerpc*] eeh: avoid possible crash when edev->pdev changes
     - scsi: libsas: Fix exp-attached device scan after probe failure scanned in
       again after probe failed
     - [arm64] tee: optee: ffa: Fix missing-field-initializers warning
     - Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
     - bluetooth/l2cap: sync sock recv cb and release
     - erofs: ensure m_llen is reset to 0 if metadata is invalid
     - drm/amd/display: Account for cursor prefetch BW in DML1 mode support
     - drm/radeon: check bo_va->bo is non-NULL before using it
     - fs: better handle deep ancestor chains in is_subdir()
     - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK
     - drivers/perf: riscv: Reset the counter to hpmevent mapping while starting
       cpus
     - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
     - ksmbd: return FILE_DEVICE_DISK instead of super magic
     - hfsplus: fix uninit-value in copy_name
     - spi: mux: set ctlr->bits_per_word_mask
     - cifs: fix noisy message on copy_file_range
     - [arm*] 9324/1: fix get_user() broken with veneer
     - Bluetooth: L2CAP: Fix deadlock
     - of/irq: Disable "interrupt-map" parsing for PASEMI Nemo
     - wifi: cfg80211: wext: set ssids=NULL for passive scans
     - wifi: mac80211: disable softirqs for queued frame handling
     - netfs, fscache: export fscache_put_volume() and add
       fscache_try_get_volume()
     - cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
     - cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.102
     - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
     - f2fs: avoid dead loop in f2fs_issue_checkpoint()
     - ocfs2: add bounds checking to ocfs2_check_dir_entry()
     - jfs: don't walk off the end of ealist
     - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
     - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
     - [arm64] dts: qcom: msm8996: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq6018: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: sdm630: Disable SS instance in Parkmode for USB
     - [arm64,armhf] ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
       is paused
     - filelock: Fix fcntl/close race recovery compat path
     - btrfs: do not BUG_ON on failure to get dir index for new snapshot
     - tun: add missing verification for short frame (CVE-2024-41091)
     - tap: add missing verification for short frame (CVE-2024-41090)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.103
     - [amd64] EDAC, i10nm: make skx_common.o a separate module
     - rcu/tasks: Fix stale task snaphot for Tasks Trace
     - md: fix deadlock between mddev_suspend and flush bio
     - platform/chrome: cros_ec_debugfs: fix wrong EC message version
     - block: refactor to use helper
     - block: cleanup bio_integrity_prep
     - block: initialize integrity buffer to zero before writing it to media
     - hfsplus: fix to avoid false alarm of circular locking
     - [x86] of: Return consistent error type from x86_of_pci_irq_enable()
     - [x86] pci/intel_mid_pci: Fix PCIBIOS_* return code handling
     - [x86] pci/xen: Fix PCIBIOS_* return code handling
     - [x86] platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
     - kernfs: fix all kernel-doc warnings and multiple typos
     - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()
     - cgroup/cpuset: Prevent UAF in proc_cpuset_show()
     - hwmon: (adt7475) Fix default duty on fan is disabled
     - nvmet-auth: fix nvmet_auth hash error handling
     - [arm64] drm/meson: fix canvas release in bind function
     - [arm64] dts: qcom: sdm845: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm6350: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings
     - [arm64] dts: qcom: sm8250: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8450: add power-domain to UFS PHY
     - [arm64] dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
     - [arm64] dts: qcom: msm8998: enable adreno_smmu by default
     - [arm64] soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by
       rpmh_rsc_send_data() callers
     - [arm64] dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
     - [arm64] dts: qcom: msm8996: specify UFS core_clk frequencies
     - [arm64] soc: xilinx: rename cpu_number1 to dummy_cpu_number
     - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
     - [armhf] OPP: ti: Fix ti_opp_supply_probe wrong return values
     - [arm64] dts: rockchip: Increase VOP clk rate on RK3328
     - [arm64] dts: amlogic: sm1: fix spdif compatibles
     - [arm64] dts: mediatek: mt8183-kukui: Drop bogus output-enable property
     - [arm64] dts: mediatek: mt7622: fix "emmc" pinctrl mux
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
     - [arm64] dts: amlogic: gx: correct hdmi clocks
     - [arm64] dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
     - [arm64] dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
     - [arm64] dts: renesas: r8a779g0: Add L3 cache controller
     - [arm64] dts: renesas: r8a779g0: Add secondary CA76 CPU cores
     - [arm64] dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3
       systems
     - [arm64] dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
     - [x86] xen: Convert comma to semicolon
     - [arm64] dts: rockchip: Add missing power-domains for rk356x vop_mmu
     - [arm64] dts: qcom: sm6350: Add missing qcom,non-secure-domain property
     - vmlinux.lds.h: catch .bss..L* sections into BSS")
     - [arm64] firmware: turris-mox-rwtm: Do not complete if there are no waiters
     - [arm64] firmware: turris-mox-rwtm: Fix checking return value of
       wait_for_completion_timeout()
     - [arm64] firmware: turris-mox-rwtm: Initialize completion before mailbox
     - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
     - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
     - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
     - tcp: annotate lockless accesses to sk->sk_err_soft
     - tcp: annotate lockless access to sk->sk_err
     - tcp: add tcp_done_with_error() helper
     - tcp: fix race in tcp_write_err()
     - tcp: fix races in tcp_v[46]_err()
     - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when
       CONFIG_ARCH_NO_SG_CHAIN is defined
     - lib: objagg: Fix general protection fault
     - [x86] perf/x86: Serialize set_attr_rdpmc()
     - jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked()
     - jump_label: Prevent key->enabled int overflow
     - jump_label: Fix concurrency issues in static_key_slow_dec()
     - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
     - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
     - wifi: cfg80211: handle 2x996 RU allocation in
       cfg80211_calculate_bitrate_he()
     - net: fec: Refactor: #define magic constants
     - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
     - libbpf: Checking the btf_type kind when fixing variable offsets
     - ipvs: Avoid unnecessary calls to skb_is_gso_sctp
     - netfilter: nf_tables: rise cap on SELinux secmark context
     - bpftool: Mount bpffs when pinmaps path not under the bpffs
     - [x86] perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
     - perf: Fix perf_aux_size() for greater-than 32-bit size
     - perf: Prevent passing zero nr_pages to rb_alloc_aux()
     - perf: Fix default aux_watermark calculation
     - [x86] perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
     - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
     - wifi: virt_wifi: avoid reporting connection success with wrong SSID
     - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
     - wifi: virt_wifi: don't use strlen() in const context
     - locking/rwsem: Add __always_inline annotation to __down_write_common() and
       inlined callers
     - bpf: annotate BTF show functions with __printf
     - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
     - bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
     - bpf: Fix null pointer dereference in resolve_prog_type() for
       BPF_PROG_TYPE_EXT
     - xdp: fix invalid wait context of page_pool_destroy()
     - net: bridge: mst: Check vlan state for egress decision
     - [arm64] drm/rockchip: vop2: Fix the port mux of VP2
     - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format
     - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
     - drm/amd/pm: Fix aldebaran pcie speed reporting
     - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
     - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
     - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before
       regulators
     - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
     - media: pci: ivtv: Add check for DMA map result
     - media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()
     - media: imon: Fix race getting ictx->lock
     - media: i2c: Fix imx412 exposure control
     - media: v4l: async: Fix NULL pointer dereference in adding ancillary links
     - [s390x] mm: Convert make_page_secure to use a folio
     - [s390x] mm: Convert gmap_make_secure to use a folio
     - [s390x] uv: Don't call folio_wait_writeback() without a folio reference
     - saa7134: Unchecked i2c_transfer function result fixed
     - media: uvcvideo: Override default flags
     - media: renesas: vsp1: Fix _irqsave and _irq mix
     - media: renesas: vsp1: Store RPF partition configuration per RPF instance
     - leds: trigger: Unregister sysfs attributes before calling deactivate()
     - [arm64] drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
     - [arm64] drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
     - perf test: Replace arm callgraph fp test workload with leafloop
     - perf tests arm_callgraph_fp: Address shellcheck warnings about signal
       names and adding double quotes for expression
     - perf tests: Fix test_arm_callgraph_fp variable expansion
     - perf test: Make test_arm_callgraph_fp.sh more robust
     - perf report: Fix condition in sort__sym_cmp()
     - [arm64,armhf] drm/etnaviv: fix DMA direction handling for cached RW
       buffers
     - drm/qxl: Add check for drm_cvt_mode
     - Revert "leds: led-core: Fix refcount leak in of_led_get()"
     - ext4: fix infinite loop when replaying fast_commit
     - media: venus: flush all buffers in output plane streamoff
     - perf intel-pt: Fix aux_watermark calculation for 64-bit size
     - perf intel-pt: Fix exclude_guest setting
     - mfd: rsmu: Split core code into separate module
     - mfd: omap-usb-tll: Use struct_size to allocate tll
     - xprtrdma: Fix rpcrdma_reqs_reset()
     - SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
     - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
     - ext4: don't track ranges in fast_commit if inode has inlined data
       (Closes: #1039883)
     - ext4: avoid writing unitialized memory to disk in EA inodes
     - SUNRPC: Fixup gss_status tracepoint error output
     - PCI: Fix resource double counting on remove & rescan
     - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
     - PCI: keystone: Don't enable BAR 0 for AM654x
     - PCI: keystone: Fix NULL pointer dereference in case of DT error in
       ks_pcie_setup_rc_app_regs()
     - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
     - clk: qcom: branch: Add helper functions for setting retain bits
     - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
     - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
     - iio: frequency: adrf6780: rm clk provider include
     - coresight: Fix ref leak when of_coresight_parse_endpoint() fails
     - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
     - [powerpc*] pseries: Fix alignment of PLPKS structures and buffers
     - [powerpc*] pseries: Move plpks.h to include directory
     - [powerpc*] pseries: Expose PLPKS config values, support additional fields
     - [powerpc*] pseries: Add helper to get PLPKS password length
     - [powerpc*] kexec: make the update_cpus_node() function public
     - [powerpc*] kexec_file: fix cpus node update to FDT
     - RDMA/cache: Release GID table even if leak is detected
     - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
     - Input: qt1050 - handle CHIP_ID reading error
     - RDMA/mlx4: Fix truncated output warning in mad.c
     - RDMA/mlx4: Fix truncated output warning in alias_GUID.c
     - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
     - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
     - [arm64] ASoC: qcom: Adjust issues in case of DT error in
       asoc_qcom_lpass_cpu_platform_probe()
     - [powerpc*] prom: Add CPU info to hardware description string later
     - mtd: make mtd_test.c a separate module
     - RDMA/device: Return error earlier if port in not valid
     - Input: elan_i2c - do not leave interrupt disabled on suspend failure
     - ASoC: amd: Adjust error handling in case of absent codec device
     - PCI: endpoint: Clean up error handling in vpci_scan_bus()
     - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
     - vhost/vsock: always initialize seqpacket_allow
     - net: missing check virtio
     - [x86] crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
     - clk: qcom: Park shared RCGs upon registration
     - clk: en7523: fix rate divider for slic and spi clocks
     - PCI: qcom-ep: Disable resources unconditionally during PERST# assert
     - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
     - [powerpc*] xmon: Fix disassembly CPU feature checks
     - [arm64] RDMA/hns: Check atomic wr length
     - [arm64] RDMA/hns: Fix unmatch exception handling when init eq table fails
     - [arm64] RDMA/hns: Fix missing pagesize and alignment check in FRMR
     - [arm64] RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
     - [arm64] RDMA/hns: Fix undifined behavior caused by invalid max_sge
     - [arm64] RDMA/hns: Fix insufficient extend DB for VFs.
     - [amd64] iommu/vt-d: Fix to convert mm pfn to dma pfn
     - [amd64] iommu/vt-d: Fix identity map bounds in si_domain_init()
     - bnxt_re: Fix imm_data endianness
     - netfilter: ctnetlink: use helper function to calculate expect ID
     - netfilter: nft_set_pipapo: constify lookup fn args where possible
     - netfilter: nf_set_pipapo: fix initial map fill
     - net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
     - ipv4: Fix incorrect TOS in route get reply
     - ipv4: Fix incorrect TOS in fibmatch route get reply
     - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
     - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
     - pinctrl: rockchip: update rk3308 iomux routes
     - pinctrl: core: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: single: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: ti: ti-iodelay: Drop if block with always false condition
     - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable()
       fails
     - pinctrl: freescale: mxs: Fix refcount of child
     - fs/ntfs3: Replace inode_trylock with inode_lock
     - fs/ntfs3: Fix field-spanning write in INDEX_HDR
     - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
     - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
     - pinctrl: renesas: r8a779g0: Fix IRQ suffixes
     - pinctrl: renesas: r8a779g0: FIX PWM suffixes
     - pinctrl: renesas: r8a779g0: Fix TCLK suffixes
     - pinctrl: renesas: r8a779g0: Fix TPU suffixes
     - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
     - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
     - rtc: interface: Add RTC offset to alarm after fix-up
     - [s390x] dasd: fix error checks in dasd_copy_pair_store()
     - sbitmap: remove unnecessary calculation of alloc_hint in
       __sbitmap_get_shallow
     - sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code
     - sbitmap: use READ_ONCE to access map->word
     - sbitmap: fix io hung due to race on sbitmap_word::cleared
     - landlock: Don't lose track of restrictions on cred_transfer
     - mm/hugetlb: fix possible recursive locking detected warning
     - mm/mglru: fix div-by-zero in vmpressure_calc_level()
     - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
     - [x86] efistub: Avoid returning EFI_SUCCESS on error
     - [x86] efistub: Revert to heap allocated boot_params for PE entrypoint
     - dt-bindings: thermal: correct thermal zone node name limit
     - tick/broadcast: Make takeover of broadcast hrtimer reliable
     - net: netconsole: Disable target before netpoll cleanup
     - af_packet: Handle outgoing VLAN packets without hardware offloading
     - kernel: rerun task_work while freezing in get_signal()
     - ipv4: fix source address selection with route leak
     - ipv6: take care of scope when choosing the src addr
     - sched/fair: set_load_weight() must also call reweight_task() for
       SCHED_IDLE tasks
     - fuse: verify {g,u}id mount options correctly
     - char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
     - media: venus: fix use after free in vdec_close
     - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error
     - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
     - [x86] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
     - [x86] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
     - scsi: qla2xxx: Fix optrom version displayed in FDMI
     - drm/amd/display: Check for NULL pointer
     - sched/fair: Use all little CPUs for CPU-bound workloads
     - apparmor: use kvfree_sensitive to free data->data
     - cifs: fix potential null pointer use in destroy_workqueue in init_cifs
       error path
     - cifs: fix reconnect with SMB1 UNIX Extensions
     - cifs: mount with "unix" mount option for SMB1 incorrectly handled
     - task_work: s/task_work_cancel()/task_work_cancel_func()/
     - task_work: Introduce task_work_cancel() again
     - udf: Avoid using corrupted block bitmap buffer
     - ext4: check dot and dotdot of dx_root before making dir indexed
     - ext4: make sure the first directory block is not a hole
     - io_uring: tighten task exit cancellations
     - trace/pid_list: Change gfp flags in pid_list_fill_irq()
     - wifi: mwifiex: Fix interface type change
     - drivers: soc: xilinx: check return status of get_api_version()
     - leds: ss4200: Convert PCIBIOS_* return codes to errnos
     - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
     - jbd2: make jbd2_journal_get_max_txn_bufs() internal
     - media: uvcvideo: Fix integer overflow calculating timestamp
     - [x86] KVM: VMX: Split out the non-virtualization part of
       vmx_interrupt_blocked()
     - [x86] KVM: nVMX: Request immediate exit iff pending nested event needs
       injection
     - ALSA: usb-audio: Fix microphone sound on HD webcam.
     - ALSA: usb-audio: Move HD Webcam quirk to the right place
     - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
     - tools/memory-model: Fix bug in lock.cat
     - hwrng: amd - Convert PCIBIOS_* return codes to errnos
     - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
     - PCI: dw-rockchip: Fix initial PERST# GPIO value
     - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
     - PCI: loongson: Enable MSI in LS7A Root Complex
     - [arm*] binder: fix hang of unregistered readers
     - dev/parport: fix the array out-of-bounds risk
     - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
     - f2fs: fix to force buffered IO on inline_data inode
     - f2fs: fix to don't dirty inode for readonly filesystem
     - f2fs: fix return value of f2fs_convert_inline_inode()
     - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
     - ubi: eba: properly rollback inside self_check_eba
     - decompress_bunzip2: fix rare decompression failure
     - kbuild: Fix '-S -c' in x86 stack protector scripts
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
     - kobject_uevent: Fix OOB access within zap_modalias_env()
     - gve: Fix an edge case for TSO skb validity check
     - ice: Add a per-VF limit on number of FDIR filters
     - devres: Fix devm_krealloc() wasting memory
     - devres: Fix memory leakage caused by driver API devm_free_percpu()
     - irqchip/imx-irqsteer: Handle runtime power management correctly
     - mm/numa_balancing: teach mpol_to_str about the balancing mode
     - rtc: cmos: Fix return value of nvmem callbacks
     - scsi: qla2xxx: During vport delete send async logout explicitly
     - scsi: qla2xxx: Unable to act on RSCN for port online
     - scsi: qla2xxx: Fix for possible memory corruption
     - scsi: qla2xxx: Use QP lock to search for bsg
     - scsi: qla2xxx: Fix flash read failure
     - scsi: qla2xxx: Complete command early within lock
     - scsi: qla2xxx: validate nvme_local_port correctly
     - perf: Fix event leak upon exit
     - perf: Fix event leak upon exec and file release
     - [x86] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for
       SPR
     - [x86] perf/x86/intel/pt: Fix topa_entry base length
     - [x86] perf/x86/intel/pt: Fix a topa_entry base address calculation
     - [x86] drm/i915/gt: Do not consider preemption during execlists_dequeue for
       gen8
     - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
     - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
     - drm/i915/dp: Reset intel_dp->link_trained before retraining the link
     - rtc: isl1208: Fix return value of nvmem callbacks
     - watchdog/perf: properly initialize the turbo mode timestamp and rearm
       counter
     - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
     - dm-verity: fix dm_is_verity_target() when dm-verity is builtin
     - rbd: don't assume rbd_is_lock_owner() for exclusive mappings
     - remoteproc: stm32_rproc: Fix mailbox interrupts queuing
     - remoteproc: imx_rproc: Skip over memory region when node value is NULL
     - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
     - [arm64,armhf] drm/etnaviv: don't block scheduler when GPU is still active
     - [arm64,armhf] drm/panfrost: Mark simple_ondemand governor as softdep
     - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
     - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
     - bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func
     - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
     - nilfs2: handle inconsistent state in nilfs_btnode_create_block()
     - PCI: Introduce cleanup helpers for device reference counts and locks
     - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
     - io_uring/io-wq: limit retrying worker initialisation
     - wifi: mac80211: Allow NSS change only up to capability
     - wifi: mac80211: track capability/opmode NSS separately
     - wifi: mac80211: check basic rates validity
     - jfs: Fix array-index-out-of-bounds in diFree
     - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
     - phy: cadence-torrent: Check return value on register read
     - f2fs: fix start segno of large section
     - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
     - watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
     - f2fs: fix to update user block counts in block_operations()
     - kbuild: avoid build error when single DTB is turned into composite DTB
     - libbpf: Fix no-args func prototype BTF dumping syntax
     - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
     - dma: fix call order in dmam_free_coherent
     - bpf, events: Use prog to emit ksymbol event for main program
     - ipv4: Fix incorrect source address in Record Route option
     - net: bonding: correctly annotate RCU in bond_should_notify_peers()
     - netfilter: nft_set_pipapo_avx2: disable softinterrupts
     - tipc: Return non-zero value from tipc_udp_addr2str() on error
     - net: stmmac: Correct byte order of perfect_match
     - net: nexthop: Initialize all fields in dumped nexthops
     - bpf: Fix a segment issue when downgrading gso_size
     - mISDN: Fix a use after free in hfcmulti_tx()
     - apparmor: Fix null pointer deref when receiving skb during sock creation
     - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
     - lirc: rc_dev_get_from_fd(): fix file leak
     - auxdisplay: ht16k33: Drop reference after LED registration
     - spi: microchip-core: fix the issues in the isr
     - spi: microchip-core: only disable SPI controller when register value
       change requires it
     - spi: microchip-core: switch to use modern name
     - spi: microchip-core: fix init function not setting the master and motorola
       modes
     - nvme-pci: Fix the instructions for disabling power management
     - spidev: Add Silicon Labs EM3581 device compatible
     - spi: spidev: order compatibles alphabetically
     - spi: spidev: add correct compatible for Rohm BH2228FV
     - [x86] ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is
       reachable
     - ceph: fix incorrect kmalloc size of pagevec mempool
     - [s390x] pci: Refactor arch_setup_msi_irqs()
     - [s390x] pci: Allow allocation of more than 1 MSI interrupt
     - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
     - io_uring: fix io_match_task must_hold
     - nvme-pci: add missing condition check for existence of mapped data
     - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
     - [powerpc*] pseries: Avoid hcall in plpks_is_available() on non-pseries
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.104
     - [arm64] dts: qcom: msm8998: switch USB QMP PHY to new style of bindings
     - [arm64] dts: qcom: msm8998: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq8074: Disable SS instance in Parkmode for USB
     - sysctl: allow change system v ipc sysctls inside ipc namespace
     - sysctl: allow to change limits for posix messages queues
     - sysctl: treewide: drop unused argument
       ctl_table_root::set_ownership(table)
     - sysctl: always initialize i_uid/i_gid
     - ext4: make ext4_es_insert_extent() return void
     - ext4: refactor ext4_da_map_blocks()
     - ext4: convert to exclusive lock while inserting delalloc extents
     - ext4: factor out a common helper to query extent map
     - ext4: check the extent status again before inserting delalloc block
     - leds: trigger: Remove unused function led_trigger_rename_static()
     - leds: trigger: Store brightness set by led_trigger_event()
     - leds: trigger: Call synchronize_rcu() before calling trig->activate()
     - leds: triggers: Flush pending brightness before activating trigger
     - mm: restrict the pcp batch scale factor to avoid too long latency
     - mm: page_alloc: control latency caused by zone PCP draining
     - mm/page_alloc: fix pcp->count race between drain_pages_zone() vs
       __rmqueue_pcplist()
     - f2fs: fix to avoid use SSR allocate when do defragment
     - f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
     - irqdomain: Fixed unbalanced fwnode get and put
     - drm/udl: Rename struct udl_drm_connector to struct udl_connector
     - drm/udl: Test pixel limit in mode-config's mode-valid function
     - drm/udl: Use USB timeout constant when reading EDID
     - drm/udl: Various improvements to the connector
     - drm/udl: Move connector to modesetting code
     - drm/udl: Remove DRM_CONNECTOR_POLL_HPD
     - [x86] drm/i915/dp: Don't switch the LTTPR mode on an active link
     - [amd64] HID: amd_sfh: Remove duplicate cleanup
     - [amd64] HID: amd_sfh: Split sensor and HID initialization
     - [amd64] HID: amd_sfh: Move sensor discovery before HID device
       initialization
     - drm/nouveau: prime: fix refcount underflow
     - drm/vmwgfx: Fix overlay when using Screen Targets
     - drm/vmwgfx: Trigger a modeset when the screen moves
     - sched: act_ct: take care of padding in struct zones_ht_key
     - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode
     - Bluetooth: hci_sync: Fix suspending with wrong filter policy
     - net: axienet: start napi before enabling Rx/Tx
     - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in
       rtnl_dellink().
     - ice: respect netif readiness in AF_XDP ZC related ndo's
     - ice: don't busy wait for Rx queue disable in ice_qp_dis()
     - ice: replace synchronize_rcu with synchronize_net
     - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog
     - net/iucv: fix use after free in iucv_sock_close()
     - [x86] drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro
     - net: mvpp2: Don't re-use loop iterator
     - ALSA: hda: Conditionally use snooping for AMD HDMI
     - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
     - netfilter: iptables: Fix potential null-ptr-deref in
       ip6table_nat_table_init().
     - net/mlx5: Lag, don't use the hardcoded value of the first port
     - net/mlx5: Fix missing lock on sync reset reload
     - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
     - ipv6: fix ndisc_is_useropt() handling for PIO
     - [arm64] jump_label: Ensure patched jump_labels are visible to all CPUs
     - platform/chrome: cros_ec_proto: Lock device when updating MKBP version
     - HID: wacom: Modify pen IDs
     - btrfs: zoned: fix zone_unusable accounting on making block group
       read-write again
     - protect the fetch of ->fd[fd] in do_dup2() from mispredictions
     - mptcp: sched: check both directions for backup
     - ALSA: usb-audio: Correct surround channels in UAC1 channel map
     - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
     - Revert "ALSA: firewire-lib: obsolete workqueue for period update"
     - Revert "ALSA: firewire-lib: operate for period elapse event in process
       context"
     - drm/vmwgfx: Fix a deadlock in dma buf fence polling
     - [x86] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
     - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
     - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
     - mptcp: fix user-space PM announced address accounting
     - mptcp: distinguish rcv vs sent backup flag in requests
     - mptcp: fix NL PM announced address accounting
     - mptcp: fix bad RCVPRUNED mib accounting
     - mptcp: pm: only set request_bkup flag when sending MP_PRIO
     - mptcp: fix duplicate data handling
     - netfilter: ipset: Add list flush to cancel_gc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
     - irqchip/mbigen: Fix mbigen node address layout
     - [x86] platform/x86/intel/ifs: Gen2 Scan test support
     - [x86] platform/x86/intel/ifs: Initialize union ifs_status to zero
     - jump_label: Fix the fix, brown paper bags galore
     - [x86] mm: Fix pti_clone_pgtable() alignment assumption
     - [x86] mm: Fix pti_clone_entry_text() for i386
     - sctp: Fix null-ptr-deref in reuseport_add_sock().
     - net: usb: qmi_wwan: fix memory leak for not ip packets
     - net: bridge: mcast: wait for previous gc cycles when removing port
     - net: linkwatch: use system_unbound_wq
     - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
     - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv
       monitor
     - [armhf] net: dsa: bcm_sf2: Fix a possible memory leak in
       bcm_sf2_mdio_register()
     - l2tp: fix lockdep splat
     - net: fec: Stop PPS on driver remove
     - rcutorture: Fix rcu_torture_fwd_cb_cr() data race
     - md: do not delete safemode_timer in mddev_suspend
     - md/raid5: avoid BUG_ON() while continue reshape after reassembling
     - block: change rq_integrity_vec to respect the iterator
     - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation
     - clocksouqrce/drivers/sh_cmt: Address race condition for clock events
     - ACPI: battery: create alarm sysfs attribute atomically
     - [x86] ACPI: SBS: manage alarm sysfs attribute through psy core
     - wifi: nl80211: disallow setting special AP channel widths
     - net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
     - af_unix: Don't retry after unix_state_lock_nested() in
       unix_stream_connect().
     - PCI: Add Edimax Vendor ID to pci_ids.h
     - udf: prevent integer overflow in udf_bitmap_free_blocks()
     - wifi: nl80211: don't give key data to userspace
     - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index
       erratum
     - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of
       mcp2518fd
     - btrfs: fix bitmap leak when loading free space cache on duplicate entry
     - drm/amdgpu/pm: Fix the param type of set_power_profile_mode
     - drm/amdgpu/pm: Fix the null pointer dereference for smu7
     - drm/amdgpu: Fix the null pointer dereference to ras_manager
     - drm/amdgpu/pm: Fix the null pointer dereference in
       apply_state_adjust_rules
     - drm/amdgpu: Add lock around VF RLCG interface
     - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
     - media: amphion: Remove lock in s_ctrl callback
     - drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update
     - drm/amd/display: Add null checker before passing variables
     - media: uvcvideo: Ignore empty TS packets
     - media: uvcvideo: Fix the bandwdith quirk on USB 3.x
     - media: xc2028: avoid use-after-free in load_firmware_cb()
     - ext4: fix uninitialized variable in ext4_inlinedir_to_tree
     - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
     - [s390x] sclp: Prevent release of buffer in I/O
     - SUNRPC: Fix a race to wake a sync task
     - bus: mhi: host: pci_generic: add support for Telit FE990 modem
     - Revert "bpftool: Mount bpffs when pinmaps path not under the bpffs"
     - profiling: remove profile=sleep support
     - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
     - [arm64,armhf] irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock
       to 'raw_spinlock_t'
     - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
     - ext4: fix wrong unit use in ext4_mb_find_by_goal
     - [arm64] Add Neoverse-V2 part
     - [arm64] barrier: Restore spec_bar() macro
     - [arm64] cputype: Add Cortex-X4 definitions
     - [arm64] cputype: Add Neoverse-V3 definitions
     - [arm64] errata: Add workaround for Arm errata 3194386 and 3312417
     - [arm64] cputype: Add Cortex-X3 definitions
     - [arm64] cputype: Add Cortex-A720 definitions
     - [arm64] cputype: Add Cortex-X925 definitions
     - [arm64] errata: Unify speculative SSBS errata logic
     - [arm64] errata: Expand speculative SSBS workaround
     - [arm64] cputype: Add Cortex-X1C definitions
     - [arm64] cputype: Add Cortex-A725 definitions
     - [arm64] errata: Expand speculative SSBS workaround (again)
     - i2c: smbus: Improve handling of stuck alerts
     - spi: spidev: Add missing spi_device_id for bh2228fv
     - i2c: smbus: Send alert notifications to all devices if source not found
     - bpf: kprobe: remove unused declaring of bpf_kprobe_override
     - kprobes: Fix to check symbol prefixes correctly
     - [arm64] i2c: qcom-geni: add desc struct to prepare support for I2C Master
       Hub variant
     - [arm64] i2c: qcom-geni: Add missing clk_disable_unprepare in
       geni_i2c_runtime_resume
     - [arm64] i2c: qcom-geni: Add missing geni_icc_disable in
       geni_i2c_runtime_resume
     - spi: spi-fsl-lpspi: Fix scldiv calculation
     - ALSA: usb-audio: Re-add ScratchAmp quirk entries
     - [arm64] ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
     - drm/client: fix null pointer dereference in drm_client_modeset_probe
     - ALSA: line6: Fix racy access to midibuf
     - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
     - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks
     - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
     - usb: vhci-hcd: Do not drop references before new references are gained
     - USB: serial: debug: do not echo input by default
     - usb: gadget: core: Check for unset descriptor
     - usb: gadget: u_serial: Set start_delayed during suspend
     - usb: gadget: u_audio: Check return codes from usb_ep_enable and
       config_ep_by_speed.
     - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
     - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
     - tick/broadcast: Move per CPU pointer access into the atomic section
     - ntp: Clamp maxerror and esterror to operating range
     - torture: Enable clocksource watchdog with "tsc=watchdog"
     - clocksource: Scale the watchdog read retries automatically
     - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
     - driver core: Fix uevent_show() vs driver detach race
     - ntp: Safeguard against time_constant overflow
     - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex()
     - serial: core: check uartclk for zero to avoid divide by zero
     - [x86] ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx
     - kcov: properly check for softirq context
     - irqchip/xilinx: Fix shift out of bounds
     - genirq/irqdesc: Honor caller provided affinity in alloc_desc()
     - [x86] power: supply: axp288_charger: Fix constant_charge_voltage writes
     - [x86] power: supply: axp288_charger: Round constant_charge_voltage writes
       down
     - tracing: Fix overflow in get_free_elt()
     - padata: Fix possible divide-by-0 panic in padata_mt_helper()
     - smb3: fix setting SecurityFlags when encryption is required
     - btrfs: avoid using fixed char array size for tree names
     - [x86] mtrr: Check if fixed MTRRs exist before saving them
     - sched/smt: Introduce sched_smt_present_inc/dec() helper
     - sched/smt: Fix unbalance sched_smt_present dec/inc
     - drm/bridge: analogix_dp: properly handle zero sized AUX transactions
     - drm/dp_mst: Skip CSN if topology probing is not done yet
     - [arm64,armhf] drm/lima: Mark simple_ondemand governor as softdep
     - [x86] drm/mgag200: Set DDC timeout in milliseconds
     - [x86] drm/mgag200: Bind I2C lifetime to DRM device
     - mptcp: mib: count MPJ with backup flag
     - mptcp: export local_address
     - mptcp: pm: fix backup support in signal endpoints
     - mptcp: pm: deny endp with signal + subflow + port
     - block: use the right type for stub rq_integrity_vec()
     - Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update"
     - mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit
       machines (CVE-2024-42258)
     - btrfs: fix corruption after buffer fault in during direct IO append write
     - ipv6: fix source address selection with route leak
     - tools headers arm64: Sync arm64's cputype.h with the kernel sources
     - mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio()
     - block: Call .limit_depth() after .hctx has been set
     - block/mq-deadline: Fix the tag reservation code
     - xfs: fix log recovery buffer allocation for the legacy h_size fixup
       (CVE-2024-39472)
     - netfilter: nf_tables: bail out if stateful expression provides no .clone
     - netfilter: nf_tables: allow clone callbacks to sleep
     - netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
     - i2c: qcom-geni: fix missing clk_disable_unprepare() and
       geni_se_resources_off()
     - btrfs: fix double inode unlock for direct IO sync writes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.106
     - mptcp: pass addr to mptcp_pm_alloc_anno_list
     - mptcp: pm: reduce indentation blocks
     - mptcp: pm: don't try to create sf if alloc failed
     - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set
     - [x86] ASoC: topology: Clean up route loading
     - [x86] ASoC: topology: Fix route memory corruption
     - exec: Fix ToCToU between perm check and set-uid/gid usage
     - nfsd: move reply cache initialization into nfsd startup
     - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
     - NFSD: Refactor nfsd_reply_cache_free_locked()
     - NFSD: Rename nfsd_reply_cache_alloc()
     - NFSD: Replace nfsd_prune_bucket()
     - NFSD: Refactor the duplicate reply cache shrinker
     - NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
     - NFSD: Fix frame size warning in svc_export_parse()
     - sunrpc: don't change ->sv_stats if it doesn't exist
     - nfsd: stop setting ->pg_stats for unused stats
     - sunrpc: pass in the sv_stats struct through svc_create_pooled
     - sunrpc: remove ->pg_stats from svc_program
     - sunrpc: use the struct net as the svc proc private
     - nfsd: rename NFSD_NET_* to NFSD_STATS_*
     - nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
     - nfsd: make all of the nfsd stats per-network namespace
     - nfsd: remove nfsd_stats, make th_cnt a global counter
     - nfsd: make svc_stat per-network namespace instead of global
     - nvme/pci: Add APST quirk for Lenovo N60z laptop
     - mptcp: fully established after ADD_ADDR echo on MPJ
     - [x86] drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
       (CVE-2024-42259)
     - cgroup: Make operations on the cgroup root_list RCU safe
     - [x86] drm/i915: Add a function to mmap framebuffer obj
     - [x86] drm/i915: Fix a NULL vs IS_ERR() bug
     - [x86] drm/i915/gem: Adjust vma offset for framebuffer mmap offset
     - binfmt_flat: Fix corruption when not offsetting data start
     - cgroup: Move rcu_head up near the top of cgroup_root
     - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (CVE-2024-42114)
     - [arm64] KVM: arm64: Don't pass a TLBI level hint when zapping table
       entries
     - media: Revert "media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()"
     - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no
       error"
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 24
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.10.
     (closes: #1076576)
   * [arm64] Enable MICROSOFT_MANA.
linux-signed-amd64 (6.1.99+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.99-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.99
     - Revert "usb: xhci: prevent potential failure in handle_tx_event() for
       Transfer events without TRB"
linux-signed-amd64 (6.1.98+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.98-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
     - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
     - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
     - wifi: cfg80211: fully move wiphy work to unbound workqueue
     - wifi: cfg80211: Lock wiphy in cfg80211_get_station
     - wifi: cfg80211: pmsr: use correct nla_get_uX functions
     - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
     - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
     - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
     - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
     - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
     - ax25: Fix refcount imbalance on inbound connections
     - ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
     - [armhf] net/ncsi: Simplify Kconfig/dts control flow
     - [armhf] net/ncsi: Fix the multi thread manner of NCSI driver
     - ipv6: ioam: block BH from ioam6_output()
     - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
     - bpf: Set run context for rawtp test_run callback
     - net/smc: avoid overwriting when adjusting sock bufsizes
     - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
       (CVE-2024-36978)
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
     - net/mlx5: Stop waiting for PCI up if teardown was triggered
     - net/mlx5: Stop waiting for PCI if pci channel is offline
     - net/mlx5: Split function_setup() to enable and open functions
     - net/mlx5: Always stop health timer during driver removal
     - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
     - ptp: Fix error message on failed pin verification
     - ice: fix iteration of TLVs in Preserved Fields Area
     - ice: Introduce new parameters in ice_sched_node
     - ice: remove null checks before devm_kfree() calls
     - ice: remove af_xdp_zc_qps bitmap
     - net: wwan: iosm: Fix tainted pointer delete is case of region creation
       fail
     - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted
       peer.
     - af_unix: Annodate data-races around sk->sk_state for writers.
     - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
     - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
       poll().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
     - af_unix: Annotate data-races around sk->sk_state in sendmsg() and
       recvmsg().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
     - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
     - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
     - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
     - af_unix: annotate lockless accesses to sk->sk_err
     - af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
     - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
     - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
     - ipv6: fix possible race in __fib6_drop_pcpu_from()
     - Bluetooth: qca: fix invalid device address check
     - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()
     - usb: gadget: f_fs: use io_data->status consistently
     - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
     - iio: accel: mxc4005: allow module autoloading via OF compatible
     - iio: accel: mxc4005: Reset chip on probe() and resume()
     - xtensa: stacktrace: include <asm/ftrace.h> for prototype
     - xtensa: fix MAKE_PC_FROM_RA second argument
     - drm/amd/display: drop unnecessary NULL checks in debugfs
     - drm/amd/display: Fix incorrect DSC instance for MST
     - [arm64] dts: qcom: sm8150: align TLMM pin configuration with DT schema
     - [arm64] dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration
     - misc/pvpanic: deduplicate common code
     - misc/pvpanic-pci: register attributes via pci_driver
     - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
     - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
     - mmc: davinci: Don't strip remove function when driver is builtin
     - firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails
     - HID: i2c-hid: elan: Add ili9882t timing
     - HID: i2c-hid: elan: fix reset suspend current leakage
     - i2c: add fwnode APIs
     - i2c: acpi: Unbind mux adapters before delete
     - mm, vmalloc: fix high order __GFP_NOFAIL allocations
     - mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
     - wifi: ath10k: fix QCOM_RPROC_COMMON dependency
     - btrfs: remove unnecessary prototype declarations at disk-io.c
     - btrfs: make btrfs_destroy_delayed_refs() return void
     - btrfs: fix leak of qgroup extent records after transaction abort
     - nilfs2: return the mapped address from nilfs_get_page()
     - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
     - io_uring: check for non-NULL file pointer in io_file_can_poll()
     - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
     - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
     - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
     - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
     - mei: me: release irq in mei_me_pci_resume error path
     - tty: n_tty: Fix buffer offsets when lookahead is used
     - landlock: Fix d_parent walk
     - jfs: xattr: fix buffer overflow for invalid xattr
     - xhci: Set correct transferred length for cancelled bulk transfers
     - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
     - xhci: Handle TD clearing for multiple streams case
     - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
     - [x86] thunderbolt: debugfs: Fix margin debugfs node creation condition
     - scsi: mpi3mr: Fix ATA NCQ priority support
     - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
     - scsi: sd: Use READ(16) when reading block zero on large capacity disks
       (Closes: #1067858)
     - gve: Clear napi->skb before dev_kfree_skb_any()
     - [powerpc*] uaccess: Fix build errors seen with GCC 13/14
     - Input: try trimming too long modalias strings (Closes: #983357)
     - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c
     - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
     - cachefiles: remove requests from xarray during flushing requests
     - cachefiles: introduce object ondemand state
     - cachefiles: extract ondemand info field from cachefiles_object
     - cachefiles: resend an open request if the read request's object is closed
     - cachefiles: add spin_lock for cachefiles_ondemand_info
     - cachefiles: add restore command to recover inflight ondemand read requests
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
     - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
     - cachefiles: never get a new anonymous fd if ondemand_id is valid
     - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
     - cachefiles: flush all requests after setting CACHEFILES_DEAD
     - selftests/ftrace: Fix to check required event file
     - clk: sifive: Do not register clkdevs for PRCI clocks
     - NFSv4.1 enforce rootpath check in fs_location query
     - SUNRPC: return proper error from gss_wrap_req_priv
     - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (Closes: #1071501)
     - [x86] platform/x86: dell-smbios: Fix wrong token data in sysfs
     - gpio: tqmx86: fix typo in Kconfig label
     - gpio: tqmx86: remove unneeded call to platform_set_drvdata()
     - gpio: tqmx86: introduce shadow register for GPIO output value
     - gpio: tqmx86: Convert to immutable irq_chip
     - gpio: tqmx86: store IRQ trigger type and unmask status separately
     - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type
     - HID: core: remove unnecessary WARN_ON() in implement()
     - iommu/amd: Fix sysfs leak in iommu init
     - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
     - drm/vmwgfx: Port the framebuffer code to drm fb helpers
     - drm/vmwgfx: Refactor drm connector probing for display modes
     - drm/vmwgfx: Filter modes which exceed graphics memory
     - drm/vmwgfx: 3D disabled should not effect STDU memory limits
     - drm/vmwgfx: Remove STDU logic from generic mode_valid function
     - net: sfp: Always call `sfp_sm_mod_remove()` on remove
     - net: hns3: fix kernel crash problem in concurrent scenario
     - net: hns3: add cond_resched() to hns3 ring buffer init process
     - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
     - drm/komeda: check for error-valued pointer
     - drm/bridge/panel: Fix runtime warning on panel bridge release
     - tcp: fix race in tcp_v6_syn_recv_sock()
     - geneve: Fix incorrect inner network header offset when innerprotoinherit
       is set
     - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
       packets
     - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
     - netfilter: ipset: Fix race between namespace cleanup and gc in the
       list:set type
     - net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP
     - gve: ignore nonrelevant GSO type bits when processing TSO headers
     - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs
       parameters
     - nvmet-passthru: propagate status from id override functions
     - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
     - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
     - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
     - ionic: fix use after netif_napi_del()
     - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
     - bnxt_en: Adjust logging of firmware messages in case of released token in
       __hwrm_send()
     - misc: microchip: pci1xxxx: fix double free in the error handling of
       gp_aux_bus_probe() (CVE-2024-36973)
     - [x86] boot: Don't add the EFI stub to targets, again
     - iio: adc: ad9467: fix scan type sign
     - iio: dac: ad5592r: fix temperature channel scaling value
     - iio: imu: inv_icm42600: delete unneeded update watermark call
     - drivers: core: synchronize really_probe() and dev_uevent()
     - drm/exynos/vidi: fix memory leak in .get_modes()
     - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID
       found
     - mptcp: ensure snd_una is properly initialized on connect
     - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
     - irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()
     - [x86] amd_nb: Check for invalid SMN reads
     - perf/core: Fix missing wakeup when waiting for context reference
     - riscv: fix overlap of allocated page and PTR_ERR
     - tracing/selftests: Fix kprobe event name test for .isra. functions
     - null_blk: Print correct max open zones limit in null_init_zoned_dev()
     - sock_map: avoid race between sock_map_close and sk_psock_put
     - vmci: prevent speculation leaks by sanitizing event in event_deliver()
     - spmi: hisi-spmi-controller: Do not override device identifier
     - knfsd: LOOKUP can return an illegal error value
     - fs/proc: fix softlockup in __read_vmcore
     - ocfs2: use coarse time for new created files
     - ocfs2: fix races between hole punching and AIO+DIO
     - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
     - dmaengine: axi-dmac: fix possible race in remove()
     - remoteproc: k3-r5: Wait for core0 power-up before powering up core1
     - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
     - [x86] drm/i915/gt: Disarm breadcrumbs if engines are already idle
     - [x86] drm/i915/dpt: Make DPT object unshrinkable
     - [x86] intel_th: pci: Add Granite Rapids support
     - [x86] intel_th: pci: Add Granite Rapids SOC support
     - [x86] intel_th: pci: Add Sapphire Rapids SOC support
     - [x86] intel_th: pci: Add Meteor Lake-S support
     - [x86] intel_th: pci: Add Lunar Lake support
     - btrfs: zoned: introduce a zone_info struct in
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out per-zone logic from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out single bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out DUP bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: fix use-after-free due to race with dev replace
     - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
     - tick/nohz_full: Don't abuse smp_call_function_single() in
       tick_setup_device()
     - mm/huge_memory: don't unpoison huge_zero_folio
     - mm/memory-failure: fix handling of dissolved but not taken off from buddy
       pages
     - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
     - mptcp: pm: update add_addr counters after connect
     - Revert "fork: defer linking file vma until vma is fully initialized"
     - remoteproc: k3-r5: Jump to error handling labels in start/stop errors
     - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing
       ondemand-mode
     - Bluetooth: qca: fix wcn3991 device address check
     - Bluetooth: qca: generalise device address check
     - greybus: Fix use-after-free bug in gb_interface_release due to race
       condition.
     - serial: 8250_dw: fall back to poll if there's no interrupt
     - serial: core: Add UPIO_UNKNOWN constant for unknown port type
     - usb-storage: alauda: Check whether the media is initialized
       (CVE-2024-38619)
     - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of
       gp_aux_bus_probe()
     - i2c: at91: Fix the functionality flags of the slave-only interface
     - i2c: designware: Fix the functionality flags of the slave-only interface
     - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
     - padata: Disable BH when taking works lock on MT path
     - io_uring/sqpoll: work around a potential audit memory leak
     - block/ioctl: prefer different overflow check
     - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
     - wifi: ath9k: work around memset overflow warning
     - af_packet: avoid a false positive warning in packet_setsockopt()
     - drop_monitor: replace spin_lock by raw_spin_lock
     - scsi: qedi: Fix crash while reading debugfs attribute
     - net/sched: fix false lockdep warning on qdisc root lock
     - net: dsa: realtek: keep default LED state in rtl8366rb
     - netpoll: Fix race condition in netpoll_owner_active
     - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
     - HID: Add quirk for Logitech Casa touchpad
     - HID: asus: fix more n-key report descriptors if n-key quirked
     - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
     - drm/amd/display: Exit idle optimizations before HDCP execution
     - [x86] platform/x86: toshiba_acpi: Add quirk for buttons on Z830
     - [x86] ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14
     - [arm64,armhf] drm/lima: add mask irq callback to gp and pp
     - [arm64,armhf] drm/lima: mask irqs in timeout path before hard reset
     - ALSA: hda/realtek: Add quirks for Lenovo 13X
     - [powerpc*] pseries: Enforce hcall result buffer validity and size
     - [powerpc*] io: Avoid clang null pointer arithmetic warnings
     - [x86] platform/x86: p2sb: Don't init until unassigned resources have been
       assigned
     - power: supply: cros_usbpd: provide ID table for avoiding fallback match
     - [arm64] iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
     - f2fs: remove clear SB_INLINECRYPT flag in default_options
     - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
     - [arm64] usb: dwc3: pci: Don't set "linux,phy_charger_detect" property on
       Lenovo Yoga Tab2 1380
     - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
     - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
     - [arm64,armhf] serial: imx: Introduce timeout when waiting on transmitter
       empty
     - serial: exar: adding missing CTI and Exar PCI ids
     - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API
     - tty: add the option to have a tty reject a new ldisc
     - tracing: Build event generation tests only as modules
     - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
     - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
     - ice: move RDMA init to ice_idc.c
     - ice: avoid IRQ collision to fix init failure on ACPI S3 resume
     - cipso: fix total option length computation
     - bpf: Avoid splat in pskb_pull_reason
     - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
     - netrom: Fix a memory leak in nr_heartbeat_expiry()
     - ipv6: prevent possible NULL deref in fib6_nh_init()
     - ipv6: prevent possible NULL dereference in rt6_probe()
     - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
     - netns: Make get_net_ns() handle zero refcount net
     - qca_spi: Make interrupt remembering atomic
     - net: lan743x: disable WOL upon resume to restore full data path operation
     - net: lan743x: Support WOL at both the PHY and MAC appropriately
     - net: phy: mxl-gpy: enhance delay time required by loopback disable
       function
     - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init
     - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
     - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
     - tipc: force a dst refcount before doing decryption
     - sched: act_ct: add netns into the key of tcf_ct_flow_table
     - ptp: fix integer overflow in max_vclocks_store
     - net: stmmac: No need to calculate speed divider when offload is disabled
     - virtio_net: checksum offloading handling fix
     - octeontx2-pf: Add error handling to VLAN unoffload handling
     - netfilter: ipset: Fix suspicious rcu_dereference_protected()
     - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6
       behaviors
     - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type
     - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
     - net: usb: rtl8150 fix unintiatilzed variables in
       rtl8150_get_link_ksettings
     - regulator: core: Fix modpost error "regulator_get_regmap" undefined
     - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
     - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting()
     - dmaengine: ioatdma: Fix leaking on version mismatch
     - dmaengine: ioat: use PCI core macros for PCIe Capability
     - dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
     - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
     - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
     - regulator: bd71815: fix ramp values
     - [arm64] dts: imx93-11x11-evk: Remove the 'no-sdio' property
     - [arm64] dts: freescale: imx8mm-verdin: enable hysteresis on slow input pin
     - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
       fine."
     - firmware: psci: Fix return value from psci_system_suspend()
     - RDMA/mlx5: Add check for srq max_sge attribute
     - net: stmmac: Assign configured channel value to EXTTS event
     - net: usb: ax88179_178a: improve reset check
     - net: do not leave a dangling sk pointer, when socket creation fails
     - btrfs: retry block group reclaim without infinite loop
     - cifs: fix typo in module parameter enable_gcm_256
     - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
     - [arm64] KVM: arm64: Disassociate vcpus from redistributor region on
       teardown
     - [x86] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 445/465
       G11.
     - ALSA: hda/realtek: Limit mic boost on N14AP7
     - drm/i915/mso: using joiner is not possible with eDP MSO
     - drm/radeon: fix UBSAN warning in kv_dpm.c
     - drm/amdgpu: fix UBSAN warning in kv_dpm.c
     - gcov: add support for GCC 14
     - kcov: don't lose track of remote references during softirqs
     - mm: mmap: allow for the maximum number of bits for randomizing mmap_base
       by default
     - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
     - mm/page_table_check: fix crash on ZONE_DEVICE
     - i2c: ocores: set IACK bit after core is enabled
     - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to
       i2c-controller schema
     - [armhf] spi: stm32: qspi: Fix dual flash mode sanity test in
       stm32_qspi_setup()
     - [arm64] dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
     - [armhf] spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to
       CCR_BUSWIDTH_4
     - perf: script: add raw|disasm arguments to --insn-trace option
     - perf script: Show also errors for --insn-trace option
     - [armhf] dts: samsung: smdkv310: fix keypad no-autorepeat
     - [armhf] dts: samsung: exynos4412-origen: fix keypad no-autorepeat
     - [armhf] dts: samsung: smdk4412: fix keypad no-autorepeat
     - pmdomain: ti-sci: Fix duplicate PD referrals
     - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
     - [x86] cpu/vfm: Add new macros to work with (vendor/family/model) values
     - [x86] cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
     - Revert "kheaders: substituting --sort in archive creation"
     - kheaders: explicitly define file modes for archived headers
     - drm/amd/display: revert Exit idle optimizations before HDCP execution
     - net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
     - hid: asus: asus_report_fixup: fix potential read out of bounds
     - Revert "mm: mmap: allow for the maximum number of bits for randomizing
       mmap_base by default"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
     - usb: typec: ucsi: Never send a lone connector change ack
     - usb: typec: ucsi: Ack also failed Get Error commands
     - [x86] ACPI: x86: utils: Add Picasso to the list for forcing
       StorageD3Enable
     - [x86] ACPI: x86: Force StorageD3Enable on more products
     - Input: ili210x - fix ili251x_read_touch_data() return value
     - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
     - [arm64,armhf] pinctrl: rockchip: use dedicated pinctrl type for RK3328
     - [arm64,armhf] pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
     - [mips*] pci: lantiq: restore reset gpio polarity
     - dt-bindings: i2c: Drop unneeded quotes
     - dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema
     - netfilter: nf_tables: use timestamp to check for set element timeout
       (CVE-2024-27397)
     - [arm64] ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right
       mclk
     - [s390x] pci: Add missing virt_to_phys() for directed DIBV
     - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe()
     - [arm64] ASoC: fsl-asoc-card: set priv->pdev before using it
     - net: dsa: microchip: fix initial port flush problem
     - bpf: Fix overrunning reservations in ringbuf
     - ibmvnic: Free any outstanding tx skbs during scrq reset
     - net: phy: micrel: add Microchip KSZ 9477 to the device table
     - net: dsa: microchip: use collision based back pressure mode
     - xdp: Remove WARN() from __xdp_reg_mem_model()
     - Fix race for duplicate reqsk on identical SYN
     - net: dsa: microchip: fix wrong register write when masking interrupt
     - [powerpc*] restore some missing spu syscalls
     - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
     - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
       registers
     - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
     - [x86] fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
     - mtd: partitions: redboot: Added conversion of operands to a larger type
     - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok()
     - bpf: Add a check for struct bpf_fib_lookup size
     - bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
     - RDMA/restrack: Fix potential invalid address access
     - net/iucv: Avoid explicit cpumask var allocation on stack
     - net/dpaa2: Avoid explicit cpumask var allocation on stack
     - crypto: ecdh - explicitly zeroize private_key
     - ALSA: emux: improve patch ioctl data validation
     - media: dvbdev: Initialize sbuf
     - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
     - drm/radeon/radeon_display: Decrease the size of allocated memory
     - nvme: fixup comment for nvme RDMA Provider Type
     - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
     - [arm64] gpio: davinci: Validate the obtained number of IRQs
     - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c
     - drm/amdgpu: Fix pci state save during mode-1 reset
     - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
     - randomize_kstack: Remove non-functional per-arch entropy filtering
     - ima: Fix use-after-free on a dentry's dname.name
     - [x86] stop playing stack games in profile_pc()
     - Revert "MIPS: pci: lantiq: restore reset gpio polarity"
     - [arm64] pinctrl: qcom: spmi-gpio: drop broken pm8008 support
     - ocfs2: fix DIO failure due to insufficient transaction credits
     - nfs: drop the incorrect assertion in nfs_swap_rw()
     - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
     - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
     - mmc: sdhci: Do not invert write-protect twice
     - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
     - iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
     - counter: ti-eqep: enable clock at probe
     - i2c: testunit: don't erase registers after STOP
     - i2c: testunit: discard write requests while old command is running
     - iio: adc: ad7266: Fix variable checking bug
     - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
     - net: usb: ax88179_178a: improve link status logs
     - usb: gadget: printer: SS+ support
     - usb: gadget: printer: fix races against disable (CVE-2024-25741)
     - usb: musb: da8xx: fix a resource leak in probe()
     - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
     - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
       avoid deadlock
     - usb: gadget: aspeed_udc: fix device address configuration
     - usb: ucsi: stm32: fix command completion handling
     - serial: 8250_omap: Implementation of Errata i2310
     - serial: imx: set receiver level before starting uart
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665
       G11.
     - tty: mcf: MCF54418 has 10 UARTS
     - net: can: j1939: Initialize unused data in j1939_send_one()
     - net: can: j1939: recover socket queue on CAN bus error during BAM
       transmission
     - net: can: j1939: enhanced error handling for tightly received RTS messages
       in xtp_rx_rts_session_new
     - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing
     - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
     - irqchip/loongson-liointc: Set different ISRs for different cores
     - kbuild: Install dtb files as 0644 in Makefile.dtbinst
     - btrfs: zoned: fix initial free space detection
     - csky, hexagon: fix broken sys_sync_file_range
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
     - drm/amdgpu: avoid using null object of framebuffer
     - [x86] drm/i915/gt: Fix potential UAF by revoke of fence registers
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
     - drm/amdgpu/atomfirmware: fix parsing of vram_info
     - batman-adv: Don't accept TT entries for out-of-spec VIDs
     - can: mcp251xfd: fix infinite loop when xmit fails
     - ata: ahci: Clean up sysfs file on error
     - ata: libata-core: Fix double free on error
     - ftruncate: pass a signed offset
     - syscalls: fix compat_sys_io_pgetevents_time64 usage
     - syscalls: fix sys_fanotify_mark prototype
     - Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units"
     - mm/page_alloc: Separate THP PCP into movable and non-movable categories
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
     - efi: memmap: Move manipulation routines into x86 arch tree
     - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
     - [x86] efi/x86: Free EFI memory map only when installing a new one.
     - [arm64] dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Rename LED related pinctrl nodes on
       rk3308-rock-pi-s
     - [arm64] dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
     - [arm64] dts: rockchip: Add sound-dai-cells for RK3368
     - serial: imx: only set receiver level if it is zero
     - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
     - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
     - locking/mutex: Introduce devm_mutex_init()
     - crypto: hisilicon/debugfs - Fix debugfs uninit process issue
     - [arm64,armhf] drm/lima: fix shared irq handling on driver remove
     - [powerpc*] Avoid nmi_enter/nmi_exit in real mode interrupt.
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - crypto: aead,cipher - zeroize key buffer after use
     - drm/amdgpu: Fix uninitialized variable warnings
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Check index msg_id before read or write
     - drm/amd/display: Check pipe offset before setting vblank
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - drm/amdgpu: fix uninitialized scalar variable warning
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - usb: xhci: prevent potential failure in handle_tx_event() for Transfer
       events without TRB
     - wifi: mt76: replace skb_put with skb_put_zero
     - [arm64,armhf] net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - [powerpc*] 64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - kunit: Fix timeout message
     - [powerpc*] xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - igc: fix a log entry using uninitialized netdev
     - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
     - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
     - scsi: mpi3mr: Sanitise num_phys
     - serial: imx: Raise TX trigger level to 8
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - [s390x] pkey: Wipe sensitive data on failure
     - btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation
       warning
     - cdrom: rearrange last_media_change check to avoid unintentional overflow
     - mac802154: fix time calculation in ieee802154_configure_durations()
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - net/mlx5: E-switch, Create ingress ACL when needed
     - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup()
     - tcp_metrics: validate source addr length
     - [s390x] KVM: s390: fix LPSWEY handling
     - e1000e: Fix S0ix residency on corporate systems
     - net: allow skb_datagram_iter to be called from any context
     - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from
       __netif_rx()
     - wifi: wilc1000: fix ies_len type in connect path
     - netfilter: nf_tables: unconditionally flush pending work before notifier
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
       (CVE-2024-39487)
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - [x86] platform/x86: toshiba_acpi: Fix quickstart quirk handling
     - Revert "igc: fix a log entry using uninitialized netdev"
     - nilfs2: fix inode number range checks
     - nilfs2: add missing check for inode numbers on directory entries
     - mm: optimize the redundant loop of mm_update_owner_next()
     - mm: avoid overflows in dirty throttling logic
     - btrfs: fix adding block group to a reclaim list and the unused list during
       reclaim
     - f2fs: Add inline to f2fs_build_fault_attr() stub
     - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
     - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
     - can: kvaser_usb: Explicitly initialize family in leafimx driver_info
       struct
     - fsnotify: Do not generate events for O_PATH file descriptors
     - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
       again"
     - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
     - drm/amdgpu/atomfirmware: silence UBSAN warning
     - drm: panel-orientation-quirks: Add quirk for Valve Galileo
     - [powerpc*] pseries: Fix scv instruction crash with kexec
     - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
     - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
     - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
     - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
     - [arm64] dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model
       B
     - ima: Avoid blocking in RCU read-side critical section
     - media: dw2102: fix a potential buffer overflow
     - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
     - clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe()
     - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
     - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
     - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
     - nvme-multipath: find NUMA path only for online numa-node
     - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
     - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
     - regmap-i2c: Subtract reg size from max_write
     - [x86] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW
       11.6" tablet
     - [x86] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
     - nvmet: fix a possible leak when destroy a ctrl during qp establishment
     - kbuild: fix short log for AS in link-vmlinux.sh
     - nfc/nci: Add the inconsistency check between the input data length and
       count
     - spi: cadence: Ensure data lines set to low during dummy-cycle period
     - null_blk: Do not allow runt zone with zone capacity smaller then zone size
     - nilfs2: fix incorrect inode allocation from reserved inodes
 .
   [ Salvatore Bonaccorso ]
   * [rt] Drop "drm/i915/gt: Queue and wait for the irq_work item."
   *  Bump ABI to 23
   * Drop now unknown config options for DRM_VMWGFX_FBCON
   * Refresh "firmware: Remove redundant log messages from drivers"
   * d/rules.real: Revert workaround to explicitly remove executable bits from
     dtb files (implemented upstream)
   * [rt] Update to 6.1.96-rt35

linux-signed-arm64 (6.1.106+3) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-3
 .
   * udp: allow header check for dodgy GSO_UDP_L4 packets.
   * gso: fix dodgy bit handling for GSO_UDP_L4
   * net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
   * net: drop bad gso csum_start and offset in virtio_net_hdr (Closes: #1079684)
   * Bump ABI to 25
linux-signed-arm64 (6.1.106+2) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-2
 .
   * media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
linux-signed-arm64 (6.1.106+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
     - Compiler Attributes: Add __uninitialized macro
     - mm: prevent derefencing NULL ptr in pfn_section_valid()
     - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop
     - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode
     - cachefiles: stop sending new request when dropping object
     - cachefiles: cancel all requests for the object that is being dropped
     - cachefiles: wait for ondemand_object_worker to finish when dropping object
     - cachefiles: cyclic allocation of msg_id to avoid reuse
     - cachefiles: add missing lock protection when polling
     - filelock: fix potential use-after-free in posix_lock_inode
     - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
     - vfs: don't mod negative dentry count when on shrinker list
     - tcp: fix incorrect undo caused by DSACK of TLP retransmit
     - net: phy: microchip: lan87xx: reinit PHY after cable test
     - skmsg: Skip zero length skb in sk_msg_recvmsg
     - net: fix rc7's __skb_datagram_iter()
     - i40e: Fix XDP program unloading while removing the driver
     - net: ethernet: lantiq_etop: fix double free in detach
     - bpf: Refactor some inode/task/sk storage functions for reuse
     - bpf: Reduce smap->elem_size
     - bpf: use bpf_map_kvcalloc in bpf_local_storage
     - bpf: Remove __bpf_local_storage_map_alloc
     - bpf: fix order of args in call to bpf_map_kvcalloc
     - net: ethernet: mtk-star-emac: set mac_managed_pm when probing
     - ppp: reject claimed-as-LCP but actually malformed packets
     - ethtool: netlink: do not return SQI value if link is down
     - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
     - net/sched: Fix UAF when resolving a clash
     - net, sunrpc: Remap EPERM in case of connection failure in
       xs_tcp_setup_socket
     - [s390x] Mark psw in __load_psw_mask() as __unitialized
     - firmware: cs_dsp: Fix overflow checking of wmfw header
     - firmware: cs_dsp: Return error if block header overflows file
     - firmware: cs_dsp: Validate payload length before processing block
     - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
     - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
     - cifs: fix setting SecurityFlags to true
     - Revert "sched/fair: Make sure to try to detach at least one movable task"
     - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
     - tcp: avoid too many retransmit packets (CVE-2024-41007)
     - USB: serial: option: add Telit generic core-dump composition
     - USB: serial: option: add Telit FN912 rmnet compositions
     - USB: serial: option: add Fibocom FM350-GL
     - USB: serial: option: add support for Foxconn T99W651
     - USB: serial: option: add Netprisma LCUK54 series modules
     - USB: serial: option: add Rolling RW350-GL variants
     - USB: serial: mos7840: fix crash on resume
     - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
     - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
     - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
       descriptor
     - hpet: Support 32-bit userspace
     - xhci: always resume roothubs if xHC was reset during resume
     - ksmbd: discard write access to the directory open
     - nvmem: rmem: Fix return value of rmem_read()
     - nvmem: meson-efuse: Fix return value of nvmem callbacks
     - nvmem: core: only change name to fram for current attribute
     - [x86] platform/x86: toshiba_acpi: Fix array out-of-bounds access
     - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU
     - ALSA: hda/realtek: Enable Mute LED on HP 250 G7
     - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
     - Fix userfaultfd_api to return EINVAL as expected
     - libceph: fix race between delayed_work() and ceph_monc_stop()
     - ACPI: processor_idle: Fix invalid comparison with insertion sort for
       latency
     - wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
     - wireguard: allowedips: avoid unaligned 64-bit memory accesses
     - wireguard: queueing: annotate intentional data race in cpu round robin
     - wireguard: send: annotate intentional data race in checking empty queue
     - [x86] retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk
     - bpf: Allow reads from uninit stack
     - nilfs2: fix kernel bug on rename operation of broken directory
     - sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath
     - i2c: mark HostNotify target address as used
     - [x86] entry/64: Remove obsolete comment on tracing vs. SYSRET
     - [x86] bhi: Avoid warning in #DB handler due to BHI mitigation
     - kbuild: Make ld-version.sh more robust against version string changes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
     - minmax: sanity check constant bounds when clamping
     - minmax: clamp more efficiently by avoiding extra comparison
     - minmax: fix header inclusions
     - minmax: allow min()/max()/clamp() if the arguments have the same
       signedness.
     - minmax: allow comparisons of 'int' against 'unsigned char/short'
     - minmax: relax check to allow comparison between unsigned arguments and
       signed constants
     - gcc-plugins: Rename last_stmt() for GCC 14+
     - filelock: Remove locks reliably when fcntl/close race is detected
       (CVE-2024-41012)
     - scsi: core: alua: I/O errors for ALUA state transitions
     - scsi: qedf: Don't process stag work during unload and recovery
     - scsi: qedf: Wait for stag work during unload
     - scsi: qedf: Set qed_slowpath_params to zero before use
     - efi/libstub: zboot.lds: Discard .discard sections
     - ACPI: EC: Abort address space access upon error
     - ACPI: EC: Avoid returning AE_OK on errors in address space handler
     - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah
       CPUs
     - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
     - wifi: mac80211: apply mcast rate only if interface is up
     - wifi: mac80211: handle tasklet frames before stopping
     - wifi: cfg80211: fix 6 GHz scan request building
     - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
     - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
     - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option
     - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill
     - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
     - of/irq: Factor out parsing of interrupt-map parent phandle+args from
       of_irq_parse_raw()
     - Input: silead - Always support 10 fingers
     - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
     - ila: block BH in ila_output()
     - null_blk: fix validation of block size
     - kconfig: gconf: give a proper initial state to the Save button
     - kconfig: remove wrong expr_trans_bool()
     - HID: Ignore battery for ELAN touchscreens 2F2C and 4116
     - NFSv4: Fix memory leak in nfs4_set_security_label
     - nfs: propagate readlink errors in nfs_symlink_filler
     - nfs: don't invalidate dentries on transient errors
     - cachefiles: add consistency check for copen/cread
     - cachefiles: Set object to close if ondemand_id < 0 in copen
     - cachefiles: make on-demand read killable
     - fs/file: fix the check in find_next_fd()
     - mei: demote client disconnect warning on suspend to debug
     - iomap: Fix iomap_adjust_read_range for plen calculation
     - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
     - nvme: avoid double free special payload
     - nvmet: always initialize cqe.result
     - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
     - [powerpc*] KVM: PPC: Book3S HV: Prevent UAF in
       kvm_spapr_tce_attach_iommu_group()
     - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
     - ALSA: hda/realtek: Add more codec ID to no shutup pins list
     - [mips*] fix compat_sys_lseek syscall
     - Input: elantech - fix touchpad state on resume for Lenovo N24
     - Input: i8042 - add Ayaneo Kun to i8042 quirk table
     - ASoC: topology: Fix references to freed memory
     - ASoC: topology: Do not assign fields that are already set
     - bytcr_rt5640 : inverse jack detect for Archos 101 cesium
     - ALSA: dmaengine: Synchronize dma channel after drop()
     - ASoC: ti: davinci-mcasp: Set min period size using FIFO config
     - ASoC: ti: omap-hdmi: Fix too long driver name
     - [x86] ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error
       rollback
     - can: kvaser_usb: fix return value for hif_usb_send_regout
     - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
     - [s390x] sclp: Fix sclp_init() cleanup on failure
     - [x86] platform/x86: wireless-hotkey: Add support for LG Airplane Button
     - [x86] platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
     - [x86] platform/x86: lg-laptop: Change ACPI device id
     - [x86] platform/x86: lg-laptop: Use ACPI device handle when evaluating
       WMAB/WMBB
     - btrfs: qgroup: fix quota root leak after quota disable failure
     - ALSA: PCM: Allow resume only for suspended streams
     - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
     - ALSA: dmaengine_pcm: terminate dmaengine before synchronize
     - [x86] ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA
     - net: usb: qmi_wwan: add Telit FN912 compositions
     - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and
       DEV_STATS_ADD()
     - [powerpc*] pseries: Whitelist dtl slub object for copying to userspace
     - [powerpc*] eeh: avoid possible crash when edev->pdev changes
     - scsi: libsas: Fix exp-attached device scan after probe failure scanned in
       again after probe failed
     - [arm64] tee: optee: ffa: Fix missing-field-initializers warning
     - Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
     - bluetooth/l2cap: sync sock recv cb and release
     - erofs: ensure m_llen is reset to 0 if metadata is invalid
     - drm/amd/display: Account for cursor prefetch BW in DML1 mode support
     - drm/radeon: check bo_va->bo is non-NULL before using it
     - fs: better handle deep ancestor chains in is_subdir()
     - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK
     - drivers/perf: riscv: Reset the counter to hpmevent mapping while starting
       cpus
     - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
     - ksmbd: return FILE_DEVICE_DISK instead of super magic
     - hfsplus: fix uninit-value in copy_name
     - spi: mux: set ctlr->bits_per_word_mask
     - cifs: fix noisy message on copy_file_range
     - [arm*] 9324/1: fix get_user() broken with veneer
     - Bluetooth: L2CAP: Fix deadlock
     - of/irq: Disable "interrupt-map" parsing for PASEMI Nemo
     - wifi: cfg80211: wext: set ssids=NULL for passive scans
     - wifi: mac80211: disable softirqs for queued frame handling
     - netfs, fscache: export fscache_put_volume() and add
       fscache_try_get_volume()
     - cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
     - cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.102
     - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
     - f2fs: avoid dead loop in f2fs_issue_checkpoint()
     - ocfs2: add bounds checking to ocfs2_check_dir_entry()
     - jfs: don't walk off the end of ealist
     - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
     - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
     - [arm64] dts: qcom: msm8996: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq6018: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: sdm630: Disable SS instance in Parkmode for USB
     - [arm64,armhf] ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
       is paused
     - filelock: Fix fcntl/close race recovery compat path
     - btrfs: do not BUG_ON on failure to get dir index for new snapshot
     - tun: add missing verification for short frame (CVE-2024-41091)
     - tap: add missing verification for short frame (CVE-2024-41090)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.103
     - [amd64] EDAC, i10nm: make skx_common.o a separate module
     - rcu/tasks: Fix stale task snaphot for Tasks Trace
     - md: fix deadlock between mddev_suspend and flush bio
     - platform/chrome: cros_ec_debugfs: fix wrong EC message version
     - block: refactor to use helper
     - block: cleanup bio_integrity_prep
     - block: initialize integrity buffer to zero before writing it to media
     - hfsplus: fix to avoid false alarm of circular locking
     - [x86] of: Return consistent error type from x86_of_pci_irq_enable()
     - [x86] pci/intel_mid_pci: Fix PCIBIOS_* return code handling
     - [x86] pci/xen: Fix PCIBIOS_* return code handling
     - [x86] platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
     - kernfs: fix all kernel-doc warnings and multiple typos
     - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy()
     - cgroup/cpuset: Prevent UAF in proc_cpuset_show()
     - hwmon: (adt7475) Fix default duty on fan is disabled
     - nvmet-auth: fix nvmet_auth hash error handling
     - [arm64] drm/meson: fix canvas release in bind function
     - [arm64] dts: qcom: sdm845: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm6350: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings
     - [arm64] dts: qcom: sm8250: add power-domain to UFS PHY
     - [arm64] dts: qcom: sm8450: add power-domain to UFS PHY
     - [arm64] dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
     - [arm64] dts: qcom: msm8998: enable adreno_smmu by default
     - [arm64] soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by
       rpmh_rsc_send_data() callers
     - [arm64] dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
     - [arm64] dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
     - [arm64] dts: qcom: msm8996: specify UFS core_clk frequencies
     - [arm64] soc: xilinx: rename cpu_number1 to dummy_cpu_number
     - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
     - [armhf] OPP: ti: Fix ti_opp_supply_probe wrong return values
     - [arm64] dts: rockchip: Increase VOP clk rate on RK3328
     - [arm64] dts: amlogic: sm1: fix spdif compatibles
     - [arm64] dts: mediatek: mt8183-kukui: Drop bogus output-enable property
     - [arm64] dts: mediatek: mt7622: fix "emmc" pinctrl mux
     - [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
     - [arm64] dts: amlogic: gx: correct hdmi clocks
     - [arm64] dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
     - [arm64] dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
     - [arm64] dts: renesas: r8a779g0: Add L3 cache controller
     - [arm64] dts: renesas: r8a779g0: Add secondary CA76 CPU cores
     - [arm64] dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3
       systems
     - [arm64] dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
     - [arm64] dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
     - [x86] xen: Convert comma to semicolon
     - [arm64] dts: rockchip: Add missing power-domains for rk356x vop_mmu
     - [arm64] dts: qcom: sm6350: Add missing qcom,non-secure-domain property
     - vmlinux.lds.h: catch .bss..L* sections into BSS")
     - [arm64] firmware: turris-mox-rwtm: Do not complete if there are no waiters
     - [arm64] firmware: turris-mox-rwtm: Fix checking return value of
       wait_for_completion_timeout()
     - [arm64] firmware: turris-mox-rwtm: Initialize completion before mailbox
     - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
     - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
     - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
     - tcp: annotate lockless accesses to sk->sk_err_soft
     - tcp: annotate lockless access to sk->sk_err
     - tcp: add tcp_done_with_error() helper
     - tcp: fix race in tcp_write_err()
     - tcp: fix races in tcp_v[46]_err()
     - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when
       CONFIG_ARCH_NO_SG_CHAIN is defined
     - lib: objagg: Fix general protection fault
     - [x86] perf/x86: Serialize set_attr_rdpmc()
     - jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked()
     - jump_label: Prevent key->enabled int overflow
     - jump_label: Fix concurrency issues in static_key_slow_dec()
     - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
     - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
     - wifi: cfg80211: handle 2x996 RU allocation in
       cfg80211_calculate_bitrate_he()
     - net: fec: Refactor: #define magic constants
     - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
     - libbpf: Checking the btf_type kind when fixing variable offsets
     - ipvs: Avoid unnecessary calls to skb_is_gso_sctp
     - netfilter: nf_tables: rise cap on SELinux secmark context
     - bpftool: Mount bpffs when pinmaps path not under the bpffs
     - [x86] perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
     - perf: Fix perf_aux_size() for greater-than 32-bit size
     - perf: Prevent passing zero nr_pages to rb_alloc_aux()
     - perf: Fix default aux_watermark calculation
     - [x86] perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
     - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
     - wifi: virt_wifi: avoid reporting connection success with wrong SSID
     - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
     - wifi: virt_wifi: don't use strlen() in const context
     - locking/rwsem: Add __always_inline annotation to __down_write_common() and
       inlined callers
     - bpf: annotate BTF show functions with __printf
     - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
     - bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
     - bpf: Fix null pointer dereference in resolve_prog_type() for
       BPF_PROG_TYPE_EXT
     - xdp: fix invalid wait context of page_pool_destroy()
     - net: bridge: mst: Check vlan state for egress decision
     - [arm64] drm/rockchip: vop2: Fix the port mux of VP2
     - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format
     - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
     - drm/amd/pm: Fix aldebaran pcie speed reporting
     - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
     - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
     - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before
       regulators
     - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
     - media: pci: ivtv: Add check for DMA map result
     - media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()
     - media: imon: Fix race getting ictx->lock
     - media: i2c: Fix imx412 exposure control
     - media: v4l: async: Fix NULL pointer dereference in adding ancillary links
     - [s390x] mm: Convert make_page_secure to use a folio
     - [s390x] mm: Convert gmap_make_secure to use a folio
     - [s390x] uv: Don't call folio_wait_writeback() without a folio reference
     - saa7134: Unchecked i2c_transfer function result fixed
     - media: uvcvideo: Override default flags
     - media: renesas: vsp1: Fix _irqsave and _irq mix
     - media: renesas: vsp1: Store RPF partition configuration per RPF instance
     - leds: trigger: Unregister sysfs attributes before calling deactivate()
     - [arm64] drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
     - [arm64] drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
     - perf test: Replace arm callgraph fp test workload with leafloop
     - perf tests arm_callgraph_fp: Address shellcheck warnings about signal
       names and adding double quotes for expression
     - perf tests: Fix test_arm_callgraph_fp variable expansion
     - perf test: Make test_arm_callgraph_fp.sh more robust
     - perf report: Fix condition in sort__sym_cmp()
     - [arm64,armhf] drm/etnaviv: fix DMA direction handling for cached RW
       buffers
     - drm/qxl: Add check for drm_cvt_mode
     - Revert "leds: led-core: Fix refcount leak in of_led_get()"
     - ext4: fix infinite loop when replaying fast_commit
     - media: venus: flush all buffers in output plane streamoff
     - perf intel-pt: Fix aux_watermark calculation for 64-bit size
     - perf intel-pt: Fix exclude_guest setting
     - mfd: rsmu: Split core code into separate module
     - mfd: omap-usb-tll: Use struct_size to allocate tll
     - xprtrdma: Fix rpcrdma_reqs_reset()
     - SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
     - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
     - ext4: don't track ranges in fast_commit if inode has inlined data
       (Closes: #1039883)
     - ext4: avoid writing unitialized memory to disk in EA inodes
     - SUNRPC: Fixup gss_status tracepoint error output
     - PCI: Fix resource double counting on remove & rescan
     - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
     - PCI: keystone: Don't enable BAR 0 for AM654x
     - PCI: keystone: Fix NULL pointer dereference in case of DT error in
       ks_pcie_setup_rc_app_regs()
     - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
     - clk: qcom: branch: Add helper functions for setting retain bits
     - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
     - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
     - iio: frequency: adrf6780: rm clk provider include
     - coresight: Fix ref leak when of_coresight_parse_endpoint() fails
     - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
     - [powerpc*] pseries: Fix alignment of PLPKS structures and buffers
     - [powerpc*] pseries: Move plpks.h to include directory
     - [powerpc*] pseries: Expose PLPKS config values, support additional fields
     - [powerpc*] pseries: Add helper to get PLPKS password length
     - [powerpc*] kexec: make the update_cpus_node() function public
     - [powerpc*] kexec_file: fix cpus node update to FDT
     - RDMA/cache: Release GID table even if leak is detected
     - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
     - Input: qt1050 - handle CHIP_ID reading error
     - RDMA/mlx4: Fix truncated output warning in mad.c
     - RDMA/mlx4: Fix truncated output warning in alias_GUID.c
     - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
     - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
     - [arm64] ASoC: qcom: Adjust issues in case of DT error in
       asoc_qcom_lpass_cpu_platform_probe()
     - [powerpc*] prom: Add CPU info to hardware description string later
     - mtd: make mtd_test.c a separate module
     - RDMA/device: Return error earlier if port in not valid
     - Input: elan_i2c - do not leave interrupt disabled on suspend failure
     - ASoC: amd: Adjust error handling in case of absent codec device
     - PCI: endpoint: Clean up error handling in vpci_scan_bus()
     - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
     - vhost/vsock: always initialize seqpacket_allow
     - net: missing check virtio
     - [x86] crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
     - clk: qcom: Park shared RCGs upon registration
     - clk: en7523: fix rate divider for slic and spi clocks
     - PCI: qcom-ep: Disable resources unconditionally during PERST# assert
     - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
     - [powerpc*] xmon: Fix disassembly CPU feature checks
     - [arm64] RDMA/hns: Check atomic wr length
     - [arm64] RDMA/hns: Fix unmatch exception handling when init eq table fails
     - [arm64] RDMA/hns: Fix missing pagesize and alignment check in FRMR
     - [arm64] RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
     - [arm64] RDMA/hns: Fix undifined behavior caused by invalid max_sge
     - [arm64] RDMA/hns: Fix insufficient extend DB for VFs.
     - [amd64] iommu/vt-d: Fix to convert mm pfn to dma pfn
     - [amd64] iommu/vt-d: Fix identity map bounds in si_domain_init()
     - bnxt_re: Fix imm_data endianness
     - netfilter: ctnetlink: use helper function to calculate expect ID
     - netfilter: nft_set_pipapo: constify lookup fn args where possible
     - netfilter: nf_set_pipapo: fix initial map fill
     - net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
     - ipv4: Fix incorrect TOS in route get reply
     - ipv4: Fix incorrect TOS in fibmatch route get reply
     - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
     - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
     - pinctrl: rockchip: update rk3308 iomux routes
     - pinctrl: core: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: single: fix possible memory leak when pinctrl_enable() fails
     - pinctrl: ti: ti-iodelay: Drop if block with always false condition
     - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable()
       fails
     - pinctrl: freescale: mxs: Fix refcount of child
     - fs/ntfs3: Replace inode_trylock with inode_lock
     - fs/ntfs3: Fix field-spanning write in INDEX_HDR
     - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
     - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
     - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
     - pinctrl: renesas: r8a779g0: Fix IRQ suffixes
     - pinctrl: renesas: r8a779g0: FIX PWM suffixes
     - pinctrl: renesas: r8a779g0: Fix TCLK suffixes
     - pinctrl: renesas: r8a779g0: Fix TPU suffixes
     - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
     - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
     - rtc: interface: Add RTC offset to alarm after fix-up
     - [s390x] dasd: fix error checks in dasd_copy_pair_store()
     - sbitmap: remove unnecessary calculation of alloc_hint in
       __sbitmap_get_shallow
     - sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code
     - sbitmap: use READ_ONCE to access map->word
     - sbitmap: fix io hung due to race on sbitmap_word::cleared
     - landlock: Don't lose track of restrictions on cred_transfer
     - mm/hugetlb: fix possible recursive locking detected warning
     - mm/mglru: fix div-by-zero in vmpressure_calc_level()
     - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
     - [x86] efistub: Avoid returning EFI_SUCCESS on error
     - [x86] efistub: Revert to heap allocated boot_params for PE entrypoint
     - dt-bindings: thermal: correct thermal zone node name limit
     - tick/broadcast: Make takeover of broadcast hrtimer reliable
     - net: netconsole: Disable target before netpoll cleanup
     - af_packet: Handle outgoing VLAN packets without hardware offloading
     - kernel: rerun task_work while freezing in get_signal()
     - ipv4: fix source address selection with route leak
     - ipv6: take care of scope when choosing the src addr
     - sched/fair: set_load_weight() must also call reweight_task() for
       SCHED_IDLE tasks
     - fuse: verify {g,u}id mount options correctly
     - char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
     - media: venus: fix use after free in vdec_close
     - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error
     - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
     - [x86] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
     - [x86] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
     - scsi: qla2xxx: Fix optrom version displayed in FDMI
     - drm/amd/display: Check for NULL pointer
     - sched/fair: Use all little CPUs for CPU-bound workloads
     - apparmor: use kvfree_sensitive to free data->data
     - cifs: fix potential null pointer use in destroy_workqueue in init_cifs
       error path
     - cifs: fix reconnect with SMB1 UNIX Extensions
     - cifs: mount with "unix" mount option for SMB1 incorrectly handled
     - task_work: s/task_work_cancel()/task_work_cancel_func()/
     - task_work: Introduce task_work_cancel() again
     - udf: Avoid using corrupted block bitmap buffer
     - ext4: check dot and dotdot of dx_root before making dir indexed
     - ext4: make sure the first directory block is not a hole
     - io_uring: tighten task exit cancellations
     - trace/pid_list: Change gfp flags in pid_list_fill_irq()
     - wifi: mwifiex: Fix interface type change
     - drivers: soc: xilinx: check return status of get_api_version()
     - leds: ss4200: Convert PCIBIOS_* return codes to errnos
     - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
     - jbd2: make jbd2_journal_get_max_txn_bufs() internal
     - media: uvcvideo: Fix integer overflow calculating timestamp
     - [x86] KVM: VMX: Split out the non-virtualization part of
       vmx_interrupt_blocked()
     - [x86] KVM: nVMX: Request immediate exit iff pending nested event needs
       injection
     - ALSA: usb-audio: Fix microphone sound on HD webcam.
     - ALSA: usb-audio: Move HD Webcam quirk to the right place
     - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
     - tools/memory-model: Fix bug in lock.cat
     - hwrng: amd - Convert PCIBIOS_* return codes to errnos
     - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
     - PCI: dw-rockchip: Fix initial PERST# GPIO value
     - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
     - PCI: loongson: Enable MSI in LS7A Root Complex
     - [arm*] binder: fix hang of unregistered readers
     - dev/parport: fix the array out-of-bounds risk
     - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
     - f2fs: fix to force buffered IO on inline_data inode
     - f2fs: fix to don't dirty inode for readonly filesystem
     - f2fs: fix return value of f2fs_convert_inline_inode()
     - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
     - ubi: eba: properly rollback inside self_check_eba
     - decompress_bunzip2: fix rare decompression failure
     - kbuild: Fix '-S -c' in x86 stack protector scripts
     - [x86] ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
     - kobject_uevent: Fix OOB access within zap_modalias_env()
     - gve: Fix an edge case for TSO skb validity check
     - ice: Add a per-VF limit on number of FDIR filters
     - devres: Fix devm_krealloc() wasting memory
     - devres: Fix memory leakage caused by driver API devm_free_percpu()
     - irqchip/imx-irqsteer: Handle runtime power management correctly
     - mm/numa_balancing: teach mpol_to_str about the balancing mode
     - rtc: cmos: Fix return value of nvmem callbacks
     - scsi: qla2xxx: During vport delete send async logout explicitly
     - scsi: qla2xxx: Unable to act on RSCN for port online
     - scsi: qla2xxx: Fix for possible memory corruption
     - scsi: qla2xxx: Use QP lock to search for bsg
     - scsi: qla2xxx: Fix flash read failure
     - scsi: qla2xxx: Complete command early within lock
     - scsi: qla2xxx: validate nvme_local_port correctly
     - perf: Fix event leak upon exit
     - perf: Fix event leak upon exec and file release
     - [x86] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for
       SPR
     - [x86] perf/x86/intel/pt: Fix topa_entry base length
     - [x86] perf/x86/intel/pt: Fix a topa_entry base address calculation
     - [x86] drm/i915/gt: Do not consider preemption during execlists_dequeue for
       gen8
     - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
     - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
     - drm/i915/dp: Reset intel_dp->link_trained before retraining the link
     - rtc: isl1208: Fix return value of nvmem callbacks
     - watchdog/perf: properly initialize the turbo mode timestamp and rearm
       counter
     - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
     - dm-verity: fix dm_is_verity_target() when dm-verity is builtin
     - rbd: don't assume rbd_is_lock_owner() for exclusive mappings
     - remoteproc: stm32_rproc: Fix mailbox interrupts queuing
     - remoteproc: imx_rproc: Skip over memory region when node value is NULL
     - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
     - [arm64,armhf] drm/etnaviv: don't block scheduler when GPU is still active
     - [arm64,armhf] drm/panfrost: Mark simple_ondemand governor as softdep
     - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
     - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
     - bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func
     - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
     - nilfs2: handle inconsistent state in nilfs_btnode_create_block()
     - PCI: Introduce cleanup helpers for device reference counts and locks
     - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
     - io_uring/io-wq: limit retrying worker initialisation
     - wifi: mac80211: Allow NSS change only up to capability
     - wifi: mac80211: track capability/opmode NSS separately
     - wifi: mac80211: check basic rates validity
     - jfs: Fix array-index-out-of-bounds in diFree
     - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
     - phy: cadence-torrent: Check return value on register read
     - f2fs: fix start segno of large section
     - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
     - watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
     - f2fs: fix to update user block counts in block_operations()
     - kbuild: avoid build error when single DTB is turned into composite DTB
     - libbpf: Fix no-args func prototype BTF dumping syntax
     - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
     - dma: fix call order in dmam_free_coherent
     - bpf, events: Use prog to emit ksymbol event for main program
     - ipv4: Fix incorrect source address in Record Route option
     - net: bonding: correctly annotate RCU in bond_should_notify_peers()
     - netfilter: nft_set_pipapo_avx2: disable softinterrupts
     - tipc: Return non-zero value from tipc_udp_addr2str() on error
     - net: stmmac: Correct byte order of perfect_match
     - net: nexthop: Initialize all fields in dumped nexthops
     - bpf: Fix a segment issue when downgrading gso_size
     - mISDN: Fix a use after free in hfcmulti_tx()
     - apparmor: Fix null pointer deref when receiving skb during sock creation
     - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
     - lirc: rc_dev_get_from_fd(): fix file leak
     - auxdisplay: ht16k33: Drop reference after LED registration
     - spi: microchip-core: fix the issues in the isr
     - spi: microchip-core: only disable SPI controller when register value
       change requires it
     - spi: microchip-core: switch to use modern name
     - spi: microchip-core: fix init function not setting the master and motorola
       modes
     - nvme-pci: Fix the instructions for disabling power management
     - spidev: Add Silicon Labs EM3581 device compatible
     - spi: spidev: order compatibles alphabetically
     - spi: spidev: add correct compatible for Rohm BH2228FV
     - [x86] ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is
       reachable
     - ceph: fix incorrect kmalloc size of pagevec mempool
     - [s390x] pci: Refactor arch_setup_msi_irqs()
     - [s390x] pci: Allow allocation of more than 1 MSI interrupt
     - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
     - io_uring: fix io_match_task must_hold
     - nvme-pci: add missing condition check for existence of mapped data
     - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
     - [powerpc*] pseries: Avoid hcall in plpks_is_available() on non-pseries
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.104
     - [arm64] dts: qcom: msm8998: switch USB QMP PHY to new style of bindings
     - [arm64] dts: qcom: msm8998: Disable SS instance in Parkmode for USB
     - [arm64] dts: qcom: ipq8074: Disable SS instance in Parkmode for USB
     - sysctl: allow change system v ipc sysctls inside ipc namespace
     - sysctl: allow to change limits for posix messages queues
     - sysctl: treewide: drop unused argument
       ctl_table_root::set_ownership(table)
     - sysctl: always initialize i_uid/i_gid
     - ext4: make ext4_es_insert_extent() return void
     - ext4: refactor ext4_da_map_blocks()
     - ext4: convert to exclusive lock while inserting delalloc extents
     - ext4: factor out a common helper to query extent map
     - ext4: check the extent status again before inserting delalloc block
     - leds: trigger: Remove unused function led_trigger_rename_static()
     - leds: trigger: Store brightness set by led_trigger_event()
     - leds: trigger: Call synchronize_rcu() before calling trig->activate()
     - leds: triggers: Flush pending brightness before activating trigger
     - mm: restrict the pcp batch scale factor to avoid too long latency
     - mm: page_alloc: control latency caused by zone PCP draining
     - mm/page_alloc: fix pcp->count race between drain_pages_zone() vs
       __rmqueue_pcplist()
     - f2fs: fix to avoid use SSR allocate when do defragment
     - f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
     - irqdomain: Fixed unbalanced fwnode get and put
     - drm/udl: Rename struct udl_drm_connector to struct udl_connector
     - drm/udl: Test pixel limit in mode-config's mode-valid function
     - drm/udl: Use USB timeout constant when reading EDID
     - drm/udl: Various improvements to the connector
     - drm/udl: Move connector to modesetting code
     - drm/udl: Remove DRM_CONNECTOR_POLL_HPD
     - [x86] drm/i915/dp: Don't switch the LTTPR mode on an active link
     - [amd64] HID: amd_sfh: Remove duplicate cleanup
     - [amd64] HID: amd_sfh: Split sensor and HID initialization
     - [amd64] HID: amd_sfh: Move sensor discovery before HID device
       initialization
     - drm/nouveau: prime: fix refcount underflow
     - drm/vmwgfx: Fix overlay when using Screen Targets
     - drm/vmwgfx: Trigger a modeset when the screen moves
     - sched: act_ct: take care of padding in struct zones_ht_key
     - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode
     - Bluetooth: hci_sync: Fix suspending with wrong filter policy
     - net: axienet: start napi before enabling Rx/Tx
     - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in
       rtnl_dellink().
     - ice: respect netif readiness in AF_XDP ZC related ndo's
     - ice: don't busy wait for Rx queue disable in ice_qp_dis()
     - ice: replace synchronize_rcu with synchronize_net
     - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog
     - net/iucv: fix use after free in iucv_sock_close()
     - [x86] drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro
     - net: mvpp2: Don't re-use loop iterator
     - ALSA: hda: Conditionally use snooping for AMD HDMI
     - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
     - netfilter: iptables: Fix potential null-ptr-deref in
       ip6table_nat_table_init().
     - net/mlx5: Lag, don't use the hardcoded value of the first port
     - net/mlx5: Fix missing lock on sync reset reload
     - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
     - ipv6: fix ndisc_is_useropt() handling for PIO
     - [arm64] jump_label: Ensure patched jump_labels are visible to all CPUs
     - platform/chrome: cros_ec_proto: Lock device when updating MKBP version
     - HID: wacom: Modify pen IDs
     - btrfs: zoned: fix zone_unusable accounting on making block group
       read-write again
     - protect the fetch of ->fd[fd] in do_dup2() from mispredictions
     - mptcp: sched: check both directions for backup
     - ALSA: usb-audio: Correct surround channels in UAC1 channel map
     - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
     - Revert "ALSA: firewire-lib: obsolete workqueue for period update"
     - Revert "ALSA: firewire-lib: operate for period elapse event in process
       context"
     - drm/vmwgfx: Fix a deadlock in dma buf fence polling
     - [x86] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
     - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
     - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
     - mptcp: fix user-space PM announced address accounting
     - mptcp: distinguish rcv vs sent backup flag in requests
     - mptcp: fix NL PM announced address accounting
     - mptcp: fix bad RCVPRUNED mib accounting
     - mptcp: pm: only set request_bkup flag when sending MP_PRIO
     - mptcp: fix duplicate data handling
     - netfilter: ipset: Add list flush to cancel_gc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
     - irqchip/mbigen: Fix mbigen node address layout
     - [x86] platform/x86/intel/ifs: Gen2 Scan test support
     - [x86] platform/x86/intel/ifs: Initialize union ifs_status to zero
     - jump_label: Fix the fix, brown paper bags galore
     - [x86] mm: Fix pti_clone_pgtable() alignment assumption
     - [x86] mm: Fix pti_clone_entry_text() for i386
     - sctp: Fix null-ptr-deref in reuseport_add_sock().
     - net: usb: qmi_wwan: fix memory leak for not ip packets
     - net: bridge: mcast: wait for previous gc cycles when removing port
     - net: linkwatch: use system_unbound_wq
     - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
     - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv
       monitor
     - [armhf] net: dsa: bcm_sf2: Fix a possible memory leak in
       bcm_sf2_mdio_register()
     - l2tp: fix lockdep splat
     - net: fec: Stop PPS on driver remove
     - rcutorture: Fix rcu_torture_fwd_cb_cr() data race
     - md: do not delete safemode_timer in mddev_suspend
     - md/raid5: avoid BUG_ON() while continue reshape after reassembling
     - block: change rq_integrity_vec to respect the iterator
     - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation
     - clocksouqrce/drivers/sh_cmt: Address race condition for clock events
     - ACPI: battery: create alarm sysfs attribute atomically
     - [x86] ACPI: SBS: manage alarm sysfs attribute through psy core
     - wifi: nl80211: disallow setting special AP channel widths
     - net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
     - af_unix: Don't retry after unix_state_lock_nested() in
       unix_stream_connect().
     - PCI: Add Edimax Vendor ID to pci_ids.h
     - udf: prevent integer overflow in udf_bitmap_free_blocks()
     - wifi: nl80211: don't give key data to userspace
     - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index
       erratum
     - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of
       mcp2518fd
     - btrfs: fix bitmap leak when loading free space cache on duplicate entry
     - drm/amdgpu/pm: Fix the param type of set_power_profile_mode
     - drm/amdgpu/pm: Fix the null pointer dereference for smu7
     - drm/amdgpu: Fix the null pointer dereference to ras_manager
     - drm/amdgpu/pm: Fix the null pointer dereference in
       apply_state_adjust_rules
     - drm/amdgpu: Add lock around VF RLCG interface
     - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
     - media: amphion: Remove lock in s_ctrl callback
     - drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update
     - drm/amd/display: Add null checker before passing variables
     - media: uvcvideo: Ignore empty TS packets
     - media: uvcvideo: Fix the bandwdith quirk on USB 3.x
     - media: xc2028: avoid use-after-free in load_firmware_cb()
     - ext4: fix uninitialized variable in ext4_inlinedir_to_tree
     - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
     - [s390x] sclp: Prevent release of buffer in I/O
     - SUNRPC: Fix a race to wake a sync task
     - bus: mhi: host: pci_generic: add support for Telit FE990 modem
     - Revert "bpftool: Mount bpffs when pinmaps path not under the bpffs"
     - profiling: remove profile=sleep support
     - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
     - [arm64,armhf] irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock
       to 'raw_spinlock_t'
     - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
     - ext4: fix wrong unit use in ext4_mb_find_by_goal
     - [arm64] Add Neoverse-V2 part
     - [arm64] barrier: Restore spec_bar() macro
     - [arm64] cputype: Add Cortex-X4 definitions
     - [arm64] cputype: Add Neoverse-V3 definitions
     - [arm64] errata: Add workaround for Arm errata 3194386 and 3312417
     - [arm64] cputype: Add Cortex-X3 definitions
     - [arm64] cputype: Add Cortex-A720 definitions
     - [arm64] cputype: Add Cortex-X925 definitions
     - [arm64] errata: Unify speculative SSBS errata logic
     - [arm64] errata: Expand speculative SSBS workaround
     - [arm64] cputype: Add Cortex-X1C definitions
     - [arm64] cputype: Add Cortex-A725 definitions
     - [arm64] errata: Expand speculative SSBS workaround (again)
     - i2c: smbus: Improve handling of stuck alerts
     - spi: spidev: Add missing spi_device_id for bh2228fv
     - i2c: smbus: Send alert notifications to all devices if source not found
     - bpf: kprobe: remove unused declaring of bpf_kprobe_override
     - kprobes: Fix to check symbol prefixes correctly
     - [arm64] i2c: qcom-geni: add desc struct to prepare support for I2C Master
       Hub variant
     - [arm64] i2c: qcom-geni: Add missing clk_disable_unprepare in
       geni_i2c_runtime_resume
     - [arm64] i2c: qcom-geni: Add missing geni_icc_disable in
       geni_i2c_runtime_resume
     - spi: spi-fsl-lpspi: Fix scldiv calculation
     - ALSA: usb-audio: Re-add ScratchAmp quirk entries
     - [arm64] ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
     - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
     - drm/client: fix null pointer dereference in drm_client_modeset_probe
     - ALSA: line6: Fix racy access to midibuf
     - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
     - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks
     - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
     - usb: vhci-hcd: Do not drop references before new references are gained
     - USB: serial: debug: do not echo input by default
     - usb: gadget: core: Check for unset descriptor
     - usb: gadget: u_serial: Set start_delayed during suspend
     - usb: gadget: u_audio: Check return codes from usb_ep_enable and
       config_ep_by_speed.
     - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
     - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
     - tick/broadcast: Move per CPU pointer access into the atomic section
     - ntp: Clamp maxerror and esterror to operating range
     - torture: Enable clocksource watchdog with "tsc=watchdog"
     - clocksource: Scale the watchdog read retries automatically
     - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
     - driver core: Fix uevent_show() vs driver detach race
     - ntp: Safeguard against time_constant overflow
     - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex()
     - serial: core: check uartclk for zero to avoid divide by zero
     - [x86] ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx
     - kcov: properly check for softirq context
     - irqchip/xilinx: Fix shift out of bounds
     - genirq/irqdesc: Honor caller provided affinity in alloc_desc()
     - [x86] power: supply: axp288_charger: Fix constant_charge_voltage writes
     - [x86] power: supply: axp288_charger: Round constant_charge_voltage writes
       down
     - tracing: Fix overflow in get_free_elt()
     - padata: Fix possible divide-by-0 panic in padata_mt_helper()
     - smb3: fix setting SecurityFlags when encryption is required
     - btrfs: avoid using fixed char array size for tree names
     - [x86] mtrr: Check if fixed MTRRs exist before saving them
     - sched/smt: Introduce sched_smt_present_inc/dec() helper
     - sched/smt: Fix unbalance sched_smt_present dec/inc
     - drm/bridge: analogix_dp: properly handle zero sized AUX transactions
     - drm/dp_mst: Skip CSN if topology probing is not done yet
     - [arm64,armhf] drm/lima: Mark simple_ondemand governor as softdep
     - [x86] drm/mgag200: Set DDC timeout in milliseconds
     - [x86] drm/mgag200: Bind I2C lifetime to DRM device
     - mptcp: mib: count MPJ with backup flag
     - mptcp: export local_address
     - mptcp: pm: fix backup support in signal endpoints
     - mptcp: pm: deny endp with signal + subflow + port
     - block: use the right type for stub rq_integrity_vec()
     - Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in
       amdgpu_dm_plane_handle_cursor_update"
     - mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit
       machines (CVE-2024-42258)
     - btrfs: fix corruption after buffer fault in during direct IO append write
     - ipv6: fix source address selection with route leak
     - tools headers arm64: Sync arm64's cputype.h with the kernel sources
     - mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio()
     - block: Call .limit_depth() after .hctx has been set
     - block/mq-deadline: Fix the tag reservation code
     - xfs: fix log recovery buffer allocation for the legacy h_size fixup
       (CVE-2024-39472)
     - netfilter: nf_tables: bail out if stateful expression provides no .clone
     - netfilter: nf_tables: allow clone callbacks to sleep
     - netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
     - i2c: qcom-geni: fix missing clk_disable_unprepare() and
       geni_se_resources_off()
     - btrfs: fix double inode unlock for direct IO sync writes
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.106
     - mptcp: pass addr to mptcp_pm_alloc_anno_list
     - mptcp: pm: reduce indentation blocks
     - mptcp: pm: don't try to create sf if alloc failed
     - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set
     - [x86] ASoC: topology: Clean up route loading
     - [x86] ASoC: topology: Fix route memory corruption
     - exec: Fix ToCToU between perm check and set-uid/gid usage
     - nfsd: move reply cache initialization into nfsd startup
     - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
     - NFSD: Refactor nfsd_reply_cache_free_locked()
     - NFSD: Rename nfsd_reply_cache_alloc()
     - NFSD: Replace nfsd_prune_bucket()
     - NFSD: Refactor the duplicate reply cache shrinker
     - NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
     - NFSD: Fix frame size warning in svc_export_parse()
     - sunrpc: don't change ->sv_stats if it doesn't exist
     - nfsd: stop setting ->pg_stats for unused stats
     - sunrpc: pass in the sv_stats struct through svc_create_pooled
     - sunrpc: remove ->pg_stats from svc_program
     - sunrpc: use the struct net as the svc proc private
     - nfsd: rename NFSD_NET_* to NFSD_STATS_*
     - nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
     - nfsd: make all of the nfsd stats per-network namespace
     - nfsd: remove nfsd_stats, make th_cnt a global counter
     - nfsd: make svc_stat per-network namespace instead of global
     - nvme/pci: Add APST quirk for Lenovo N60z laptop
     - mptcp: fully established after ADD_ADDR echo on MPJ
     - [x86] drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
       (CVE-2024-42259)
     - cgroup: Make operations on the cgroup root_list RCU safe
     - [x86] drm/i915: Add a function to mmap framebuffer obj
     - [x86] drm/i915: Fix a NULL vs IS_ERR() bug
     - [x86] drm/i915/gem: Adjust vma offset for framebuffer mmap offset
     - binfmt_flat: Fix corruption when not offsetting data start
     - cgroup: Move rcu_head up near the top of cgroup_root
     - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (CVE-2024-42114)
     - [arm64] KVM: arm64: Don't pass a TLBI level hint when zapping table
       entries
     - media: Revert "media: dvb-usb: Fix unexpected infinite loop in
       dvb_usb_read_remote_control()"
     - Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no
       error"
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 24
 .
   [ Bastian Blank ]
   * Backport changes in Microsoft Azure Network Adapter from 6.10.
     (closes: #1076576)
   * [arm64] Enable MICROSOFT_MANA.
linux-signed-arm64 (6.1.99+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.99-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.99
     - Revert "usb: xhci: prevent potential failure in handle_tx_event() for
       Transfer events without TRB"
linux-signed-arm64 (6.1.98+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.98-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
     - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
     - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
     - wifi: cfg80211: fully move wiphy work to unbound workqueue
     - wifi: cfg80211: Lock wiphy in cfg80211_get_station
     - wifi: cfg80211: pmsr: use correct nla_get_uX functions
     - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
     - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
     - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
     - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
     - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
     - ax25: Fix refcount imbalance on inbound connections
     - ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
     - [armhf] net/ncsi: Simplify Kconfig/dts control flow
     - [armhf] net/ncsi: Fix the multi thread manner of NCSI driver
     - ipv6: ioam: block BH from ioam6_output()
     - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
     - bpf: Set run context for rawtp test_run callback
     - net/smc: avoid overwriting when adjusting sock bufsizes
     - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
       (CVE-2024-36978)
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
     - net/mlx5: Stop waiting for PCI up if teardown was triggered
     - net/mlx5: Stop waiting for PCI if pci channel is offline
     - net/mlx5: Split function_setup() to enable and open functions
     - net/mlx5: Always stop health timer during driver removal
     - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
     - ptp: Fix error message on failed pin verification
     - ice: fix iteration of TLVs in Preserved Fields Area
     - ice: Introduce new parameters in ice_sched_node
     - ice: remove null checks before devm_kfree() calls
     - ice: remove af_xdp_zc_qps bitmap
     - net: wwan: iosm: Fix tainted pointer delete is case of region creation
       fail
     - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted
       peer.
     - af_unix: Annodate data-races around sk->sk_state for writers.
     - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
     - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
       poll().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
     - af_unix: Annotate data-races around sk->sk_state in sendmsg() and
       recvmsg().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
     - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
     - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
     - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
     - af_unix: annotate lockless accesses to sk->sk_err
     - af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
     - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
     - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
     - ipv6: fix possible race in __fib6_drop_pcpu_from()
     - Bluetooth: qca: fix invalid device address check
     - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()
     - usb: gadget: f_fs: use io_data->status consistently
     - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
     - iio: accel: mxc4005: allow module autoloading via OF compatible
     - iio: accel: mxc4005: Reset chip on probe() and resume()
     - xtensa: stacktrace: include <asm/ftrace.h> for prototype
     - xtensa: fix MAKE_PC_FROM_RA second argument
     - drm/amd/display: drop unnecessary NULL checks in debugfs
     - drm/amd/display: Fix incorrect DSC instance for MST
     - [arm64] dts: qcom: sm8150: align TLMM pin configuration with DT schema
     - [arm64] dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration
     - misc/pvpanic: deduplicate common code
     - misc/pvpanic-pci: register attributes via pci_driver
     - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
     - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
     - mmc: davinci: Don't strip remove function when driver is builtin
     - firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails
     - HID: i2c-hid: elan: Add ili9882t timing
     - HID: i2c-hid: elan: fix reset suspend current leakage
     - i2c: add fwnode APIs
     - i2c: acpi: Unbind mux adapters before delete
     - mm, vmalloc: fix high order __GFP_NOFAIL allocations
     - mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
     - wifi: ath10k: fix QCOM_RPROC_COMMON dependency
     - btrfs: remove unnecessary prototype declarations at disk-io.c
     - btrfs: make btrfs_destroy_delayed_refs() return void
     - btrfs: fix leak of qgroup extent records after transaction abort
     - nilfs2: return the mapped address from nilfs_get_page()
     - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
     - io_uring: check for non-NULL file pointer in io_file_can_poll()
     - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
     - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
     - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
     - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
     - mei: me: release irq in mei_me_pci_resume error path
     - tty: n_tty: Fix buffer offsets when lookahead is used
     - landlock: Fix d_parent walk
     - jfs: xattr: fix buffer overflow for invalid xattr
     - xhci: Set correct transferred length for cancelled bulk transfers
     - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
     - xhci: Handle TD clearing for multiple streams case
     - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
     - [x86] thunderbolt: debugfs: Fix margin debugfs node creation condition
     - scsi: mpi3mr: Fix ATA NCQ priority support
     - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
     - scsi: sd: Use READ(16) when reading block zero on large capacity disks
       (Closes: #1067858)
     - gve: Clear napi->skb before dev_kfree_skb_any()
     - [powerpc*] uaccess: Fix build errors seen with GCC 13/14
     - Input: try trimming too long modalias strings (Closes: #983357)
     - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c
     - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
     - cachefiles: remove requests from xarray during flushing requests
     - cachefiles: introduce object ondemand state
     - cachefiles: extract ondemand info field from cachefiles_object
     - cachefiles: resend an open request if the read request's object is closed
     - cachefiles: add spin_lock for cachefiles_ondemand_info
     - cachefiles: add restore command to recover inflight ondemand read requests
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
     - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
     - cachefiles: never get a new anonymous fd if ondemand_id is valid
     - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
     - cachefiles: flush all requests after setting CACHEFILES_DEAD
     - selftests/ftrace: Fix to check required event file
     - clk: sifive: Do not register clkdevs for PRCI clocks
     - NFSv4.1 enforce rootpath check in fs_location query
     - SUNRPC: return proper error from gss_wrap_req_priv
     - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (Closes: #1071501)
     - [x86] platform/x86: dell-smbios: Fix wrong token data in sysfs
     - gpio: tqmx86: fix typo in Kconfig label
     - gpio: tqmx86: remove unneeded call to platform_set_drvdata()
     - gpio: tqmx86: introduce shadow register for GPIO output value
     - gpio: tqmx86: Convert to immutable irq_chip
     - gpio: tqmx86: store IRQ trigger type and unmask status separately
     - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type
     - HID: core: remove unnecessary WARN_ON() in implement()
     - iommu/amd: Fix sysfs leak in iommu init
     - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
     - drm/vmwgfx: Port the framebuffer code to drm fb helpers
     - drm/vmwgfx: Refactor drm connector probing for display modes
     - drm/vmwgfx: Filter modes which exceed graphics memory
     - drm/vmwgfx: 3D disabled should not effect STDU memory limits
     - drm/vmwgfx: Remove STDU logic from generic mode_valid function
     - net: sfp: Always call `sfp_sm_mod_remove()` on remove
     - net: hns3: fix kernel crash problem in concurrent scenario
     - net: hns3: add cond_resched() to hns3 ring buffer init process
     - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
     - drm/komeda: check for error-valued pointer
     - drm/bridge/panel: Fix runtime warning on panel bridge release
     - tcp: fix race in tcp_v6_syn_recv_sock()
     - geneve: Fix incorrect inner network header offset when innerprotoinherit
       is set
     - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
       packets
     - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
     - netfilter: ipset: Fix race between namespace cleanup and gc in the
       list:set type
     - net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP
     - gve: ignore nonrelevant GSO type bits when processing TSO headers
     - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs
       parameters
     - nvmet-passthru: propagate status from id override functions
     - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
     - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
     - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
     - ionic: fix use after netif_napi_del()
     - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
     - bnxt_en: Adjust logging of firmware messages in case of released token in
       __hwrm_send()
     - misc: microchip: pci1xxxx: fix double free in the error handling of
       gp_aux_bus_probe() (CVE-2024-36973)
     - [x86] boot: Don't add the EFI stub to targets, again
     - iio: adc: ad9467: fix scan type sign
     - iio: dac: ad5592r: fix temperature channel scaling value
     - iio: imu: inv_icm42600: delete unneeded update watermark call
     - drivers: core: synchronize really_probe() and dev_uevent()
     - drm/exynos/vidi: fix memory leak in .get_modes()
     - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID
       found
     - mptcp: ensure snd_una is properly initialized on connect
     - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
     - irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()
     - [x86] amd_nb: Check for invalid SMN reads
     - perf/core: Fix missing wakeup when waiting for context reference
     - riscv: fix overlap of allocated page and PTR_ERR
     - tracing/selftests: Fix kprobe event name test for .isra. functions
     - null_blk: Print correct max open zones limit in null_init_zoned_dev()
     - sock_map: avoid race between sock_map_close and sk_psock_put
     - vmci: prevent speculation leaks by sanitizing event in event_deliver()
     - spmi: hisi-spmi-controller: Do not override device identifier
     - knfsd: LOOKUP can return an illegal error value
     - fs/proc: fix softlockup in __read_vmcore
     - ocfs2: use coarse time for new created files
     - ocfs2: fix races between hole punching and AIO+DIO
     - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
     - dmaengine: axi-dmac: fix possible race in remove()
     - remoteproc: k3-r5: Wait for core0 power-up before powering up core1
     - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
     - [x86] drm/i915/gt: Disarm breadcrumbs if engines are already idle
     - [x86] drm/i915/dpt: Make DPT object unshrinkable
     - [x86] intel_th: pci: Add Granite Rapids support
     - [x86] intel_th: pci: Add Granite Rapids SOC support
     - [x86] intel_th: pci: Add Sapphire Rapids SOC support
     - [x86] intel_th: pci: Add Meteor Lake-S support
     - [x86] intel_th: pci: Add Lunar Lake support
     - btrfs: zoned: introduce a zone_info struct in
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out per-zone logic from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out single bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out DUP bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: fix use-after-free due to race with dev replace
     - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
     - tick/nohz_full: Don't abuse smp_call_function_single() in
       tick_setup_device()
     - mm/huge_memory: don't unpoison huge_zero_folio
     - mm/memory-failure: fix handling of dissolved but not taken off from buddy
       pages
     - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
     - mptcp: pm: update add_addr counters after connect
     - Revert "fork: defer linking file vma until vma is fully initialized"
     - remoteproc: k3-r5: Jump to error handling labels in start/stop errors
     - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing
       ondemand-mode
     - Bluetooth: qca: fix wcn3991 device address check
     - Bluetooth: qca: generalise device address check
     - greybus: Fix use-after-free bug in gb_interface_release due to race
       condition.
     - serial: 8250_dw: fall back to poll if there's no interrupt
     - serial: core: Add UPIO_UNKNOWN constant for unknown port type
     - usb-storage: alauda: Check whether the media is initialized
       (CVE-2024-38619)
     - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of
       gp_aux_bus_probe()
     - i2c: at91: Fix the functionality flags of the slave-only interface
     - i2c: designware: Fix the functionality flags of the slave-only interface
     - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
     - padata: Disable BH when taking works lock on MT path
     - io_uring/sqpoll: work around a potential audit memory leak
     - block/ioctl: prefer different overflow check
     - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
     - wifi: ath9k: work around memset overflow warning
     - af_packet: avoid a false positive warning in packet_setsockopt()
     - drop_monitor: replace spin_lock by raw_spin_lock
     - scsi: qedi: Fix crash while reading debugfs attribute
     - net/sched: fix false lockdep warning on qdisc root lock
     - net: dsa: realtek: keep default LED state in rtl8366rb
     - netpoll: Fix race condition in netpoll_owner_active
     - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
     - HID: Add quirk for Logitech Casa touchpad
     - HID: asus: fix more n-key report descriptors if n-key quirked
     - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
     - drm/amd/display: Exit idle optimizations before HDCP execution
     - [x86] platform/x86: toshiba_acpi: Add quirk for buttons on Z830
     - [x86] ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14
     - [arm64,armhf] drm/lima: add mask irq callback to gp and pp
     - [arm64,armhf] drm/lima: mask irqs in timeout path before hard reset
     - ALSA: hda/realtek: Add quirks for Lenovo 13X
     - [powerpc*] pseries: Enforce hcall result buffer validity and size
     - [powerpc*] io: Avoid clang null pointer arithmetic warnings
     - [x86] platform/x86: p2sb: Don't init until unassigned resources have been
       assigned
     - power: supply: cros_usbpd: provide ID table for avoiding fallback match
     - [arm64] iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
     - f2fs: remove clear SB_INLINECRYPT flag in default_options
     - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
     - [arm64] usb: dwc3: pci: Don't set "linux,phy_charger_detect" property on
       Lenovo Yoga Tab2 1380
     - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
     - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
     - [arm64,armhf] serial: imx: Introduce timeout when waiting on transmitter
       empty
     - serial: exar: adding missing CTI and Exar PCI ids
     - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API
     - tty: add the option to have a tty reject a new ldisc
     - tracing: Build event generation tests only as modules
     - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
     - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
     - ice: move RDMA init to ice_idc.c
     - ice: avoid IRQ collision to fix init failure on ACPI S3 resume
     - cipso: fix total option length computation
     - bpf: Avoid splat in pskb_pull_reason
     - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
     - netrom: Fix a memory leak in nr_heartbeat_expiry()
     - ipv6: prevent possible NULL deref in fib6_nh_init()
     - ipv6: prevent possible NULL dereference in rt6_probe()
     - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
     - netns: Make get_net_ns() handle zero refcount net
     - qca_spi: Make interrupt remembering atomic
     - net: lan743x: disable WOL upon resume to restore full data path operation
     - net: lan743x: Support WOL at both the PHY and MAC appropriately
     - net: phy: mxl-gpy: enhance delay time required by loopback disable
       function
     - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init
     - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
     - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
     - tipc: force a dst refcount before doing decryption
     - sched: act_ct: add netns into the key of tcf_ct_flow_table
     - ptp: fix integer overflow in max_vclocks_store
     - net: stmmac: No need to calculate speed divider when offload is disabled
     - virtio_net: checksum offloading handling fix
     - octeontx2-pf: Add error handling to VLAN unoffload handling
     - netfilter: ipset: Fix suspicious rcu_dereference_protected()
     - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6
       behaviors
     - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type
     - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
     - net: usb: rtl8150 fix unintiatilzed variables in
       rtl8150_get_link_ksettings
     - regulator: core: Fix modpost error "regulator_get_regmap" undefined
     - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
     - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting()
     - dmaengine: ioatdma: Fix leaking on version mismatch
     - dmaengine: ioat: use PCI core macros for PCIe Capability
     - dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
     - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
     - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
     - regulator: bd71815: fix ramp values
     - [arm64] dts: imx93-11x11-evk: Remove the 'no-sdio' property
     - [arm64] dts: freescale: imx8mm-verdin: enable hysteresis on slow input pin
     - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
       fine."
     - firmware: psci: Fix return value from psci_system_suspend()
     - RDMA/mlx5: Add check for srq max_sge attribute
     - net: stmmac: Assign configured channel value to EXTTS event
     - net: usb: ax88179_178a: improve reset check
     - net: do not leave a dangling sk pointer, when socket creation fails
     - btrfs: retry block group reclaim without infinite loop
     - cifs: fix typo in module parameter enable_gcm_256
     - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
     - [arm64] KVM: arm64: Disassociate vcpus from redistributor region on
       teardown
     - [x86] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 445/465
       G11.
     - ALSA: hda/realtek: Limit mic boost on N14AP7
     - drm/i915/mso: using joiner is not possible with eDP MSO
     - drm/radeon: fix UBSAN warning in kv_dpm.c
     - drm/amdgpu: fix UBSAN warning in kv_dpm.c
     - gcov: add support for GCC 14
     - kcov: don't lose track of remote references during softirqs
     - mm: mmap: allow for the maximum number of bits for randomizing mmap_base
       by default
     - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
     - mm/page_table_check: fix crash on ZONE_DEVICE
     - i2c: ocores: set IACK bit after core is enabled
     - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to
       i2c-controller schema
     - [armhf] spi: stm32: qspi: Fix dual flash mode sanity test in
       stm32_qspi_setup()
     - [arm64] dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
     - [armhf] spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to
       CCR_BUSWIDTH_4
     - perf: script: add raw|disasm arguments to --insn-trace option
     - perf script: Show also errors for --insn-trace option
     - [armhf] dts: samsung: smdkv310: fix keypad no-autorepeat
     - [armhf] dts: samsung: exynos4412-origen: fix keypad no-autorepeat
     - [armhf] dts: samsung: smdk4412: fix keypad no-autorepeat
     - pmdomain: ti-sci: Fix duplicate PD referrals
     - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
     - [x86] cpu/vfm: Add new macros to work with (vendor/family/model) values
     - [x86] cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
     - Revert "kheaders: substituting --sort in archive creation"
     - kheaders: explicitly define file modes for archived headers
     - drm/amd/display: revert Exit idle optimizations before HDCP execution
     - net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
     - hid: asus: asus_report_fixup: fix potential read out of bounds
     - Revert "mm: mmap: allow for the maximum number of bits for randomizing
       mmap_base by default"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
     - usb: typec: ucsi: Never send a lone connector change ack
     - usb: typec: ucsi: Ack also failed Get Error commands
     - [x86] ACPI: x86: utils: Add Picasso to the list for forcing
       StorageD3Enable
     - [x86] ACPI: x86: Force StorageD3Enable on more products
     - Input: ili210x - fix ili251x_read_touch_data() return value
     - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
     - [arm64,armhf] pinctrl: rockchip: use dedicated pinctrl type for RK3328
     - [arm64,armhf] pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
     - [mips*] pci: lantiq: restore reset gpio polarity
     - dt-bindings: i2c: Drop unneeded quotes
     - dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema
     - netfilter: nf_tables: use timestamp to check for set element timeout
       (CVE-2024-27397)
     - [arm64] ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right
       mclk
     - [s390x] pci: Add missing virt_to_phys() for directed DIBV
     - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe()
     - [arm64] ASoC: fsl-asoc-card: set priv->pdev before using it
     - net: dsa: microchip: fix initial port flush problem
     - bpf: Fix overrunning reservations in ringbuf
     - ibmvnic: Free any outstanding tx skbs during scrq reset
     - net: phy: micrel: add Microchip KSZ 9477 to the device table
     - net: dsa: microchip: use collision based back pressure mode
     - xdp: Remove WARN() from __xdp_reg_mem_model()
     - Fix race for duplicate reqsk on identical SYN
     - net: dsa: microchip: fix wrong register write when masking interrupt
     - [powerpc*] restore some missing spu syscalls
     - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
     - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
       registers
     - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
     - [x86] fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
     - mtd: partitions: redboot: Added conversion of operands to a larger type
     - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok()
     - bpf: Add a check for struct bpf_fib_lookup size
     - bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
     - RDMA/restrack: Fix potential invalid address access
     - net/iucv: Avoid explicit cpumask var allocation on stack
     - net/dpaa2: Avoid explicit cpumask var allocation on stack
     - crypto: ecdh - explicitly zeroize private_key
     - ALSA: emux: improve patch ioctl data validation
     - media: dvbdev: Initialize sbuf
     - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
     - drm/radeon/radeon_display: Decrease the size of allocated memory
     - nvme: fixup comment for nvme RDMA Provider Type
     - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
     - [arm64] gpio: davinci: Validate the obtained number of IRQs
     - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c
     - drm/amdgpu: Fix pci state save during mode-1 reset
     - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
     - randomize_kstack: Remove non-functional per-arch entropy filtering
     - ima: Fix use-after-free on a dentry's dname.name
     - [x86] stop playing stack games in profile_pc()
     - Revert "MIPS: pci: lantiq: restore reset gpio polarity"
     - [arm64] pinctrl: qcom: spmi-gpio: drop broken pm8008 support
     - ocfs2: fix DIO failure due to insufficient transaction credits
     - nfs: drop the incorrect assertion in nfs_swap_rw()
     - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
     - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
     - mmc: sdhci: Do not invert write-protect twice
     - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
     - iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
     - counter: ti-eqep: enable clock at probe
     - i2c: testunit: don't erase registers after STOP
     - i2c: testunit: discard write requests while old command is running
     - iio: adc: ad7266: Fix variable checking bug
     - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
     - net: usb: ax88179_178a: improve link status logs
     - usb: gadget: printer: SS+ support
     - usb: gadget: printer: fix races against disable (CVE-2024-25741)
     - usb: musb: da8xx: fix a resource leak in probe()
     - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
     - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
       avoid deadlock
     - usb: gadget: aspeed_udc: fix device address configuration
     - usb: ucsi: stm32: fix command completion handling
     - serial: 8250_omap: Implementation of Errata i2310
     - serial: imx: set receiver level before starting uart
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665
       G11.
     - tty: mcf: MCF54418 has 10 UARTS
     - net: can: j1939: Initialize unused data in j1939_send_one()
     - net: can: j1939: recover socket queue on CAN bus error during BAM
       transmission
     - net: can: j1939: enhanced error handling for tightly received RTS messages
       in xtp_rx_rts_session_new
     - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing
     - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
     - irqchip/loongson-liointc: Set different ISRs for different cores
     - kbuild: Install dtb files as 0644 in Makefile.dtbinst
     - btrfs: zoned: fix initial free space detection
     - csky, hexagon: fix broken sys_sync_file_range
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
     - drm/amdgpu: avoid using null object of framebuffer
     - [x86] drm/i915/gt: Fix potential UAF by revoke of fence registers
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
     - drm/amdgpu/atomfirmware: fix parsing of vram_info
     - batman-adv: Don't accept TT entries for out-of-spec VIDs
     - can: mcp251xfd: fix infinite loop when xmit fails
     - ata: ahci: Clean up sysfs file on error
     - ata: libata-core: Fix double free on error
     - ftruncate: pass a signed offset
     - syscalls: fix compat_sys_io_pgetevents_time64 usage
     - syscalls: fix sys_fanotify_mark prototype
     - Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units"
     - mm/page_alloc: Separate THP PCP into movable and non-movable categories
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
     - efi: memmap: Move manipulation routines into x86 arch tree
     - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
     - [x86] efi/x86: Free EFI memory map only when installing a new one.
     - [arm64] dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Rename LED related pinctrl nodes on
       rk3308-rock-pi-s
     - [arm64] dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
     - [arm64] dts: rockchip: Add sound-dai-cells for RK3368
     - serial: imx: only set receiver level if it is zero
     - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
     - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
     - locking/mutex: Introduce devm_mutex_init()
     - crypto: hisilicon/debugfs - Fix debugfs uninit process issue
     - [arm64,armhf] drm/lima: fix shared irq handling on driver remove
     - [powerpc*] Avoid nmi_enter/nmi_exit in real mode interrupt.
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - crypto: aead,cipher - zeroize key buffer after use
     - drm/amdgpu: Fix uninitialized variable warnings
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Check index msg_id before read or write
     - drm/amd/display: Check pipe offset before setting vblank
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - drm/amdgpu: fix uninitialized scalar variable warning
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - usb: xhci: prevent potential failure in handle_tx_event() for Transfer
       events without TRB
     - wifi: mt76: replace skb_put with skb_put_zero
     - [arm64,armhf] net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - [powerpc*] 64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - kunit: Fix timeout message
     - [powerpc*] xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - igc: fix a log entry using uninitialized netdev
     - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
     - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
     - scsi: mpi3mr: Sanitise num_phys
     - serial: imx: Raise TX trigger level to 8
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - [s390x] pkey: Wipe sensitive data on failure
     - btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation
       warning
     - cdrom: rearrange last_media_change check to avoid unintentional overflow
     - mac802154: fix time calculation in ieee802154_configure_durations()
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - net/mlx5: E-switch, Create ingress ACL when needed
     - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup()
     - tcp_metrics: validate source addr length
     - [s390x] KVM: s390: fix LPSWEY handling
     - e1000e: Fix S0ix residency on corporate systems
     - net: allow skb_datagram_iter to be called from any context
     - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from
       __netif_rx()
     - wifi: wilc1000: fix ies_len type in connect path
     - netfilter: nf_tables: unconditionally flush pending work before notifier
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
       (CVE-2024-39487)
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - [x86] platform/x86: toshiba_acpi: Fix quickstart quirk handling
     - Revert "igc: fix a log entry using uninitialized netdev"
     - nilfs2: fix inode number range checks
     - nilfs2: add missing check for inode numbers on directory entries
     - mm: optimize the redundant loop of mm_update_owner_next()
     - mm: avoid overflows in dirty throttling logic
     - btrfs: fix adding block group to a reclaim list and the unused list during
       reclaim
     - f2fs: Add inline to f2fs_build_fault_attr() stub
     - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
     - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
     - can: kvaser_usb: Explicitly initialize family in leafimx driver_info
       struct
     - fsnotify: Do not generate events for O_PATH file descriptors
     - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
       again"
     - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
     - drm/amdgpu/atomfirmware: silence UBSAN warning
     - drm: panel-orientation-quirks: Add quirk for Valve Galileo
     - [powerpc*] pseries: Fix scv instruction crash with kexec
     - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
     - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
     - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
     - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
     - [arm64] dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model
       B
     - ima: Avoid blocking in RCU read-side critical section
     - media: dw2102: fix a potential buffer overflow
     - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
     - clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe()
     - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
     - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
     - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
     - nvme-multipath: find NUMA path only for online numa-node
     - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
     - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
     - regmap-i2c: Subtract reg size from max_write
     - [x86] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW
       11.6" tablet
     - [x86] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
     - nvmet: fix a possible leak when destroy a ctrl during qp establishment
     - kbuild: fix short log for AS in link-vmlinux.sh
     - nfc/nci: Add the inconsistency check between the input data length and
       count
     - spi: cadence: Ensure data lines set to low during dummy-cycle period
     - null_blk: Do not allow runt zone with zone capacity smaller then zone size
     - nilfs2: fix incorrect inode allocation from reserved inodes
 .
   [ Salvatore Bonaccorso ]
   * [rt] Drop "drm/i915/gt: Queue and wait for the irq_work item."
   *  Bump ABI to 23
   * Drop now unknown config options for DRM_VMWGFX_FBCON
   * Refresh "firmware: Remove redundant log messages from drivers"
   * d/rules.real: Revert workaround to explicitly remove executable bits from
     dtb files (implemented upstream)
   * [rt] Update to 6.1.96-rt35

linux-signed-i386 (6.1.106+3) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-3
 .
   * udp: allow header check for dodgy GSO_UDP_L4 packets.
   * gso: fix dodgy bit handling for GSO_UDP_L4
   * net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
   * net: drop bad gso csum_start and offset in virtio_net_hdr (Closes: #1079684)
   * Bump ABI to 25
linux-signed-i386 (6.1.106+2) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.106-2
 .
   * media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
linux-signed-i386 (6.1.99+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.99-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.99
     - Revert "usb: xhci: prevent potential failure in handle_tx_event() for
       Transfer events without TRB"
linux-signed-i386 (6.1.98+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.98-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
     - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
     - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
     - wifi: cfg80211: fully move wiphy work to unbound workqueue
     - wifi: cfg80211: Lock wiphy in cfg80211_get_station
     - wifi: cfg80211: pmsr: use correct nla_get_uX functions
     - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
     - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
     - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
     - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
     - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
     - ax25: Fix refcount imbalance on inbound connections
     - ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
     - [armhf] net/ncsi: Simplify Kconfig/dts control flow
     - [armhf] net/ncsi: Fix the multi thread manner of NCSI driver
     - ipv6: ioam: block BH from ioam6_output()
     - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
     - bpf: Set run context for rawtp test_run callback
     - net/smc: avoid overwriting when adjusting sock bufsizes
     - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
       (CVE-2024-36978)
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
     - net/mlx5: Stop waiting for PCI up if teardown was triggered
     - net/mlx5: Stop waiting for PCI if pci channel is offline
     - net/mlx5: Split function_setup() to enable and open functions
     - net/mlx5: Always stop health timer during driver removal
     - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
     - ptp: Fix error message on failed pin verification
     - ice: fix iteration of TLVs in Preserved Fields Area
     - ice: Introduce new parameters in ice_sched_node
     - ice: remove null checks before devm_kfree() calls
     - ice: remove af_xdp_zc_qps bitmap
     - net: wwan: iosm: Fix tainted pointer delete is case of region creation
       fail
     - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted
       peer.
     - af_unix: Annodate data-races around sk->sk_state for writers.
     - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
     - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
       poll().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
     - af_unix: Annotate data-races around sk->sk_state in sendmsg() and
       recvmsg().
     - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
     - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
     - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
     - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
     - af_unix: annotate lockless accesses to sk->sk_err
     - af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
     - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
     - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
     - ipv6: fix possible race in __fib6_drop_pcpu_from()
     - Bluetooth: qca: fix invalid device address check
     - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()
     - usb: gadget: f_fs: use io_data->status consistently
     - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
     - iio: accel: mxc4005: allow module autoloading via OF compatible
     - iio: accel: mxc4005: Reset chip on probe() and resume()
     - xtensa: stacktrace: include <asm/ftrace.h> for prototype
     - xtensa: fix MAKE_PC_FROM_RA second argument
     - drm/amd/display: drop unnecessary NULL checks in debugfs
     - drm/amd/display: Fix incorrect DSC instance for MST
     - [arm64] dts: qcom: sm8150: align TLMM pin configuration with DT schema
     - [arm64] dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration
     - misc/pvpanic: deduplicate common code
     - misc/pvpanic-pci: register attributes via pci_driver
     - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
     - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
     - mmc: davinci: Don't strip remove function when driver is builtin
     - firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails
     - HID: i2c-hid: elan: Add ili9882t timing
     - HID: i2c-hid: elan: fix reset suspend current leakage
     - i2c: add fwnode APIs
     - i2c: acpi: Unbind mux adapters before delete
     - mm, vmalloc: fix high order __GFP_NOFAIL allocations
     - mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
     - wifi: ath10k: fix QCOM_RPROC_COMMON dependency
     - btrfs: remove unnecessary prototype declarations at disk-io.c
     - btrfs: make btrfs_destroy_delayed_refs() return void
     - btrfs: fix leak of qgroup extent records after transaction abort
     - nilfs2: return the mapped address from nilfs_get_page()
     - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
     - io_uring: check for non-NULL file pointer in io_file_can_poll()
     - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
     - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
     - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
     - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
     - mei: me: release irq in mei_me_pci_resume error path
     - tty: n_tty: Fix buffer offsets when lookahead is used
     - landlock: Fix d_parent walk
     - jfs: xattr: fix buffer overflow for invalid xattr
     - xhci: Set correct transferred length for cancelled bulk transfers
     - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
     - xhci: Handle TD clearing for multiple streams case
     - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
     - [x86] thunderbolt: debugfs: Fix margin debugfs node creation condition
     - scsi: mpi3mr: Fix ATA NCQ priority support
     - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
     - scsi: sd: Use READ(16) when reading block zero on large capacity disks
       (Closes: #1067858)
     - gve: Clear napi->skb before dev_kfree_skb_any()
     - [powerpc*] uaccess: Fix build errors seen with GCC 13/14
     - Input: try trimming too long modalias strings (Closes: #983357)
     - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c
     - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
     - cachefiles: remove requests from xarray during flushing requests
     - cachefiles: introduce object ondemand state
     - cachefiles: extract ondemand info field from cachefiles_object
     - cachefiles: resend an open request if the read request's object is closed
     - cachefiles: add spin_lock for cachefiles_ondemand_info
     - cachefiles: add restore command to recover inflight ondemand read requests
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
     - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
     - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
     - cachefiles: never get a new anonymous fd if ondemand_id is valid
     - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
     - cachefiles: flush all requests after setting CACHEFILES_DEAD
     - selftests/ftrace: Fix to check required event file
     - clk: sifive: Do not register clkdevs for PRCI clocks
     - NFSv4.1 enforce rootpath check in fs_location query
     - SUNRPC: return proper error from gss_wrap_req_priv
     - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (Closes: #1071501)
     - [x86] platform/x86: dell-smbios: Fix wrong token data in sysfs
     - gpio: tqmx86: fix typo in Kconfig label
     - gpio: tqmx86: remove unneeded call to platform_set_drvdata()
     - gpio: tqmx86: introduce shadow register for GPIO output value
     - gpio: tqmx86: Convert to immutable irq_chip
     - gpio: tqmx86: store IRQ trigger type and unmask status separately
     - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type
     - HID: core: remove unnecessary WARN_ON() in implement()
     - iommu/amd: Fix sysfs leak in iommu init
     - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
     - drm/vmwgfx: Port the framebuffer code to drm fb helpers
     - drm/vmwgfx: Refactor drm connector probing for display modes
     - drm/vmwgfx: Filter modes which exceed graphics memory
     - drm/vmwgfx: 3D disabled should not effect STDU memory limits
     - drm/vmwgfx: Remove STDU logic from generic mode_valid function
     - net: sfp: Always call `sfp_sm_mod_remove()` on remove
     - net: hns3: fix kernel crash problem in concurrent scenario
     - net: hns3: add cond_resched() to hns3 ring buffer init process
     - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
     - drm/komeda: check for error-valued pointer
     - drm/bridge/panel: Fix runtime warning on panel bridge release
     - tcp: fix race in tcp_v6_syn_recv_sock()
     - geneve: Fix incorrect inner network header offset when innerprotoinherit
       is set
     - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
       packets
     - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
     - netfilter: ipset: Fix race between namespace cleanup and gc in the
       list:set type
     - net: pse-pd: Use EOPNOTSUPP error code instead of ENOTSUPP
     - gve: ignore nonrelevant GSO type bits when processing TSO headers
     - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs
       parameters
     - nvmet-passthru: propagate status from id override functions
     - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
     - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
     - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
     - ionic: fix use after netif_napi_del()
     - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
     - bnxt_en: Adjust logging of firmware messages in case of released token in
       __hwrm_send()
     - misc: microchip: pci1xxxx: fix double free in the error handling of
       gp_aux_bus_probe() (CVE-2024-36973)
     - [x86] boot: Don't add the EFI stub to targets, again
     - iio: adc: ad9467: fix scan type sign
     - iio: dac: ad5592r: fix temperature channel scaling value
     - iio: imu: inv_icm42600: delete unneeded update watermark call
     - drivers: core: synchronize really_probe() and dev_uevent()
     - drm/exynos/vidi: fix memory leak in .get_modes()
     - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID
       found
     - mptcp: ensure snd_una is properly initialized on connect
     - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
     - irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()
     - [x86] amd_nb: Check for invalid SMN reads
     - perf/core: Fix missing wakeup when waiting for context reference
     - riscv: fix overlap of allocated page and PTR_ERR
     - tracing/selftests: Fix kprobe event name test for .isra. functions
     - null_blk: Print correct max open zones limit in null_init_zoned_dev()
     - sock_map: avoid race between sock_map_close and sk_psock_put
     - vmci: prevent speculation leaks by sanitizing event in event_deliver()
     - spmi: hisi-spmi-controller: Do not override device identifier
     - knfsd: LOOKUP can return an illegal error value
     - fs/proc: fix softlockup in __read_vmcore
     - ocfs2: use coarse time for new created files
     - ocfs2: fix races between hole punching and AIO+DIO
     - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
     - dmaengine: axi-dmac: fix possible race in remove()
     - remoteproc: k3-r5: Wait for core0 power-up before powering up core1
     - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
     - [x86] drm/i915/gt: Disarm breadcrumbs if engines are already idle
     - [x86] drm/i915/dpt: Make DPT object unshrinkable
     - [x86] intel_th: pci: Add Granite Rapids support
     - [x86] intel_th: pci: Add Granite Rapids SOC support
     - [x86] intel_th: pci: Add Sapphire Rapids SOC support
     - [x86] intel_th: pci: Add Meteor Lake-S support
     - [x86] intel_th: pci: Add Lunar Lake support
     - btrfs: zoned: introduce a zone_info struct in
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out per-zone logic from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out single bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: factor out DUP bg handling from
       btrfs_load_block_group_zone_info
     - btrfs: zoned: fix use-after-free due to race with dev replace
     - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
     - tick/nohz_full: Don't abuse smp_call_function_single() in
       tick_setup_device()
     - mm/huge_memory: don't unpoison huge_zero_folio
     - mm/memory-failure: fix handling of dissolved but not taken off from buddy
       pages
     - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
     - mptcp: pm: update add_addr counters after connect
     - Revert "fork: defer linking file vma until vma is fully initialized"
     - remoteproc: k3-r5: Jump to error handling labels in start/stop errors
     - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing
       ondemand-mode
     - Bluetooth: qca: fix wcn3991 device address check
     - Bluetooth: qca: generalise device address check
     - greybus: Fix use-after-free bug in gb_interface_release due to race
       condition.
     - serial: 8250_dw: fall back to poll if there's no interrupt
     - serial: core: Add UPIO_UNKNOWN constant for unknown port type
     - usb-storage: alauda: Check whether the media is initialized
       (CVE-2024-38619)
     - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of
       gp_aux_bus_probe()
     - i2c: at91: Fix the functionality flags of the slave-only interface
     - i2c: designware: Fix the functionality flags of the slave-only interface
     - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
     - padata: Disable BH when taking works lock on MT path
     - io_uring/sqpoll: work around a potential audit memory leak
     - block/ioctl: prefer different overflow check
     - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
     - wifi: ath9k: work around memset overflow warning
     - af_packet: avoid a false positive warning in packet_setsockopt()
     - drop_monitor: replace spin_lock by raw_spin_lock
     - scsi: qedi: Fix crash while reading debugfs attribute
     - net/sched: fix false lockdep warning on qdisc root lock
     - net: dsa: realtek: keep default LED state in rtl8366rb
     - netpoll: Fix race condition in netpoll_owner_active
     - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
     - HID: Add quirk for Logitech Casa touchpad
     - HID: asus: fix more n-key report descriptors if n-key quirked
     - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
     - drm/amd/display: Exit idle optimizations before HDCP execution
     - [x86] platform/x86: toshiba_acpi: Add quirk for buttons on Z830
     - [x86] ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14
     - [arm64,armhf] drm/lima: add mask irq callback to gp and pp
     - [arm64,armhf] drm/lima: mask irqs in timeout path before hard reset
     - ALSA: hda/realtek: Add quirks for Lenovo 13X
     - [powerpc*] pseries: Enforce hcall result buffer validity and size
     - [powerpc*] io: Avoid clang null pointer arithmetic warnings
     - [x86] platform/x86: p2sb: Don't init until unassigned resources have been
       assigned
     - power: supply: cros_usbpd: provide ID table for avoiding fallback match
     - [arm64] iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
     - f2fs: remove clear SB_INLINECRYPT flag in default_options
     - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
     - [arm64] usb: dwc3: pci: Don't set "linux,phy_charger_detect" property on
       Lenovo Yoga Tab2 1380
     - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
     - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
     - [arm64,armhf] serial: imx: Introduce timeout when waiting on transmitter
       empty
     - serial: exar: adding missing CTI and Exar PCI ids
     - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API
     - tty: add the option to have a tty reject a new ldisc
     - tracing: Build event generation tests only as modules
     - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
     - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
     - ice: move RDMA init to ice_idc.c
     - ice: avoid IRQ collision to fix init failure on ACPI S3 resume
     - cipso: fix total option length computation
     - bpf: Avoid splat in pskb_pull_reason
     - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
     - netrom: Fix a memory leak in nr_heartbeat_expiry()
     - ipv6: prevent possible NULL deref in fib6_nh_init()
     - ipv6: prevent possible NULL dereference in rt6_probe()
     - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
     - netns: Make get_net_ns() handle zero refcount net
     - qca_spi: Make interrupt remembering atomic
     - net: lan743x: disable WOL upon resume to restore full data path operation
     - net: lan743x: Support WOL at both the PHY and MAC appropriately
     - net: phy: mxl-gpy: enhance delay time required by loopback disable
       function
     - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init
     - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
     - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
     - tipc: force a dst refcount before doing decryption
     - sched: act_ct: add netns into the key of tcf_ct_flow_table
     - ptp: fix integer overflow in max_vclocks_store
     - net: stmmac: No need to calculate speed divider when offload is disabled
     - virtio_net: checksum offloading handling fix
     - octeontx2-pf: Add error handling to VLAN unoffload handling
     - netfilter: ipset: Fix suspicious rcu_dereference_protected()
     - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6
       behaviors
     - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type
     - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
     - net: usb: rtl8150 fix unintiatilzed variables in
       rtl8150_get_link_ksettings
     - regulator: core: Fix modpost error "regulator_get_regmap" undefined
     - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
     - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting()
     - dmaengine: ioatdma: Fix leaking on version mismatch
     - dmaengine: ioat: use PCI core macros for PCIe Capability
     - dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
     - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
     - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
     - regulator: bd71815: fix ramp values
     - [arm64] dts: imx93-11x11-evk: Remove the 'no-sdio' property
     - [arm64] dts: freescale: imx8mm-verdin: enable hysteresis on slow input pin
     - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
       fine."
     - firmware: psci: Fix return value from psci_system_suspend()
     - RDMA/mlx5: Add check for srq max_sge attribute
     - net: stmmac: Assign configured channel value to EXTTS event
     - net: usb: ax88179_178a: improve reset check
     - net: do not leave a dangling sk pointer, when socket creation fails
     - btrfs: retry block group reclaim without infinite loop
     - cifs: fix typo in module parameter enable_gcm_256
     - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
     - [arm64] KVM: arm64: Disassociate vcpus from redistributor region on
       teardown
     - [x86] KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 445/465
       G11.
     - ALSA: hda/realtek: Limit mic boost on N14AP7
     - drm/i915/mso: using joiner is not possible with eDP MSO
     - drm/radeon: fix UBSAN warning in kv_dpm.c
     - drm/amdgpu: fix UBSAN warning in kv_dpm.c
     - gcov: add support for GCC 14
     - kcov: don't lose track of remote references during softirqs
     - mm: mmap: allow for the maximum number of bits for randomizing mmap_base
       by default
     - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
     - mm/page_table_check: fix crash on ZONE_DEVICE
     - i2c: ocores: set IACK bit after core is enabled
     - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to
       i2c-controller schema
     - [armhf] spi: stm32: qspi: Fix dual flash mode sanity test in
       stm32_qspi_setup()
     - [arm64] dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
     - [armhf] spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to
       CCR_BUSWIDTH_4
     - perf: script: add raw|disasm arguments to --insn-trace option
     - perf script: Show also errors for --insn-trace option
     - [armhf] dts: samsung: smdkv310: fix keypad no-autorepeat
     - [armhf] dts: samsung: exynos4412-origen: fix keypad no-autorepeat
     - [armhf] dts: samsung: smdk4412: fix keypad no-autorepeat
     - pmdomain: ti-sci: Fix duplicate PD referrals
     - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
     - [x86] cpu/vfm: Add new macros to work with (vendor/family/model) values
     - [x86] cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
     - Revert "kheaders: substituting --sort in archive creation"
     - kheaders: explicitly define file modes for archived headers
     - drm/amd/display: revert Exit idle optimizations before HDCP execution
     - net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
     - hid: asus: asus_report_fixup: fix potential read out of bounds
     - Revert "mm: mmap: allow for the maximum number of bits for randomizing
       mmap_base by default"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
     - usb: typec: ucsi: Never send a lone connector change ack
     - usb: typec: ucsi: Ack also failed Get Error commands
     - [x86] ACPI: x86: utils: Add Picasso to the list for forcing
       StorageD3Enable
     - [x86] ACPI: x86: Force StorageD3Enable on more products
     - Input: ili210x - fix ili251x_read_touch_data() return value
     - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
     - [arm64,armhf] pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
     - [arm64,armhf] pinctrl: rockchip: use dedicated pinctrl type for RK3328
     - [arm64,armhf] pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
     - [mips*] pci: lantiq: restore reset gpio polarity
     - dt-bindings: i2c: Drop unneeded quotes
     - dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema
     - netfilter: nf_tables: use timestamp to check for set element timeout
       (CVE-2024-27397)
     - [arm64] ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right
       mclk
     - [s390x] pci: Add missing virt_to_phys() for directed DIBV
     - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe()
     - [arm64] ASoC: fsl-asoc-card: set priv->pdev before using it
     - net: dsa: microchip: fix initial port flush problem
     - bpf: Fix overrunning reservations in ringbuf
     - ibmvnic: Free any outstanding tx skbs during scrq reset
     - net: phy: micrel: add Microchip KSZ 9477 to the device table
     - net: dsa: microchip: use collision based back pressure mode
     - xdp: Remove WARN() from __xdp_reg_mem_model()
     - Fix race for duplicate reqsk on identical SYN
     - net: dsa: microchip: fix wrong register write when masking interrupt
     - [powerpc*] restore some missing spu syscalls
     - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
     - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
       registers
     - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
     - [x86] fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
     - mtd: partitions: redboot: Added conversion of operands to a larger type
     - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok()
     - bpf: Add a check for struct bpf_fib_lookup size
     - bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
     - RDMA/restrack: Fix potential invalid address access
     - net/iucv: Avoid explicit cpumask var allocation on stack
     - net/dpaa2: Avoid explicit cpumask var allocation on stack
     - crypto: ecdh - explicitly zeroize private_key
     - ALSA: emux: improve patch ioctl data validation
     - media: dvbdev: Initialize sbuf
     - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
     - drm/radeon/radeon_display: Decrease the size of allocated memory
     - nvme: fixup comment for nvme RDMA Provider Type
     - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
     - [arm64] gpio: davinci: Validate the obtained number of IRQs
     - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c
     - drm/amdgpu: Fix pci state save during mode-1 reset
     - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
     - randomize_kstack: Remove non-functional per-arch entropy filtering
     - ima: Fix use-after-free on a dentry's dname.name
     - [x86] stop playing stack games in profile_pc()
     - Revert "MIPS: pci: lantiq: restore reset gpio polarity"
     - [arm64] pinctrl: qcom: spmi-gpio: drop broken pm8008 support
     - ocfs2: fix DIO failure due to insufficient transaction credits
     - nfs: drop the incorrect assertion in nfs_swap_rw()
     - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
     - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
     - mmc: sdhci: Do not invert write-protect twice
     - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
     - iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
     - counter: ti-eqep: enable clock at probe
     - i2c: testunit: don't erase registers after STOP
     - i2c: testunit: discard write requests while old command is running
     - iio: adc: ad7266: Fix variable checking bug
     - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
     - net: usb: ax88179_178a: improve link status logs
     - usb: gadget: printer: SS+ support
     - usb: gadget: printer: fix races against disable (CVE-2024-25741)
     - usb: musb: da8xx: fix a resource leak in probe()
     - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
     - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
       avoid deadlock
     - usb: gadget: aspeed_udc: fix device address configuration
     - usb: ucsi: stm32: fix command completion handling
     - serial: 8250_omap: Implementation of Errata i2310
     - serial: imx: set receiver level before starting uart
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665
       G11.
     - tty: mcf: MCF54418 has 10 UARTS
     - net: can: j1939: Initialize unused data in j1939_send_one()
     - net: can: j1939: recover socket queue on CAN bus error during BAM
       transmission
     - net: can: j1939: enhanced error handling for tightly received RTS messages
       in xtp_rx_rts_session_new
     - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing
     - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
     - irqchip/loongson-liointc: Set different ISRs for different cores
     - kbuild: Install dtb files as 0644 in Makefile.dtbinst
     - btrfs: zoned: fix initial free space detection
     - csky, hexagon: fix broken sys_sync_file_range
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
     - drm/amdgpu: avoid using null object of framebuffer
     - [x86] drm/i915/gt: Fix potential UAF by revoke of fence registers
     - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
     - drm/amdgpu/atomfirmware: fix parsing of vram_info
     - batman-adv: Don't accept TT entries for out-of-spec VIDs
     - can: mcp251xfd: fix infinite loop when xmit fails
     - ata: ahci: Clean up sysfs file on error
     - ata: libata-core: Fix double free on error
     - ftruncate: pass a signed offset
     - syscalls: fix compat_sys_io_pgetevents_time64 usage
     - syscalls: fix sys_fanotify_mark prototype
     - Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units"
     - mm/page_alloc: Separate THP PCP into movable and non-movable categories
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
     - efi: memmap: Move manipulation routines into x86 arch tree
     - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
     - [x86] efi/x86: Free EFI memory map only when installing a new one.
     - [arm64] dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
     - [arm64] dts: rockchip: Rename LED related pinctrl nodes on
       rk3308-rock-pi-s
     - [arm64] dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
     - [arm64] dts: rockchip: Add sound-dai-cells for RK3368
     - serial: imx: only set receiver level if it is zero
     - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
     - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
     - locking/mutex: Introduce devm_mutex_init()
     - crypto: hisilicon/debugfs - Fix debugfs uninit process issue
     - [arm64,armhf] drm/lima: fix shared irq handling on driver remove
     - [powerpc*] Avoid nmi_enter/nmi_exit in real mode interrupt.
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - crypto: aead,cipher - zeroize key buffer after use
     - drm/amdgpu: Fix uninitialized variable warnings
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Check index msg_id before read or write
     - drm/amd/display: Check pipe offset before setting vblank
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - drm/amdgpu: fix uninitialized scalar variable warning
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - usb: xhci: prevent potential failure in handle_tx_event() for Transfer
       events without TRB
     - wifi: mt76: replace skb_put with skb_put_zero
     - [arm64,armhf] net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - [powerpc*] 64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - kunit: Fix timeout message
     - [powerpc*] xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - igc: fix a log entry using uninitialized netdev
     - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
     - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
     - scsi: mpi3mr: Sanitise num_phys
     - serial: imx: Raise TX trigger level to 8
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - [s390x] pkey: Wipe sensitive data on failure
     - btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation
       warning
     - cdrom: rearrange last_media_change check to avoid unintentional overflow
     - mac802154: fix time calculation in ieee802154_configure_durations()
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - net/mlx5: E-switch, Create ingress ACL when needed
     - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup()
     - tcp_metrics: validate source addr length
     - [s390x] KVM: s390: fix LPSWEY handling
     - e1000e: Fix S0ix residency on corporate systems
     - net: allow skb_datagram_iter to be called from any context
     - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from
       __netif_rx()
     - wifi: wilc1000: fix ies_len type in connect path
     - netfilter: nf_tables: unconditionally flush pending work before notifier
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
       (CVE-2024-39487)
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - [x86] platform/x86: toshiba_acpi: Fix quickstart quirk handling
     - Revert "igc: fix a log entry using uninitialized netdev"
     - nilfs2: fix inode number range checks
     - nilfs2: add missing check for inode numbers on directory entries
     - mm: optimize the redundant loop of mm_update_owner_next()
     - mm: avoid overflows in dirty throttling logic
     - btrfs: fix adding block group to a reclaim list and the unused list during
       reclaim
     - f2fs: Add inline to f2fs_build_fault_attr() stub
     - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
     - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
     - can: kvaser_usb: Explicitly initialize family in leafimx driver_info
       struct
     - fsnotify: Do not generate events for O_PATH file descriptors
     - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
       again"
     - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
     - drm/amdgpu/atomfirmware: silence UBSAN warning
     - drm: panel-orientation-quirks: Add quirk for Valve Galileo
     - [powerpc*] pseries: Fix scv instruction crash with kexec
     - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
     - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
     - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
     - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
     - [arm64] dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model
       B
     - ima: Avoid blocking in RCU read-side critical section
     - media: dw2102: fix a potential buffer overflow
     - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
     - clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe()
     - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
     - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
     - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
     - nvme-multipath: find NUMA path only for online numa-node
     - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
     - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
     - regmap-i2c: Subtract reg size from max_write
     - [x86] platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW
       11.6" tablet
     - [x86] platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
     - nvmet: fix a possible leak when destroy a ctrl during qp establishment
     - kbuild: fix short log for AS in link-vmlinux.sh
     - nfc/nci: Add the inconsistency check between the input data length and
       count
     - spi: cadence: Ensure data lines set to low during dummy-cycle period
     - null_blk: Do not allow runt zone with zone capacity smaller then zone size
     - nilfs2: fix incorrect inode allocation from reserved inodes
 .
   [ Salvatore Bonaccorso ]
   * [rt] Drop "drm/i915/gt: Queue and wait for the irq_work item."
   *  Bump ABI to 23
   * Drop now unknown config options for DRM_VMWGFX_FBCON
   * Refresh "firmware: Remove redundant log messages from drivers"
   * d/rules.real: Revert workaround to explicitly remove executable bits from
     dtb files (implemented upstream)
   * [rt] Update to 6.1.96-rt35

newlib (3.3.0-1.3+deb12u1) bookworm; urgency=medium
 .
   * Team approved upload.
   * Changed maintainer to reflect the ones listed in unstable.
   * Added mallocr-CVE-2021-3420.patch to solve incorrect overflow
     check in malloc and friends (Closes: #984446).

nova (2:26.2.2-1~deb12u3) bookworm-security; urgency=high
 .
   * CVE-2024-40767: Regression VMDK/qcow arbitrary file access (CVE-2024-32498)
     Applied upstream patches (Closes: #1076774):
     - CVE-2024-40767_1_port_format_inspector_tests_from_glance_antelope.patch
     - CVE-2024-40767_2_Reproduce_iso_regression_with_deep_format_inspection_antelope.patch
     - CVE-2024-40767_3_Add-iso-file-format-inspector_antelope.patch
     - CVE-2024-40767_4_Change-force_format-strategy-to-catch-mismatches_antelope.patch
   * Add qemu-utils as build-depends to run new tests.

numpy (1:1.24.2-1+deb12u1) bookworm; urgency=medium
 .
   * Declare conflict with python-numpy due to f2py (Closes: #1053649)

openjdk-17 (17.0.12+7-2~deb12u1) bookworm-security; urgency=medium
 .
   * Rebuild for bookworm
openjdk-17 (17.0.12+7-2~deb11u1) bullseye-security; urgency=medium
 .
   * Build for bullseye
openjdk-17 (17.0.12+7-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.12 release, build 7.
openjdk-17 (17.0.12~6ea-1) unstable; urgency=medium
 .
   * OpenJDK 17.0.12 early access, build 6.
 .
   [ Vladimir Petko ]
   * d/p/8295111.patch: Apply upstream patch to resolve jpackage failure
     to create a deb package.
   * d/t/problems-i386.txt: Update i386 test exclusions.
   * d/t/problems-armhf.txt: Update armhf test exclusions.
   * d/p/jdk-8307977.patch: Rename patch.
   * d/p/jdk-8334502-proposed.patch: Add proposed fix for iso8601 time format
     on ARM32.
   * d/p/jdk-8334895-proposed.patch: Add proposed fix for configuration failure
     when CDS is disabled on arm64.
   * d/control: Regenerate control.
   * d/rules: Enable early access release.
   * d/rules: Enable jtreg tests.
   * d/rules: Include /usr/share/dpkg/buildflags.mk to avoid configure failure
     due to the undefined variables.
   * d/p/jdk-8325567.patch: jspawnhelper without args fails with segfault.
     LP: #2055280.
   * d/p/jdk-8331541.patch: Add fix for the link failure against libjvm.so on
     i386. Closes: #1057715.
 .
   [ Matthias Klose ]
   * Build using GCC 10 for focal.
openjdk-17 (17.0.11+9-1) unstable; urgency=high
 .
   * OpenJDK 17.0.11 release, build 9.
     - CVE-2024-21011, 8319851: Improve exception logging.
     - CVE-2024-21068, 8322122: Enhance generation of addresses.
     - 8318340: Improve RSA key implementations.
     - CVE-2024-21012, 8315708: Enhance HTTP/2 client usage.
   * CVE-2024-21094, 8317507: Already fixed in November 2023:
     C2 compilation fails with "Exceeded _node_regs array".

openssh (1:9.2p1-2+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Disable async-signal-unsafe code from the sshsigdie() function

openssl (3.0.14-1~deb12u1) bookworm; urgency=medium
 .
   * Import 3.0.14
     - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3)
       (Closes: #1068658).
     - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
       (Closes: #1071972).
     - CVE-2024-4741 (Use After Free with SSL_free_buffers)
       (Closes: #1072113).
openssl (3.0.13-1~deb12u2) bookworm; urgency=medium
 .
   * Revert "Improved detection of engine-provided private "classic"
     keys" (Closes: #1074764).

plasma-workspace (4:5.27.5-2+deb12u2) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2024-36041: ksmserver: Unauthorized users can access session manager

poe.app (0.5.1-6+deb12u1) bookworm; urgency=medium
 .
   * debian/gbp.conf: New file.
   * debian/control (Vcs-Git): Set branch to bookworm.
   * debian/patches/editable-cells.patch: New; make comment cells editable
     (Closes: #1076829).
   * debian/patches/preferences-draw.patch: New; fix drawing when an
     NSActionCell in the preferences is acted on to change state.
poe.app (0.5.1-6+deb11u1) bullseye; urgency=medium
 .
   * debian/gbp.conf: New file.
   * debian/control (Vcs-Git): Set branch to bullseye.
   * debian/patches/editable-cells.patch: New; make comment cells editable
     (Closes: #1076829).
   * debian/patches/preferences-draw.patch: New; fix drawing when an
     NSActionCell in the preferences is acted on to change state.

postgresql-15 (15.8-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version.
 .
     + Prevent unauthorized code execution during pg_dump (Masahiko Sawada)
 .
       An attacker able to create and drop non-temporary objects could inject
       SQL code that would be executed by a concurrent pg_dump session with the
       privileges of the role running pg_dump (which is often a superuser).
       The attack involves replacing a sequence or similar object with a view
       or foreign table that will execute malicious code.  To prevent this,
       introduce a new server parameter restrict_nonsystem_relation_kind that
       can disable expansion of non-builtin views as well as access to foreign
       tables, and teach pg_dump to set it when available.  Note that the
       attack is prevented only if both pg_dump and the server it is dumping
       from are new enough to have this fix.
 .
       The PostgreSQL Project thanks Noah Misch for reporting this problem.
       (CVE-2024-7348)
 .
     * Refresh debian/patches/focal-arm64-outline-atomics.

putty (0.78-2+deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Cherry-pick from upstream:
     - Add an extra HMAC constructor function
     - Fix CVE-2024-31497: biased ECDSA nonce generation allows an attacker
       to recover a user's NIST P-521 secret key via a quick attack in
       approximately 60 signatures. In other words, an adversary
       may already have enough signature information to compromise a victim's
       private key, even if there is no further use of vulnerable PuTTY
       versions.
   * Run test/cryptsuite.py during build.

python-asyncssh (2.10.1-2+deb12u1) bookworm-security; urgency=medium
 .
   * Apply and tweak upstream security fix for CVE-2023-48795
     Implement "strict kex" support to harden AsyncSSH against Terrapin
     Attack. Closes: #1059007

qemu (1:7.2+dfsg-7+deb12u7) bookworm; urgency=medium
 .
   * update to upstream 7.2.13 stable/bugfix release, v7.2.13.diff,
     https://gitlab.com/qemu-project/qemu/-/commits/v7.2.13 :
     - Update version for 7.2.13 release
     - char-stdio: Restore blocking mode of stdout on exit
     - virtio: remove virtio_tswap16s() call in vring_packed_event_read()
     - block: Parse filenames only when explicitly requested
     - iotests/270: Don't store data-file with json: prefix in image
     - iotests/244: Don't store data-file with protocol in image
     - qcow2: Don't open data_file with BDRV_O_NO_IO
       (Closes: #1075824, CVE-2024-4467)
     - target/arm: Fix VCMLA Dd, Dn, Dm[idx]
     - i386/cpu: fixup number of addressable IDs for processor cores
       in the physical package
     - gitlab-ci: Disable the riscv64-debian-cross-container by default
     - tests: don't run benchmarks for the tsan build
     - tests: Update our CI to use CentOS Stream 9 instead of 8
     - ci, docker: update CentOS and OpenSUSE Python to non-EOL versions
     - Update lcitool and fedora to 37
     - gitlab-ci.d/buildtest: Merge the --without-default-* jobs
     - tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
     - linux-user: Make TARGET_NR_setgroups affect only the current thread
     - stdvga: fix screen blanking
     - virtio-net: drop too short packets early
     - target/i386: fix size of EBP writeback in gen_enter()
    * update to upstream 7.2.12 stable/bugfix release, v7.2.12.diff,
     https://gitlab.com/qemu-project/qemu/-/commits/v7.2.12 :
     - Update version for 7.2.12 release
     - target/loongarch: fix a wrong print in cpu dump
     - ui/sdl2: Allow host to power down screen
     - target/i386: fix SSE and SSE2 feature check
     - target/i386: fix xsave.flat from kvm-unit-tests
     - disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
     - hw/intc/riscv_aplic: APLICs should add child earlier than realize
     - target/arm: Disable SVE extensions when SVE is disabled
     - hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n>
     - hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
     - gitlab: Update msys2-64bit runner tags
     - target/i386: no single-step exception after MOV or POP SS
     - target/i386: disable jmp_opt if EFLAGS.RF is 1
     - target-i386: hyper-v: Correct kvm_hv_handle_exit return value
     - ui/gtk: Check if fence_fd is equal to or greater than 0
     - ui/gtk: Fix mouse/motion event scaling issue with GTK display backend
     - target/i386: rdpkru/wrpkru are no-prefix instructions
     - target/i386: fix operand size for DATA16 REX.W POPCNT
     - hw/remote/vfio-user: Fix config space access byte order
     - target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK
     - hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
     - hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
     - .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs
     - tests/avocado: update sunxi kernel from armbian to 6.6.16
     - backends/cryptodev-builtin: Fix local_error leaks
     - nbd/server: Mark negotiation functions as coroutine_fn
     - nbd/server: do not poll within a coroutine context
     - linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
     - gitlab/opensbi: Move to docker:stable
     - gitlab-ci: Remove job building EDK2 firmware binaries

riemann-c-client (1.10.4-2+deb12u1) bookworm; urgency=medium
 .
   * Fix GnuTLS send/recv.
riemann-c-client (1.10.4-2+deb11u1) bullseye; urgency=medium
 .
   * Fix GnuTLS send/recv.

roundcube (1.6.5+dfsg-1+deb12u4) bookworm-security; urgency=medium
 .
   * Regression fix: The original fix for CVE-2024-42008 broke printing and
     other handling of image attachments. (Closes: #1078456)
roundcube (1.6.5+dfsg-1+deb12u3) bookworm-security; urgency=high
 .
   * Cherry pick upstream security fixes from v1.6.8 (closes: #1077969):
     + CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of
       attachments other than HTML or SVG.
     + CVE-2024-42009: Cross-site scripting (XSS) vulnerability in
       post-processing of sanitized HTML content.
     + CVE-2024-42010: Fix information leak (access to remote content) via
       insufficient CSS filtering.
   * Cherry pick further upstream changes from v1.6.8:
     + Fix fatal error when parsing some TNEF attachments.
     + Fix bug where an unhandled exception was caused by an invalid image
       attachment.
     + Fix infinite loop when parsing malformed Sieve script.
     + Fix bug where imap_conn_option's 'socket' was ignored.

rustc-web (1.78.0+dfsg1-2~deb12u3) bookworm; urgency=medium
 .
   * Depend on cargo-web for the autopkgtest.
   * Add missing conflicts (closes: #1079744, #1079653, #1076683).
rustc-web (1.78.0+dfsg1-2~deb12u2) bookworm; urgency=medium
 .
   * Also rename rustfmt to rustfmt-web.
rustc-web (1.78.0+dfsg1-2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport rustc 1.78, as required by newer firefox and chromium.
   * Rename rustc backport to rustc-web.
   * Use LLVM 16.
   * Disable wasm, -all, -llvm packages.
   * Vendor libgit2 dependency.
rustc-web (1.78.0+dfsg1-2~deb11u3) bullseye; urgency=medium
 .
   * Depend on cargo-web for the autopkgtest.
   * Add missing conflicts (closes: #1079744, #1079653, #1076683).
rustc-web (1.78.0+dfsg1-2~deb11u2) bullseye; urgency=medium
 .
   * Also rename rustfmt to rustfmt-web.
rustc-web (1.78.0+dfsg1-2~deb11u1) bullseye; urgency=medium
 .
   * Backport to bullseye.
   * Switch pkgconf build-dependency to pkg-config, pkgconf in bullseye
     doesn't provide `triplet`-pkgconf binaries.

shim (15.8-1~deb12u1) bookworm; urgency=medium
 .
   [ Steve McIntyre ]
   * Cope with changes in pesign packaging.
   * New upstream release fixing more bugs
   * Remove all our previous patches, no longer needed:
     + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now
       upstream)
     + Enable-NX.patch (we don't want NX just yet until the whole boot
       stack is NX-capable)
     + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT
       is 4)
   * Cherry-pick 2 new patches from upstream for grub revocations:
     + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
     + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
   * Log if the build is nx-compatible or not
   * Force shim to use the latest revocations by default to block some
     older grub / peimage issues. This is:
     "shim,4\ngrub,4\ngrub.peimage,2\n"
   * Install a copy of the Debian CA certificate into /usr/share/shim.
     Closes: #1069054
   * Clean up better after build. Closes: #1046268
 .
   [ Bastien Roucariès ]
   * Port autopkgtest from ubuntu
   * Import MR-12: "shim-unsigned:amd64 cannot be installed alongside
     shim-unsigned:i386", thanks to adrian15 adrian15 (Closes: #936009).
   * Fix debian/watch and check signature
shim (15.8-1~deb11u1) bullseye; urgency=medium
 .
   * New upstream release fixing more bugs
   * Remove all our previous patches, no longer needed:
     + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now
       upstream)
     + Enable-NX.patch (we don't want NX just yet until the whole boot
       stack is NX-capable)
     + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT
       is 4)
   * Cherry-pick 2 new patches from upstream for grub revocations:
     + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
     + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
   * Log if the build is nx-compatible or not
   * Force shim to use the latest revocations by default to block some
     older grub / peimage issues. This is:
     "shim,4\ngrub,4\ngrub.peimage,2\n"
   * Install a copy of the Debian CA certificate into /usr/share/shim.
     Closes: #1069054
   * Clean up better after build. Closes: #1046268

shim-helpers-amd64-signed (1+15.8+1~deb12u1) bookworm; urgency=medium
 .
   * Update to shim 15.8-1~deb12u1
shim-helpers-amd64-signed (1+15.8+1~deb11u1) bullseye; urgency=medium
 .
   * Update to shim 15.8-1~deb11u1

shim-helpers-arm64-signed (1+15.8+1~deb12u1) bookworm; urgency=medium
 .
   * Update to shim 15.8-1~deb12u1
shim-helpers-arm64-signed (1+15.8+1~deb11u1) bullseye; urgency=medium
 .
   * Update to shim 15.8-1~deb11u1

shim-helpers-i386-signed (1+15.8+1~deb12u1) bookworm; urgency=medium
 .
   * Update to shim 15.8-1~deb12u1
shim-helpers-i386-signed (1+15.8+1~deb11u1) bullseye; urgency=medium
 .
   * Update to shim 15.8-1~deb11u1

shim-signed (1.44~1+deb12u1) bookworm; urgency=medium
 .
   * Build against new signed binaries corresponding to 15.8-1~deb12u1
   * Update build-dep on shim-unsigned to use 15.8-1~deb12u1
   * NOTE: this will block use of older grub binaries with sbat < 4
     + Update Depends on grub2-common to match.
   * Multiple packaging updates backported:
     + Add Romanian translation for debconf templates (thanks to
       Remus-Gabriel Chelu)
     + Stop recommending secureboot-db, we don't have that package
     + Tweak dependencies using substvars (thanks for help from Fabian
       Grünbichler)
shim-signed (1.44~1+deb11u1) bullseye; urgency=medium
 .
   * Build against new signed binaries corresponding to 15.8-1~deb11u1
   * Update build-dep on shim-unsigned to use 15.8-1~deb11u1
   * NOTE: this will block use of older grub binaries with sbat < 4
     + Update Depends on grub2-common to match.
   * Multiple packaging updates backported:
     + Add Romanian translation for debconf templates (thanks to
       Remus-Gabriel Chelu)
     + Stop recommending secureboot-db, we don't have that package
     + Tweak dependencies using substvars (thanks for help from Fabian
       Grünbichler)
shim-signed (1.43) unstable; urgency=medium
 .
   * Fix broken usage of dpkg-query
shim-signed (1.42) unstable; urgency=medium
 .
   * Tweak versioning in runtime dependencies, using substvars
     to make things more automatic in future.
shim-signed (1.41) unstable; urgency=medium
 .
   * Build against new signed binaries corresponding to 15.8-1
     + Closes: #1071215
   * NOTE: Stop building packages for i386. The number of functioning
     i386 Secure Boot machines is approximately zero at this point.
   * Tweak packaging:
     + Switch from debian/compat to build-dep on debhelper-compat
       (= 13)
shim-signed (1.40) unstable; urgency=medium
 .
   * Stop recommending secureboot-db, we don't have that package.
     Closes: #1042964, #1041449, #932358
   * Add Romanian translation for debconf templates, thanks to
     Remus-Gabriel Chelu. Closes: #1039090

squid (5.7-2+deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2024-37894 (Closes: #1074284)

systemd (252.30-1~deb12u2) bookworm; urgency=medium
 .
   * Backport patch to revert new comment in /etc/systemd/journald.conf.
     Avoid dpkg prompt on upgrade
systemd (252.30-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.30
   * Refresh patches to remove fuzz from 252.30
systemd (252.29-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.29 (Closes: #1074789)
systemd (252.29-1~deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports
 .
 systemd (252.29-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.29 (Closes: #1074789)
 .
 systemd (252.28-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.28 (Closes: #1074789)
 .
 systemd (252.27-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.27
systemd (252.28-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.28 (Closes: #1074789)
systemd (252.27-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream version 252.27

usb.ids (2024.07.04-0+deb12u1) bookworm; urgency=medium
 .
   * New upstream version.
usb.ids (2024.07.04-0+deb11u1) bullseye; urgency=medium
 .
   * New upstream version.
usb.ids (2024.03.18-1) unstable; urgency=medium
 .
   * New upstream version.
usb.ids (2024.01.30-1) unstable; urgency=medium
 .
   * New upstream version.
usb.ids (2024.01.20-1) unstable; urgency=medium
 .
   * New upstream version.

wpa (2:2.10-12+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Only load libraries from trusted path (CVE-2024-5290)

xmedcon (0.23.0-gtk3+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * CVE-2024-29421.patch: new: fix CVE-2024-29421. (Closes: #1077369)

znc (1.8.2-3.1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix RCE vulnerability in modtcl (CVE-2024-39844)
=======================================
Sat, 29 Jun 2024 - Debian 12.6 released
=======================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:17:03 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

btrfs-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
btrfs-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
btrfs-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
btrfs-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
cdrom-core-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
cdrom-core-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
cdrom-core-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
cdrom-core-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
crc-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
crc-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
crc-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
crc-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
crypto-dm-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
crypto-dm-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
crypto-dm-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
crypto-dm-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
crypto-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
crypto-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
crypto-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
crypto-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
dasd-extra-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
dasd-extra-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
dasd-extra-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
dasd-extra-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
dasd-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
dasd-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
dasd-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
dasd-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
ext4-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
ext4-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
ext4-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
ext4-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
f2fs-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
f2fs-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
f2fs-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
f2fs-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
fat-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
fat-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
fat-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
fat-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
fuse-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
fuse-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
fuse-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
fuse-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
isofs-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
isofs-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
isofs-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
isofs-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
kernel-image-6.1.0-15-s390x-di |   6.1.66-1 | s390x
kernel-image-6.1.0-19-s390x-di |   6.1.82-1 | s390x
kernel-image-6.1.0-20-s390x-di |   6.1.85-1 | s390x
kernel-image-6.1.0-21-s390x-di |   6.1.90-1 | s390x
linux-headers-6.1.0-15-s390x |   6.1.66-1 | s390x
linux-headers-6.1.0-19-s390x |   6.1.82-1 | s390x
linux-headers-6.1.0-20-s390x |   6.1.85-1 | s390x
linux-headers-6.1.0-21-s390x |   6.1.90-1 | s390x
linux-image-6.1.0-15-s390x |   6.1.66-1 | s390x
linux-image-6.1.0-15-s390x-dbg |   6.1.66-1 | s390x
linux-image-6.1.0-19-s390x |   6.1.82-1 | s390x
linux-image-6.1.0-19-s390x-dbg |   6.1.82-1 | s390x
linux-image-6.1.0-20-s390x |   6.1.85-1 | s390x
linux-image-6.1.0-20-s390x-dbg |   6.1.85-1 | s390x
linux-image-6.1.0-21-s390x |   6.1.90-1 | s390x
linux-image-6.1.0-21-s390x-dbg |   6.1.90-1 | s390x
loop-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
loop-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
loop-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
loop-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
md-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
md-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
md-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
md-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
mtd-core-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
mtd-core-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
mtd-core-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
mtd-core-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
multipath-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
multipath-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
multipath-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
multipath-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
nbd-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
nbd-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
nbd-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
nbd-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
nic-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
nic-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
nic-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
nic-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
scsi-core-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
scsi-core-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
scsi-core-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
scsi-core-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
scsi-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
scsi-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
scsi-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
scsi-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
udf-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
udf-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
udf-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
udf-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x
xfs-modules-6.1.0-15-s390x-di |   6.1.66-1 | s390x
xfs-modules-6.1.0-19-s390x-di |   6.1.82-1 | s390x
xfs-modules-6.1.0-20-s390x-di |   6.1.85-1 | s390x
xfs-modules-6.1.0-21-s390x-di |   6.1.90-1 | s390x

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:17:20 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

affs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
affs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
affs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
affs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
affs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
affs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
affs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
affs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
ata-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
ata-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
ata-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
ata-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
ata-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
ata-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
ata-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
ata-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
btrfs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
btrfs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
btrfs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
btrfs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
btrfs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
btrfs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
btrfs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
btrfs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
cdrom-core-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
crc-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
crc-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
crc-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
crc-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
crc-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
crc-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
crc-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
crc-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
crypto-dm-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
crypto-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
crypto-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
crypto-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
crypto-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
crypto-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
crypto-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
crypto-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
crypto-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
event-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
event-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
event-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
event-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
event-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
event-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
event-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
event-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
ext4-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
ext4-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
ext4-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
ext4-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
ext4-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
ext4-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
ext4-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
ext4-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
f2fs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
f2fs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
f2fs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
f2fs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
f2fs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
f2fs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
f2fs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
f2fs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
fat-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
fat-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
fat-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
fat-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
fat-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
fat-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
fat-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
fat-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
fb-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
fb-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
fb-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
fb-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
fb-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
fb-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
fb-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
fb-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
firewire-core-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
firewire-core-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
firewire-core-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
firewire-core-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
firewire-core-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
firewire-core-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
firewire-core-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
firewire-core-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
fuse-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
fuse-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
fuse-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
fuse-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
fuse-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
fuse-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
fuse-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
fuse-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
input-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
input-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
input-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
input-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
input-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
input-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
input-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
input-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
isofs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
isofs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
isofs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
isofs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
isofs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
isofs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
isofs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
isofs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
jfs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
jfs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
jfs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
jfs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
jfs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
jfs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
jfs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
jfs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
kernel-image-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
kernel-image-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
kernel-image-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
kernel-image-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
kernel-image-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
kernel-image-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
kernel-image-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
kernel-image-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
linux-headers-6.1.0-15-loongson-3 |   6.1.66-1 | mips64el, mipsel
linux-headers-6.1.0-15-octeon |   6.1.66-1 | mips64el, mipsel
linux-headers-6.1.0-19-loongson-3 |   6.1.82-1 | mips64el, mipsel
linux-headers-6.1.0-19-octeon |   6.1.82-1 | mips64el, mipsel
linux-headers-6.1.0-20-loongson-3 |   6.1.85-1 | mips64el, mipsel
linux-headers-6.1.0-20-octeon |   6.1.85-1 | mips64el, mipsel
linux-headers-6.1.0-21-loongson-3 |   6.1.90-1 | mips64el, mipsel
linux-headers-6.1.0-21-octeon |   6.1.90-1 | mips64el, mipsel
linux-image-6.1.0-15-loongson-3 |   6.1.66-1 | mips64el, mipsel
linux-image-6.1.0-15-loongson-3-dbg |   6.1.66-1 | mips64el, mipsel
linux-image-6.1.0-15-octeon |   6.1.66-1 | mips64el, mipsel
linux-image-6.1.0-15-octeon-dbg |   6.1.66-1 | mips64el, mipsel
linux-image-6.1.0-19-loongson-3 |   6.1.82-1 | mips64el, mipsel
linux-image-6.1.0-19-loongson-3-dbg |   6.1.82-1 | mips64el, mipsel
linux-image-6.1.0-19-octeon |   6.1.82-1 | mips64el, mipsel
linux-image-6.1.0-19-octeon-dbg |   6.1.82-1 | mips64el, mipsel
linux-image-6.1.0-20-loongson-3 |   6.1.85-1 | mips64el, mipsel
linux-image-6.1.0-20-loongson-3-dbg |   6.1.85-1 | mips64el, mipsel
linux-image-6.1.0-20-octeon |   6.1.85-1 | mips64el, mipsel
linux-image-6.1.0-20-octeon-dbg |   6.1.85-1 | mips64el, mipsel
linux-image-6.1.0-21-loongson-3 |   6.1.90-1 | mips64el, mipsel
linux-image-6.1.0-21-loongson-3-dbg |   6.1.90-1 | mips64el, mipsel
linux-image-6.1.0-21-octeon |   6.1.90-1 | mips64el, mipsel
linux-image-6.1.0-21-octeon-dbg |   6.1.90-1 | mips64el, mipsel
loop-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
loop-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
loop-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
loop-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
loop-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
loop-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
loop-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
loop-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
md-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
md-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
md-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
md-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
md-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
md-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
md-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
md-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
minix-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
minix-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
minix-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
minix-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
minix-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
minix-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
minix-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
minix-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
mmc-core-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
mmc-core-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
mmc-core-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
mmc-core-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
mmc-core-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
mmc-core-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
mmc-core-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
mmc-core-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
mmc-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
mmc-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
mmc-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
mmc-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
mmc-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
mmc-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
mmc-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
mmc-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
mouse-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
mouse-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
mouse-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
mouse-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
mouse-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
mouse-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
mouse-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
mouse-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
multipath-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
multipath-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
multipath-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
multipath-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
multipath-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
multipath-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
multipath-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
multipath-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nbd-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nbd-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nbd-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nbd-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nbd-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nbd-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nbd-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nbd-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nfs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nfs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nfs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nfs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nfs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nfs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nfs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nfs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nic-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nic-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nic-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nic-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nic-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nic-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nic-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nic-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nic-shared-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nic-shared-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nic-shared-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nic-shared-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nic-shared-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nic-shared-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nic-shared-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nic-shared-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nic-usb-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nic-usb-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nic-usb-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nic-usb-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nic-usb-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nic-usb-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nic-usb-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nic-usb-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
nic-wireless-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
pata-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
pata-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
pata-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
pata-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
pata-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
pata-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
pata-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
pata-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
ppp-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
ppp-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
ppp-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
ppp-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
ppp-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
ppp-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
ppp-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
ppp-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
sata-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
sata-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
sata-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
sata-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
sata-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
sata-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
sata-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
sata-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
scsi-core-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
scsi-core-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
scsi-core-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
scsi-core-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
scsi-core-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
scsi-core-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
scsi-core-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
scsi-core-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
scsi-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
scsi-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
scsi-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
scsi-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
scsi-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
scsi-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
scsi-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
scsi-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
scsi-nic-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
sound-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
sound-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
sound-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
sound-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
sound-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
sound-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
sound-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
sound-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
speakup-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
speakup-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
speakup-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
speakup-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
speakup-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
speakup-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
speakup-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
speakup-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
squashfs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
squashfs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
squashfs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
squashfs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
squashfs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
squashfs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
squashfs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
squashfs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
udf-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
udf-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
udf-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
udf-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
udf-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
udf-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
udf-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
udf-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
usb-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
usb-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
usb-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
usb-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
usb-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
usb-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
usb-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
usb-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
usb-serial-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
usb-serial-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
usb-serial-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
usb-serial-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
usb-serial-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
usb-serial-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
usb-serial-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
usb-serial-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
usb-storage-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
usb-storage-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
usb-storage-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
usb-storage-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
usb-storage-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
usb-storage-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
usb-storage-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
usb-storage-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel
xfs-modules-6.1.0-15-loongson-3-di |   6.1.66-1 | mips64el, mipsel
xfs-modules-6.1.0-15-octeon-di |   6.1.66-1 | mips64el, mipsel
xfs-modules-6.1.0-19-loongson-3-di |   6.1.82-1 | mips64el, mipsel
xfs-modules-6.1.0-19-octeon-di |   6.1.82-1 | mips64el, mipsel
xfs-modules-6.1.0-20-loongson-3-di |   6.1.85-1 | mips64el, mipsel
xfs-modules-6.1.0-20-octeon-di |   6.1.85-1 | mips64el, mipsel
xfs-modules-6.1.0-21-loongson-3-di |   6.1.90-1 | mips64el, mipsel
xfs-modules-6.1.0-21-octeon-di |   6.1.90-1 | mips64el, mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:17:39 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

affs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
affs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
affs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
affs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
affs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
affs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
affs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
affs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
ata-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
ata-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
ata-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
ata-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
ata-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
ata-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
ata-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
ata-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
btrfs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
btrfs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
btrfs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
btrfs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
btrfs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
btrfs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
btrfs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
btrfs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
cdrom-core-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
cdrom-core-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
cdrom-core-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
cdrom-core-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
cdrom-core-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
cdrom-core-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
cdrom-core-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
cdrom-core-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
crc-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
crc-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
crc-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
crc-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
crc-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
crc-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
crc-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
crc-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
crypto-dm-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
crypto-dm-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
crypto-dm-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
crypto-dm-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
crypto-dm-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
crypto-dm-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
crypto-dm-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
crypto-dm-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
crypto-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
crypto-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
crypto-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
crypto-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
crypto-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
crypto-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
crypto-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
crypto-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
event-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
event-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
event-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
event-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
event-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
event-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
event-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
event-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
ext4-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
ext4-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
ext4-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
ext4-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
ext4-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
ext4-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
ext4-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
ext4-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
f2fs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
f2fs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
f2fs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
f2fs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
f2fs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
f2fs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
f2fs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
f2fs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
fat-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
fat-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
fat-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
fat-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
fat-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
fat-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
fat-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
fat-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
fb-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
fb-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
fb-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
fb-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
fb-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
fb-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
fb-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
fb-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
firewire-core-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
firewire-core-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
firewire-core-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
firewire-core-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
firewire-core-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
firewire-core-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
firewire-core-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
firewire-core-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
fuse-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
fuse-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
fuse-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
fuse-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
fuse-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
fuse-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
fuse-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
fuse-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
input-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
input-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
input-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
input-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
input-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
input-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
input-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
input-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
isofs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
isofs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
isofs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
isofs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
isofs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
isofs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
isofs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
isofs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
jfs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
jfs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
jfs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
jfs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
jfs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
jfs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
jfs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
jfs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
kernel-image-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
kernel-image-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
kernel-image-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
kernel-image-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
kernel-image-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
kernel-image-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
kernel-image-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
kernel-image-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
linux-headers-6.1.0-15-4kc-malta |   6.1.66-1 | mipsel
linux-headers-6.1.0-15-mips32r2el |   6.1.66-1 | mipsel
linux-headers-6.1.0-19-4kc-malta |   6.1.82-1 | mipsel
linux-headers-6.1.0-19-mips32r2el |   6.1.82-1 | mipsel
linux-headers-6.1.0-20-4kc-malta |   6.1.85-1 | mipsel
linux-headers-6.1.0-20-mips32r2el |   6.1.85-1 | mipsel
linux-headers-6.1.0-21-4kc-malta |   6.1.90-1 | mipsel
linux-headers-6.1.0-21-mips32r2el |   6.1.90-1 | mipsel
linux-image-6.1.0-15-4kc-malta |   6.1.66-1 | mipsel
linux-image-6.1.0-15-4kc-malta-dbg |   6.1.66-1 | mipsel
linux-image-6.1.0-15-mips32r2el |   6.1.66-1 | mipsel
linux-image-6.1.0-15-mips32r2el-dbg |   6.1.66-1 | mipsel
linux-image-6.1.0-19-4kc-malta |   6.1.82-1 | mipsel
linux-image-6.1.0-19-4kc-malta-dbg |   6.1.82-1 | mipsel
linux-image-6.1.0-19-mips32r2el |   6.1.82-1 | mipsel
linux-image-6.1.0-19-mips32r2el-dbg |   6.1.82-1 | mipsel
linux-image-6.1.0-20-4kc-malta |   6.1.85-1 | mipsel
linux-image-6.1.0-20-4kc-malta-dbg |   6.1.85-1 | mipsel
linux-image-6.1.0-20-mips32r2el |   6.1.85-1 | mipsel
linux-image-6.1.0-20-mips32r2el-dbg |   6.1.85-1 | mipsel
linux-image-6.1.0-21-4kc-malta |   6.1.90-1 | mipsel
linux-image-6.1.0-21-4kc-malta-dbg |   6.1.90-1 | mipsel
linux-image-6.1.0-21-mips32r2el |   6.1.90-1 | mipsel
linux-image-6.1.0-21-mips32r2el-dbg |   6.1.90-1 | mipsel
loop-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
loop-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
loop-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
loop-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
loop-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
loop-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
loop-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
loop-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
md-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
md-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
md-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
md-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
md-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
md-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
md-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
md-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
minix-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
minix-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
minix-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
minix-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
minix-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
minix-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
minix-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
minix-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
mmc-core-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
mmc-core-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
mmc-core-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
mmc-core-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
mmc-core-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
mmc-core-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
mmc-core-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
mmc-core-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
mmc-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
mmc-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
mmc-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
mmc-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
mmc-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
mmc-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
mmc-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
mmc-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
mouse-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
mouse-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
mouse-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
mouse-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
mouse-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
mouse-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
mouse-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
mouse-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
multipath-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
multipath-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
multipath-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
multipath-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
multipath-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
multipath-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
multipath-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
multipath-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nbd-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nbd-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nbd-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nbd-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nbd-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nbd-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nbd-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nbd-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nfs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nfs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nfs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nfs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nfs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nfs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nfs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nfs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nic-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nic-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nic-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nic-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nic-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nic-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nic-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nic-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nic-shared-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nic-shared-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nic-shared-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nic-shared-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nic-shared-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nic-shared-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nic-shared-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nic-shared-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nic-usb-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nic-usb-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nic-usb-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nic-usb-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nic-usb-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nic-usb-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nic-usb-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nic-usb-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
nic-wireless-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
nic-wireless-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
nic-wireless-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
nic-wireless-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
nic-wireless-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
nic-wireless-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
nic-wireless-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
nic-wireless-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
pata-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
pata-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
pata-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
pata-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
pata-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
pata-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
pata-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
pata-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
ppp-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
ppp-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
ppp-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
ppp-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
ppp-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
ppp-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
ppp-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
ppp-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
sata-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
sata-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
sata-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
sata-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
sata-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
sata-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
sata-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
sata-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
scsi-core-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
scsi-core-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
scsi-core-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
scsi-core-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
scsi-core-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
scsi-core-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
scsi-core-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
scsi-core-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
scsi-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
scsi-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
scsi-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
scsi-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
scsi-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
scsi-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
scsi-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
scsi-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
scsi-nic-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
scsi-nic-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
scsi-nic-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
scsi-nic-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
scsi-nic-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
scsi-nic-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
scsi-nic-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
scsi-nic-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
sound-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
sound-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
sound-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
sound-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
sound-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
sound-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
sound-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
sound-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
speakup-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
speakup-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
speakup-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
speakup-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
speakup-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
speakup-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
speakup-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
speakup-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
squashfs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
squashfs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
squashfs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
squashfs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
squashfs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
squashfs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
squashfs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
squashfs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
udf-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
udf-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
udf-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
udf-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
udf-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
udf-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
udf-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
udf-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
usb-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
usb-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
usb-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
usb-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
usb-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
usb-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
usb-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
usb-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
usb-serial-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
usb-serial-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
usb-serial-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
usb-serial-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
usb-serial-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
usb-serial-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
usb-serial-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
usb-serial-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
usb-storage-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
usb-storage-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
usb-storage-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
usb-storage-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
usb-storage-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
usb-storage-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
usb-storage-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
usb-storage-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel
xfs-modules-6.1.0-15-4kc-malta-di |   6.1.66-1 | mipsel
xfs-modules-6.1.0-15-mips32r2el-di |   6.1.66-1 | mipsel
xfs-modules-6.1.0-19-4kc-malta-di |   6.1.82-1 | mipsel
xfs-modules-6.1.0-19-mips32r2el-di |   6.1.82-1 | mipsel
xfs-modules-6.1.0-20-4kc-malta-di |   6.1.85-1 | mipsel
xfs-modules-6.1.0-20-mips32r2el-di |   6.1.85-1 | mipsel
xfs-modules-6.1.0-21-4kc-malta-di |   6.1.90-1 | mipsel
xfs-modules-6.1.0-21-mips32r2el-di |   6.1.90-1 | mipsel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:17:52 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

ata-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
ata-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
ata-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
ata-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
btrfs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
btrfs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
btrfs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
btrfs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
cdrom-core-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
cdrom-core-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
cdrom-core-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
cdrom-core-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
crc-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
crc-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
crc-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
crc-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
crypto-dm-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
crypto-dm-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
crypto-dm-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
crypto-dm-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
crypto-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
crypto-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
crypto-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
crypto-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
event-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
event-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
event-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
event-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
ext4-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
ext4-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
ext4-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
ext4-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
f2fs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
f2fs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
f2fs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
f2fs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
fancontrol-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
fancontrol-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
fancontrol-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
fancontrol-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
fat-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
fat-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
fat-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
fat-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
fb-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
fb-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
fb-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
fb-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
firewire-core-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
firewire-core-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
firewire-core-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
firewire-core-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
fuse-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
fuse-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
fuse-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
fuse-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
hypervisor-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
hypervisor-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
hypervisor-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
hypervisor-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
i2c-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
i2c-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
i2c-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
i2c-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
input-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
input-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
input-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
input-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
isofs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
isofs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
isofs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
isofs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
jfs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
jfs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
jfs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
jfs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
kernel-image-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
kernel-image-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
kernel-image-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
kernel-image-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
linux-headers-6.1.0-15-powerpc64le |   6.1.66-1 | ppc64el
linux-headers-6.1.0-19-powerpc64le |   6.1.82-1 | ppc64el
linux-headers-6.1.0-20-powerpc64le |   6.1.85-1 | ppc64el
linux-headers-6.1.0-21-powerpc64le |   6.1.90-1 | ppc64el
linux-image-6.1.0-15-powerpc64le |   6.1.66-1 | ppc64el
linux-image-6.1.0-15-powerpc64le-dbg |   6.1.66-1 | ppc64el
linux-image-6.1.0-19-powerpc64le |   6.1.82-1 | ppc64el
linux-image-6.1.0-19-powerpc64le-dbg |   6.1.82-1 | ppc64el
linux-image-6.1.0-20-powerpc64le |   6.1.85-1 | ppc64el
linux-image-6.1.0-20-powerpc64le-dbg |   6.1.85-1 | ppc64el
linux-image-6.1.0-21-powerpc64le |   6.1.90-1 | ppc64el
linux-image-6.1.0-21-powerpc64le-dbg |   6.1.90-1 | ppc64el
loop-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
loop-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
loop-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
loop-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
md-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
md-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
md-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
md-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
mouse-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
mouse-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
mouse-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
mouse-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
mtd-core-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
mtd-core-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
mtd-core-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
mtd-core-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
multipath-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
multipath-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
multipath-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
multipath-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
nbd-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
nbd-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
nbd-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
nbd-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
nic-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
nic-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
nic-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
nic-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
nic-shared-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
nic-shared-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
nic-shared-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
nic-shared-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
nic-usb-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
nic-usb-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
nic-usb-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
nic-usb-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
nic-wireless-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
nic-wireless-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
nic-wireless-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
nic-wireless-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
ppp-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
ppp-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
ppp-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
ppp-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
sata-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
sata-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
sata-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
sata-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
scsi-core-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
scsi-core-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
scsi-core-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
scsi-core-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
scsi-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
scsi-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
scsi-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
scsi-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
scsi-nic-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
scsi-nic-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
scsi-nic-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
scsi-nic-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
serial-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
serial-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
serial-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
serial-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
squashfs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
squashfs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
squashfs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
squashfs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
udf-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
udf-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
udf-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
udf-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
uinput-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
uinput-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
uinput-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
uinput-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
usb-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
usb-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
usb-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
usb-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
usb-serial-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
usb-serial-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
usb-serial-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
usb-serial-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
usb-storage-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
usb-storage-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
usb-storage-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
usb-storage-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el
xfs-modules-6.1.0-15-powerpc64le-di |   6.1.66-1 | ppc64el
xfs-modules-6.1.0-19-powerpc64le-di |   6.1.82-1 | ppc64el
xfs-modules-6.1.0-20-powerpc64le-di |   6.1.85-1 | ppc64el
xfs-modules-6.1.0-21-powerpc64le-di |   6.1.90-1 | ppc64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:18:08 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

linux-headers-6.1.0-15-amd64 |   6.1.66-1 | amd64
linux-headers-6.1.0-15-cloud-amd64 |   6.1.66-1 | amd64
linux-headers-6.1.0-15-rt-amd64 |   6.1.66-1 | amd64
linux-headers-6.1.0-19-amd64 |   6.1.82-1 | amd64
linux-headers-6.1.0-19-cloud-amd64 |   6.1.82-1 | amd64
linux-headers-6.1.0-19-rt-amd64 |   6.1.82-1 | amd64
linux-headers-6.1.0-20-amd64 |   6.1.85-1 | amd64
linux-headers-6.1.0-20-cloud-amd64 |   6.1.85-1 | amd64
linux-headers-6.1.0-20-rt-amd64 |   6.1.85-1 | amd64
linux-headers-6.1.0-21-amd64 |   6.1.90-1 | amd64
linux-headers-6.1.0-21-cloud-amd64 |   6.1.90-1 | amd64
linux-headers-6.1.0-21-rt-amd64 |   6.1.90-1 | amd64
linux-image-6.1.0-15-amd64-dbg |   6.1.66-1 | amd64
linux-image-6.1.0-15-amd64-unsigned |   6.1.66-1 | amd64
linux-image-6.1.0-15-cloud-amd64-dbg |   6.1.66-1 | amd64
linux-image-6.1.0-15-cloud-amd64-unsigned |   6.1.66-1 | amd64
linux-image-6.1.0-15-rt-amd64-dbg |   6.1.66-1 | amd64
linux-image-6.1.0-15-rt-amd64-unsigned |   6.1.66-1 | amd64
linux-image-6.1.0-19-amd64-dbg |   6.1.82-1 | amd64
linux-image-6.1.0-19-amd64-unsigned |   6.1.82-1 | amd64
linux-image-6.1.0-19-cloud-amd64-dbg |   6.1.82-1 | amd64
linux-image-6.1.0-19-cloud-amd64-unsigned |   6.1.82-1 | amd64
linux-image-6.1.0-19-rt-amd64-dbg |   6.1.82-1 | amd64
linux-image-6.1.0-19-rt-amd64-unsigned |   6.1.82-1 | amd64
linux-image-6.1.0-20-amd64-dbg |   6.1.85-1 | amd64
linux-image-6.1.0-20-amd64-unsigned |   6.1.85-1 | amd64
linux-image-6.1.0-20-cloud-amd64-dbg |   6.1.85-1 | amd64
linux-image-6.1.0-20-cloud-amd64-unsigned |   6.1.85-1 | amd64
linux-image-6.1.0-20-rt-amd64-dbg |   6.1.85-1 | amd64
linux-image-6.1.0-20-rt-amd64-unsigned |   6.1.85-1 | amd64
linux-image-6.1.0-21-amd64-dbg |   6.1.90-1 | amd64
linux-image-6.1.0-21-amd64-unsigned |   6.1.90-1 | amd64
linux-image-6.1.0-21-cloud-amd64-dbg |   6.1.90-1 | amd64
linux-image-6.1.0-21-cloud-amd64-unsigned |   6.1.90-1 | amd64
linux-image-6.1.0-21-rt-amd64-dbg |   6.1.90-1 | amd64
linux-image-6.1.0-21-rt-amd64-unsigned |   6.1.90-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:18:18 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

linux-headers-6.1.0-15-arm64 |   6.1.66-1 | arm64
linux-headers-6.1.0-15-cloud-arm64 |   6.1.66-1 | arm64
linux-headers-6.1.0-15-rt-arm64 |   6.1.66-1 | arm64
linux-headers-6.1.0-19-arm64 |   6.1.82-1 | arm64
linux-headers-6.1.0-19-cloud-arm64 |   6.1.82-1 | arm64
linux-headers-6.1.0-19-rt-arm64 |   6.1.82-1 | arm64
linux-headers-6.1.0-20-arm64 |   6.1.85-1 | arm64
linux-headers-6.1.0-20-cloud-arm64 |   6.1.85-1 | arm64
linux-headers-6.1.0-20-rt-arm64 |   6.1.85-1 | arm64
linux-headers-6.1.0-21-arm64 |   6.1.90-1 | arm64
linux-headers-6.1.0-21-cloud-arm64 |   6.1.90-1 | arm64
linux-headers-6.1.0-21-rt-arm64 |   6.1.90-1 | arm64
linux-image-6.1.0-15-arm64-dbg |   6.1.66-1 | arm64
linux-image-6.1.0-15-arm64-unsigned |   6.1.66-1 | arm64
linux-image-6.1.0-15-cloud-arm64-dbg |   6.1.66-1 | arm64
linux-image-6.1.0-15-cloud-arm64-unsigned |   6.1.66-1 | arm64
linux-image-6.1.0-15-rt-arm64-dbg |   6.1.66-1 | arm64
linux-image-6.1.0-15-rt-arm64-unsigned |   6.1.66-1 | arm64
linux-image-6.1.0-19-arm64-dbg |   6.1.82-1 | arm64
linux-image-6.1.0-19-arm64-unsigned |   6.1.82-1 | arm64
linux-image-6.1.0-19-cloud-arm64-dbg |   6.1.82-1 | arm64
linux-image-6.1.0-19-cloud-arm64-unsigned |   6.1.82-1 | arm64
linux-image-6.1.0-19-rt-arm64-dbg |   6.1.82-1 | arm64
linux-image-6.1.0-19-rt-arm64-unsigned |   6.1.82-1 | arm64
linux-image-6.1.0-20-arm64-dbg |   6.1.85-1 | arm64
linux-image-6.1.0-20-arm64-unsigned |   6.1.85-1 | arm64
linux-image-6.1.0-20-cloud-arm64-dbg |   6.1.85-1 | arm64
linux-image-6.1.0-20-cloud-arm64-unsigned |   6.1.85-1 | arm64
linux-image-6.1.0-20-rt-arm64-dbg |   6.1.85-1 | arm64
linux-image-6.1.0-20-rt-arm64-unsigned |   6.1.85-1 | arm64
linux-image-6.1.0-21-arm64-dbg |   6.1.90-1 | arm64
linux-image-6.1.0-21-arm64-unsigned |   6.1.90-1 | arm64
linux-image-6.1.0-21-cloud-arm64-dbg |   6.1.90-1 | arm64
linux-image-6.1.0-21-cloud-arm64-unsigned |   6.1.90-1 | arm64
linux-image-6.1.0-21-rt-arm64-dbg |   6.1.90-1 | arm64
linux-image-6.1.0-21-rt-arm64-unsigned |   6.1.90-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:18:28 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

btrfs-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
btrfs-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
btrfs-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
btrfs-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
cdrom-core-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
cdrom-core-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
cdrom-core-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
cdrom-core-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
crc-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
crc-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
crc-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
crc-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
crypto-dm-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
crypto-dm-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
crypto-dm-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
crypto-dm-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
crypto-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
crypto-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
crypto-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
crypto-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
event-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
event-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
event-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
event-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
ext4-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
ext4-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
ext4-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
ext4-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
f2fs-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
f2fs-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
f2fs-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
f2fs-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
fat-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
fat-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
fat-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
fat-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
fb-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
fb-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
fb-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
fb-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
fuse-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
fuse-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
fuse-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
fuse-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
input-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
input-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
input-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
input-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
ipv6-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
ipv6-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
ipv6-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
ipv6-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
isofs-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
isofs-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
isofs-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
isofs-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
jffs2-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
jffs2-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
jffs2-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
jffs2-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
jfs-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
jfs-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
jfs-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
jfs-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
kernel-image-6.1.0-15-marvell-di |   6.1.66-1 | armel
kernel-image-6.1.0-19-marvell-di |   6.1.82-1 | armel
kernel-image-6.1.0-20-marvell-di |   6.1.85-1 | armel
kernel-image-6.1.0-21-marvell-di |   6.1.90-1 | armel
leds-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
leds-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
leds-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
leds-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
linux-headers-6.1.0-15-marvell |   6.1.66-1 | armel
linux-headers-6.1.0-15-rpi |   6.1.66-1 | armel
linux-headers-6.1.0-19-marvell |   6.1.82-1 | armel
linux-headers-6.1.0-19-rpi |   6.1.82-1 | armel
linux-headers-6.1.0-20-marvell |   6.1.85-1 | armel
linux-headers-6.1.0-20-rpi |   6.1.85-1 | armel
linux-headers-6.1.0-21-marvell |   6.1.90-1 | armel
linux-headers-6.1.0-21-rpi |   6.1.90-1 | armel
linux-image-6.1.0-15-marvell |   6.1.66-1 | armel
linux-image-6.1.0-15-marvell-dbg |   6.1.66-1 | armel
linux-image-6.1.0-15-rpi |   6.1.66-1 | armel
linux-image-6.1.0-15-rpi-dbg |   6.1.66-1 | armel
linux-image-6.1.0-19-marvell |   6.1.82-1 | armel
linux-image-6.1.0-19-marvell-dbg |   6.1.82-1 | armel
linux-image-6.1.0-19-rpi |   6.1.82-1 | armel
linux-image-6.1.0-19-rpi-dbg |   6.1.82-1 | armel
linux-image-6.1.0-20-marvell |   6.1.85-1 | armel
linux-image-6.1.0-20-marvell-dbg |   6.1.85-1 | armel
linux-image-6.1.0-20-rpi |   6.1.85-1 | armel
linux-image-6.1.0-20-rpi-dbg |   6.1.85-1 | armel
linux-image-6.1.0-21-marvell |   6.1.90-1 | armel
linux-image-6.1.0-21-marvell-dbg |   6.1.90-1 | armel
linux-image-6.1.0-21-rpi |   6.1.90-1 | armel
linux-image-6.1.0-21-rpi-dbg |   6.1.90-1 | armel
loop-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
loop-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
loop-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
loop-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
md-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
md-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
md-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
md-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
minix-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
minix-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
minix-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
minix-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
mmc-core-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
mmc-core-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
mmc-core-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
mmc-core-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
mmc-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
mmc-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
mmc-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
mmc-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
mouse-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
mouse-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
mouse-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
mouse-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
mtd-core-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
mtd-core-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
mtd-core-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
mtd-core-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
mtd-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
mtd-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
mtd-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
mtd-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
multipath-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
multipath-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
multipath-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
multipath-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
nbd-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
nbd-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
nbd-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
nbd-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
nic-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
nic-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
nic-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
nic-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
nic-shared-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
nic-shared-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
nic-shared-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
nic-shared-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
nic-usb-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
nic-usb-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
nic-usb-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
nic-usb-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
ppp-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
ppp-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
ppp-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
ppp-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
sata-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
sata-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
sata-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
sata-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
scsi-core-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
scsi-core-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
scsi-core-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
scsi-core-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
squashfs-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
squashfs-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
squashfs-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
squashfs-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
udf-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
udf-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
udf-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
udf-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
uinput-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
uinput-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
uinput-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
uinput-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
usb-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
usb-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
usb-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
usb-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
usb-serial-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
usb-serial-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
usb-serial-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
usb-serial-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel
usb-storage-modules-6.1.0-15-marvell-di |   6.1.66-1 | armel
usb-storage-modules-6.1.0-19-marvell-di |   6.1.82-1 | armel
usb-storage-modules-6.1.0-20-marvell-di |   6.1.85-1 | armel
usb-storage-modules-6.1.0-21-marvell-di |   6.1.90-1 | armel

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:18:39 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

ata-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
ata-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
ata-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
ata-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
btrfs-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
btrfs-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
btrfs-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
btrfs-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
cdrom-core-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
cdrom-core-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
cdrom-core-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
cdrom-core-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
crc-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
crc-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
crc-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
crc-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
crypto-dm-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
crypto-dm-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
crypto-dm-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
crypto-dm-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
crypto-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
crypto-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
crypto-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
crypto-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
efi-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
efi-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
efi-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
efi-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
event-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
event-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
event-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
event-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
ext4-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
ext4-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
ext4-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
ext4-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
f2fs-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
f2fs-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
f2fs-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
f2fs-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
fat-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
fat-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
fat-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
fat-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
fb-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
fb-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
fb-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
fb-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
fuse-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
fuse-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
fuse-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
fuse-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
i2c-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
i2c-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
i2c-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
i2c-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
input-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
input-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
input-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
input-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
isofs-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
isofs-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
isofs-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
isofs-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
jfs-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
jfs-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
jfs-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
jfs-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
kernel-image-6.1.0-15-armmp-di |   6.1.66-1 | armhf
kernel-image-6.1.0-19-armmp-di |   6.1.82-1 | armhf
kernel-image-6.1.0-20-armmp-di |   6.1.85-1 | armhf
kernel-image-6.1.0-21-armmp-di |   6.1.90-1 | armhf
leds-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
leds-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
leds-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
leds-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
linux-headers-6.1.0-15-armmp |   6.1.66-1 | armhf
linux-headers-6.1.0-15-armmp-lpae |   6.1.66-1 | armhf
linux-headers-6.1.0-15-rt-armmp |   6.1.66-1 | armhf
linux-headers-6.1.0-19-armmp |   6.1.82-1 | armhf
linux-headers-6.1.0-19-armmp-lpae |   6.1.82-1 | armhf
linux-headers-6.1.0-19-rt-armmp |   6.1.82-1 | armhf
linux-headers-6.1.0-20-armmp |   6.1.85-1 | armhf
linux-headers-6.1.0-20-armmp-lpae |   6.1.85-1 | armhf
linux-headers-6.1.0-20-rt-armmp |   6.1.85-1 | armhf
linux-headers-6.1.0-21-armmp |   6.1.90-1 | armhf
linux-headers-6.1.0-21-armmp-lpae |   6.1.90-1 | armhf
linux-headers-6.1.0-21-rt-armmp |   6.1.90-1 | armhf
linux-image-6.1.0-15-armmp |   6.1.66-1 | armhf
linux-image-6.1.0-15-armmp-dbg |   6.1.66-1 | armhf
linux-image-6.1.0-15-armmp-lpae |   6.1.66-1 | armhf
linux-image-6.1.0-15-armmp-lpae-dbg |   6.1.66-1 | armhf
linux-image-6.1.0-15-rt-armmp |   6.1.66-1 | armhf
linux-image-6.1.0-15-rt-armmp-dbg |   6.1.66-1 | armhf
linux-image-6.1.0-19-armmp |   6.1.82-1 | armhf
linux-image-6.1.0-19-armmp-dbg |   6.1.82-1 | armhf
linux-image-6.1.0-19-armmp-lpae |   6.1.82-1 | armhf
linux-image-6.1.0-19-armmp-lpae-dbg |   6.1.82-1 | armhf
linux-image-6.1.0-19-rt-armmp |   6.1.82-1 | armhf
linux-image-6.1.0-19-rt-armmp-dbg |   6.1.82-1 | armhf
linux-image-6.1.0-20-armmp |   6.1.85-1 | armhf
linux-image-6.1.0-20-armmp-dbg |   6.1.85-1 | armhf
linux-image-6.1.0-20-armmp-lpae |   6.1.85-1 | armhf
linux-image-6.1.0-20-armmp-lpae-dbg |   6.1.85-1 | armhf
linux-image-6.1.0-20-rt-armmp |   6.1.85-1 | armhf
linux-image-6.1.0-20-rt-armmp-dbg |   6.1.85-1 | armhf
linux-image-6.1.0-21-armmp |   6.1.90-1 | armhf
linux-image-6.1.0-21-armmp-dbg |   6.1.90-1 | armhf
linux-image-6.1.0-21-armmp-lpae |   6.1.90-1 | armhf
linux-image-6.1.0-21-armmp-lpae-dbg |   6.1.90-1 | armhf
linux-image-6.1.0-21-rt-armmp |   6.1.90-1 | armhf
linux-image-6.1.0-21-rt-armmp-dbg |   6.1.90-1 | armhf
loop-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
loop-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
loop-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
loop-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
md-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
md-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
md-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
md-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
mmc-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
mmc-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
mmc-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
mmc-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
mtd-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
mtd-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
mtd-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
mtd-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
multipath-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
multipath-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
multipath-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
multipath-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
nbd-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
nbd-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
nbd-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
nbd-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
nic-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
nic-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
nic-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
nic-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
nic-shared-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
nic-shared-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
nic-shared-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
nic-shared-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
nic-usb-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
nic-usb-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
nic-usb-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
nic-usb-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
nic-wireless-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
nic-wireless-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
nic-wireless-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
nic-wireless-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
pata-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
pata-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
pata-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
pata-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
ppp-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
ppp-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
ppp-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
ppp-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
sata-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
sata-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
sata-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
sata-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
scsi-core-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
scsi-core-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
scsi-core-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
scsi-core-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
scsi-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
scsi-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
scsi-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
scsi-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
scsi-nic-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
scsi-nic-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
scsi-nic-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
scsi-nic-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
sound-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
sound-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
sound-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
sound-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
speakup-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
speakup-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
speakup-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
speakup-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
squashfs-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
squashfs-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
squashfs-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
squashfs-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
udf-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
udf-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
udf-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
udf-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
uinput-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
uinput-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
uinput-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
uinput-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
usb-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
usb-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
usb-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
usb-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
usb-serial-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
usb-serial-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
usb-serial-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
usb-serial-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf
usb-storage-modules-6.1.0-15-armmp-di |   6.1.66-1 | armhf
usb-storage-modules-6.1.0-19-armmp-di |   6.1.82-1 | armhf
usb-storage-modules-6.1.0-20-armmp-di |   6.1.85-1 | armhf
usb-storage-modules-6.1.0-21-armmp-di |   6.1.90-1 | armhf

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:18:49 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

linux-headers-6.1.0-15-686 |   6.1.66-1 | i386
linux-headers-6.1.0-15-686-pae |   6.1.66-1 | i386
linux-headers-6.1.0-15-rt-686-pae |   6.1.66-1 | i386
linux-headers-6.1.0-19-686 |   6.1.82-1 | i386
linux-headers-6.1.0-19-686-pae |   6.1.82-1 | i386
linux-headers-6.1.0-19-rt-686-pae |   6.1.82-1 | i386
linux-headers-6.1.0-20-686 |   6.1.85-1 | i386
linux-headers-6.1.0-20-686-pae |   6.1.85-1 | i386
linux-headers-6.1.0-20-rt-686-pae |   6.1.85-1 | i386
linux-headers-6.1.0-21-686 |   6.1.90-1 | i386
linux-headers-6.1.0-21-686-pae |   6.1.90-1 | i386
linux-headers-6.1.0-21-rt-686-pae |   6.1.90-1 | i386
linux-image-6.1.0-15-686-dbg |   6.1.66-1 | i386
linux-image-6.1.0-15-686-pae-dbg |   6.1.66-1 | i386
linux-image-6.1.0-15-686-pae-unsigned |   6.1.66-1 | i386
linux-image-6.1.0-15-686-unsigned |   6.1.66-1 | i386
linux-image-6.1.0-15-rt-686-pae-dbg |   6.1.66-1 | i386
linux-image-6.1.0-15-rt-686-pae-unsigned |   6.1.66-1 | i386
linux-image-6.1.0-19-686-dbg |   6.1.82-1 | i386
linux-image-6.1.0-19-686-pae-dbg |   6.1.82-1 | i386
linux-image-6.1.0-19-686-pae-unsigned |   6.1.82-1 | i386
linux-image-6.1.0-19-686-unsigned |   6.1.82-1 | i386
linux-image-6.1.0-19-rt-686-pae-dbg |   6.1.82-1 | i386
linux-image-6.1.0-19-rt-686-pae-unsigned |   6.1.82-1 | i386
linux-image-6.1.0-20-686-dbg |   6.1.85-1 | i386
linux-image-6.1.0-20-686-pae-dbg |   6.1.85-1 | i386
linux-image-6.1.0-20-686-pae-unsigned |   6.1.85-1 | i386
linux-image-6.1.0-20-686-unsigned |   6.1.85-1 | i386
linux-image-6.1.0-20-rt-686-pae-dbg |   6.1.85-1 | i386
linux-image-6.1.0-20-rt-686-pae-unsigned |   6.1.85-1 | i386
linux-image-6.1.0-21-686-dbg |   6.1.90-1 | i386
linux-image-6.1.0-21-686-pae-dbg |   6.1.90-1 | i386
linux-image-6.1.0-21-686-pae-unsigned |   6.1.90-1 | i386
linux-image-6.1.0-21-686-unsigned |   6.1.90-1 | i386
linux-image-6.1.0-21-rt-686-pae-dbg |   6.1.90-1 | i386
linux-image-6.1.0-21-rt-686-pae-unsigned |   6.1.90-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:19:04 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

affs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
affs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
affs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
affs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
affs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
affs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
affs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
affs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
ata-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
ata-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
ata-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
ata-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
ata-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
ata-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
ata-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
ata-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
btrfs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
btrfs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
btrfs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
btrfs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
btrfs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
btrfs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
btrfs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
btrfs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
cdrom-core-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
cdrom-core-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
cdrom-core-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
cdrom-core-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
cdrom-core-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
cdrom-core-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
cdrom-core-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
cdrom-core-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
crc-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
crc-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
crc-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
crc-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
crc-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
crc-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
crc-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
crc-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
crypto-dm-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
crypto-dm-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
crypto-dm-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
crypto-dm-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
crypto-dm-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
crypto-dm-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
crypto-dm-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
crypto-dm-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
crypto-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
crypto-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
crypto-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
crypto-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
crypto-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
crypto-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
crypto-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
crypto-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
event-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
event-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
event-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
event-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
event-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
event-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
event-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
event-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
ext4-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
ext4-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
ext4-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
ext4-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
ext4-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
ext4-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
ext4-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
ext4-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
f2fs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
f2fs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
f2fs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
f2fs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
f2fs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
f2fs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
f2fs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
f2fs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
fat-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
fat-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
fat-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
fat-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
fat-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
fat-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
fat-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
fat-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
fb-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
fb-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
fb-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
fb-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
fb-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
fb-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
fb-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
fb-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
firewire-core-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
firewire-core-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
firewire-core-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
firewire-core-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
firewire-core-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
firewire-core-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
firewire-core-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
firewire-core-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
fuse-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
fuse-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
fuse-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
fuse-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
fuse-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
fuse-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
fuse-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
fuse-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
input-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
input-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
input-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
input-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
input-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
input-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
input-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
input-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
isofs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
isofs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
isofs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
isofs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
isofs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
isofs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
isofs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
isofs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
jfs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
jfs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
jfs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
jfs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
jfs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
jfs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
jfs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
jfs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
kernel-image-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
kernel-image-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
kernel-image-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
kernel-image-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
kernel-image-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
kernel-image-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
kernel-image-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
kernel-image-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
linux-headers-6.1.0-15-5kc-malta |   6.1.66-1 | mips64el
linux-headers-6.1.0-15-mips64r2el |   6.1.66-1 | mips64el
linux-headers-6.1.0-19-5kc-malta |   6.1.82-1 | mips64el
linux-headers-6.1.0-19-mips64r2el |   6.1.82-1 | mips64el
linux-headers-6.1.0-20-5kc-malta |   6.1.85-1 | mips64el
linux-headers-6.1.0-20-mips64r2el |   6.1.85-1 | mips64el
linux-headers-6.1.0-21-5kc-malta |   6.1.90-1 | mips64el
linux-headers-6.1.0-21-mips64r2el |   6.1.90-1 | mips64el
linux-image-6.1.0-15-5kc-malta |   6.1.66-1 | mips64el
linux-image-6.1.0-15-5kc-malta-dbg |   6.1.66-1 | mips64el
linux-image-6.1.0-15-mips64r2el |   6.1.66-1 | mips64el
linux-image-6.1.0-15-mips64r2el-dbg |   6.1.66-1 | mips64el
linux-image-6.1.0-19-5kc-malta |   6.1.82-1 | mips64el
linux-image-6.1.0-19-5kc-malta-dbg |   6.1.82-1 | mips64el
linux-image-6.1.0-19-mips64r2el |   6.1.82-1 | mips64el
linux-image-6.1.0-19-mips64r2el-dbg |   6.1.82-1 | mips64el
linux-image-6.1.0-20-5kc-malta |   6.1.85-1 | mips64el
linux-image-6.1.0-20-5kc-malta-dbg |   6.1.85-1 | mips64el
linux-image-6.1.0-20-mips64r2el |   6.1.85-1 | mips64el
linux-image-6.1.0-20-mips64r2el-dbg |   6.1.85-1 | mips64el
linux-image-6.1.0-21-5kc-malta |   6.1.90-1 | mips64el
linux-image-6.1.0-21-5kc-malta-dbg |   6.1.90-1 | mips64el
linux-image-6.1.0-21-mips64r2el |   6.1.90-1 | mips64el
linux-image-6.1.0-21-mips64r2el-dbg |   6.1.90-1 | mips64el
loop-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
loop-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
loop-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
loop-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
loop-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
loop-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
loop-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
loop-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
md-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
md-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
md-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
md-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
md-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
md-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
md-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
md-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
minix-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
minix-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
minix-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
minix-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
minix-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
minix-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
minix-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
minix-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
mmc-core-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
mmc-core-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
mmc-core-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
mmc-core-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
mmc-core-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
mmc-core-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
mmc-core-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
mmc-core-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
mmc-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
mmc-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
mmc-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
mmc-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
mmc-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
mmc-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
mmc-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
mmc-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
mouse-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
mouse-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
mouse-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
mouse-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
mouse-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
mouse-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
mouse-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
mouse-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
multipath-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
multipath-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
multipath-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
multipath-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
multipath-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
multipath-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
multipath-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
multipath-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nbd-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nbd-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nbd-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nbd-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nbd-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nbd-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nbd-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nbd-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nfs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nfs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nfs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nfs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nfs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nfs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nfs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nfs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nic-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nic-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nic-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nic-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nic-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nic-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nic-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nic-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nic-shared-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nic-shared-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nic-shared-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nic-shared-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nic-shared-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nic-shared-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nic-shared-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nic-shared-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nic-usb-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nic-usb-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nic-usb-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nic-usb-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nic-usb-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nic-usb-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nic-usb-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nic-usb-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
nic-wireless-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
nic-wireless-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
nic-wireless-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
nic-wireless-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
nic-wireless-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
nic-wireless-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
nic-wireless-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
nic-wireless-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
pata-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
pata-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
pata-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
pata-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
pata-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
pata-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
pata-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
pata-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
ppp-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
ppp-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
ppp-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
ppp-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
ppp-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
ppp-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
ppp-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
ppp-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
sata-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
sata-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
sata-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
sata-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
sata-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
sata-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
sata-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
sata-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
scsi-core-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
scsi-core-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
scsi-core-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
scsi-core-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
scsi-core-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
scsi-core-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
scsi-core-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
scsi-core-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
scsi-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
scsi-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
scsi-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
scsi-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
scsi-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
scsi-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
scsi-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
scsi-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
scsi-nic-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
scsi-nic-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
scsi-nic-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
scsi-nic-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
scsi-nic-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
scsi-nic-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
scsi-nic-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
scsi-nic-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
sound-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
sound-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
sound-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
sound-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
sound-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
sound-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
sound-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
sound-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
speakup-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
speakup-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
speakup-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
speakup-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
speakup-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
speakup-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
speakup-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
speakup-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
squashfs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
squashfs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
squashfs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
squashfs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
squashfs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
squashfs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
squashfs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
squashfs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
udf-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
udf-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
udf-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
udf-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
udf-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
udf-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
udf-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
udf-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
usb-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
usb-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
usb-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
usb-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
usb-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
usb-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
usb-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
usb-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
usb-serial-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
usb-serial-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
usb-serial-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
usb-serial-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
usb-serial-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
usb-serial-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
usb-serial-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
usb-serial-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
usb-storage-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
usb-storage-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
usb-storage-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
usb-storage-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
usb-storage-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
usb-storage-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
usb-storage-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
usb-storage-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el
xfs-modules-6.1.0-15-5kc-malta-di |   6.1.66-1 | mips64el
xfs-modules-6.1.0-15-mips64r2el-di |   6.1.66-1 | mips64el
xfs-modules-6.1.0-19-5kc-malta-di |   6.1.82-1 | mips64el
xfs-modules-6.1.0-19-mips64r2el-di |   6.1.82-1 | mips64el
xfs-modules-6.1.0-20-5kc-malta-di |   6.1.85-1 | mips64el
xfs-modules-6.1.0-20-mips64r2el-di |   6.1.85-1 | mips64el
xfs-modules-6.1.0-21-5kc-malta-di |   6.1.90-1 | mips64el
xfs-modules-6.1.0-21-mips64r2el-di |   6.1.90-1 | mips64el

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:19:40 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

acpi-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
acpi-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
acpi-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
acpi-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
ata-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
ata-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
ata-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
ata-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
btrfs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
btrfs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
btrfs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
btrfs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
cdrom-core-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
cdrom-core-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
cdrom-core-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
cdrom-core-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
crc-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
crc-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
crc-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
crc-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
crypto-dm-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
crypto-dm-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
crypto-dm-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
crypto-dm-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
crypto-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
crypto-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
crypto-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
crypto-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
efi-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
efi-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
efi-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
efi-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
event-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
event-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
event-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
event-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
ext4-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
ext4-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
ext4-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
ext4-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
f2fs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
f2fs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
f2fs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
f2fs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
fat-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
fat-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
fat-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
fat-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
fb-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
fb-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
fb-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
fb-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
firewire-core-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
firewire-core-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
firewire-core-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
firewire-core-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
fuse-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
fuse-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
fuse-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
fuse-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
i2c-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
i2c-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
i2c-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
i2c-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
input-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
input-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
input-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
input-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
isofs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
isofs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
isofs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
isofs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
jfs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
jfs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
jfs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
jfs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
kernel-image-6.1.0-15-amd64-di |   6.1.66-1 | amd64
kernel-image-6.1.0-19-amd64-di |   6.1.82-1 | amd64
kernel-image-6.1.0-20-amd64-di |   6.1.85-1 | amd64
kernel-image-6.1.0-21-amd64-di |   6.1.90-1 | amd64
linux-image-6.1.0-15-amd64 |   6.1.66-1 | amd64
linux-image-6.1.0-15-cloud-amd64 |   6.1.66-1 | amd64
linux-image-6.1.0-15-rt-amd64 |   6.1.66-1 | amd64
linux-image-6.1.0-19-amd64 |   6.1.82-1 | amd64
linux-image-6.1.0-19-cloud-amd64 |   6.1.82-1 | amd64
linux-image-6.1.0-19-rt-amd64 |   6.1.82-1 | amd64
linux-image-6.1.0-20-amd64 |   6.1.85-1 | amd64
linux-image-6.1.0-20-cloud-amd64 |   6.1.85-1 | amd64
linux-image-6.1.0-20-rt-amd64 |   6.1.85-1 | amd64
linux-image-6.1.0-21-amd64 |   6.1.90-1 | amd64
linux-image-6.1.0-21-cloud-amd64 |   6.1.90-1 | amd64
linux-image-6.1.0-21-rt-amd64 |   6.1.90-1 | amd64
loop-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
loop-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
loop-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
loop-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
md-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
md-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
md-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
md-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
mmc-core-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
mmc-core-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
mmc-core-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
mmc-core-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
mmc-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
mmc-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
mmc-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
mmc-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
mouse-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
mouse-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
mouse-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
mouse-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
mtd-core-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
mtd-core-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
mtd-core-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
mtd-core-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
multipath-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
multipath-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
multipath-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
multipath-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nbd-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nbd-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nbd-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nbd-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nic-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nic-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nic-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nic-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nic-pcmcia-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nic-pcmcia-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nic-pcmcia-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nic-pcmcia-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nic-shared-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nic-shared-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nic-shared-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nic-shared-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nic-usb-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nic-usb-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nic-usb-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nic-usb-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
nic-wireless-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
nic-wireless-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
nic-wireless-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
nic-wireless-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
pata-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
pata-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
pata-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
pata-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
pcmcia-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
pcmcia-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
pcmcia-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
pcmcia-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
pcmcia-storage-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
pcmcia-storage-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
pcmcia-storage-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
pcmcia-storage-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
ppp-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
ppp-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
ppp-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
ppp-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
rfkill-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
rfkill-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
rfkill-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
rfkill-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
sata-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
sata-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
sata-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
sata-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
scsi-core-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
scsi-core-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
scsi-core-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
scsi-core-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
scsi-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
scsi-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
scsi-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
scsi-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
scsi-nic-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
scsi-nic-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
scsi-nic-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
scsi-nic-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
serial-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
serial-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
serial-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
serial-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
sound-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
sound-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
sound-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
sound-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
speakup-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
speakup-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
speakup-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
speakup-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
squashfs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
squashfs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
squashfs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
squashfs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
udf-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
udf-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
udf-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
udf-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
uinput-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
uinput-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
uinput-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
uinput-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
usb-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
usb-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
usb-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
usb-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
usb-serial-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
usb-serial-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
usb-serial-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
usb-serial-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
usb-storage-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
usb-storage-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
usb-storage-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
usb-storage-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64
xfs-modules-6.1.0-15-amd64-di |   6.1.66-1 | amd64
xfs-modules-6.1.0-19-amd64-di |   6.1.82-1 | amd64
xfs-modules-6.1.0-20-amd64-di |   6.1.85-1 | amd64
xfs-modules-6.1.0-21-amd64-di |   6.1.90-1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-amd64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:19:55 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

ata-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
ata-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
ata-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
ata-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
btrfs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
btrfs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
btrfs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
btrfs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
cdrom-core-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
cdrom-core-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
cdrom-core-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
cdrom-core-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
crc-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
crc-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
crc-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
crc-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
crypto-dm-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
crypto-dm-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
crypto-dm-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
crypto-dm-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
crypto-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
crypto-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
crypto-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
crypto-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
efi-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
efi-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
efi-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
efi-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
event-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
event-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
event-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
event-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
ext4-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
ext4-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
ext4-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
ext4-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
f2fs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
f2fs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
f2fs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
f2fs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
fat-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
fat-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
fat-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
fat-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
fb-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
fb-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
fb-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
fb-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
fuse-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
fuse-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
fuse-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
fuse-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
i2c-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
i2c-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
i2c-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
i2c-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
input-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
input-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
input-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
input-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
isofs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
isofs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
isofs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
isofs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
jfs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
jfs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
jfs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
jfs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
kernel-image-6.1.0-15-arm64-di |   6.1.66-1 | arm64
kernel-image-6.1.0-19-arm64-di |   6.1.82-1 | arm64
kernel-image-6.1.0-20-arm64-di |   6.1.85-1 | arm64
kernel-image-6.1.0-21-arm64-di |   6.1.90-1 | arm64
leds-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
leds-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
leds-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
leds-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
linux-image-6.1.0-15-arm64 |   6.1.66-1 | arm64
linux-image-6.1.0-15-cloud-arm64 |   6.1.66-1 | arm64
linux-image-6.1.0-15-rt-arm64 |   6.1.66-1 | arm64
linux-image-6.1.0-19-arm64 |   6.1.82-1 | arm64
linux-image-6.1.0-19-cloud-arm64 |   6.1.82-1 | arm64
linux-image-6.1.0-19-rt-arm64 |   6.1.82-1 | arm64
linux-image-6.1.0-20-arm64 |   6.1.85-1 | arm64
linux-image-6.1.0-20-cloud-arm64 |   6.1.85-1 | arm64
linux-image-6.1.0-20-rt-arm64 |   6.1.85-1 | arm64
linux-image-6.1.0-21-arm64 |   6.1.90-1 | arm64
linux-image-6.1.0-21-cloud-arm64 |   6.1.90-1 | arm64
linux-image-6.1.0-21-rt-arm64 |   6.1.90-1 | arm64
loop-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
loop-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
loop-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
loop-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
md-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
md-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
md-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
md-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
mmc-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
mmc-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
mmc-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
mmc-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
mtd-core-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
mtd-core-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
mtd-core-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
mtd-core-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
multipath-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
multipath-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
multipath-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
multipath-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
nbd-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
nbd-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
nbd-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
nbd-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
nic-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
nic-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
nic-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
nic-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
nic-shared-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
nic-shared-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
nic-shared-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
nic-shared-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
nic-usb-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
nic-usb-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
nic-usb-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
nic-usb-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
nic-wireless-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
nic-wireless-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
nic-wireless-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
nic-wireless-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
ppp-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
ppp-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
ppp-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
ppp-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
sata-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
sata-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
sata-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
sata-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
scsi-core-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
scsi-core-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
scsi-core-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
scsi-core-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
scsi-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
scsi-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
scsi-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
scsi-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
scsi-nic-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
scsi-nic-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
scsi-nic-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
scsi-nic-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
sound-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
sound-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
sound-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
sound-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
speakup-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
speakup-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
speakup-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
speakup-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
squashfs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
squashfs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
squashfs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
squashfs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
udf-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
udf-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
udf-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
udf-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
uinput-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
uinput-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
uinput-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
uinput-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
usb-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
usb-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
usb-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
usb-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
usb-serial-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
usb-serial-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
usb-serial-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
usb-serial-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
usb-storage-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
usb-storage-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
usb-storage-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
usb-storage-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64
xfs-modules-6.1.0-15-arm64-di |   6.1.66-1 | arm64
xfs-modules-6.1.0-19-arm64-di |   6.1.82-1 | arm64
xfs-modules-6.1.0-20-arm64-di |   6.1.85-1 | arm64
xfs-modules-6.1.0-21-arm64-di |   6.1.90-1 | arm64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-arm64)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:20:09 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

acpi-modules-6.1.0-15-686-di |   6.1.66-1 | i386
acpi-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
acpi-modules-6.1.0-19-686-di |   6.1.82-1 | i386
acpi-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
acpi-modules-6.1.0-20-686-di |   6.1.85-1 | i386
acpi-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
acpi-modules-6.1.0-21-686-di |   6.1.90-1 | i386
acpi-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
ata-modules-6.1.0-15-686-di |   6.1.66-1 | i386
ata-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
ata-modules-6.1.0-19-686-di |   6.1.82-1 | i386
ata-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
ata-modules-6.1.0-20-686-di |   6.1.85-1 | i386
ata-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
ata-modules-6.1.0-21-686-di |   6.1.90-1 | i386
ata-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
btrfs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
btrfs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
btrfs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
btrfs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
btrfs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
btrfs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
btrfs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
btrfs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
cdrom-core-modules-6.1.0-15-686-di |   6.1.66-1 | i386
cdrom-core-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
cdrom-core-modules-6.1.0-19-686-di |   6.1.82-1 | i386
cdrom-core-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
cdrom-core-modules-6.1.0-20-686-di |   6.1.85-1 | i386
cdrom-core-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
cdrom-core-modules-6.1.0-21-686-di |   6.1.90-1 | i386
cdrom-core-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
crc-modules-6.1.0-15-686-di |   6.1.66-1 | i386
crc-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
crc-modules-6.1.0-19-686-di |   6.1.82-1 | i386
crc-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
crc-modules-6.1.0-20-686-di |   6.1.85-1 | i386
crc-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
crc-modules-6.1.0-21-686-di |   6.1.90-1 | i386
crc-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
crypto-dm-modules-6.1.0-15-686-di |   6.1.66-1 | i386
crypto-dm-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
crypto-dm-modules-6.1.0-19-686-di |   6.1.82-1 | i386
crypto-dm-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
crypto-dm-modules-6.1.0-20-686-di |   6.1.85-1 | i386
crypto-dm-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
crypto-dm-modules-6.1.0-21-686-di |   6.1.90-1 | i386
crypto-dm-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
crypto-modules-6.1.0-15-686-di |   6.1.66-1 | i386
crypto-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
crypto-modules-6.1.0-19-686-di |   6.1.82-1 | i386
crypto-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
crypto-modules-6.1.0-20-686-di |   6.1.85-1 | i386
crypto-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
crypto-modules-6.1.0-21-686-di |   6.1.90-1 | i386
crypto-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
efi-modules-6.1.0-15-686-di |   6.1.66-1 | i386
efi-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
efi-modules-6.1.0-19-686-di |   6.1.82-1 | i386
efi-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
efi-modules-6.1.0-20-686-di |   6.1.85-1 | i386
efi-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
efi-modules-6.1.0-21-686-di |   6.1.90-1 | i386
efi-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
event-modules-6.1.0-15-686-di |   6.1.66-1 | i386
event-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
event-modules-6.1.0-19-686-di |   6.1.82-1 | i386
event-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
event-modules-6.1.0-20-686-di |   6.1.85-1 | i386
event-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
event-modules-6.1.0-21-686-di |   6.1.90-1 | i386
event-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
ext4-modules-6.1.0-15-686-di |   6.1.66-1 | i386
ext4-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
ext4-modules-6.1.0-19-686-di |   6.1.82-1 | i386
ext4-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
ext4-modules-6.1.0-20-686-di |   6.1.85-1 | i386
ext4-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
ext4-modules-6.1.0-21-686-di |   6.1.90-1 | i386
ext4-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
f2fs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
f2fs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
f2fs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
f2fs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
f2fs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
f2fs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
f2fs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
f2fs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
fat-modules-6.1.0-15-686-di |   6.1.66-1 | i386
fat-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
fat-modules-6.1.0-19-686-di |   6.1.82-1 | i386
fat-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
fat-modules-6.1.0-20-686-di |   6.1.85-1 | i386
fat-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
fat-modules-6.1.0-21-686-di |   6.1.90-1 | i386
fat-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
fb-modules-6.1.0-15-686-di |   6.1.66-1 | i386
fb-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
fb-modules-6.1.0-19-686-di |   6.1.82-1 | i386
fb-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
fb-modules-6.1.0-20-686-di |   6.1.85-1 | i386
fb-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
fb-modules-6.1.0-21-686-di |   6.1.90-1 | i386
fb-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
firewire-core-modules-6.1.0-15-686-di |   6.1.66-1 | i386
firewire-core-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
firewire-core-modules-6.1.0-19-686-di |   6.1.82-1 | i386
firewire-core-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
firewire-core-modules-6.1.0-20-686-di |   6.1.85-1 | i386
firewire-core-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
firewire-core-modules-6.1.0-21-686-di |   6.1.90-1 | i386
firewire-core-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
fuse-modules-6.1.0-15-686-di |   6.1.66-1 | i386
fuse-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
fuse-modules-6.1.0-19-686-di |   6.1.82-1 | i386
fuse-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
fuse-modules-6.1.0-20-686-di |   6.1.85-1 | i386
fuse-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
fuse-modules-6.1.0-21-686-di |   6.1.90-1 | i386
fuse-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
i2c-modules-6.1.0-15-686-di |   6.1.66-1 | i386
i2c-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
i2c-modules-6.1.0-19-686-di |   6.1.82-1 | i386
i2c-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
i2c-modules-6.1.0-20-686-di |   6.1.85-1 | i386
i2c-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
i2c-modules-6.1.0-21-686-di |   6.1.90-1 | i386
i2c-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
input-modules-6.1.0-15-686-di |   6.1.66-1 | i386
input-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
input-modules-6.1.0-19-686-di |   6.1.82-1 | i386
input-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
input-modules-6.1.0-20-686-di |   6.1.85-1 | i386
input-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
input-modules-6.1.0-21-686-di |   6.1.90-1 | i386
input-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
isofs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
isofs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
isofs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
isofs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
isofs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
isofs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
isofs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
isofs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
jfs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
jfs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
jfs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
jfs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
jfs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
jfs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
jfs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
jfs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
kernel-image-6.1.0-15-686-di |   6.1.66-1 | i386
kernel-image-6.1.0-15-686-pae-di |   6.1.66-1 | i386
kernel-image-6.1.0-19-686-di |   6.1.82-1 | i386
kernel-image-6.1.0-19-686-pae-di |   6.1.82-1 | i386
kernel-image-6.1.0-20-686-di |   6.1.85-1 | i386
kernel-image-6.1.0-20-686-pae-di |   6.1.85-1 | i386
kernel-image-6.1.0-21-686-di |   6.1.90-1 | i386
kernel-image-6.1.0-21-686-pae-di |   6.1.90-1 | i386
linux-image-6.1.0-15-686 |   6.1.66-1 | i386
linux-image-6.1.0-15-686-pae |   6.1.66-1 | i386
linux-image-6.1.0-15-rt-686-pae |   6.1.66-1 | i386
linux-image-6.1.0-19-686 |   6.1.82-1 | i386
linux-image-6.1.0-19-686-pae |   6.1.82-1 | i386
linux-image-6.1.0-19-rt-686-pae |   6.1.82-1 | i386
linux-image-6.1.0-20-686 |   6.1.85-1 | i386
linux-image-6.1.0-20-686-pae |   6.1.85-1 | i386
linux-image-6.1.0-20-rt-686-pae |   6.1.85-1 | i386
linux-image-6.1.0-21-686 |   6.1.90-1 | i386
linux-image-6.1.0-21-686-pae |   6.1.90-1 | i386
linux-image-6.1.0-21-rt-686-pae |   6.1.90-1 | i386
loop-modules-6.1.0-15-686-di |   6.1.66-1 | i386
loop-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
loop-modules-6.1.0-19-686-di |   6.1.82-1 | i386
loop-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
loop-modules-6.1.0-20-686-di |   6.1.85-1 | i386
loop-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
loop-modules-6.1.0-21-686-di |   6.1.90-1 | i386
loop-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
md-modules-6.1.0-15-686-di |   6.1.66-1 | i386
md-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
md-modules-6.1.0-19-686-di |   6.1.82-1 | i386
md-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
md-modules-6.1.0-20-686-di |   6.1.85-1 | i386
md-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
md-modules-6.1.0-21-686-di |   6.1.90-1 | i386
md-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
mmc-core-modules-6.1.0-15-686-di |   6.1.66-1 | i386
mmc-core-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
mmc-core-modules-6.1.0-19-686-di |   6.1.82-1 | i386
mmc-core-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
mmc-core-modules-6.1.0-20-686-di |   6.1.85-1 | i386
mmc-core-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
mmc-core-modules-6.1.0-21-686-di |   6.1.90-1 | i386
mmc-core-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
mmc-modules-6.1.0-15-686-di |   6.1.66-1 | i386
mmc-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
mmc-modules-6.1.0-19-686-di |   6.1.82-1 | i386
mmc-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
mmc-modules-6.1.0-20-686-di |   6.1.85-1 | i386
mmc-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
mmc-modules-6.1.0-21-686-di |   6.1.90-1 | i386
mmc-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
mouse-modules-6.1.0-15-686-di |   6.1.66-1 | i386
mouse-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
mouse-modules-6.1.0-19-686-di |   6.1.82-1 | i386
mouse-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
mouse-modules-6.1.0-20-686-di |   6.1.85-1 | i386
mouse-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
mouse-modules-6.1.0-21-686-di |   6.1.90-1 | i386
mouse-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
mtd-core-modules-6.1.0-15-686-di |   6.1.66-1 | i386
mtd-core-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
mtd-core-modules-6.1.0-19-686-di |   6.1.82-1 | i386
mtd-core-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
mtd-core-modules-6.1.0-20-686-di |   6.1.85-1 | i386
mtd-core-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
mtd-core-modules-6.1.0-21-686-di |   6.1.90-1 | i386
mtd-core-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
multipath-modules-6.1.0-15-686-di |   6.1.66-1 | i386
multipath-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
multipath-modules-6.1.0-19-686-di |   6.1.82-1 | i386
multipath-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
multipath-modules-6.1.0-20-686-di |   6.1.85-1 | i386
multipath-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
multipath-modules-6.1.0-21-686-di |   6.1.90-1 | i386
multipath-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nbd-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nbd-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nbd-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nbd-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nbd-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nbd-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nbd-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nbd-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nic-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nic-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nic-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nic-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nic-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nic-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nic-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nic-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nic-pcmcia-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nic-pcmcia-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nic-pcmcia-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nic-pcmcia-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nic-pcmcia-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nic-pcmcia-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nic-pcmcia-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nic-pcmcia-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nic-shared-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nic-shared-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nic-shared-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nic-shared-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nic-shared-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nic-shared-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nic-shared-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nic-shared-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nic-usb-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nic-usb-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nic-usb-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nic-usb-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nic-usb-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nic-usb-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nic-usb-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nic-usb-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
nic-wireless-modules-6.1.0-15-686-di |   6.1.66-1 | i386
nic-wireless-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
nic-wireless-modules-6.1.0-19-686-di |   6.1.82-1 | i386
nic-wireless-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
nic-wireless-modules-6.1.0-20-686-di |   6.1.85-1 | i386
nic-wireless-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
nic-wireless-modules-6.1.0-21-686-di |   6.1.90-1 | i386
nic-wireless-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
pata-modules-6.1.0-15-686-di |   6.1.66-1 | i386
pata-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
pata-modules-6.1.0-19-686-di |   6.1.82-1 | i386
pata-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
pata-modules-6.1.0-20-686-di |   6.1.85-1 | i386
pata-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
pata-modules-6.1.0-21-686-di |   6.1.90-1 | i386
pata-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
pcmcia-modules-6.1.0-15-686-di |   6.1.66-1 | i386
pcmcia-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
pcmcia-modules-6.1.0-19-686-di |   6.1.82-1 | i386
pcmcia-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
pcmcia-modules-6.1.0-20-686-di |   6.1.85-1 | i386
pcmcia-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
pcmcia-modules-6.1.0-21-686-di |   6.1.90-1 | i386
pcmcia-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
pcmcia-storage-modules-6.1.0-15-686-di |   6.1.66-1 | i386
pcmcia-storage-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
pcmcia-storage-modules-6.1.0-19-686-di |   6.1.82-1 | i386
pcmcia-storage-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
pcmcia-storage-modules-6.1.0-20-686-di |   6.1.85-1 | i386
pcmcia-storage-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
pcmcia-storage-modules-6.1.0-21-686-di |   6.1.90-1 | i386
pcmcia-storage-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
ppp-modules-6.1.0-15-686-di |   6.1.66-1 | i386
ppp-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
ppp-modules-6.1.0-19-686-di |   6.1.82-1 | i386
ppp-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
ppp-modules-6.1.0-20-686-di |   6.1.85-1 | i386
ppp-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
ppp-modules-6.1.0-21-686-di |   6.1.90-1 | i386
ppp-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
rfkill-modules-6.1.0-15-686-di |   6.1.66-1 | i386
rfkill-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
rfkill-modules-6.1.0-19-686-di |   6.1.82-1 | i386
rfkill-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
rfkill-modules-6.1.0-20-686-di |   6.1.85-1 | i386
rfkill-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
rfkill-modules-6.1.0-21-686-di |   6.1.90-1 | i386
rfkill-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
sata-modules-6.1.0-15-686-di |   6.1.66-1 | i386
sata-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
sata-modules-6.1.0-19-686-di |   6.1.82-1 | i386
sata-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
sata-modules-6.1.0-20-686-di |   6.1.85-1 | i386
sata-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
sata-modules-6.1.0-21-686-di |   6.1.90-1 | i386
sata-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
scsi-core-modules-6.1.0-15-686-di |   6.1.66-1 | i386
scsi-core-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
scsi-core-modules-6.1.0-19-686-di |   6.1.82-1 | i386
scsi-core-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
scsi-core-modules-6.1.0-20-686-di |   6.1.85-1 | i386
scsi-core-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
scsi-core-modules-6.1.0-21-686-di |   6.1.90-1 | i386
scsi-core-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
scsi-modules-6.1.0-15-686-di |   6.1.66-1 | i386
scsi-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
scsi-modules-6.1.0-19-686-di |   6.1.82-1 | i386
scsi-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
scsi-modules-6.1.0-20-686-di |   6.1.85-1 | i386
scsi-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
scsi-modules-6.1.0-21-686-di |   6.1.90-1 | i386
scsi-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
scsi-nic-modules-6.1.0-15-686-di |   6.1.66-1 | i386
scsi-nic-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
scsi-nic-modules-6.1.0-19-686-di |   6.1.82-1 | i386
scsi-nic-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
scsi-nic-modules-6.1.0-20-686-di |   6.1.85-1 | i386
scsi-nic-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
scsi-nic-modules-6.1.0-21-686-di |   6.1.90-1 | i386
scsi-nic-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
serial-modules-6.1.0-15-686-di |   6.1.66-1 | i386
serial-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
serial-modules-6.1.0-19-686-di |   6.1.82-1 | i386
serial-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
serial-modules-6.1.0-20-686-di |   6.1.85-1 | i386
serial-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
serial-modules-6.1.0-21-686-di |   6.1.90-1 | i386
serial-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
sound-modules-6.1.0-15-686-di |   6.1.66-1 | i386
sound-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
sound-modules-6.1.0-19-686-di |   6.1.82-1 | i386
sound-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
sound-modules-6.1.0-20-686-di |   6.1.85-1 | i386
sound-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
sound-modules-6.1.0-21-686-di |   6.1.90-1 | i386
sound-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
speakup-modules-6.1.0-15-686-di |   6.1.66-1 | i386
speakup-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
speakup-modules-6.1.0-19-686-di |   6.1.82-1 | i386
speakup-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
speakup-modules-6.1.0-20-686-di |   6.1.85-1 | i386
speakup-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
speakup-modules-6.1.0-21-686-di |   6.1.90-1 | i386
speakup-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
squashfs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
squashfs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
squashfs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
squashfs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
squashfs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
squashfs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
squashfs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
squashfs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
udf-modules-6.1.0-15-686-di |   6.1.66-1 | i386
udf-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
udf-modules-6.1.0-19-686-di |   6.1.82-1 | i386
udf-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
udf-modules-6.1.0-20-686-di |   6.1.85-1 | i386
udf-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
udf-modules-6.1.0-21-686-di |   6.1.90-1 | i386
udf-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
uinput-modules-6.1.0-15-686-di |   6.1.66-1 | i386
uinput-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
uinput-modules-6.1.0-19-686-di |   6.1.82-1 | i386
uinput-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
uinput-modules-6.1.0-20-686-di |   6.1.85-1 | i386
uinput-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
uinput-modules-6.1.0-21-686-di |   6.1.90-1 | i386
uinput-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
usb-modules-6.1.0-15-686-di |   6.1.66-1 | i386
usb-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
usb-modules-6.1.0-19-686-di |   6.1.82-1 | i386
usb-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
usb-modules-6.1.0-20-686-di |   6.1.85-1 | i386
usb-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
usb-modules-6.1.0-21-686-di |   6.1.90-1 | i386
usb-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
usb-serial-modules-6.1.0-15-686-di |   6.1.66-1 | i386
usb-serial-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
usb-serial-modules-6.1.0-19-686-di |   6.1.82-1 | i386
usb-serial-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
usb-serial-modules-6.1.0-20-686-di |   6.1.85-1 | i386
usb-serial-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
usb-serial-modules-6.1.0-21-686-di |   6.1.90-1 | i386
usb-serial-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
usb-storage-modules-6.1.0-15-686-di |   6.1.66-1 | i386
usb-storage-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
usb-storage-modules-6.1.0-19-686-di |   6.1.82-1 | i386
usb-storage-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
usb-storage-modules-6.1.0-20-686-di |   6.1.85-1 | i386
usb-storage-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
usb-storage-modules-6.1.0-21-686-di |   6.1.90-1 | i386
usb-storage-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386
xfs-modules-6.1.0-15-686-di |   6.1.66-1 | i386
xfs-modules-6.1.0-15-686-pae-di |   6.1.66-1 | i386
xfs-modules-6.1.0-19-686-di |   6.1.82-1 | i386
xfs-modules-6.1.0-19-686-pae-di |   6.1.82-1 | i386
xfs-modules-6.1.0-20-686-di |   6.1.85-1 | i386
xfs-modules-6.1.0-20-686-pae-di |   6.1.85-1 | i386
xfs-modules-6.1.0-21-686-di |   6.1.90-1 | i386
xfs-modules-6.1.0-21-686-pae-di |   6.1.90-1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux-signed-i386)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:20:38 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

linux-headers-6.1.0-15-common |   6.1.66-1 | all
linux-headers-6.1.0-15-common-rt |   6.1.66-1 | all
linux-headers-6.1.0-19-common |   6.1.82-1 | all
linux-headers-6.1.0-19-common-rt |   6.1.82-1 | all
linux-headers-6.1.0-20-common |   6.1.85-1 | all
linux-headers-6.1.0-20-common-rt |   6.1.85-1 | all
linux-headers-6.1.0-21-common |   6.1.90-1 | all
linux-headers-6.1.0-21-common-rt |   6.1.90-1 | all
linux-support-6.1.0-15 |   6.1.66-1 | all
linux-support-6.1.0-19 |   6.1.82-1 | all
linux-support-6.1.0-20 |   6.1.85-1 | all
linux-support-6.1.0-21 |   6.1.90-1 | all

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:23:00 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

libnvidia-compiler | 525.147.05-7~deb12u1 | i386

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by nvidia-graphics-drivers - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:23:17 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

libnvidia-compiler | 525.147.05-7~deb12u1 | amd64

------------------- Reason -------------------
[auto-cruft] NBS (no longer built by nvidia-graphics-drivers - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:07:02 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

vasttrafik-cli |      1.5-1 | source, all
Closed bugs: 1061594

------------------- Reason -------------------
RoM; API withdrawn
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:07:26 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

 ruby-arel |    9.0.0-2 | source, all
Closed bugs: 1068719

------------------- Reason -------------------
RoQA; obsolete, integrated into ruby-activerecord, incompatible with ruby-activerecord 6.1.x
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:07:50 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

phppgadmin | 7.13.0+dfsg-2 | source, all
Closed bugs: 1072300

------------------- Reason -------------------
RoM; security issues; incompatible with bookworm PostgreSQL version
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:08:16 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

      spip | 4.1.9+dfsg-1+deb12u4 | source, all
Closed bugs: 1073197

------------------- Reason -------------------
RoM; incompatible with bookworm PHP version
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 29 Jun 2024 08:08:39 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:

pytest-salt-factories |  0.907.0-4 | source
python3-saltfactories |  0.907.0-4 | all
Closed bugs: 1073920

------------------- Reason -------------------
RoQA; only needed for not shipped salt
----------------------------------------------
=========================================================================

aide (0.18.3-1+deb12u3) bookworm; urgency=medium
 .
   * Upstream patch to fix concurrent reading of extended
     attributes (xattrs) (Closes: #1070805)

amavisd-new (1:2.13.0-3+deb12u1) stable; urgency=medium
 .
   * Fix race condition in postinst. Closes: #1064349.
   * CVE-2024-28054: Handle multiple boundary parameters that contain
     conflicting values.

apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 2.4.58
     (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
   * New upstream version 2.4.59
     (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
   * Refresh patches
   * Update test framework
apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 2.4.58
     (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
   * Drop 2.4.56-regression patches
   * New upstream version 2.4.59
     (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
   * Install NOTICE files
   * Update test framework
   * Refresh patches
apache2 (2.4.58-1) unstable; urgency=medium
 .
   [ Bas Couwenberg ]
   * Provide dh-sequence-apache2 (Closes: #1050870)
 .
   [ Yadd ]
   * Drop dependency to obsolete lsb-base
   * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622,
     CVE-2023-45802)
   * Refresh patches
apache2 (2.4.57-3) unstable; urgency=medium
 .
   * Update a2enmod to drop given/when (Closes: #1050458)
   * Restore changes not included in Bookworm (set -e in apache2ctl)

archlinux-keyring (0~20231113-1~deb12u1) bookworm; urgency=low
 .
   * Rebuild for bookworm
archlinux-keyring (0~20231017-1) unstable; urgency=low
 .
   * New upstream version 0~20231017
archlinux-keyring (0~20230918-1) unstable; urgency=low
 .
   * New upstream version 0~20230918
   * Update maintainer name
archlinux-keyring (0~20230821-1) unstable; urgency=low
 .
   * New upstream version 0~20230821
   * Revert upstream feature that uses sq >= 0.31.0
archlinux-keyring (0~20230504-1) unstable; urgency=low
 .
   * New upstream version 0~20230504
archlinux-keyring (0~20230320-1) unstable; urgency=low
 .
   * New upstream version 0~20230320
   * Refresh keyring patch

atril (1.26.0-2+deb12u3) bookworm-security; urgency=medium
 .
   * CVE-2023-52076 (Closes: #1061522)

base-files (12.4+deb12u6) bookworm; urgency=medium
 .
   * Change /etc/debian_version to 12.6, for Debian 12.6 point release.

bind9 (1:9.18.24-1) bookworm-security; urgency=high
 .
   * New upstream version 9.18.24
    - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU
      load
    - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion
      failure when "nxdomain-redirect" is enabled
    - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an
      assertion failure during recursive resolution
    - CVE-2023-6516: Specific recursive query patterns may lead to an
      out-of-memory condition
    - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator
    - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust
      CPU resources
bind9 (1:9.18.24-1~bpo11+1) bullseye-backports; urgency=high
 .
   * Rebuild for bullseye-backports.

bioawk (1.0-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * debian/rules: Add --no-parallel to avoid the effects of a Makefile bug which
     makes the package to FTBFS randomly. Closes: #1068341.

bluez (5.66-1+deb12u2) bookworm; urgency=medium
 .
   * CVE-2023-27349
   * CVE-2023-50229 / CVE-2023-50230

cacti (1.2.24+ds1-1+deb12u2) bookworm-security; urgency=high
 .
   [Sylvain Beucler]
   * Non-maintainer upload by the LTS Security Team.
   * Fix patch for CVE-2023-39360.
   * Fix patch for CVE-2023-39513.
   * Backport security patches: CVE-2023-49084, CVE-2023-49085,
     CVE-2023-49086, CVE-2023-49088, CVE-2023-50250, CVE-2023-50569
     (Closes: #1059254)
 .
   [Paul Gevers]
   * Depends on node-dompurify and link purify.js instead of using upstream
     vendored version

cdo (2.1.1-1+deb12u1) bookworm; urgency=medium
 .
   * Remove enable-hirlam-extensions as it causes issues with ICON data files
     Closes: #1051017

cjson (1.7.15-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport patch to add NULL checkings (CVE-2023-50472, CVE-2023-50471)
     (Closes: #1059287)

clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium
 .
   * Import 1.0.4 (Closes: #1063479).
     - Update symbols.
     - CVE-2024-20290 (Fixed a possible heap overflow read bug in the OLE2 file
       parser that could cause a denial-of-service (DoS) condition.)
     - CVE-2024-20328 (Fixed a possible command injection vulnerability in the
       "VirusEvent" feature of ClamAV's ClamD service.
clamav (1.0.4+dfsg-1) unstable; urgency=medium
 .
   * Import 1.0.4
     - Update symbols.
   * Add systemd-dev to Build-Depends (Closes: #1060559).
   * Mark clamav-base as foreign (Closes: #1060889).
clamav (1.0.3+dfsg-2) unstable; urgency=medium
 .
   * Remove unnecessary warning messages in freshclam during update.
clamav (1.0.3+dfsg-1) unstable; urgency=medium
 .
   * Import 1.0.3

cloud-init (22.4.2-1+deb12u1) bookworm; urgency=medium
 .
   * Add Conflicts/Replaces relationship on cloud-init-22.4.2

cockpit (287.1-0+deb12u2) bookworm-security; urgency=medium
 .
   * Add 0001-ssh-Use-valid-host-name-in-test-sshbridge.patch:
     Use valid host name in test-sshbridge. Fixes FTBFS due to unit test
     failure when building against libssh 0.10.6. (Closes: #1069059)
cockpit (287.1-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream security update:
     - sosreport: Fix command injection with crafted report names
       [CVE-2024-2947]

comitup (1.38-2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 comitup (1.38-2) unstable; urgency=medium
 .
   * Ensure service is unmasked in post install (Closes: #1041447).

composer (2.5.5-1+deb12u2) bookworm-security; urgency=medium
 .
   * Include security fixes from 2.7.7:
     - Multiple command injections via malicious git/hg branch names
       (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126)
     - Command injection via malicious git branch name
       (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125)
composer (2.5.5-1+deb12u1) bookworm-security; urgency=medium
 .
   * Track debian/bookworm
   * Merge pull request from GHSA-7c6p-848j-wh5h [CVE-2024-24821]
     (Closes: #1063603)
   * Force system dependencies loading

cpu (1.4.3-14~deb12u1) bookworm; urgency=medium
 .
   * QA upload.
   * Rebuild or bookworm.
 .
 cpu (1.4.3-14) unstable; urgency=medium
 .
   * QA upload.
   * Actually provide a definition of globalLdap.  (Closes: #1067439)
   * Add smoke test.
cpu (1.4.3-14~deb11u1) bullseye; urgency=medium
 .
   * QA upload.
   * Rebuild for bullseye.
 .
 cpu (1.4.3-14~deb12u1) bookworm; urgency=medium
 .
   * QA upload.
   * Rebuild for bookworm.
 .
 cpu (1.4.3-14) unstable; urgency=medium
 .
   * QA upload.
   * Actually provide a definition of globalLdap.  (Closes: #1067439)
   * Add smoke test.

crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium
 .
   * d/postinst: create a logging directory (Closes: #1042448)
   * d/patches: add patch for log file error

crowdsec-firewall-bouncer (0.0.25-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.

curl (7.88.1-10+deb12u6) bookworm; urgency=medium
 .
   * Team upload.
 .
   [ Sergio Durigan Junior ]
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     (Closes: #1053643)
 .
   [ Guilherme Puida Moreira ]
   * Add patches to fix CVE-2024-2004 and CVE-2024-2398.
     - CVE-2024-2004: When a protocol selection parameter disables all
       protocols without adding any then the default set of protocols would
       remain in the allowed set due to an error in the logic for removing
       protocols.
     - CVE-2024-2398: When an application tells libcurl it wants to allow
       HTTP/2 server push and the amount of received headers for the push
       surpasses the maximum allowed limit (1000), libcurl aborts the server
       push and leaks the memory allocated for the previously allocated
       headers.
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     Refresh patch.
curl (7.88.1-10+deb12u6~bpo11+1) bullseye-backports; urgency=medium
 .
   * Team upload.
   * Rebuild for bullseye-backports.
 .
 curl (7.88.1-10+deb12u6) bookworm; urgency=medium
 .
   * Team upload.
 .
   [ Sergio Durigan Junior ]
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     (Closes: #1053643)
 .
   [ Guilherme Puida Moreira ]
   * Add patches to fix CVE-2024-2004 and CVE-2024-2398.
     - CVE-2024-2004: When a protocol selection parameter disables all
       protocols without adding any then the default set of protocols would
       remain in the allowed set due to an error in the logic for removing
       protocols.
     - CVE-2024-2398: When an application tells libcurl it wants to allow
       HTTP/2 server push and the amount of received headers for the push
       surpasses the maximum allowed limit (1000), libcurl aborts the server
       push and leaks the memory allocated for the previously allocated
       headers.
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     Refresh patch.

cyrus-imapd (3.6.1-4+deb12u2) bookworm-security; urgency=medium
 .
   * Fix unbounded memory allocation (Closes: CVE-2024-34055)

dav1d (1.0.0-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-1580 (Closes: #1064310)

dcmtk (3.6.7-9~deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Rebuild for bookworm.
 .
 dcmtk (3.6.7-9) unstable; urgency=medium
 .
   * Team upload.
   * Fix postrm
     Closes: #1038776

debian-installer (20230607+deb12u6) bookworm; urgency=medium
 .
   * Bump Linux kernel ABI to 6.1.0-22.
   * Adjust linux-image build-deps as well.

debian-installer-netboot-images (20230607+deb12u6) bookworm; urgency=medium
 .
   * Update to 20230607+deb12u6, from bookworm-proposed-updates.

debvm (0.2.10+deb12u1) bookworm; urgency=medium
 .
   [ Johannes Schauer Marin Rodrigues ]
   * bin/debvm-run: allow being run in environments without TERM set
 .
   [ Jochen Sprickerhof ]
   * Fix resolv.conf in stretch
 .
   [ Johannes Schauer Marin Rodrigues ]
   * bin/debvm-waitssh: make --timeout=N work
 .
   [ Helmut Grohne ]
   * debvm-create: do install login

dhcpcd5 (9.4.1-24~deb12u4) bookworm; urgency=medium
 .
   * Add --no-stop-on-upgrade --no-restart-after-upgrade (Closes: #1057959).
   * Cherry-pick upstream backported fixes for RC bug (Closes: #1050805).
   * Update dhcpcd.preinst version check to match current one.

distro-info-data (0.58+deb12u2) bookworm; urgency=medium
 .
   * Update data to 0.61:
     - Declare LTS and ELTS intentions for bullseye and bookworm
     - debian: Fix LTS EOL date for bullseye
     - debian.csv: Fix EOL date for 2.2
     - Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136)

djangorestframework (3.14.0-2+deb12u1) bookworm; urgency=medium
 .
   [ Carsten Schoenert ]
   * [0e3d1fc] d/gbp.conf: Pick up some defaults, adjust to debian/bookworm
 .
   [ Simon Lyngshede ]
   * [7867bee] d/rules: Don't exclude bootstrap-tweaks.css file
     (Closes: #1068747)

dm-writeboost (2.2.17-0.2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 dm-writeboost (2.2.17-0.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix misspelled autopkgtest dependency.
 .
 dm-writeboost (2.2.17-0.1) unstable; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
   * New upstream release [May 2024]. (Closes: #1069878)
   * Update upstream metadata.
   * dkms.conf: Set BUILD_EXCLUSIVE_KERNEL_MIN="3.9".
   * Fix autopkgtest dependencies. (Closes: #1069600)
 .
   [ Andrea Righi ]
   * Skip I/O-intensive autopkgtest on small systems (LP: #2012947)
dm-writeboost (2.2.17-0.1) unstable; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
   * New upstream release [May 2024]. (Closes: #1069878)
   * Update upstream metadata.
   * dkms.conf: Set BUILD_EXCLUSIVE_KERNEL_MIN="3.9".
   * Fix autopkgtest dependencies. (Closes: #1069600)
 .
   [ Andrea Righi ]
   * Skip I/O-intensive autopkgtest on small systems (LP: #2012947)

dns-root-data (2024041801~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm. (Closes: #1072035)
dns-root-data (2024041801~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye. (See #1072035.)

dpdk (22.11.5-1~deb12u1) bookworm; urgency=medium
 .
   * New upstream release 22.11.5; for a full list of changes see:
     http://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html
   * Update symbols file for private symbols change

ebook-speaker (6.2.0-4+deb12u1) bookworm; urgency=medium
 .
   * patches/long-logins: Fix testing belonging to the audio group.

edk2 (2022.11-6+deb12u1) bookworm-security; urgency=medium
 .
   * Cherry-pick security fixes from upstream:
     - Fix heap buffer overflow in Tcg2MeasureGptTable(), CVE-2022-36763
       + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
       + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
       + 0003-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
     - Fix heap buffer overflow in Tcg2MeasurePeImage(), CVE-2022-36764
       + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch
       + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
       + 0003-SecurityPkg-Adding-CVE-2022-36764-to-SecurityFixes.y.patch
     - Fix build failure due to symbol collision in above patches:
       + 0001-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-3.patch
       + 0002-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117-2.patch
       + 0003-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch
     - Fix integer overflow in CreateHob(), CVE-2022-36765
       + 0001-UefiPayloadPkg-Hob-Integer-Overflow-in-CreateHob.patch
     - Fix a buffer overflow via a long server ID option in DHCPv6
       client, CVE-2023-45230:
       + 0001-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
       + 0002-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
       + 0003-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
     - Fix an out-of-bounds read vulnerability when processing the IA_NA
       or IA_TA option in a DHCPv6 Advertise message, CVE-2023-45229:
       + 0004-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
       + 0005-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch
     - Fix an out-of-bounds read when processing Neighbor Discovery
       Redirect messages, CVE-2023-45231:
       + 0006-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
       + 0007-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
     - Avoid an infinite loop when parsing unknown options in the
       Destination Options header of IPv6, CVE-2023-45232:
       + 0008-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
       + 0009-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
     - Avoid an infinite loop when parsing a PadN option in the
       Destination Options header of IPv6, CVE-2023-45233:
       + 0010-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
       + 0011-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
     - Fix a potential buffer overflow when processing a DNS Servers
       option from a DHCPv6 Advertise message, CVE-2023-45234:
       + 0013-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
     - Fix a potential buffer overflow when handling a Server ID option
       from a DHCPv6 proxy Advertise message, CVE-2023-45235:
       + 0014-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
     - Record fixes in a SecurityFix.yaml file:
       + 0015-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
     - (Closes: #1060408, #1061256)
   * Disable the built-in Shell when SecureBoot is enabled, CVE-2023-48733.
     Thanks to Mate Kukri. LP: #2040137.
     - Disable the built-in Shell when SecureBoot is enabled:
       + Disable-the-Shell-when-SecureBoot-is-enabled.patch
     - d/tests: Drop the boot-to-shell tests for images w/ Secure Boot active.
     - d/tests: Update run_cmd_check_secure_boot() to not expect shell
       interaction.

emacs (1:28.2+1-15+deb12u2) bookworm; urgency=medium
 .
   * debian/rules: fix override_dh_auto_install indentation.
 .
   * Update package-keyring.gpg to deb/emacs/v/29.3+1-3 version.  The
     existing keyring has expired.  Replace it with the upstream version
     from our latest 29.3 package, retrieved from our repository via "git
     show deb/emacs/v/29.3+1-3:etc/package-keyring.gpg >
     debian/replace/etc/package-keyring.gpg". (Closes: 1070664, 942413)
 .
 emacs (1:28.2+1-15+deb12u1) bookworm; urgency=high
 .
   * Fix CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
     (Closes: #1067630).
emacs (1:28.2+1-15+deb12u1) bookworm; urgency=high
 .
   * Fix CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
     (Closes: #1067630).

engrampa (1.26.0-1+deb12u2) bookworm-security; urgency=medium
 .
   * debian/patches:
     + CVE-2023-52138: Add 0006_use-unar-instead-of-cpio-for-CPIO-archives.patch.
       Use unar instead of cpio for CPIO archives. (Closes: #1063494).

extrepo-data (1.0.3+deb12u1) bookworm; urgency=medium
 .
   * Update the repo data from the Debian unstable branch.
   * Fix d/copyright mime syntax.

ffmpeg (7:5.1.5-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 5.1.5

firefox-esr (115.12.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-26, also known as:
     CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
     CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.
firefox-esr (115.12.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-26, also known as:
     CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
     CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.
firefox-esr (115.11.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-22, also known as:
     CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
     CVE-2024-4770, CVE-2024-4777.
firefox-esr (115.11.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-22, also known as:
     CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
     CVE-2024-4770, CVE-2024-4777.
firefox-esr (115.11.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-22, also known as:
     CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
     CVE-2024-4770, CVE-2024-4777.
firefox-esr (115.10.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-19, also known as:
     CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
     CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.
firefox-esr (115.10.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-19, also known as:
     CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
     CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.
firefox-esr (115.10.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-19, also known as:
     CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
     CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.
firefox-esr (115.9.1esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-16, also known as CVE-2024-29944.
firefox-esr (115.9.1esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-16, also known as CVE-2024-29944.
 .
   * debian/control*, debian/rules: Undo workaround for bug 1052002.
firefox-esr (115.9.1esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-16, also known as CVE-2024-29944.
 .
   * debian/control*, debian/rules: Undo workaround for bug 1052002.
firefox-esr (115.9.0esr-2) unstable; urgency=medium
 .
   * debian/control*, debian/rules: Undo workaround for bug 1052002.
firefox-esr (115.9.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-13, also known as:
     CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616,
     CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612,
     CVE-2024-2614.
firefox-esr (115.9.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-13, also known as:
     CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616,
     CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612,
     CVE-2024-2614.
firefox-esr (115.9.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-13, also known as:
     CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616,
     CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612,
     CVE-2024-2614.
firefox-esr (115.8.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fixed FTBFS with python 3.12. Closes: #1061437.
   * Fixes for mfsa2024-06, also known as:
     CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549,
     CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553.
firefox-esr (115.8.0esr-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-06, also known as:
     CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549,
     CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553.
firefox-esr (115.8.0esr-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-06, also known as:
     CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549,
     CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553.
firefox-esr (115.7.0esr-1) unstable; urgency=medium
 .
   * New upstream release.
   * Fixes for mfsa2024-02, also known as:
     CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747,
     CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
     CVE-2024-0755.

flatpak (1.14.8-1~deb12u1) bookworm; urgency=medium
 .
   * Backport upstream stable release for Debian 12
   * Changes relative to 1.14.4-1+deb12u1 in bookworm-security:
     - New upstream stable release 1.14.6
       + Don't parse `<developer><name/></developer>` as though it was
         the application name
       + Install a tmpfiles.d snippet to clean up /var/tmp/flatpak-cache-*
         during boot
       + Stop http transfers if a download in progress becomes very slow
       + Silence warnings when using GLib 2.77.0 or later
       + Bypass page cache for backend requests in revokefs, fixing
         installation errors with libostree 2023.4 or later
       + Show AppStream metadata in `flatpak remote-info` as intended,
         fixing a regression in 1.9.1
       + Don't let Flatpak apps inherit $VK_DRIVER_FILES or $VK_ICD_FILENAMES
         from the host system, which would be wrong in the sandbox
       + Fix forward-compatibility with libappstream 0.17.x and 1.0
       + Fix a memory leak
       + Fix some compiler warnings
       + Make the test failure produce a clearer message if a required tool
         is missing
       + Don't force `GIO_USE_VFS=local` for programs launched via
         flatpak-spawn
       + Documentation improvements
     - New upstream stable release 1.14.7
       + Automatically reload D-Bus session bus configuration when apps are
         installed or upgraded, ensuring that any new .service files get
         picked up
       + Allow apps to be run if the D-Bus system bus is missing or
         non-functional
       + Add several more environment variables to the list not inherited
         into the sandbox:
         * $LD_AUDIT, $LD_PRELOAD for ld.so
         * $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL
         * $VK_ADD_DRIVER_FILES, etc. for Vulkan
         * $container, when running Flatpak inside a container manager
       + Use xdg-desktop-portal-gnome, if installed, to detect whether apps
         are running in the background
       + If an app's data is migrated to a new name and then deleted, don't
         try to migrate it again, avoiding a recursive symlink loop
       + Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh
         into user shell sessions
       + Avoid an out-of-bounds left-shift (which is technically undefined
         behaviour) when hashing object names
       + Fix critical warnings "GFileInfo created without
         standard::is-symlink" when using /var/lib/flatpak/extension with
         testing/unstable glib2.0
       + Fix validation of documentation against Docbook DTD
       + Fix a misleading comment in the test for CVE-2024-32462
       + Fix a double-free in the test suite
       + Skip more tests if bubblewrap works but FUSE doesn't
     - New upstream stable release 1.14.8
       + Respin of 1.14.7 reverting unintended submodule changes
     - d/control: Move dbus-system-bus from Depends to Recommends.
       `flatpak run` no longer has a working system bus as a hard requirement
       (verified in `podman run --privileged --rm -it debian:sid-slim`)
     - Drop CVE-2024-32462 patches, included in the upstream stable release
     - debian/test.sh: Disable http proxy if used, to ensure we can reach
       a HTTP server on localhost during automated tests
   * Changes relative to 1.14.8-1 in unstable:
     - Revert polkitd dependencies to polkitd | policykit-1 as previously
       used in bookworm
     - Revert pkgconf dependencies to pkg-config as previously used in
       bookworm
     - Revert location of systemd unit to /lib/systemd/system as previously
       used in bookworm, dropping versioned dependency on debhelper 13.11.6~
     - Revert changes related to Debian 13 GIR XML packaging policy
flatpak (1.14.6-1) unstable; urgency=high
 .
   * New upstream stable release 1.14.6
     - Don't allow an executable name to be misinterpreted as a command-line
       option for bwrap(1). This prevents a sandbox escape where a malicious
       or compromised app could ask xdg-desktop-portal to generate a .desktop
       file with access to files outside the sandbox. (CVE-2024-32462)
     - Don't parse `<developer><name/></developer>` as the application name
   * d/control: Drop alternative dependencies on transitional policykit-1.
     polkitd was released in Debian 12 and Ubuntu 22.04.
flatpak (1.14.6-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie
flatpak (1.14.5-1) unstable; urgency=medium
 .
   * New upstream stable release
   * Drop patches cherry-picked in 1.14.4-2, applied upstream
   * d/flatpak.install: Install new tmpfiles.d snippet
   * d/test.sh: Disable http proxy if used, to ensure we can reach localhost.
     Some reproducible.org builders set http_proxy, which makes attempts
     to access our temporary http server on localhost fail with a 503 error.
   * d/control: (Build-)depend on pkgconf in preference to pkg-config
   * d/control: Add ${gir:Depends}, ${gir:Provides} to -dev package
     (Helps: #1030223)
   * d/control: Build-depend on required GIR XML files (Helps: #1030223)
   * Install systemd system unit into /usr/lib/systemd/system.
     This was allowed by TC resolution #1053901.
     Build-depend on debhelper 13.11.6~ to ensure that the unit is still
     picked up by dh_installsystemd.
flatpak (1.14.4-2) unstable; urgency=medium
 .
   * Team upload
 .
   [ Simon McVittie ]
   * Mention #1033098, #1033099 in previous changelog entry
 .
   [ Jeremy Bicha ]
   * Cherry-pick 2 patches for compatibility with glib 2.77
flatpak (1.14.4-1+deb12u1) bookworm-security; urgency=high
 .
   * d/p/When-starting-non-static-command-using-bwrap-use.patch,
     d/p/test-run-Add-a-reproducer-for-CVE-2024-32462.patch:
     Don't allow an executable name to be misinterpreted as a command-line
     option for bwrap(1). This prevents a sandbox escape where a malicious
     or compromised app could ask xdg-desktop-portal to generate a .desktop
     file with access to files outside the sandbox. (CVE-2024-32462)
   * d/gbp.conf: Use debian/bookworm packaging branch
flatpak (1.14.4-1+deb12u1~bpo11+1) bullseye-backports; urgency=high
 .
   * Rebuild bookworm security update for bullseye-backports
   * Remaining changes, relative to bookworm-security:
     - d/control: Relax libseccomp build-dependency to 2.5.0
     - d/control, d/gbp.conf: Adjust git branch for bullseye-backports
 .
 flatpak (1.14.4-1+deb12u1) bookworm-security; urgency=high
 .
   * d/p/When-starting-non-static-command-using-bwrap-use.patch,
     d/p/test-run-Add-a-reproducer-for-CVE-2024-32462.patch:
     Don't allow an executable name to be misinterpreted as a command-line
     option for bwrap(1). This prevents a sandbox escape where a malicious
     or compromised app could ask xdg-desktop-portal to generate a .desktop
     file with access to files outside the sandbox. (CVE-2024-32462)
   * d/gbp.conf: Use debian/bookworm packaging branch

fontforge (1:20230101~dfsg-1.1~deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm-security.
 .
 fontforge (1:20230101~dfsg-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2024-25081: Spline Font command injection via crafted filenames
   * CVE-2024-25082: Spline Font command injection via crafted archives
     or compressed files
   * Closes: #1064967

fpga-icestorm (0~20230218gitd20a5e9-1~deb12u1) bookworm; urgency=medium
 .
   * Fix yosys incompatibility (Closes: #1055171)
fpga-icestorm (0~20220915gita545498-4) unstable; urgency=medium
 .
   * autopkgtest: Fix missing icetime command
   * Refresh patches
   * Add patch fixing up5k_rgb icetime failure

freetype (2.12.1+dfsg-5+deb12u3) bookworm; urgency=medium
 .
   * Disable the experimental and incomplete COLRv1 API once again.
   * debian/patches:
     + Re-enable disable_COLRv1.patch.
     + get_colr_glyph_paint.patch: Use correct predicate before function call.
freetype (2.12.1+dfsg-5+deb12u2) bookworm; urgency=high
 .
   * debian/patches: Temporarily revert disable_COLRv1.patch to allow
     Chromium to start (Closes: #1053142).
freetype (2.12.1+dfsg-5+deb12u1) bookworm; urgency=medium
 .
   * debian/patches: Disable COLRv1 support, which was unintentionally enabled
     by upstream in this version of FreeType (Closes: #1051816).

galera-4 (26.4.18-0+deb12u1) bookworm; urgency=medium
 .
   * Switch to upstream aware DEP-14 branch structure in gbp.conf
   * New upstream release 26.4.18. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.18.txt
   * For previous release details see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.17.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.16.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.15.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.14.txt
   * New upstream signing key 3D53839A70BC938B08CDD47F45460A518DA84635,
     verified from 26.4.17 release notes
   * New upstream release includes multiple Debian build and post-build test
     failure fixes:
     - Generate keys and certificates for SSL tests (Closes: #1053334)
     - Attempt to bind to UDP and skips tests if not available
       (Related: #1007954)
     - Fix 'uuid == WSREP_UUID_UNDEFINED' (Related: #970044)
     - Fix issues reported -Werror when compiling (Related: #970043)
     - Fix UBSAN issues (Closes: #1053183, Related: #970042)
galera-4 (26.4.18-0+deb11u1) bullseye; urgency=medium
 .
   * Switch to upstream aware DEP-14 branch structure in gbp.conf
   * New upstream release 26.4.18. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.18.txt
   * For previous release details see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.17.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.16.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.15.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.14.txt
   * New upstream signing key 3D53839A70BC938B08CDD47F45460A518DA84635,
     verified from 26.4.17 release notes
   * New upstream release includes multiple Debian build and post-build test
     failure fixes:
     - Generate keys and certificates for SSL tests (Closes: #1053334)
     - Attempt to bind to UDP and skips tests if not available
       (Related: #1007954)
     - Fix 'uuid == WSREP_UUID_UNDEFINED' (Related: #970044)
     - Fix issues reported -Werror when compiling (Related: #970043)
     - Fix UBSAN issues (Closes: #1053183, Related: #970042)
galera-4 (26.4.16-2) unstable; urgency=medium
 .
   * Format patches from Daniel Black to use DEP-3 patch tagging guidelines
   * Apply upstream patches from codership/galera#558, which includes
     multiple Debian build and post-build test failure fixes:
     - Attempt to bind to UDP and skips tests if not available
       (Related: #1007954)
     - Show libgalera_smm.so build output instead of sending it to /dev/null
     - (Related: #970043)
     - Generate keys and certificates for SSL tests (Closes: #1053334)
     - Fix 'uuid == WSREP_UUID_UNDEFINED' (Related: #970044)
     - Fix issues reported -Werror when compiling (Related: #970043)
     - Fix UBSAN issues (Closes: #1053183, Related: #970042)
galera-4 (26.4.16-1) unstable; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream release 26.4.14. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.16.txt
   * For previous release details see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.15.txt
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.14.txt
   * Note that 26.4.14-1~exp1 was in Debian experimental but never in unstable
 .
   [ Faustin Lammler ]
   * Running daemon under nobody user is not recommended (Closes: #970045)
 .
   [ Daniel Black ]
   * Salsa-CI: use stretch archive
   * Reduce galera.cache size test for Salsa
galera-4 (26.4.14-1~exp1) experimental; urgency=medium
 .
   [ Otto Kekäläinen ]
   * New upstream release 26.4.14. Includes multiple bug fixes, see
     https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.14.txt
 .
   [ Faustin Lammler ]
   * Running daemon under nobody user is not recommended (Closes: #970045)

gdk-pixbuf (2.42.10+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * ANI: Reject files with multiple anih chunks (CVE-2022-48622)
     (Closes: #1071265)
   * ANI: Reject files with multiple INAM or IART chunks
   * ANI: Validate anih chunk size

ghostscript (10.0.0~dfsg-11+deb12u4) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * In SAFER (default) don't allow eexec seeds other than the Type 1 standard
     (CVE-2023-52722)
   * Uniprint device - prevent string configuration changes when SAFER
     (CVE-2024-29510)
   * Bug #707691 (CVE-2024-33869)
   * Bug 707691 part 2 (CVE-2024-33869)
   * Bug #707686 (CVE-2024-33870)
   * OPVP device - prevent unsafe parameter change with SAFER (CVE-2024-33871)

glewlwyd (2.7.5-3+deb12u1) bookworm; urgency=medium
 .
   * d/patches: Fix CVE-2023-49208
     possible buffer overflow during FIDO2 credentials validation
   * d/patches: Fix CVE-2024-25715
     open redirection via redirect_uri

glib2.0 (2.74.6-2+deb12u3) bookworm; urgency=medium
 .
   * d/p/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch:
     Add patch from upstream fixing a memory leak that can occur in
     rare situations since 2.74.6-2+deb12u1 (Closes: #1070851)
glib2.0 (2.74.6-2+deb12u2) bookworm-security; urgency=high
 .
   * d/p/CVE-2024-34397/gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch:
     Relax name owner checks to avoid a regression in ibus.
     Fixing CVE-2024-34397 caused a regression in ibus affecting text entry
     with non-trivial input methods.
     (Closes: #1070730, #1070736, #1070743, #1070745, #1070749, #1070752)
glib2.0 (2.74.6-2+deb12u1) bookworm-security; urgency=high
 .
   * d/patches: Backport GDBus fixes from 2.80.1
     - If local users send signals on the D-Bus system bus that spoof a
       trusted sender, do not deliver them to signal subscriptions for the
       trusted sender's well-known bus name (CVE-2024-34397)
     - Fix a use-after-free when subscribing to signals with an arg0
       match rule, originally from 2.79.0 and necessary to make the test
       for CVE-2024-34397 pass reliably
     - Add a local backport of g_set_str(), required by the above
     - Add proposed fix for a race condition that can cause a unit test
       to regress after the above
   * d/gbp.conf, d/control.in: Use debian/bookworm branch for Debian 12

glibc (2.36-9+deb12u7) bookworm-security; urgency=medium
 .
   * debian/patches/local-CVE-2024-33599-nscd.diff: Fix a stack-based buffer
     overflow in nscd netgroup cache (CVE-2024-33599).
   * debian/patches/local-CVE-2024-33600-nscd.diff: Fix a null pointer
     dereferences in nscd after failed netgroup cache insertion
     (CVE-2024-33600).
   * debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: Fix a DoS in nscd
     in case of memory allocation failure (CVE-2024-33601) and a memory
     corruption in nscd when the underlying NSS callback function does not use
     the buffer space to store all strings (CVE-2024-33602).
glibc (2.36-9+deb12u6) bookworm-security; urgency=medium
 .
   * debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix
     out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT
     module (CVE-2024-2961).  Closes: #1069191.
glibc (2.36-9+deb12u5) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - any/local-CVE-2023-4911.patch: upstreamed.
     - any/local-CVE-2023-6246.patch: upstreamed.
     - any/local-CVE-2023-6779.patch: upstreamed.
     - any/local-CVE-2023-6780.patch: upstreamed.
     - Revert fix to always call destructors in reverse constructor order due
       to unforeseen application compatibility issues.
     - Fix a DTV corruption due to a reuse of a TLS module ID following dlclose
       with unused TLS.
     - Fix the DTV field load on x32.
     - Fix the TCB field load on x32.

gnome-shell (43.9-0+deb12u2) bookworm-security; urgency=high
 .
   * d/p/screencast-Correct-expected-bus-name-for-streams.patch:
     Avoid screencast regression after fixing CVE-2024-34397.
     Previously, screencasting expected signals to come from the wrong
     D-Bus name, which only worked because there was a vulnerability in
     GLib that resulted in the sender being ignored.
   * Set urgency=high because this fixes a regression triggered by a
     security fix.

gnutls28 (3.7.9-2+deb12u3) bookworm; urgency=medium
 .
   * Update to 3.7.11:
     + Replace 60-auth-rsa_psk-side-step-potential-side-channel.patch
       61-x509-detect-loop-in-certificate-chain.patch
       62-rsa-psk-minimize-branching-after-decryption.patch with versions from
       gnutls_3_7_x branch instead of manual backports from 3.8.x.
     + Add 53-fips-fix-checking-on-hash-algorithm-used-in-ECDSA.patch (Fix
       checking on hash algorithm used in ECDSA in FIPS mode) and
       54-fips-mark-composite-signature-API-not-approved.patch (Mark composite
       signature API non-approved in FIPS mode.) to allow
       straight cherry-picking of later patches.
     + 63_01-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch
       libgnutls: Fixed a bug where certtool crashed when verifying a
       certificate chain with more than 16 certificates. Reported by William
       Woodruff (#1525) and yixiangzhike (#1527).  [GNUTLS-SA-2024-01-23, CVSS:
       medium] [CVE-2024-28835] Closes: #1067463
     + 63_02-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch
       libgnutls: Fix side-channel in the deterministic ECDSA.
       Reported by George Pantelakis (#1516).  [GNUTLS-SA-2023-12-04, CVSS:
       medium] [CVE-2024-28834] Closes: #1067464
     + 63_03-serv-fix-memleak-when-a-connected-client-disappears.patch
       Fix a memleak in gnutls-serv when a connected client disappears.
     + 63_04-lib-fix-a-segfault-in-_gnutls13_recv_end_of_early_da.patch
       Fix a segfault in _gnutls13_recv_end_of_early_data().
     + 63_05-lib-fix-a-potential-segfault-in-_gnutls13_recv_finis.patch
       Fix a potential segfault in _gnutls13_recv_finished().

golang-github-google-nftables (0.1.0-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.

gpaste (43.1-3+deb12u1) bookworm; urgency=medium
 .
   [ Andreas Beckmann ]
   * Non-maintainer upload.
   * Backport Breaks+Replaces fix from 44.0-1.
 .
   [ Jérémy Lal ]
   * Breaks+Replaces: libgpaste6 (<< 3.24). Closes: #1038751

gross (1.0.2-4.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 gross (1.0.2-4.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
gross (1.0.2-4.1~deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.
 .
 gross (1.0.2-4.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)

gst-plugins-base1.0 (1.22.0-3+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * exiftag: Prevent integer overflows and out of bounds reads when handling
     undefined tags (CVE-2024-4453)

gtkwave (3.3.118-0.1~deb12u1) bookworm-security; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm-security.
 .
 gtkwave (3.3.118-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream release.
     - Fixes multiple vulnerabilities:
       CVE-2023-32650, CVE-2023-34087, CVE-2023-34436, CVE-2023-35004,
       CVE-2023-35057, CVE-2023-35128, CVE-2023-35702, CVE-2023-35703,
       CVE-2023-35704, CVE-2023-35955, CVE-2023-35956, CVE-2023-35957,
       CVE-2023-35958, CVE-2023-35959, CVE-2023-35960, CVE-2023-35961,
       CVE-2023-35962, CVE-2023-35963, CVE-2023-35964, CVE-2023-35969,
       CVE-2023-35970, CVE-2023-35989, CVE-2023-35992, CVE-2023-35994,
       CVE-2023-35995, CVE-2023-35996, CVE-2023-35997, CVE-2023-36746,
       CVE-2023-36747, CVE-2023-36861, CVE-2023-36864, CVE-2023-36915,
       CVE-2023-36916, CVE-2023-37282, CVE-2023-37416, CVE-2023-37417,
       CVE-2023-37418, CVE-2023-37419, CVE-2023-37420, CVE-2023-37442,
       CVE-2023-37443, CVE-2023-37444, CVE-2023-37445, CVE-2023-37446,
       CVE-2023-37447, CVE-2023-37573, CVE-2023-37574, CVE-2023-37575,
       CVE-2023-37576, CVE-2023-37577, CVE-2023-37578, CVE-2023-37921,
       CVE-2023-37922, CVE-2023-37923, CVE-2023-38583, CVE-2023-38618,
       CVE-2023-38619, CVE-2023-38620, CVE-2023-38621, CVE-2023-38622,
       CVE-2023-38623, CVE-2023-38648, CVE-2023-38649, CVE-2023-38650,
       CVE-2023-38651, CVE-2023-38652, CVE-2023-38653, CVE-2023-38657,
       CVE-2023-39234, CVE-2023-39235, CVE-2023-39270, CVE-2023-39271,
       CVE-2023-39272, CVE-2023-39273, CVE-2023-39274, CVE-2023-39275,
       CVE-2023-39316, CVE-2023-39317, CVE-2023-39413, CVE-2023-39414,
       CVE-2023-39443, CVE-2023-39444
       (Closes: #1060407)
gtkwave (3.3.116-1) unstable; urgency=medium
 .
   * New upstream version 3.3.116
gtkwave (3.3.115-1) unstable; urgency=medium
 .
   * New upstream version 3.3.115
   * d/watch: update watch format version
   * d/u/metadata: remove Homepage field
   * d/p/0001-Add-F-to-exec-key-in-desktop-file.patch: forward upstream & add
     DEP-3 headers
   * Add autotools-pkg-config.diff patch to use PKG_PROG_PKG_CONFIG instead of
     AC_PATH_CONFIG

guix (1.4.0-3+deb12u1) bookworm-security; urgency=medium
 .
   * debian/patches: guix-daemon: Protect against file descriptor escape
     when building fixed-output derivations (CVE-2024-27297).
     (Closes: #1066113)

hovercraft (2.7-6~deb12u1) bookworm; urgency=medium
 .
   * QA upload.
   * Rebuild for bookworm.
 .
 hovercraft (2.7-6) unstable; urgency=medium
 .
   * QA upload.
   * Add smoke test.
   * Add Depends: python3-setuptools.  (Closes: #1025655)

icinga2 (2.13.6-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Update branch in gbp.conf & Vcs-Git URL.
   * Fix segfault on startup on ppc64el.
     (closes: #1068473)

igtf-policy-bundle (1.128-1~deb12u1) bookworm; urgency=important
 .
   * Proposed update to address CAB Forum S/MIME policy change
 .
 igtf-policy-bundle (1.128-1) unstable; urgency=medium
 .
   * updated CRL download URL for ArmeSFo (AM)
 .
 igtf-policy-bundle (1.127-1) unstable; urgency=medium
 .
   * added supplementary issuing CA Issuing CA IGTF - C5 - 1 for eMudhra (IN)
   * removed discontinued QuoVadis CAs QuoVadis-Grid-ICA-G2 QuoVadis-Root-CA2G3
     QuoVadis-Root-CA2 and QuoVadis-Root-CA3G3 (BM)
 .
 igtf-policy-bundle (1.126-1) unstable; urgency=medium
 .
   * New upstream release:
   * removed replaced InCommon IGTF Server CA and associated Comodo RSA CA (US)
   * removed discontinued UNLPGrid CA (CL)
 .
 igtf-policy-bundle (1.125-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated root certificate ArmeSFo CA with extended validity (AM)
 .
 igtf-policy-bundle (1.124-1) unstable; urgency=medium
 .
   * New upstream release:
   * updated contact meta-data for ArmeSFo authority (AM)
   * removed discontinued AEGIS authority (RS)
   * removed suspended KENET Root and issuing CAs (KE)
   * removed suspended SDG-G2 authority (CN)
   * removed suspended CNIC authority (CN)
   * removed all four discontinued DigitalTrust CAs operated by their issuer (AE)
 .
 igtf-policy-bundle (1.123-1) unstable; urgency=medium
 .
   * New upstream release:
   * Add ECC private trust hierarchy for GEANT (Research and Education) TCS (EU)
   * Added accredited private trust eMudhra IGTF root and issuers (IN)
 .
 igtf-policy-bundle (1.122-1) unstable; urgency=medium
 .
   * New Upstream release:
   * Added private trust hierarchy for GEANT (Research and Education) TCS (EU)
   * Added accredited eMudhra joint public trust root and issuing CAs (IN)
   * Added private trust eMudhra IGTF root and issuers as experimental (IN, US)
   * Closes: 1045502
 .
 igtf-policy-bundle (1.121-1) unstable; urgency=medium
 .
   * New upstream release:
   * Added accredited (classic) InCommon RSA IGTF Server CA 3 under the
     Sectigo USERTrust RSA root, for which namespaces have been updated (US)
 .
 igtf-policy-bundle (1.120-1) unstable; urgency=medium
 .
   * New upstream release:
   * Added transitional CDP mirror URLs for retiring DigitalTrust CAs (AE)
   * Removed discontinued NIIF-Root-CA-2 (HU)
   * Removed expiring GermanGrid (GridKA CrossGrid) CA (DE)
 .
 igtf-policy-bundle (1.119-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated UKeScience Root (2007) with consistent string encodings (UK)
   * Removed obsolete SHA1 subordinates DigiCertGridTrustCA-Classic
     and DigiCertGridCA-1-Classic from DigiCert, reflected in RPDNC namespaces
   * Experimental (non-accredited) new InCommon RSA IGTF Server CA 2 (ICA under
     Sectigo USERTrust RSA root, for which namespaces have been updated) (US)
igtf-policy-bundle (1.128-1~bpo12+1) bookworm-backports; urgency=medium
 .
   * Backport for bookworm
igtf-policy-bundle (1.127-1) unstable; urgency=medium
 .
   * added supplementary issuing CA Issuing CA IGTF - C5 - 1 for eMudhra (IN)
   * removed discontinued QuoVadis CAs QuoVadis-Grid-ICA-G2 QuoVadis-Root-CA2G3
     QuoVadis-Root-CA2 and QuoVadis-Root-CA3G3 (BM)
igtf-policy-bundle (1.126-1) unstable; urgency=medium
 .
   * New upstream release:
   * removed replaced InCommon IGTF Server CA and associated Comodo RSA CA (US)
   * removed discontinued UNLPGrid CA (CL)
igtf-policy-bundle (1.125-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated root certificate ArmeSFo CA with extended validity (AM)
igtf-policy-bundle (1.124-1) unstable; urgency=medium
 .
   * New upstream release:
   * updated contact meta-data for ArmeSFo authority (AM)
   * removed discontinued AEGIS authority (RS)
   * removed suspended KENET Root and issuing CAs (KE)
   * removed suspended SDG-G2 authority (CN)
   * removed suspended CNIC authority (CN)
   * removed all four discontinued DigitalTrust CAs operated by their issuer (AE)
igtf-policy-bundle (1.123-1) unstable; urgency=medium
 .
   * New upstream release:
   * Add ECC private trust hierarchy for GEANT (Research and Education) TCS (EU)
   * Added accredited private trust eMudhra IGTF root and issuers (IN)
igtf-policy-bundle (1.122-1) unstable; urgency=medium
 .
   * New Upstream release:
   * Added private trust hierarchy for GEANT (Research and Education) TCS (EU)
   * Added accredited eMudhra joint public trust root and issuing CAs (IN)
   * Added private trust eMudhra IGTF root and issuers as experimental (IN, US)
   * Closes: 1045502
igtf-policy-bundle (1.121-1) unstable; urgency=medium
 .
   * New upstream release:
   * Added accredited (classic) InCommon RSA IGTF Server CA 3 under the
     Sectigo USERTrust RSA root, for which namespaces have been updated (US)
igtf-policy-bundle (1.120-1) unstable; urgency=medium
 .
   * New upstream release:
   * Added transitional CDP mirror URLs for retiring DigitalTrust CAs (AE)
   * Removed discontinued NIIF-Root-CA-2 (HU)
   * Removed expiring GermanGrid (GridKA CrossGrid) CA (DE)
igtf-policy-bundle (1.119-1) unstable; urgency=medium
 .
   * New upstream release:
   * Updated UKeScience Root (2007) with consistent string encodings (UK)
   * Removed obsolete SHA1 subordinates DigiCertGridTrustCA-Classic
     and DigiCertGridCA-1-Classic from DigiCert, reflected in RPDNC namespaces
   * Experimental (non-accredited) new InCommon RSA IGTF Server CA 2 (ICA under
     Sectigo USERTrust RSA root, for which namespaces have been updated) (US)

imagemagick (8:6.9.11.60+dfsg-1.6+deb12u1) bookworm-security; urgency=high
 .
   * Acknowledge NMU
   * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
   * Fix an heap buffer overflow in TIFF coder
   * Fix uninitialised value passing in TIFFGetField
   * Fix stack overflow in TIFF coder
   * Early exit in case of malformed TIFF file
   * Fix buffer overrun in TIFF coder
   * Fix unitialised value in TIFF coder
   * Fix CVE-2022-1115: Heap based overflow in
     TIFF coder (Closes: #1013282)
   * Fix uninitialised value in TIFF coders
   * Use salsa-ci
   * Fix CVE-2023-1289: A specially created SVG file loaded itself and
     causes a segmentation fault. This flaw allows a remote attacker
     to pass a specially crafted SVG file that leads to a segmentation
     fault, generating many trash files in "/tmp," resulting in
     a denial of service. When ImageMagick crashes,
     it generates a lot of trash files. These trash files
     can be large if the SVG file contains many render actions.
     In a denial of service attack, if a remote attacker uploads an SVG file
     of size t, ImageMagick generates files of size 103*t.
     If an attacker uploads a 100M SVG, the server will generate about 10G.
   * Fix CVE-2023-1906: A heap-based buffer overflow issue was
     discovered in ImageMagick's ImportMultiSpectralQuantum() function
     in MagickCore/quantum-import.c. An attacker could pass specially
     crafted file to convert, triggering an out-of-bounds read error,
     allowing an application to crash, resulting in a denial of service.
   * Fix CVE-2023-34151: Imagemagick was vulnerable due to
     an undefined behaviors of casting double to size_t in svg, mvg
     and other coders. (Closes: #1036999)
   * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
     was found in coders/tiff.c in ImageMagick. This issue
     may allow a local attacker to trick the user into opening
     a specially crafted file, resulting in an application crash
     and denial of service.
   * Fix CVE-2023-5341: A heap use-after-free flaw was found in
     coders/bmp.c

intel-microcode (3.20240514.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm (no changes)
 .
 intel-microcode (3.20240514.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240514
     * Mitigations for INTEL-SA-01051 (CVE-2023-45733)
       Hardware logic contains race conditions in some Intel Processors may
       allow an authenticated user to potentially enable partial information
       disclosure via local access.
     * Mitigations for INTEL-SA-01052 (CVE-2023-46103)
       Sequence of processor instructions leads to unexpected behavior in
       Intel Core Ultra Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     * Mitigations for INTEL-SA-01036 (CVE-2023-45745,  CVE-2023-47855)
       Improper input validation in some Intel TDX module software before
       version 1.5.05.46.698 may allow a privileged user to potentially enable
       escalation of privilege via local access.
     * Fix for unspecified functional issues on 4th gen and 5th gen Xeon
       Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
       Core i3 N-series processors.
     * Updated microcodes:
       sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
       sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
       sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
       sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
       sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
       sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
       sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
       sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
       sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
       sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
   * source: update symlinks to reflect id of the latest release, 20240514
intel-microcode (3.20240514.1~deb11u1) bullseye; urgency=medium
 .
   * Backport to Debian Bullseye
   * debian/control: revert non-free-firmware change
 .
 intel-microcode (3.20240514.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240514
     * Mitigations for INTEL-SA-01051 (CVE-2023-45733)
       Hardware logic contains race conditions in some Intel Processors may
       allow an authenticated user to potentially enable partial information
       disclosure via local access.
     * Mitigations for INTEL-SA-01052 (CVE-2023-46103)
       Sequence of processor instructions leads to unexpected behavior in
       Intel Core Ultra Processors may allow an authenticated user to
       potentially enable denial of service via local access.
     * Mitigations for INTEL-SA-01036 (CVE-2023-45745,  CVE-2023-47855)
       Improper input validation in some Intel TDX module software before
       version 1.5.05.46.698 may allow a privileged user to potentially enable
       escalation of privilege via local access.
     * Fix for unspecified functional issues on 4th gen and 5th gen Xeon
       Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
       Core i3 N-series processors.
     * Updated microcodes:
       sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
       sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
       sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
       sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
       sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
       sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
       sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
       sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
       sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
       sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
       sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
       sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
       sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
   * source: update symlinks to reflect id of the latest release, 20240514
intel-microcode (3.20240312.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240312 (closes: #1066108)
     - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
       Protection mechanism failure of bus lock regulator for some Intel
       Processors may allow an unauthenticated user to potentially enable
       denial of service via network access.
     - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
       Non-transparent sharing of return predictor targets between contexts in
       some Intel Processors may allow an authorized user to potentially
       enable information disclosure via local access.  Affects SGX as well.
     - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
       Information exposure through microarchitectural state after transient
       execution from some register files for some Intel Atom Processors and
       E-cores of Intel Core Processors may allow an authenticated user to
       potentially enable information disclosure via local access.  Enhances
       VERW instruction to clear stale register buffers.  Affects SGX as well.
       Requires kernel update to be effective.
     - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
       Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
       Processors when using Intel SGX or Intel TDX may allow a privileged
       user to potentially enable escalation of privilege via local access.
       NOTE: effective only when loaded by firmware.  Allows SMM firmware to
       attack SGX/TDX.
     - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
       Incorrect calculation in microcode keying mechanism for some Intel
       Xeon D Processors with Intel SGX may allow a privileged user to
       potentially enable information disclosure via local access.
   * Fixes for other unspecified functional issues on many processors
   * Updated microcodes:
     sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
     sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
     sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
     sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
     sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
     sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
     sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
     sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
     sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
     sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
     sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
     sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
     sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
     sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
     sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
     sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
     sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
     sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
     sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
     sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
     sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
     sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
     sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
     sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
     sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
   * New microcodes:
     sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
     sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
     sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
   * source: update symlinks to reflect id of the latest release, 20240312
   * changelog, debian/changelog: fix typos
intel-microcode (3.20240312.1~deb12u1) bookworm; urgency=medium
 .
   * Build for bookworm (no changes)
 .
 intel-microcode (3.20240312.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240312 (closes: #1066108)
     - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
       Protection mechanism failure of bus lock regulator for some Intel
       Processors may allow an unauthenticated user to potentially enable
       denial of service via network access.
     - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
       Non-transparent sharing of return predictor targets between contexts in
       some Intel Processors may allow an authorized user to potentially
       enable information disclosure via local access.  Affects SGX as well.
     - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
       Information exposure through microarchitectural state after transient
       execution from some register files for some Intel Atom Processors and
       E-cores of Intel Core Processors may allow an authenticated user to
       potentially enable information disclosure via local access.  Enhances
       VERW instruction to clear stale register buffers.  Affects SGX as well.
       Requires kernel update to be effective.
     - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
       Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
       Processors when using Intel SGX or Intel TDX may allow a privileged
       user to potentially enable escalation of privilege via local access.
       NOTE: effective only when loaded by firmware.  Allows SMM firmware to
       attack SGX/TDX.
     - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
       Incorrect calculation in microcode keying mechanism for some Intel
       Xeon D Processors with Intel SGX may allow a privileged user to
       potentially enable information disclosure via local access.
   * Fixes for other unspecified functional issues on many processors
   * Updated microcodes:
     sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
     sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
     sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
     sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
     sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
     sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
     sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
     sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
     sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
     sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
     sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
     sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
     sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
     sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
     sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
     sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
     sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
     sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
     sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
     sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
     sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
     sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
     sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
     sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
     sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
   * New microcodes:
     sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
     sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
     sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
   * source: update symlinks to reflect id of the latest release, 20240312
   * changelog, debian/changelog: fix typos
intel-microcode (3.20240312.1~deb11u1) bullseye; urgency=medium
 .
   * Backport to Debian Bullseye
   * debian/control: revert non-free-firmware change
 .
 intel-microcode (3.20240312.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240312 (closes: #1066108)
     - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
       Protection mechanism failure of bus lock regulator for some Intel
       Processors may allow an unauthenticated user to potentially enable
       denial of service via network access.
     - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
       Non-transparent sharing of return predictor targets between contexts in
       some Intel Processors may allow an authorized user to potentially
       enable information disclosure via local access.  Affects SGX as well.
     - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
       Information exposure through microarchitectural state after transient
       execution from some register files for some Intel Atom Processors and
       E-cores of Intel Core Processors may allow an authenticated user to
       potentially enable information disclosure via local access.  Enhances
       VERW instruction to clear stale register buffers.  Affects SGX as well.
       Requires kernel update to be effective.
     - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
       Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
       Processors when using Intel SGX or Intel TDX may allow a privileged
       user to potentially enable escalation of privilege via local access.
       NOTE: effective only when loaded by firmware.  Allows SMM firmware to
       attack SGX/TDX.
     - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
       Incorrect calculation in microcode keying mechanism for some Intel
       Xeon D Processors with Intel SGX may allow a privileged user to
       potentially enable information disclosure via local access.
   * Fixes for other unspecified functional issues on many processors
   * Updated microcodes:
     sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
     sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
     sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
     sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
     sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
     sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
     sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
     sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
     sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
     sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
     sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
     sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
     sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
     sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
     sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
     sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
     sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
     sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
     sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
     sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
     sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
     sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
     sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
     sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
     sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
     sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
     sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
     sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
     sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
     sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
     sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
   * New microcodes:
     sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
     sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
     sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
     sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
   * source: update symlinks to reflect id of the latest release, 20240312
   * changelog, debian/changelog: fix typos
intel-microcode (3.20231114.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20231114 (closes: #1055962)
     Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
     Sequence of processor instructions leads to unexpected behavior for some
     Intel(R) Processors, may allow an authenticated user to potentially enable
     escalation of privilege and/or information disclosure and/or denial of
     service via local access.
     Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
     Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
     0x01) were already mitigated by a previous microcode update.
   * Fixes for unspecified functional issues
   * Updated microcodes:
     sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
     sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
     sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
     sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
     sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
     sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
     sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
     sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
     sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
     sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
     sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
     sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
     sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
     sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
     sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
   * Updated 2023-08-08 changelog entry:
     Mitigations for "retvar" on a few processors, refer to the 2023-11-14
     entry for details.  This information was disclosed in 2023-11-14.
   * source: update symlinks to reflect id of the latest release, 20231114

iwd (2.3-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * ap: only accept ptk 4/4 after receiving ptk 2/4 (CVE-2023-52161)
     (Closes: #1064062)

jetty9 (9.4.50-4+deb12u3) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-22201:
     It was discovered that remote attackers may leave many HTTP/2 connections
     in ESTABLISHED state (not closed), TCP congested and idle. Eventually the
     server will stop accepting new connections from valid clients which can
     cause a denial of service.

jose (11-2+deb12u1) bookworm; urgency=high
 .
   * Cherry-pick "Fix potential DoS issue with p2c header". Closes:
     #1067457 [CVE-2023-50967]

json-smart (2.2-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
     When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
     parses an array or an object respectively. It was discovered that the
     code does not have any limit to the nesting of such arrays or
     objects. Since the parsing of nested arrays and objects is done
     recursively, nesting too many of them can cause a stack exhaustion
     (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
     A vulnerability was discovered in the indexOf function of
     JSONParserByteArray in JSON Smart versions 1.3 and 2.4
     which causes a denial of service (DOS)
     via a crafted web request.
json-smart (2.2-2+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bullseye.  (Closes: #1039985)
 .
 json-smart (2.2-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2023-1370: stack overflow due to excessive recursion
     When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code
     parses an array or an object respectively. It was discovered that the
     code does not have any limit to the nesting of such arrays or
     objects. Since the parsing of nested arrays and objects is done
     recursively, nesting too many of them can cause a stack exhaustion
     (stack overflow) and crash the software. (Closes: #1033474)
   * CVE-2021-31684: Fix indexOf
     A vulnerability was discovered in the indexOf function of
     JSONParserByteArray in JSON Smart versions 1.3 and 2.4
     which causes a denial of service (DOS)
     via a crafted web request.

kio (5.103.0-1+deb12u1) bookworm; urgency=medium
 .
   [ Aurélien COUDERC ]
   * Backport upstream patches to fix incorrect behaviours with CIFS:
     - Don't unlink + rename on CIFS mounts during copy operations; Don't crash
       if KMountPoint gives nothing back while checking. (Closes: #1069855)
     - Don't leak existing file handles to newly spanwed KIO workers.
       (Closes: #1070322)

knot-resolver (5.6.0-1+deb12u1) bookworm-security; urgency=medium
 .
   * Backport upstream fixes for CVE-2023-50868 "NSEC3"
   * Backport upstream fixes for CVE-2023-50387 "KeyTrap"
   * Backport upstream fix for CVE-2023-46317

lacme (0.8.2-1+deb12u1) bookworm; urgency=medium
 .
   * Backport upstream patches to fix post-issuance validation logic.  We avoid
     pinning the intermediate certificates in the bundle and instead validate
     the leaf certificate with intermediates supplied during issuance as
     untrusted (used for chain building only).  Only the root certificates are
     used as trust anchor.
     Not pinning intermediate certificates is in line with Let's Encrypt's
     latest recommendations.
     Closes: #1072847
   * Adjust test suite against current Let's Encrypt staging environment.
   * d/gbp.conf: Set 'debian-branch = debian/bookworm'.

less (590-2.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Milan Kupcevic ]
   * Fix incorrect display when filename contains control chars
     (Closes: #1069681)
 .
 less (590-2.1~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Rebuild for bookworm-security
 .
 less (590-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
     (Closes: #1064293)
   * Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
     (Closes: #1068938)
less (590-2.1~deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Rebuild for bookworm-security
 .
 less (590-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
     (Closes: #1064293)
   * Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
     (Closes: #1068938)

libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks
     cookie value made the server vulnerable to a Denial of Service (DoS)
     attack. If an attacker manipulated the value of the OpenIDC cookie to a
     very large integer like 99999999, the server struggled with the request for
     a long time and finally returned a 500 error. Making a few requests of this
     kind caused servers to become unresponsive, and so attackers could thereby
     craft requests that would make the server work very hard and/or crash with
     minimal effort. (Closes: #1064183)

libarchive (3.6.2-1+deb12u1) bookworm-security; urgency=high
 .
   [ Peter Pentchev ]
   * Add the robust-error-reporting upstream patch. Closes: #1068047
 .
   [ Salvatore Bonaccorso ]
   * fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107)
   * fix: OOB in rar delta filter
   * fix: OOB in rar audio filter

libesmtp (1.1.0-3.1~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 libesmtp (1.1.0-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * libesmtp6: Add versioned Replaces and Breaks against
     libesmtp5 (<< 1.0.6-1~) (Closes: #1043058)

libgit2 (1.5.1+ds-1+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-24575: Denial of service attack in git_revparse_single
     (Closes: #1063415)
   * Fix CVE-2024-24577: Use-after-free in git_index_add
     (Closes: #1063416)

libimage-imlib2-perl (2.03-1.2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 libimage-imlib2-perl (2.03-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix "Creates empty package on bookworm upwards":
     `imlib2-config' went missing from libimlib2-dev, so use pkgconfig (new
     patch pkg-config.diff and build dependency on libextutils-pkgconfig-perl)
     (Closes: #1040223)
   * Add patch 0001-Work-around-an-imlib2-bug-with-alpha-channel-cloning.patch
     from Niko Tyni to work around an imlib2 bug with alpha channel cloning
     which makes a test fail.

libjwt (1.10.2-1+deb12u1) bookworm; urgency=medium
 .
   * CVE-2024-25189 (Closes: #1063534)
     fix a timing side channel via strcmp()
libjwt (1.10.2-1+deb11u1) bullseye; urgency=medium
 .
   * CVE-2024-25189 (Closes: #1063534)
     fix a timing side channel via strcmp()

libkf5ksieve (4:22.12.3-1+deb12u1) bookworm; urgency=medium
 .
   [ Patrick Franz ]
   * Add patch to prevent leaking passwords into server-side logs
     (Closes: #1069163).

libmail-dkim-perl (1.20230212-2~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
 .
 libmail-dkim-perl (1.20230212-2) unstable; urgency=medium
 .
   * Team upload.
   * Add scripts to autopkgtest's syntax.t. Cf. #1040438.
   * Add a runtime dependency on libgetopt-long-descriptive-perl.
     Thanks to Colin Watson for the bug report. (Closes: #1040438)

libndp (1.8-1+deb12u1) bookworm-security; urgency=medium
 .
   * add debian/patches/CVE-2024-5564.patch from upstream fixing CVE-2024-5564
     (Closes: #1072366)
   * d/gbp.conf: update for bookworm release

libpod (4.3.1+ds1-8+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * d/patches: backport fix for removed container handling (Closes: #1059496)

libreoffice (4:7.4.7-1+deb12u3) bookworm; urgency=medium
 .
   * debian/patches/Fix-backup-copy-creation-for-files-on-mounted-samba-shares.diff:
     as name says, from 24.2.2+ (closes: #1069835)
   * debian/patches/fix-32bit-build.diff: as name says; fix 32bit build with
     above
 .
   * debian/rules:
     - don't remove libforuilo.so in -core-nogui. (closes: #1059158)
       It's subsumed in libmerged on 64bit archs anyway which we definitely
       need to keep anyway (similar as libuuilo.so).
     - recommend kio >> 5.103.0-1 in -kf5
libreoffice (4:7.4.7-1+deb12u2) bookworm-security; urgency=high
 .
   * debian/patches/add-notify-for-script-use.diff: add fix for
     CVE-2024-3044 ("Graphic on-click binding allows unchecked script
     execution")
libreoffice (4:7.4.7-1+deb12u2~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
   * tarballs/liborcus-0.17.2.tar.bz2,
     tarballs/mdds-2.0.3.tar.bz2,
     tarballs/libmwaw-0.3.21.tar.xz,
     tarballs/zxing-cpp-1.2.0.tar.gz,
     tarballs/libnumbertext-1.0.11.tar.xz,
     tarballs/dragonbox-1.1.3.tar.gz: include
 .
 libreoffice (4:7.4.7-1+deb12u2) bookworm-security; urgency=high
 .
   * debian/patches/add-notify-for-script-use.diff: add fix for
     CVE-2024-3044 ("Graphic on-click binding allows unchecked script
     execution")

libseccomp (2.5.4-1+deb12u1) bookworm; urgency=medium
 .
   * Add support for syscalls up to Linux 6.7. (Closes: #1071822)

libtommath (1.2.0-6+deb12u1) bookworm; urgency=medium
 .
   * CVE-2023-36328 (Closes: #1051100)

libtool (2.4.7-7~deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Rebuild for bookworm.
   * Reinstate obsolete Breaks, Provides.
 .
 libtool (2.4.7-7) unstable; urgency=medium
 .
   * Remove obsolete Breaks: for oldstable, Provides: libltdl7-dev.
   * Replace Breaks: libltdl3-dev with Conflicts: libltdl3-dev.
     Thanks  Andreas Beckmann. Closes: #1041229
 .
 libtool (2.4.7-6) unstable; urgency=medium
 .
   * Incorrect check for += operator causes func_append to fail
     Patch from Ernesto Alfonso. Closes: #1039612
   * Standards-Version: 4.6.2
   * Add Breaks/Replaces on libtldl3-dev. Closes: #1039583
libtool (2.4.7-6) unstable; urgency=medium
 .
   * Incorrect check for += operator causes func_append to fail
     Patch from Ernesto Alfonso. Closes: #1039612
   * Standards-Version: 4.6.2
   * Add Breaks/Replaces on libtldl3-dev. Closes: #1039583

libuv1 (1.44.2-1+deb12u1) bookworm-security; urgency=medium
 .
   * add patch to fix CVE-2024-24806 (Closes: 1063484)

libxml-stream-perl (1.24-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Add Set_SSL_verifycn_name_parameter_to_fix_hostname_verification.patch
     to adjust to IO::Socket::SSL >= 2.078.
     Thanks to Manfred Stock for the bug report and the patch.
     (Closes: #1064058)

linux (6.1.94-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
     - [arm64,armhf] dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition (CVE-2024-35848)
     - Bluetooth: qca: add support for QCA2066
     - mm/hugetlb: add folio support to hugetlb specific flag macros
     - mm: add private field of first tail to struct page and struct folio
     - mm/hugetlb: add hugetlb_folio_subpool() helpers
     - mm/hugetlb: add folio_hstate()
     - mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios
     - mm/hugetlb: convert free_huge_page to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
     - mm/hugetlb: fix missing hugetlb_lock for resv uncharge
     - kbuild: refactor host*_flags
     - kbuild: specify output names separately for each emission type from rustc
     - cifs: use the least loaded channel for sending requests
     - smb3: missing lock when picking channel
     - [armhf] pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of
       GPIOR-T
     - [arm64] pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro
     - [x86] pinctrl: intel: Make use of struct pinfunction and
       PINCTRL_PINFUNCTION()
     - [x86] pinctrl: baytrail: Fix selecting gpio pinctrl state
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: change stubbed devm_regulator_get_enable to return Ok
     - regulator: change devm_regulator_get_enable_optional() stub to return Ok
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - nvme: fix warn output about shared namespaces without
       CONFIG_NVME_MULTIPATH
     - bpf: Fix a verifier verbose message
     - spi: introduce new helpers with using modern naming
     - [arm64] bpf, arm64: Fix incorrect runtime stats
     - [s390x] mm: Fix storage key clearing for guest huge pages
     - [s390x] mm: Fix clearing storage keys for huge pages
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - [s390x] vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr() for flower
     - net: qede: use return from qede_parse_flow_attr() for flow_spec
     - net: qede: use return from qede_parse_actions()
     - [arm64] ASoC: meson: axg-fifo: use FIELD helpers
     - [arm64] ASoC: meson: axg-fifo: use threaded irq to check periods
     - [arm64] ASoC: meson: axg-card: make links nonatomic
     - [arm64] ASoC: meson: axg-tdm-interface: manage formatters in trigger
     - [arm64] ASoC: meson: cards: select SND_DYNAMIC_MINORS
     - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
     - [s390x] cio: Ensure the copied buf is NUL terminated
     - cxgb4: Properly lock TX queue for the selftest.
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 /
       88E6341
     - spi: fix null pointer dereference within spi_sync
     - net: bridge: fix multicast-to-unicast with fraglist GSO
     - net: core: reject skb_copy(_expand) for fraglist GSO skbs
     - vxlan: Pull inner IP header in vxlan_rcv().
     - [s390x] qeth: Fix kernel panic after setting hsuid
     - net: gro: add flush check in udp_gro_receive_segment
     - [arm64] clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
     - [powerpc*] pseries: replace kmalloc with kzalloc in PLPKS driver
     - [powerpc*] pseries: Move PLPKS constants to header file
     - [powerpc*] pseries: make max polling consistent for longer H_CALLs
     - [powerpc*] pseries/iommu: LPAR panics during boot up with a frozen PE
     - [arm64] KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
     - [arm64] KVM: arm64: vgic-v2: Check for non-NULL vCPU in
       vgic_v2_parse_attr()
     - scsi: lpfc: Move NPIV's transport unregistration to after resource clean
       up
     - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
     - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
     - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
     - gfs2: Fix invalid metadata access in punch_hole
     - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
     - wifi: cfg80211: fix rdev_dump_mpp() arguments order
     - net: mark racy access on sk->sk_rcvbuf
     - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
     - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
     - btrfs: return accurate error code on open failure in open_fs_devices()
     - bpf: Check bloom filter map value size
     - kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
     - scsi: ufs: core: WLUN suspend dev/link state error recovery
     - ALSA: line6: Zero-initialize message buffers
     - block: fix overflow in blk_ioctl_discard()
     - net: bcmgenet: Reset RBUF on first open
     - ata: sata_gemini: Check clk_enable() result
     - firewire: ohci: mask bus reset interrupts between ISR and bottom half
     - tools/power turbostat: Fix added raw MSR output
     - tools/power turbostat: Increase the limit for fd opened
     - tools/power turbostat: Fix Bzy_MHz documentation typo
     - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
     - btrfs: always clear PERTRANS metadata during commit
     - scsi: target: Fix SELinux error when systemd-modules loads the target
       module
     - blk-iocost: avoid out of bounds shift
     - [arm64,armhf] gpu: host1x: Do not setup DMA for virtual devices
     - [mips*] scall: Save thread_info.syscall unconditionally on entry
       (Closes: #1068365)
     - tools/power/turbostat: Fix uncore frequency file string
     - drm/amdgpu: Refine IB schedule error logging
     - Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
     - [x86] uio_hv_generic: Don't free decrypted memory
     - Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
     - fs/9p: only translate RWX permissions for plain 9P2000
     - fs/9p: translate O_TRUNC into OTRUNC
     - 9p: explicitly deny setlease attempts
     - gpio: wcove: Use -ENOTSUPP consistently
     - gpio: crystalcove: Use -ENOTSUPP consistently
     - clk: Don't hold prepare_lock when calling kref_put()
     - fs/9p: drop inodes immediately on non-.L too
     - drm/nouveau/dp: Don't probe eDP ports twice harder
     - net:usb:qmi_wwan: support Rolling modules
     - kbuild: rust: avoid creating temporary files
     - spi: Merge spi_controller.{slave,target}_abort()
     - perf unwind-libunwind: Fix base address for .eh_frame
     - perf unwind-libdw: Handle JIT-generated DSOs properly
     - qibfs: fix dentry leak
     - xfrm: Preserve vlan tags for transport mode software GRO
     - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
     - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
     - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
       (CVE-2024-27398)
     - Bluetooth: msft: fix slab-use-after-free in msft_do_close()
     - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
       (CVE-2024-27399)
     - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
     - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
     - [x86] hwmon: (corsair-cpro) Use a separate buffer for sending commands
     - [x86] hwmon: (corsair-cpro) Use complete_all() instead of complete() in
       ccp_raw_event()
     - [x86] hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
     - phonet: fix rtm_phonet_notify() skb allocation
     - net: bridge: fix corrupted ethernet header on multicast-to-unicast
     - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
     - timers: Get rid of del_singleshot_timer_sync()
     - timers: Rename del_timer() to timer_delete()
     - net-sysfs: convert dev->operstate reads to lockless ones
     - hsr: Simplify code for announcing HSR nodes timer setup
     - ipv6: annotate data-races around cnf.disable_ipv6
     - ipv6: prevent NULL dereference in ip6_output()
     - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
     - [arm64] net: hns3: using user configure after hardware reset
     - [arm64] net: hns3: direct return when receive a unknown mailbox message
     - [arm64] net: hns3: change type of numa_node_mask as nodemask_t
     - [arm64] net: hns3: release PTP resources if pf initialization failed
     - [arm64] net: hns3: use appropriate barrier function after setting a bit
       value
     - [arm64] net: hns3: fix port vlan filter not disabled issue
     - [arm64] net: hns3: fix kernel crash when devlink reload during
       initialization
     - [arm64] drm/meson: dw-hdmi: power up phy on device init
     - [arm64] drm/meson: dw-hdmi: add bandgap setting for g12
     - drm/connector: Add \n to message about demoting connector force-probes
     - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11
       users
     - gpiolib: cdev: Add missing header(s)
     - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc
     - gpiolib: cdev: fix uninitialised kfifo
     - drm/amd/display: Atom Integrated System Info v2_2 for DCN35
     - MAINTAINERS: add leah to 6.1 MAINTAINERS file
     - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
     - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
     - firewire: nosy: ensure user_length is taken into account when fetching
       packet contents (CVE-2024-27401)
     - Reapply "drm/qxl: simplify qxl_fence_wait"
     - btf, scripts: rust: drop is_rust_module.sh
     - usb: typec: ucsi: Check for notifications after init
     - usb: typec: ucsi: Fix connector check on init
     - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed
       device
     - usb: ohci: Prevent missed ohci interrupts
     - USB: core: Fix access violation during port device removal
     - usb: gadget: composite: fix OS descriptors w_value logic
     - usb: gadget: f_fs: Fix a race condition when processing setup packets.
     - usb: xhci-plat: Don't include xhci.h
     - usb: dwc3: core: Prevent phy suspend during init
     - usb: typec: tcpm: unregister existing source caps before re-registration
     - usb: typec: tcpm: Check for port partner validity before consuming it
     - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
     - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
     - mm/slab: make __free(kfree) accept error pointers
     - mptcp: ensure snd_nxt is properly initialized on connect
     - dt-bindings: iio: health: maxim,max30102: fix compatible check
     - iio:imu: adis16475: Fix sync mode setting
     - iio: accel: mxc4005: Interrupt handling fixes
     - [armhf] ASoC: ti: davinci-mcasp: Fix race condition during probe
     - dyndbg: fix old BUG_ON in >control parser
     - slimbus: qcom-ngd-ctrl: Add timeout for wait operation
     - mei: me: add lunar lake point M DID
     - drm/vmwgfx: Fix invalid reads in fence signaled events
     - [x86] drm/i915/bios: Fix parsing backlight BDB data
     - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
     - net: fix out-of-bounds access in ops_init
     - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
     - mm: use memalloc_nofs_save() in page_cache_ra_order()
     - regulator: core: fix debugfs creation regression
     - spi: microchip-core-qspi: fix setting spi bus clock rate
     - ksmbd: off ipv6only for both ipv4/ipv6 binding
     - ksmbd: avoid to send duplicate lease break notifications
     - ksmbd: do not grant v2 lease if parent lease key and epoch are not set
     - Bluetooth: qca: add missing firmware sanity checks
     - Bluetooth: qca: fix NVM configuration parsing
     - Bluetooth: qca: fix info leak when fetching board id
     - Bluetooth: qca: fix info leak when fetching fw build id
     - Bluetooth: qca: fix firmware check error path
     - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (CVE-2024-21823)
     - dmaengine: idxd: add a new security check to deal with a hardware erratum
       (CVE-2024-21823)
     - dmaengine: idxd: add a write() method for applications to submit work
       (CVE-2024-21823)
     - keys: Fix overwrite of key expiration on instantiation
     - btrfs: do not wait for short bulk allocation
     - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
     - mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
     - md: fix kmemleak of rdev->serial (CVE-2024-26900)
     - net: bcmgenet: Clear RGMII_LINK upon link down
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
     - net: bcmgenet: synchronize UMAC_CMD access
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.92
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - net: ks8851: Fix another TX stall caused by wrong ISR flag handling
     - ice: pass VSI pointer into ice_vc_isvalid_q_id
     - ice: remove unnecessary duplicate checks for VF VSI ID
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - mfd: stpmic1: Fix swapped mask/unmask in irq chip
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - mmc: core: Add HS400 tuning in HS400es initialization
     - xfs: write page faults in iomap are not buffered writes
     - xfs: punching delalloc extents on write failure is racy
     - xfs: use byte ranges for write cleanup ranges
     - xfs,iomap: move delalloc punching to iomap
     - iomap: buffered write failure should not truncate the page cache
     - xfs: xfs_bmap_punch_delalloc_range() should take a byte range
     - iomap: write iomap validity checks
     - xfs: use iomap_valid method to detect stale cached iomaps
     - xfs: drop write error injection is unfixable, remove it
     - xfs: fix off-by-one-block in xfs_discard_folio()
     - xfs: fix incorrect error-out in xfs_remove
     - xfs: fix sb write verify for lazysbcount
     - xfs: fix incorrect i_nlink caused by inode racing
     - xfs: invalidate block device page cache during unmount
     - xfs: attach dquots to inode before reading data/cow fork mappings
     - xfs: wait iclog complete before tearing down AIL
     - xfs: fix super block buf log item UAF during force shutdown
     - xfs: hoist refcount record merge predicates
     - xfs: estimate post-merge refcounts correctly
     - xfs: invalidate xfs_bufs when allocating cow extents
     - xfs: allow inode inactivation during a ro mount log recovery
     - xfs: fix log recovery when unknown rocompat bits are set
     - xfs: get root inode correctly at bulkstat
     - xfs: short circuit xfs_growfs_data_private() if delta is zero
     - [arm64] atomics: lse: remove stale dependency on JUMP_LABEL
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper() (CVE-2023-52585)
     - [arm*] binder: fix max_thread type inconsistency
     - [arm64,armhf] usb: dwc3: Wait unconditionally after issuing EndXfer
       command
     - net: usb: ax88179_178a: fix link status when link is set to down/up
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - usb: typec: tipd: fix event checking for tps6598x
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
     - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
     - [x86] tsc: Trust initial offset in architectural TSC-adjust MSRs
     - ftrace: Fix possible use-after-free issue in ftrace_location()
     - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
     - tty: n_gsm: fix missing receive state reset after mode switch
     - speakup: Fix sizeof() vs ARRAY_SIZE() bug
     - serial: 8250_bcm7271: use default_mux_rate if possible
     - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
     - io_uring: fail NOP if non-zero op flags is passed in
     - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
       already"
     - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
     - ring-buffer: Fix a race between readers and resize checks
     - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
     - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
     - nilfs2: fix potential hang in nilfs_detach_log_writer()
     - ksmbd: avoid to send duplicate oplock break notifications
     - ksmbd: ignore trailing slashes in share paths
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460
       G11.
     - ALSA: core: Fix NULL module pointer assignment at card init
     - ALSA: Fix deadlocks with kctl removals at disconnection
     - KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
     - wifi: mac80211: don't use rate mask for scanning
     - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon
       timestamp field
     - wifi: cfg80211: fix the order of arguments for trace events of the
       tx_rx_evt class
     - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
     - net: usb: qmi_wwan: add Telit FN920C04 compositions
     - drm/amd/display: Set color_mgmt_changed to true on unsuspend
     - drm/amdgpu: Update BO eviction priorities
     - drm/amdgpu: Fix the ring buffer size for queue VM flush
     - drm/amdgpu/mes: fix use-after-free issue
     - sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
     - [x86] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM
       too
     - regulator: irq_helpers: duplicate IRQ name
     - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
     - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
     - regulator: vqmmc-ipq4019: fix module autoloading
     - ASoC: rt715: add vendor clear control register
     - ASoC: rt715-sdca: volume step modification
     - [x86] efistub: Omit physical KASLR when memory reservations exist
     - efi: libstub: only free priv.runtime_map when allocated
     - [x86] KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in
       CPUID
     - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
     - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
     - softirq: Fix suspicious RCU usage in __do_softirq()
     - ASoC: da7219-aad: fix usage of device_get_named_child_node()
     - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
     - drm/amd/display: Add dtbclk access to dcn315
     - drm/amd/display: Add VCO speed parameter for DCN31 FPU
     - drm/amdkfd: Flush the process wq before creating a kfd_process
     - [x86] mm: Remove broken vsyscall emulation code from the page fault code
     - nvme: find numa distance only if controller has valid numa id
     - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
     - nvmet-auth: replace pr_debug() with pr_err() to report an error.
     - nvmet-tcp: fix possible memory leak when tearing down a controller
     - nvmet: fix nvme status code when namespace is disabled
     - epoll: be better about file lifetimes
     - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
     - openpromfs: finish conversion to the new mount API
     - crypto: bcm - Fix pointer arithmetic
     - mm/slub, kunit: Use inverted data to corrupt kmem cache
     - firmware: raspberrypi: Use correct device for DMA mappings
     - ecryptfs: Fix buffer size for tag 66 packet
     - nilfs2: fix out-of-range warning
     - [x86] crypto: ccp - drop platform ifdef checks
     - [amd64] crypto: x86/nh-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha256-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha512-avx2 - add missing vzeroupper
     - [s390x] cio: fix tracepoint subchannel type field
     - io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of
       task_work
     - io_uring: use the right type for work_llist empty check
     - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
     - rcu: Fix buffer overflow in print_cpu_stall_info()
     - jffs2: prevent xattr node from overflowing the eraseblock
     - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
     - null_blk: Fix missing mutex_destroy() at module removal
     - md: fix resync softlockup when bitmap size is less than array size
     - block: open code __blk_account_io_start()
     - block: open code __blk_account_io_done()
     - block: support to account io_ticks precisely
     - wifi: ath10k: poll service ready message before failing
     - wifi: brcmfmac: pcie: handle randbuf allocation failure
     - wifi: ath11k: don't force enable power save on non-running vdevs
     - bpftool: Fix missing pids during link show
     - [x86] boot: Ignore relocations in .notes sections in walk_relocs() too
     - sched/fair: Add EAS checks before updating root_domain::overutilized
     - ACPI: Fix Generic Initiator Affinity _OSC bit
     - qed: avoid truncating work queue length
     - net/mlx5e: Fail with messages when params are not valid for XSK
     - mlx5: stop warning for 64KB pages
     - bitops: add missing prototype check
     - wifi: carl9170: re-fix fortified-memset warning
     - bpf: Pack struct bpf_fib_lookup
     - scsi: ufs: qcom: Perform read back after writing reset bit
     - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
     - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
     - scsi: ufs: qcom: Perform read back after writing unipro mode
     - scsi: ufs: qcom: Perform read back after writing CGC enable
     - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
     - scsi: ufs: core: Perform read back after disabling interrupts
     - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
     - ACPI: LPSS: Advertise number of chip selects via property
     - irqchip/alpine-msi: Fix off-by-one in allocation error path
     - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
     - ACPI: disable -Wstringop-truncation
     - gfs2: Don't forget to complete delayed withdraw
     - gfs2: Fix "ignore unlock failures after withdraw"
     - [x86] boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
     - cpufreq: exit() callback is optional
     - [x86] pat: Introduce lookup_address_in_pgd_attr()
     - [x86] pat: Restructure _lookup_address_cpa()
     - [x86] pat: Fix W^X violation false-positives when running as Xen PV guest
     - net: export inet_lookup_reuseport and inet6_lookup_reuseport
     - net: remove duplicate reuseport_lookup functions
     - udp: Avoid call to compute_score on multiple sites
     - cppc_cpufreq: Fix possible null pointer dereference
     - scsi: libsas: Fix the failure of adding phy with zero-address to port
     - scsi: hpsa: Fix allocation size for Scsi_Host private data
     - [x86] purgatory: Switch to the position-independent small code model
     - thermal/drivers/tsens: Fix null pointer dereference
     - wifi: ath10k: Fix an error code problem in
       ath10k_dbg_sta_write_peer_debug_trigger()
     - wifi: ath10k: populate board data for WCN3990
     - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset
       handlers
     - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family
       switches
     - tcp: avoid premature drops in tcp_add_backlog()
     - pwm: sti: Convert to platform remove callback returning void
     - pwm: sti: Prepare removing pwm_chip from driver data
     - pwm: sti: Simplify probe function using devm functions
     - drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
     - net: give more chances to rcu in netdev_wait_allrefs_any()
     - wifi: carl9170: add a proper sanity check for endpoints
     - wifi: ar5523: enable proper endpoint verification
     - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
     - libbpf: Fix error message in attach_kprobe_multi
     - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
     - scsi: bfa: Ensure the copied buf is NUL terminated
     - scsi: qedf: Ensure the copied buf is NUL terminated
     - scsi: qla2xxx: Fix debugfs output for fw_resource_count
     - kernel/numa.c: Move logging out of numa.h
     - [x86] numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
     - wifi: mwl8k: initialize cmd->addr[] properly
     - HID: amd_sfh: Handle "no sensors" in PM operations
     - usb: aqc111: stop lying about skb->truesize
     - net: usb: sr9700: stop lying about skb->truesize
     - net: ipv6: fix wrong start position when receive hop-by-hop fragment
     - eth: sungem: remove .ndo_poll_controller to avoid deadlocks
     - net: ethernet: cortina: Locking fixes
     - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
     - net: usb: smsc95xx: stop lying about skb->truesize
     - net: openvswitch: fix overwriting ct original tuple for ICMPv6
     - ipv6: sr: add missing seg6_local_exit
     - ipv6: sr: fix incorrect unregister order
     - ipv6: sr: fix invalid unregister error path
     - net/mlx5: Add a timeout to acquire the command queue semaphore
     - net/mlx5: Discard command completions in internal error
     - [s390x] bpf: Emit a barrier for BPF_FETCH instructions
     - riscv, bpf: make some atomic operations fully ordered
     - ax25: Use kernel universal linked list to implement ax25_dev_list
     - ax25: Fix reference count leak issues of ax25_dev
     - ax25: Fix reference count leak issue of net_device
     - mptcp: SO_KEEPALIVE: fix getsockopt support
     - Bluetooth: Consolidate code around sk_alloc into a helper function
     - Bluetooth: compute LE flow credits based on recvbuf space
     - Bluetooth: qca: Fix error code in qca_read_fw_build_info()
     - drm/bridge: Fix improper bridge init order with pre_enable_prev_first
     - printk: Let no_printk() use _printk()
     - dev_printk: Add and use dev_no_printk()
     - drm/lcdif: Do not disable clocks on already suspended hardware
     - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
     - drm/dp: Don't attempt AUX transfers when eDP panels are not powered
     - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't
       assert
     - drm/amd/display: Fix potential index out of bounds in color transformation
       function
     - [x86] ASoC: Intel: Disable route checks for Skylake boards
     - [x86] ASoC: Intel: avs: ssm4567: Do not ignore route checks
     - mtd: core: Report error if first mtd_otp_size() call fails in
       mtd_otp_nvmem_add()
     - mtd: rawnand: hynix: fixed typo
     - fbdev: shmobile: fix snprintf truncation
     - [armel,armhf] ASoC: kirkwood: Fix potential NULL dereference
     - drm/meson: vclk: fix calculation of 59.94 fractional rates
     - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
     - [powerpc*] fsl-soc: hide unused const variable
     - fbdev: sisfb: hide unused variables
     - [x86] ASoC: Intel: avs: Fix ASRC module initialization
     - [x86] ASoC: Intel: avs: Fix potential integer overflow
     - media: ngene: Add dvb_ca_en50221_init return value check
     - media: rcar-vin: work around -Wenum-compare-conditional warning
     - media: radio-shark2: Avoid led_names truncations
     - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
     - [arm64] drm/msm/dp: allow voltage swing / pre emphasis of 3
     - [arm64] drm/msm/dp: Return IRQ_NONE for unhandled interrupts
     - [arm64] drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
       connected
     - media: ipu3-cio2: Request IRQ earlier
     - media: dt-bindings: ovti,ov2680: Fix the power supply names
     - fbdev: sh7760fb: allow modular build
     - media: atomisp: ssh_css: Fix a null-pointer dereference in
       load_video_binaries
     - [arm64] drm/arm/malidp: fix a possible null pointer dereference
       (CVE-2024-36014)
     - drm: vc4: Fix possible null pointer dereference
     - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
     - drm/bridge: anx7625: Don't log an error when DSI host can't be found
     - drm/bridge: icn6211: Don't log an error when DSI host can't be found
     - drm/bridge: lt8912b: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
     - drm/bridge: tc358775: Don't log an error when DSI host can't be found
     - drm/bridge: dpc3433: Don't log an error when DSI host can't be found
     - drm/panel: novatek-nt35950: Don't log an error when DSI host can't be
       found
     - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
     - drm/mipi-dsi: use correct return type for the DSC functions
     - drm/rockchip: vop2: Do not divide height twice for YUV
     - clk: samsung: exynosautov9: fix wrong pll clock id value
     - RDMA/mlx5: Adding remote atomic access flag to updatable flags
     - [arm64] RDMA/hns: Fix return value in hns_roce_map_mr_sg
     - [arm64] RDMA/hns: Fix deadlock on SRQ async events.
     - [arm64] RDMA/hns: Fix UAF for cq async event
     - [arm64] RDMA/hns: Fix GMV table pagesize
     - [arm64] RDMA/hns: Use complete parentheses in macros
     - [arm64] RDMA/hns: Modify the print level of CQE error
     - clk: mediatek: mt8365-mm: fix DPI0 parent
     - clk: rs9: fix wrong default value for clock amplitude
     - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
     - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
     - RDMA/rxe: Fix incorrect rxe_put in error path
     - IB/mlx5: Use __iowrite64_copy() for write combining stores
     - clk: renesas: r8a779a0: Fix CANFD parent clock
     - clk: renesas: r9a07g043: Add clock and reset entry for PLIC
     - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
     - clk: qcom: dispcc-sm8450: fix DisplayPort clocks
     - clk: qcom: dispcc-sm6350: fix DisplayPort clocks
     - clk: qcom: mmcc-msm8998: fix venus clock issue
     - [x86] insn: Fix PUSH instruction in x86 instruction decoder opcode map
     - [x86] insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and
       VPDPWSSDS
     - ext4: avoid excessive credit estimate in ext4_tmpfile()
     - virt: acrn: stop using follow_pfn
     - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
     - sunrpc: removed redundant procp check
     - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
     - ext4: fix unit mismatch in ext4_mb_new_blocks_simple
     - ext4: try all groups in ext4_mb_new_blocks_simple
     - ext4: remove unused parameter from ext4_mb_new_blocks_simple()
     - ext4: fix potential unnitialized variable
     - SUNRPC: Fix gss_free_in_token_pages()
     - RDMA/IPoIB: Fix format truncation compilation errors
     - net: add pskb_may_pull_reason() helper
     - net: bridge: xmit: make sure we have at least eth header len bytes
     - net: bridge: mst: fix vlan use-after-free
     - net: qrtr: ns: Fix module refcnt
     - netrom: fix possible dead-lock in nr_rt_ioctl()
     - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
     - sched/fair: Allow disabling sched_balance_newidle with
       sched_relax_domain_level
     - sched/core: Fix incorrect initialization of the 'burst' parameter in
       cpu_max_write()
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
     - perf record: Delete session after stopping sideband thread
     - perf probe: Add missing libgen.h header needed for using basename()
     - iio: core: Leave private pointer NULL when no private data supplied
     - greybus: lights: check return of get_channel_from_mode
     - f2fs: multidev: fix to recognize valid zero block address
     - f2fs: fix to wait on page writeback in __clone_blkaddrs()
     - counter: linux/counter.h: fix Excess kernel-doc description warning
     - perf annotate: Get rid of duplicate --group option item
     - soundwire: cadence: fix invalid PDI offset
     - dmaengine: idma64: Add check for dma_set_max_seg_size
     - firmware: dmi-id: add a release callback function
     - serial: max3100: Lock port->lock when calling uart_handle_cts_change()
     - serial: max3100: Update uart_driver_registered on driver removal
     - serial: max3100: Fix bitwise types
     - greybus: arche-ctrl: move device table to its right location
     - PCI: tegra194: Fix probe path for Endpoint mode
     - serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
     - [arm64] dts: meson: fix S4 power-controller node
     - perf tests: Make "test data symbol" more robust on Neoverse N1
     - dt-bindings: PCI: rcar-pci-host: Add optional regulators
     - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
     - f2fs: compress: fix to relocate check condition in
       f2fs_{release,reserve}_compress_blocks()
     - f2fs: compress: fix to relocate check condition in
       f2fs_ioc_{,de}compress_file()
     - f2fs: fix typos in comments
     - f2fs: fix to relocate check condition in f2fs_fallocate()
     - f2fs: fix to check pinfile flag in f2fs_move_file_range()
     - iio: adc: stm32: Fixing err code to not indicate success
     - coresight: etm4x: Fix unbalanced pm_runtime_enable()
     - perf docs: Document bpf event modifier
     - iio: pressure: dps310: support negative temperature values
     - coresight: etm4x: Do not hardcode IOMEM access for register restore
     - coresight: etm4x: Do not save/restore Data trace control registers
     - coresight: etm4x: Safe access for TRCQCLTR
     - coresight: etm4x: Fix access to resource selector registers
     - fpga: region: add owner module and take its refcount
     - microblaze: Remove gcc flag for non existing early_printk.c file
     - microblaze: Remove early printk call from cpuinfo-static.c
     - perf intel-pt: Fix unassigned instruction op (discovered by
       MemorySanitizer)
     - ovl: remove upper umask handling from ovl_create_upper()
     - VMCI: Fix an error handling path in vmci_guest_probe_device()
     - dt-bindings: pinctrl: mediatek: mt7622: fix array properties
     - watchdog: bd9576: Drop "always-running" property
     - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
     - usb: gadget: u_audio: Fix race condition use of controls after free during
       gadget unbind.
     - usb: gadget: u_audio: Clear uac pointer when freed.
     - stm class: Fix a double free in stm_register_device()
     - ppdev: Remove usage of the deprecated ida_simple_xx() API
     - ppdev: Add an error check in register_device (CVE-2024-36015)
     - perf bench internals inject-build-id: Fix trap divide when collecting just
       one DSO
     - perf ui browser: Don't save pointer to stack memory
     - extcon: max8997: select IRQ_DOMAIN instead of depending on it
     - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
     - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
     - perf ui browser: Avoid SEGV on title
     - perf report: Avoid SEGV in report__setup_sample_type()
     - f2fs: compress: fix to update i_compr_blocks correctly
     - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/
       cp_rwsem lock
     - f2fs: fix to release node block count in error path of
       f2fs_new_node_page()
     - f2fs: compress: don't allow unaligned truncation on released compress
       inode
     - serial: sh-sci: protect invalidating RXDMA on shutdown
     - libsubcmd: Fix parse-options memory leak
     - perf daemon: Fix file leak in daemon_session__control
     - f2fs: fix to add missing iput() in gc_data_segment()
     - perf stat: Don't display metric header for non-leader uncore events
     - [s390x] vdso: filter out mno-pic-data-is-text-relative cflag
     - [s390x] vdso64: filter out munaligned-symbols flag for vdso
     - [s390x] vdso: Generate unwind information for C modules
     - [s390x] vdso: Use standard stack frame layout
     - [s390x] ipl: Fix incorrect initialization of len fields in nvme reipl
       block
     - [s390x] ipl: Fix incorrect initialization of nvme dump block
     - [s390x] boot: Remove alt_stfle_fac_list from decompressor
     - Input: ims-pcu - fix printf string overflow
     - Input: ioc3kbd - convert to platform remove callback returning void
     - Input: ioc3kbd - add device table
     - mmc: sdhci_am654: Add tuning algorithm for delay chain
     - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
     - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
     - mmc: sdhci_am654: Add OTAP/ITAP delay enable
     - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
     - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
     - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
     - [arm64] drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode
       pclk
     - [arm64] drm/msm/dpu: Always flush the slave INTF on the CTL
     - drm/bridge: tc358775: fix support for jeida-18 and jeida-24
     - media: stk1160: fix bounds checking in stk1160_copy_video()
     - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
     - Input: cyapa - add missing input core locking to suspend/resume functions
     - media: flexcop-usb: fix sanity check of bNumEndpoints
     - [powerpc*] pseries: Add failure related checks for h_get_mpp and h_get_ppp
     - media: sunxi: a83-mips-csi2: also select GENERIC_PHY
     - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
     - media: cec: cec-api: add locking in cec_release()
     - media: cec: core: avoid recursive cec_claim_log_addrs
     - media: cec: core: avoid confusing "transmit timed out" message
     - Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
     - [arm64] drm/msm: Enable clamp_to_idle for 7c3
     - [arm64] drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
       fails
     - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
     - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
     - ASoC: mediatek: mt8192: fix register configuration for tdm
     - regulator: bd71828: Don't overwrite runtime voltages
     - perf/arm-dmc620: Fix lockdep assert in ->event_init()
     - [x86] kconfig: Select ARCH_WANT_FRAME_POINTERS again when
       UNWINDER_FRAME_POINTER=y
     - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
     - ipv6: sr: fix missing sk_buff release in seg6_input_core
     - nfc: nci: Fix uninit-value in nci_rx_work
     - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
     - NFSv4: Fixup smatch warning for ambiguous return
     - nfs: keep server info for remounts
     - sunrpc: fix NFSACL RPC retry on soft mount
     - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
     - af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
       (CVE-2024-36972)
     - ipv6: sr: fix memleak in seg6_hmac_init_algo
     - tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
     - pNFS/filelayout: fixup pNfs allocation modes
     - openvswitch: Set the skbuff pkt_type for proper pmtud support.
     - [arm64] asm-bug: Add .align 2 to the end of __BUG_ENTRY
     - rv: Update rv_en(dis)able_monitor doc to match kernel-doc
     - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
     - Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
     - net: fec: avoid lock evasion when reading pps_enable
     - tls: fix missing memory barrier in tls_init
     - inet: factor out locked section of inet_accept() in a new helper
     - net: relax socket state check at accept time.
     - nfc: nci: Fix kcov check in nci_rx_work()
     - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
     - drivers/xen: Improve the late XenStore init protocol
     - ice: Interpret .set_channels() input differently
     - netfilter: nfnetlink_queue: acquire rcu_read_lock() in
       instance_destroy_rcu()
     - netfilter: nft_payload: restore vlan q-in-q match support
     - spi: Don't mark message DMA mapped when no transfer in it is
     - dma-mapping: benchmark: fix node id validation
     - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
     - nvmet: fix ns enable/disable possible hang
     - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
     - net/mlx5: Lag, do bond only if slaves agree on roce state
     - net/mlx5e: Fix IPsec tunnel mode offload feature check
     - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
       exhaustion
     - net/mlx5e: Fix UDP GSO for encapsulated packets
     - dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
     - bpf: Fix potential integer overflow in resolve_btfids
     - ALSA: jack: Use guard() for locking
     - ALSA: core: Remove debugfs at disconnection
     - ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
     - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
     - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
     - enic: Validate length of nl attributes in enic_set_vf_port
     - af_unix: Read sk->sk_hash under bindlock during bind().
     - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
     - bpf: Allow delete from sockmap/sockhash only if update is allowed
     - net:fec: Add fec_enet_deinit()
     - ice: fix accounting if a VLAN already exists
     - netfilter: nft_payload: move struct nft_payload_set definition where it
       belongs
     - netfilter: nft_payload: rebuild vlan header when needed
     - netfilter: nft_payload: rebuild vlan header on h_proto access
     - netfilter: nft_payload: skbuff vlan metadata mangle support
     - netfilter: tproxy: bail out if IP has been disabled on the device
     - netfilter: nft_fib: allow from forward/input without iif selector
     - kconfig: fix comparison to constant symbols, 'm', 'n'
     - [x86] drm/i915/guc: avoid FIELD_PREP warning
     - spi: stm32: Don't warn about spurious interrupts
     - net: dsa: microchip: fix RGMII error in KSZ DSA driver
     - net: ena: Add dynamic recycling mechanism for rx buffers
     - net: ena: Reduce lines with longer column width boundary
     - net: ena: Fix redundant device NUMA node override
     - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
     - [powerpc*] pseries/lparcfg: drop error message from guest name lookup
     - hwmon: (shtc1) Fix property misspelling
     - ALSA: timer: Set lower bound of start tick time
     - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.94
     - drm: Check output polling initialized before disabling (CVE-2024-35927)
     - drm: Check polling initialized before enabling in
       drm_helper_probe_single_connector_modes
     - Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations
     - maple_tree: fix allocation in mas_sparse_area()
     - maple_tree: fix mas_empty_area_rev() null pointer dereference
       (CVE-2024-36891)
     - mmc: core: Do not force a retune before RPMB switch
     - afs: Don't cross .backup mountpoint from backup volume
     - nilfs2: fix use-after-free of timer for log writer thread (CVE-2024-38583)
     - [x86] drm/i915/audio: Fix audio time stamp programming for DP
     - mptcp: avoid some duplicate code in socket option handling
     - mptcp: cleanup SOL_TCP handling
     - mptcp: fix full TCP keep-alive support
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - scripts/gdb: fix SB_* constants parsing
     - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
     - media: lgdt3306a: Add a check against null-pointer-def
     - drm/amdgpu: add error handle to avoid out-of-bounds
     - bcache: fix variable length array abuse in btree_iter
     - wifi: rtw89: correct aSIFSTime for 6GHz band
     - ata: pata_legacy: make legacy_exit() work again
     - thermal/drivers/qcom/lmh: Check for SCM availability at probe
     - [arm64] soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
     - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
     - [arm64] tegra: Correct Tegra132 I2C alias
     - [arm64] dts: qcom: qcs404: fix bluetooth device address
     - md/raid5: fix deadlock that raid5d() wait for itself to clear
       MD_SB_CHANGE_PENDING
     - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
       firmware command
     - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
     - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
     - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
     - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
     - [arm64] dts: hi3798cv200: fix the size of GICR
     - media: mc: Fix graph walk in media_pipeline_start
     - media: mc: mark the media devnode as registered from the, start
     - media: mxl5xx: Move xpt structures off stack
     - media: v4l2-core: hold videodev_lock until dev reg, finishes
     - mmc: core: Add mmc_gpiod_set_cd_config() function
     - mmc: sdhci: Add support for "Tuning Error" interrupts
     - mmc: sdhci-acpi: Sort DMI quirks alphabetically
     - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
     - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
     - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on
       Asus T100TA
     - fbdev: savage: Handle err return when savagefb_check_var failed
     - drm/amdgpu/atomfirmware: add intergrated info v2.3 table
     - 9p: add missing locking around taking dentry fid list
     - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
     - [arm64] KVM: arm64: Fix AArch32 register narrowing on userspace write
     - [arm64] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
     - [arm64] KVM: arm64: AArch32: Fix spurious trapping of conditional
       instructions
     - crypto: ecdsa - Fix module auto-load on add-key
     - crypto: ecrdsa - Fix module auto-load on add_key
     - [x86] crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
     - mm: fix race between __split_huge_pmd_locked() and GUP-fast
     - scsi: core: Handle devices which return an unusually large VPD page count
     - net/ipv6: Fix route deleting failure when metric equals 0
     - net/9p: fix uninit-value in p9_client_rpc()
     - kmsan: do not wipe out origin when doing partial unpoisoning
     - cpufreq: amd-pstate: Fix the inconsistency in max frequency units
     - [x86] intel_th: pci: Add Meteor Lake-S CPU support
     - mm/cma: drop incorrect alignment check in cma_init_reserved_mem
     - mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
     - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
     - kdb: Fix buffer overflow during tab-complete
     - kdb: Use format-strings rather than '\0' injection in kdb_read()
     - kdb: Fix console handling when editing and tab-completing commands
     - kdb: Merge identical case statements in kdb_read()
     - kdb: Use format-specifiers rather than memset() for padding in kdb_read()
     - net: fix __dst_negative_advice() race (CVE-2024-36971)
     - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
     - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
     - [s390x] ap: Fix crash in AP internal function modify_bitmap()
     - [s390x] cpacf: Split and rework cpacf query functions
     - [s390x] cpacf: Make use of invalid opcode produce a link error
     - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
     - EDAC/igen6: Convert PCIBIOS_* return codes to errnos
     - nfs: fix undefined behavior in nfs_block_bits()
     - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
     - btrfs: fix crash on racing fsync and size-extending write into prealloc
     - [powerpc*] bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
     - smb: client: fix deadlock in smb2_find_smb_tcon()
     - smp: Provide 'setup_max_cpus' definition on UP too
 .
   [ Uwe Kleine-König ]
   * [arm*] Enable symbols in Raspberry Pi device trees for simplified overlay
     application.
   * d/rules: Let blhc ignore perf tests binaries that are compiled without
     fortification
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 22
   * [rt] Update to 6.1.90-rt30
   * net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (CVE-2024-36974)
linux (6.1.90-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
     - amdkfd: use calloc instead of kzalloc to avoid integer overflow
       (CVE-2024-26817)
     - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
     - bnx2x: Fix firmware version string character counts
     - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
     - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
     - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
     - panic: Flush kernel log buffer at the end
     - cpuidle: Avoid potential overflow in integer multiplication
     - [arm64] dts: rockchip: fix rk3328 hdmi ports node
     - [arm64] dts: rockchip: fix rk3399 hdmi ports node
     - ionic: set adminq irq affinity
     - net: skbuff: add overflow debug check to pull/push helpers
     - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
     - pstore/zone: Add a null pointer check to the psz_kmsg_read
     - net: pcs: xpcs: Return EINVAL in the internal methods
     - dma-direct: Leak pages on dma_set_decrypted() failure
     - wifi: ath11k: decrease MHI channel buffer length to 8KB
     - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
     - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
     - btrfs: export: handle invalid inode or root reference in
       btrfs_get_parent()
     - btrfs: send: handle path ref underflow in header iterate_inode_ref()
     - ice: use relative VSI index for VFs instead of PF VSI number
     - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
     - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
     - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
     - [arm64,armhf] drm/vc4: don't check if plane->state->fb == state->fb
     - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
     - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
     - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
     - sysv: don't call sb_bread() with pointers_lock held
     - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
     - isofs: handle CDs with bad root inode but good Joliet root directory
     - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
       laptops
     - rcu-tasks: Repair RCU Tasks Trace quiescence check
     - Julia Lawall reported this null pointer dereference, this should fix it.
     - media: sta2x11: fix irq handler cast
     - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data
       block counter
     - ext4: add a hint for block bitmap corrupt state in mb_groups
     - ext4: forbid commit inconsistent quota data when errors=remount-ro
     - drm/amd/display: Fix nanosec stat overflow
     - drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()
     - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
       unsigned int
     - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
     - libperf evlist: Avoid out-of-bounds access
     - input/touchscreen: imagis: Correct the maximum touch area value
     - block: prevent division by zero in blk_rq_stat_sum()
     - RDMA/cm: add timeout to cm_destroy_id wait
     - Input: imagis - use FIELD_GET where applicable
     - Input: allocate keycode for Display refresh rate toggle
     - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the
       Chuwi Vi8 tablet
     - [x86] perf/x86/amd/lbr: Discard erroneous branch entries
     - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
       environment
     - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
     - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
     - [x86] thunderbolt: Keep the domain powered when USB4 port is in redrive
       mode
     - usb: typec: tcpci: add generic tcpci fallback compatible
     - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
     - thermal/of: Assume polling-delay(-passive) 0 when absent
     - ASoC: soc-core.c: Skip dummy codec when adding platforms
     - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
     - io_uring: clear opcode specific data for an early failure
     - drivers/nvme: Add quirks for device 126f:2262
     - fbmon: prevent division by zero in fb_videomode_from_videomode()
     - netfilter: nf_tables: release batch on table validation from abort path
     - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
       (CVE-2024-26925)
     - netfilter: nf_tables: discard table flag update with pending basechain
       deletion
     - gcc-plugins/stackleak: Avoid .head.text section
     - virtio: reenable config if freezing device failed
     - randomize_kstack: Improve entropy diffusion
     - [x86] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
     - Bluetooth: btintel: Fixe build regression
     - net: mpls: error out if inner headers are not set
     - [x86] VMCI: Fix possible memcpy() run-time warning in
       vmci_datagram_invoke_guest_handler()
     - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
     - smb3: fix Open files on server counter going negative
     - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
     - batman-adv: Avoid infinite loop trying to resize local TT
     - ring-buffer: Only update pages_touched when a new page is touched
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
     - PM: s2idle: Make sure CPUs will wakeup directly on resume
     - media: cec: core: remove length check of Timer Status
     - Revert "drm/qxl: simplify qxl_fence_wait" (Closes: #1054514)
     - nouveau: fix function cast warning
     - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
     - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
       file
     - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
     - geneve: fix header validation in geneve[6]_xmit_skb
     - bnxt_en: Reset PTP tx_avail after possible firmware reset
     - af_unix: Clear stale u->oob_skb.
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - Bluetooth: SCO: Fix not validating setsockopt user input
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
     - netfilter: complete validation of user input
     - net/mlx5: Properly link new fs rules into the tree
     - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
     - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
     - net: ena: Fix potential sign extension issue
     - net: ena: Wrong missing IO completions check order
     - net: ena: Fix incorrect descriptor free behavior
     - tracing: hide unused ftrace_event_id_fops
     - [amd64] iommu/vt-d: Allocate local memory for page request queue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - btrfs: record delayed inode root in transaction
     - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
     - io_uring/net: restore msg_control on sendzc retry
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - [x86] drm/i915/vrr: Disable VRR when using bigjoiner
     - drm/ast: Fix soft lockup
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - vhost: Add smp_rmb() in vhost_enable_notify()
     - [x86] perf/x86: Fix out of range data
     - [x86] cpu: Actually turn off mitigations by default for
       SPECULATION_MITIGATIONS=n
     - [x86] apic: Force native_apic_mem_read() to use the MOV instruction
     - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
     - [x86] bugs: Fix return type of spectre_bhi_state()
     - [x86] bugs: Fix BHI documentation
     - [x86] bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
     - [x86] bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
     - [x86] bugs: Fix BHI handling of RRSBA
     - [x86] bugs: Clarify that syscall hardening isn't a BHI mitigation
     - [x86] bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
     - [x86] bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
       CONFIG_MITIGATION_SPECTRE_BHI
     - [x86] drm/i915/cdclk: Fix CDCLK programming order when pipes are active
     - [x86] drm/i915: Disable port sync when bigjoiner is used
     - drm/amdgpu: Reset dGPU if suspend got aborted
     - drm/amdgpu: always force full reset for SOC21
     - drm/amd/display: fix disable otg wa logic in DCN316
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.88
     - drm/vmwgfx: Enable DMA mappings with SEV
     - drm/amdgpu: fix incorrect active rb bitmap for gfx11
     - drm/amdgpu: fix incorrect number of active RBs for gfx11
     - drm/amd/display: Do not recursively call manual trigger programming
     - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
       failure
     - SUNRPC: Fix rpcgss_context trace event acceptor field
     - random: handle creditable entropy from atomic process context
     - net: usb: ax88179_178a: avoid writing the mac address before first reading
     - [x86] drm/i915/vma: Fix UAF on destroy against retire race
     - [x86] efi: Drop EFI stub .bss from .data section
     - [x86] efi: Disregard setup header of loaded image
     - [x86] efistub: Reinstate soft limit for initrd loading
     - [x86] efi: Drop alignment flags from PE section headers
     - [x86] boot: Remove the 'bugger off' message
     - [x86] boot: Omit compression buffer from PE/COFF image memory footprint
     - [x86] boot: Drop redundant code setting the root device
     - [x86] boot: Drop references to startup_64
     - [x86] boot: Grab kernel_info offset from zoffset header directly
     - [x86] boot: Set EFI handover offset directly in header asm
     - [x86] boot: Define setup size in linker script
     - [x86] boot: Derive file size from _edata symbol
     - [x86] boot: Construct PE/COFF .text section from assembler
     - [x86] boot: Drop PE/COFF .reloc section
     - [x86] boot: Split off PE/COFF .data section
     - [x86] boot: Increase section and file alignment to 4k/512
     - [x86] efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
     - [x86] mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros
     - [x86] head/64: Add missing __head annotation to startup_64_load_idt()
     - [x86] head/64: Move the __head definition to <asm/init.h>
     - [x86] sme: Move early SME kernel encryption handling into .head.text
     - [x86] sev: Move early startup code into .head.text section
     - [x86] efistub: Remap kernel text read-only before dropping NX attribute
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
     - netfilter: br_netfilter: skip conntrack input hook for promisc packets
     - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
     - netfilter: flowtable: validate pppoe header
     - netfilter: flowtable: incorrect pppoe tuple
     - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
     - af_unix: Don't peek OOB data without MSG_OOB.
     - net/mlx5: Lag, restore buckets number to default after hash LAG
       deactivation
     - net/mlx5e: Prevent deadlock while disabling aRFS
     - ice: tc: allow zero flags in parsing tc flower
     - tun: limit printing rate when illegal packet received by tun dev
     - [arm64] net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before
       using them
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/cm: Print the old state when cm_destroy_id gets timeout
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - [s390x] qdio: handle deferred cc1
     - [s390x] cio: fix race condition during online processing
     - drm: nv04: Fix out of bounds access
     - [armhf] omap2: n8x0: stop instantiating codec platform data
     - PCI: Avoid FLR for SolidRun SNET DPU rev 1
     - HID: kye: Sort kye devices
     - usb: pci-quirks: Reduce the length of a spinlock section in
       usb_amd_find_chipset_info()
     - PCI: Delay after FLR of Solidigm P44 Pro NVMe
     - [x86] quirks: Include linux/pnp.h for arch_pnpbios_disabled()
     - [x86] thunderbolt: Log function name of the called quirk
     - [x86] thunderbolt: Add debug log for link controller power quirk
     - PCI: Execute quirk_enable_clear_retrain_link() earlier
     - ALSA: scarlett2: Move USB IDs out from device_info struct
     - ALSA: scarlett2: Add support for Clarett 8Pre USB
     - ASoC: ti: Convert Pandora ASoC to GPIO descriptors
     - ALSA: scarlett2: Default mixer driver to enabled
     - ALSA: scarlett2: Add correct product series name to messages
     - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
     - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
     - PCI/DPC: Use FIELD_GET()
     - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
     - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2
     - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
     - usb: xhci: Add timeout argument in address_device USB HCD callback
     - usb: new quirk to reduce the SET_ADDRESS request timeout
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - clk: remove unnecessary (void*) conversions
     - clk: Show active consumers of clocks in debugfs
     - clk: Get runtime PM before walking tree for clk_summary
     - [x86] bugs: Fix BHI retpoline check
     - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
     - [arm*] binder: check offset alignment in binder_get_object()
       (CVE-2024-26926)
     - [x86] thunderbolt: Avoid notify PM core about runtime PM resume
     - [x86] thunderbolt: Fix wake configurations after device unplug
     - [x86] comedi: vmk80xx: fix incomplete endpoint checking
     - [armhf] serial: stm32: Return IRQ_NONE in the ISR if no handling happend
     - [armhf] serial: stm32: Reset .throttled state in .startup()
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - Revert "usb: cdc-wdm: close race between read and workqueue"
     - [arm64,armhf] usb: dwc2: host: Fix dereference issue in DDMA completion
       flow.
     - usb: Disable USB3 LPM at shutdown
     - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
       error
     - mei: me: disable RPL-S on SPS and IGN firmwares
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - [x86] KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel
       compatible
     - [x86] KVM: x86/pmu: Disable support for adaptive PEBS
     - [x86] KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
     - [arm64] hibernate: Fix level3 translation fault in swsusp_save()
     - init/main.c: Fix potential static_command_line memory overflow
     - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
       (CVE-2024-26922)
     - drm/vmwgfx: Sort primary plane formats by order of preference
     - drm/vmwgfx: Fix crtc's atomic check conditional
     - nouveau: fix instmem race condition around ptr stores
     - bootconfig: use memblock_free_late to free xbc memory to buddy
     - nilfs2: fix OOB in nilfs_set_de_type
     - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - ksmbd: common: use struct_group_attr instead of struct_group for
       network_open_info
     - PCI/ASPM: Fix deadlock when enabling ASPM (CVE-2024-26605)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.89
     - Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
     - smb: client: fix rename(2) regression against samba
     - cifs: reinstate original behavior again for forceuid/forcegid
     - [amd64] HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
       dev->devc
     - HID: logitech-dj: allow mice to use all types of reports
     - wifi: iwlwifi: mvm: remove old PASN station when adding a new one
     - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
     - vxlan: drop packets from invalid src-address
     - icmp: prevent possible NULL dereferences from icmp_build_probe()
     - bridge/br_netlink.c: no need to return void function
     - bnxt_en: refactor reset close code
     - bnxt_en: Fix the PCI-AER routines
     - NFC: trf7970a: disable all regulators on removal
     - ax25: Fix netdev refcount issue
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
     - ipv4: check for NULL idev in ip_route_use_hint()
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
     - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
     - Bluetooth: qca: set power_ctrl_enabled on NULL returned by
       gpiod_get_optional()
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - eth: bnxt: fix counting packets discarded due to OOM and netpoll
     - netfilter: nf_tables: honor table dormant flag from netdev release event
       path
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - i40e: Report MFS in decimal base instead of hex
     - iavf: Fix TC config comparison with existing adapter TC config
     - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - cifs: Replace remaining 1-element arrays (Closes: #1069102, #1069092)
     - Revert "crypto: api - Disallow identical driver names"
     - virtio_net: Do not send RSS key if it is not supported
     - fork: defer linking file vma until vma is fully initialized
       (CVE-2024-27022)
     - [x86] cpu: Fix check for RDPKRU in __show_regs()
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - Bluetooth: qca: fix NULL-deref on non-serdev suspend
     - [arm64] mmc: sdhci-msm: pervent access to suspended controller
     - smb: client: Fix struct_group() usage in __packed structs
     - smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
     - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - cpu: Re-enable CPU mitigations by default for !X86 architectures
     - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ACPI: CPPC: Use access_width over bit_width for system memory accesses
     - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
     - ACPI: CPPC: Fix access width used for PCC registers
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - fbdev: fix incorrect address computation in deferred IO
     - udp: preserve the connected status if only UDP cmsg
     - mtd: diskonchip: work around ubsan link failure
     - [x86] tdx: Preserve shared bit on mprotect()
     - [x86] idma64: Don't try to serve interrupts when device is powered off
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix out of bounds read
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix hardcoded array size
     - [arm64] phy: rockchip-snps-pcie3: fix bifurcation on rk3588
     - [arm64] phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits
     - [amd64] dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
     - i2c: smbus: fix NULL function pointer dereference
     - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
     - macsec: Enable devices to advertise whether they update sk_buff md_dst
       during offloads
     - macsec: Detect if Rx skb is macsec-related for offloading devices that
       update md_dst
     - net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for
       MACsec
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 21
   * drivers/tty: Disable N_GSM
   * tipc: fix UAF in error path
   * tipc: fix a possible memleak in tipc_buf_append
linux (6.1.90-1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports:
     - Set ABI to 0.deb11.21
 .
 linux (6.1.90-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
     - amdkfd: use calloc instead of kzalloc to avoid integer overflow
       (CVE-2024-26817)
     - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
     - bnx2x: Fix firmware version string character counts
     - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
     - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
     - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
     - panic: Flush kernel log buffer at the end
     - cpuidle: Avoid potential overflow in integer multiplication
     - [arm64] dts: rockchip: fix rk3328 hdmi ports node
     - [arm64] dts: rockchip: fix rk3399 hdmi ports node
     - ionic: set adminq irq affinity
     - net: skbuff: add overflow debug check to pull/push helpers
     - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
     - pstore/zone: Add a null pointer check to the psz_kmsg_read
     - net: pcs: xpcs: Return EINVAL in the internal methods
     - dma-direct: Leak pages on dma_set_decrypted() failure
     - wifi: ath11k: decrease MHI channel buffer length to 8KB
     - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
     - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
     - btrfs: export: handle invalid inode or root reference in
       btrfs_get_parent()
     - btrfs: send: handle path ref underflow in header iterate_inode_ref()
     - ice: use relative VSI index for VFs instead of PF VSI number
     - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
     - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
     - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
     - [arm64,armhf] drm/vc4: don't check if plane->state->fb == state->fb
     - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
     - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
     - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
     - sysv: don't call sb_bread() with pointers_lock held
     - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
     - isofs: handle CDs with bad root inode but good Joliet root directory
     - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
       laptops
     - rcu-tasks: Repair RCU Tasks Trace quiescence check
     - Julia Lawall reported this null pointer dereference, this should fix it.
     - media: sta2x11: fix irq handler cast
     - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data
       block counter
     - ext4: add a hint for block bitmap corrupt state in mb_groups
     - ext4: forbid commit inconsistent quota data when errors=remount-ro
     - drm/amd/display: Fix nanosec stat overflow
     - drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()
     - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
       unsigned int
     - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
     - libperf evlist: Avoid out-of-bounds access
     - input/touchscreen: imagis: Correct the maximum touch area value
     - block: prevent division by zero in blk_rq_stat_sum()
     - RDMA/cm: add timeout to cm_destroy_id wait
     - Input: imagis - use FIELD_GET where applicable
     - Input: allocate keycode for Display refresh rate toggle
     - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the
       Chuwi Vi8 tablet
     - [x86] perf/x86/amd/lbr: Discard erroneous branch entries
     - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
       environment
     - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
     - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
     - [x86] thunderbolt: Keep the domain powered when USB4 port is in redrive
       mode
     - usb: typec: tcpci: add generic tcpci fallback compatible
     - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
     - thermal/of: Assume polling-delay(-passive) 0 when absent
     - ASoC: soc-core.c: Skip dummy codec when adding platforms
     - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
     - io_uring: clear opcode specific data for an early failure
     - drivers/nvme: Add quirks for device 126f:2262
     - fbmon: prevent division by zero in fb_videomode_from_videomode()
     - netfilter: nf_tables: release batch on table validation from abort path
     - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
       (CVE-2024-26925)
     - netfilter: nf_tables: discard table flag update with pending basechain
       deletion
     - gcc-plugins/stackleak: Avoid .head.text section
     - virtio: reenable config if freezing device failed
     - randomize_kstack: Improve entropy diffusion
     - [x86] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
     - Bluetooth: btintel: Fixe build regression
     - net: mpls: error out if inner headers are not set
     - [x86] VMCI: Fix possible memcpy() run-time warning in
       vmci_datagram_invoke_guest_handler()
     - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
     - smb3: fix Open files on server counter going negative
     - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
     - batman-adv: Avoid infinite loop trying to resize local TT
     - ring-buffer: Only update pages_touched when a new page is touched
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
     - PM: s2idle: Make sure CPUs will wakeup directly on resume
     - media: cec: core: remove length check of Timer Status
     - Revert "drm/qxl: simplify qxl_fence_wait" (Closes: #1054514)
     - nouveau: fix function cast warning
     - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
     - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
       file
     - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
     - geneve: fix header validation in geneve[6]_xmit_skb
     - bnxt_en: Reset PTP tx_avail after possible firmware reset
     - af_unix: Clear stale u->oob_skb.
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - Bluetooth: SCO: Fix not validating setsockopt user input
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
     - netfilter: complete validation of user input
     - net/mlx5: Properly link new fs rules into the tree
     - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
     - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
     - net: ena: Fix potential sign extension issue
     - net: ena: Wrong missing IO completions check order
     - net: ena: Fix incorrect descriptor free behavior
     - tracing: hide unused ftrace_event_id_fops
     - [amd64] iommu/vt-d: Allocate local memory for page request queue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - btrfs: record delayed inode root in transaction
     - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
     - io_uring/net: restore msg_control on sendzc retry
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - [x86] drm/i915/vrr: Disable VRR when using bigjoiner
     - drm/ast: Fix soft lockup
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - vhost: Add smp_rmb() in vhost_enable_notify()
     - [x86] perf/x86: Fix out of range data
     - [x86] cpu: Actually turn off mitigations by default for
       SPECULATION_MITIGATIONS=n
     - [x86] apic: Force native_apic_mem_read() to use the MOV instruction
     - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
     - [x86] bugs: Fix return type of spectre_bhi_state()
     - [x86] bugs: Fix BHI documentation
     - [x86] bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
     - [x86] bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
     - [x86] bugs: Fix BHI handling of RRSBA
     - [x86] bugs: Clarify that syscall hardening isn't a BHI mitigation
     - [x86] bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
     - [x86] bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
       CONFIG_MITIGATION_SPECTRE_BHI
     - [x86] drm/i915/cdclk: Fix CDCLK programming order when pipes are active
     - [x86] drm/i915: Disable port sync when bigjoiner is used
     - drm/amdgpu: Reset dGPU if suspend got aborted
     - drm/amdgpu: always force full reset for SOC21
     - drm/amd/display: fix disable otg wa logic in DCN316
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.88
     - drm/vmwgfx: Enable DMA mappings with SEV
     - drm/amdgpu: fix incorrect active rb bitmap for gfx11
     - drm/amdgpu: fix incorrect number of active RBs for gfx11
     - drm/amd/display: Do not recursively call manual trigger programming
     - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
       failure
     - SUNRPC: Fix rpcgss_context trace event acceptor field
     - random: handle creditable entropy from atomic process context
     - net: usb: ax88179_178a: avoid writing the mac address before first reading
     - [x86] drm/i915/vma: Fix UAF on destroy against retire race
     - [x86] efi: Drop EFI stub .bss from .data section
     - [x86] efi: Disregard setup header of loaded image
     - [x86] efistub: Reinstate soft limit for initrd loading
     - [x86] efi: Drop alignment flags from PE section headers
     - [x86] boot: Remove the 'bugger off' message
     - [x86] boot: Omit compression buffer from PE/COFF image memory footprint
     - [x86] boot: Drop redundant code setting the root device
     - [x86] boot: Drop references to startup_64
     - [x86] boot: Grab kernel_info offset from zoffset header directly
     - [x86] boot: Set EFI handover offset directly in header asm
     - [x86] boot: Define setup size in linker script
     - [x86] boot: Derive file size from _edata symbol
     - [x86] boot: Construct PE/COFF .text section from assembler
     - [x86] boot: Drop PE/COFF .reloc section
     - [x86] boot: Split off PE/COFF .data section
     - [x86] boot: Increase section and file alignment to 4k/512
     - [x86] efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
     - [x86] mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros
     - [x86] head/64: Add missing __head annotation to startup_64_load_idt()
     - [x86] head/64: Move the __head definition to <asm/init.h>
     - [x86] sme: Move early SME kernel encryption handling into .head.text
     - [x86] sev: Move early startup code into .head.text section
     - [x86] efistub: Remap kernel text read-only before dropping NX attribute
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
     - netfilter: br_netfilter: skip conntrack input hook for promisc packets
     - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
     - netfilter: flowtable: validate pppoe header
     - netfilter: flowtable: incorrect pppoe tuple
     - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
     - af_unix: Don't peek OOB data without MSG_OOB.
     - net/mlx5: Lag, restore buckets number to default after hash LAG
       deactivation
     - net/mlx5e: Prevent deadlock while disabling aRFS
     - ice: tc: allow zero flags in parsing tc flower
     - tun: limit printing rate when illegal packet received by tun dev
     - [arm64] net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before
       using them
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/cm: Print the old state when cm_destroy_id gets timeout
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - [s390x] qdio: handle deferred cc1
     - [s390x] cio: fix race condition during online processing
     - drm: nv04: Fix out of bounds access
     - [armhf] omap2: n8x0: stop instantiating codec platform data
     - PCI: Avoid FLR for SolidRun SNET DPU rev 1
     - HID: kye: Sort kye devices
     - usb: pci-quirks: Reduce the length of a spinlock section in
       usb_amd_find_chipset_info()
     - PCI: Delay after FLR of Solidigm P44 Pro NVMe
     - [x86] quirks: Include linux/pnp.h for arch_pnpbios_disabled()
     - [x86] thunderbolt: Log function name of the called quirk
     - [x86] thunderbolt: Add debug log for link controller power quirk
     - PCI: Execute quirk_enable_clear_retrain_link() earlier
     - ALSA: scarlett2: Move USB IDs out from device_info struct
     - ALSA: scarlett2: Add support for Clarett 8Pre USB
     - ASoC: ti: Convert Pandora ASoC to GPIO descriptors
     - ALSA: scarlett2: Default mixer driver to enabled
     - ALSA: scarlett2: Add correct product series name to messages
     - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
     - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
     - PCI/DPC: Use FIELD_GET()
     - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
     - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2
     - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
     - usb: xhci: Add timeout argument in address_device USB HCD callback
     - usb: new quirk to reduce the SET_ADDRESS request timeout
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - clk: remove unnecessary (void*) conversions
     - clk: Show active consumers of clocks in debugfs
     - clk: Get runtime PM before walking tree for clk_summary
     - [x86] bugs: Fix BHI retpoline check
     - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
     - [arm*] binder: check offset alignment in binder_get_object()
       (CVE-2024-26926)
     - [x86] thunderbolt: Avoid notify PM core about runtime PM resume
     - [x86] thunderbolt: Fix wake configurations after device unplug
     - [x86] comedi: vmk80xx: fix incomplete endpoint checking
     - [armhf] serial: stm32: Return IRQ_NONE in the ISR if no handling happend
     - [armhf] serial: stm32: Reset .throttled state in .startup()
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - Revert "usb: cdc-wdm: close race between read and workqueue"
     - [arm64,armhf] usb: dwc2: host: Fix dereference issue in DDMA completion
       flow.
     - usb: Disable USB3 LPM at shutdown
     - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
       error
     - mei: me: disable RPL-S on SPS and IGN firmwares
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - [x86] KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel
       compatible
     - [x86] KVM: x86/pmu: Disable support for adaptive PEBS
     - [x86] KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
     - [arm64] hibernate: Fix level3 translation fault in swsusp_save()
     - init/main.c: Fix potential static_command_line memory overflow
     - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
       (CVE-2024-26922)
     - drm/vmwgfx: Sort primary plane formats by order of preference
     - drm/vmwgfx: Fix crtc's atomic check conditional
     - nouveau: fix instmem race condition around ptr stores
     - bootconfig: use memblock_free_late to free xbc memory to buddy
     - nilfs2: fix OOB in nilfs_set_de_type
     - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - ksmbd: common: use struct_group_attr instead of struct_group for
       network_open_info
     - PCI/ASPM: Fix deadlock when enabling ASPM (CVE-2024-26605)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.89
     - Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
     - smb: client: fix rename(2) regression against samba
     - cifs: reinstate original behavior again for forceuid/forcegid
     - [amd64] HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
       dev->devc
     - HID: logitech-dj: allow mice to use all types of reports
     - wifi: iwlwifi: mvm: remove old PASN station when adding a new one
     - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
     - vxlan: drop packets from invalid src-address
     - icmp: prevent possible NULL dereferences from icmp_build_probe()
     - bridge/br_netlink.c: no need to return void function
     - bnxt_en: refactor reset close code
     - bnxt_en: Fix the PCI-AER routines
     - NFC: trf7970a: disable all regulators on removal
     - ax25: Fix netdev refcount issue
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
     - ipv4: check for NULL idev in ip_route_use_hint()
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
     - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
     - Bluetooth: qca: set power_ctrl_enabled on NULL returned by
       gpiod_get_optional()
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - eth: bnxt: fix counting packets discarded due to OOM and netpoll
     - netfilter: nf_tables: honor table dormant flag from netdev release event
       path
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - i40e: Report MFS in decimal base instead of hex
     - iavf: Fix TC config comparison with existing adapter TC config
     - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - cifs: Replace remaining 1-element arrays (Closes: #1069102, #1069092)
     - Revert "crypto: api - Disallow identical driver names"
     - virtio_net: Do not send RSS key if it is not supported
     - fork: defer linking file vma until vma is fully initialized
       (CVE-2024-27022)
     - [x86] cpu: Fix check for RDPKRU in __show_regs()
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - Bluetooth: qca: fix NULL-deref on non-serdev suspend
     - [arm64] mmc: sdhci-msm: pervent access to suspended controller
     - smb: client: Fix struct_group() usage in __packed structs
     - smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
     - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - cpu: Re-enable CPU mitigations by default for !X86 architectures
     - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ACPI: CPPC: Use access_width over bit_width for system memory accesses
     - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
     - ACPI: CPPC: Fix access width used for PCC registers
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - fbdev: fix incorrect address computation in deferred IO
     - udp: preserve the connected status if only UDP cmsg
     - mtd: diskonchip: work around ubsan link failure
     - [x86] tdx: Preserve shared bit on mprotect()
     - [x86] idma64: Don't try to serve interrupts when device is powered off
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix out of bounds read
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix hardcoded array size
     - [arm64] phy: rockchip-snps-pcie3: fix bifurcation on rk3588
     - [arm64] phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits
     - [amd64] dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
     - i2c: smbus: fix NULL function pointer dereference
     - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
     - macsec: Enable devices to advertise whether they update sk_buff md_dst
       during offloads
     - macsec: Detect if Rx skb is macsec-related for offloading devices that
       update md_dst
     - net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for
       MACsec
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 21
   * drivers/tty: Disable N_GSM
   * tipc: fix UAF in error path
   * tipc: fix a possible memleak in tipc_buf_append
 .
 linux (6.1.85-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
     - md: fix data corruption for raid456 when reshape restart while grow up
     - md/raid10: prevent soft lockup while flush writes
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - nfsd: allow nfsd_file_get to sanely handle a NULL pointer
     - nfsd: don't open-code clear_and_wake_up_bit
     - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
     - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
     - nfsd: don't kill nfsd_files because of lease break error
     - nfsd: add some comments to nfsd_file_do_acquire
     - nfsd: don't take/put an extra reference when putting a file
     - nfsd: update comment over __nfsd_file_cache_purge
     - nfsd: allow reaping files still under writeback
     - NFSD: Convert filecache to rhltable
     - nfsd: simplify the delayed disposal list code
     - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
     - NFSD: Add an nfsd4_encode_nfstime4() helper
     - nfsd: Fix creation time serialization order
     - [arm64] media: rkisp1: Fix IRQ handling due to shared interrupts
     - perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child
       count)
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
     - [x86] xen: Add some null pointer checking to smp.c
     - [mips*] Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - [arm64] sve: Lower the maximum allocation for the SVE ptrace regset
     - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - [arm64] dts: Fix dtc interrupt_provider warnings
     - btrfs: fix data races when accessing the reserved amount of block reserves
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
     - net: smsc95xx: add support for SYS TEC USB-SPEmodule1
     - wifi: mac80211: only call drv_sta_rc_update for uploaded stations
     - [x86] ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
     - Bluetooth: mgmt: Fix limited discoverable off timeout
     - firewire: core: use long bus reset on gap count error
     - [arm64] tegra: Set the correct PHY mode for MGBE
     - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
       tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - [x86] ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - [x86] ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - [x86] ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - fs: Fix rw_hint validation
     - [s390x] dasd: add autoquiesce feature
     - [s390x] dasd: Use dev_*() for device log messages
     - [s390x] dasd: fix double module refcount decrement
     - rcu/exp: Fix RCU expedited parallel grace period kworker allocation
       failure recovery
     - rcu/exp: Handle RCU expedited grace period kworker allocation failure
     - nbd: null check for nla_nest_start
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
     - io_uring/net: move receive multishot out of the generic msghdr path
     - io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
     - [x86] resctrl: Implement new mba_MBps throttling heuristic
     - [x86] sme: Fix memory encryption setting if enabled by default and not
       overridden
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_smt()
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: do not realloc workqueue everytime an interface is added
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - libbpf: Apply map_set_def_max_entries() for inner_maps on creation
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - libbpf: Fix faccessat() usage on Android
     - pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
     - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - gpio: vf610: allow disabling the vf610 driver
     - [arm64] dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - wifi: wfx: fix memory leak when starting AP
     - printk: Disable passing console lock owner completely during panic()
     - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
     - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
     - tools/resolve_btfids: Fix cross-compilation to non-host endianness
     - wifi: iwlwifi: mvm: don't set replay counters to 0xff
     - [s390x] pai: fix attr_event_free upper limit for pai device drivers
     - [s390x] vdso: drop '-fPIC' from LDFLAGS
     - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
     - [arm64] dts: mt8183: kukui: Split out keyboard node and describe
       detachables
     - [arm64] dts: mt8183: Move CrosEC base detection node to kukui-based DTs
     - [arm64] dts: mediatek: mt7986: add "#reset-cells" to infracfg
     - [arm64] dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
     - [arm64] dts: mediatek: mt8192: fix vencoder clock name
     - [arm64] dts: mediatek: mt7622: add missing "device_type" to memory nodes
     - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
     - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
       interfaces
     - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
     - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
     - [amd64] iommu/amd: Mark interrupt as managed
     - wifi: brcmsmac: avoid function pointer casts
     - [arm64] dts: qcom: sdm845-db845c: correct PCIe wake-gpios
     - [arm64] dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs
     - [arm64] dts: qcom: sm8150: correct PCIe wake-gpios
     - powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
     - net: ena: Remove ena_select_queue
     - [arm64] dts: mt8195-cherry-tomato: change watchdog reset boot flow
     - firmware: arm_scmi: Fix double free in SMC transport cleanup path
     - wifi: wilc1000: revert reset line logic flip
     - net: mctp: copy skb ext data when fragmenting
     - pstore: inode: Convert mutex usage to guard(mutex)
     - pstore: inode: Only d_invalidate() is needed
     - [arm64] dts: allwinner: h6: Add RX DMA channel for SPDIF
     - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
     - ACPI: resource: Do IRQ override on Lunnen Ground laptops
     - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
     - ACPI: scan: Fix device check notification handling
     - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
     - SUNRPC: fix some memleaks in gssx_dec_option_array
     - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
       .remove function
     - ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
     - wifi: rtw88: 8821c: Fix beacon loss and disconnect
     - wifi: rtw88: 8821c: Fix false alarm count
     - PCI: Make pci_dev_is_disconnected() helper public for other drivers
     - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
       disconnected
     - igb: Fix missing time sync events
     - Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
     - Bluetooth: mgmt: Remove leftover queuing of power_off work
     - Bluetooth: Remove superfluous call to hci_conn_check_pending()
     - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
     - Bluetooth: Cancel sync command before suspend and power off
     - Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
     - Bluetooth: hci_conn: Consolidate code for aborting connections
     - Bluetooth: hci_core: Cancel request on command timeout
     - Bluetooth: hci_sync: Fix overwriting request callback
     - Bluetooth: hci_core: Fix possible buffer overflow
     - Bluetooth: af_bluetooth: Fix deadlock
     - Bluetooth: fix use-after-free in accessing skb after sending it
     - [s390x] cache: prevent rebuild of shared_cpu_list
     - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
     - bpf: Fix hashtab overflow check on 32-bit arches
     - bpf: Fix stackmap overflow check on 32-bit arches
     - [amd64] iommu/vt-d: Retrieve IOMMU perfmon capability information
     - ipv6: fib6_rules: flush route cache when rule is changed
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
     - net: phy: fix phy_get_internal_delay accessing an empty array
     - [arm64] net: hns3: fix wrong judgment condition issue
     - [arm64] net: hns3: fix kernel crash when 1588 is received on HIP08 devices
     - [arm64] net: hns3: fix port duplex configure error in IMP reset
     - Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH
     - Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
     - Bluetooth: Fix eir name length
     - net: phy: dp83822: Fix RGMII TX delay configuration
     - OPP: debugfs: Fix warning around icc_get_name()
     - tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
       function
     - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
       function
     - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
       function
     - udp: fix incorrect parameter validation in the udp_lib_getsockopt()
       function
     - net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
       function
     - nfp: flower: handle acti_netdevs allocation failure
     - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
     - dm raid: fix false positive for requeue needed during reshape
     - dm: call the resume method on internal suspend
     - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
     - [arm64,armhf] drm/tegra: dpaux: Fix PM disable depth imbalance in
       tegra_dpaux_probe
     - [arm64,armhf] drm/tegra: dsi: Make use of the helper function
       dev_err_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
       tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
       error handling path of tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
     - [arm64,armhf] drm/tegra: hdmi: Fix some error handling paths in
       tegra_hdmi_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix some error handling paths in
       tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix missing clk_put() in the error handling
       paths of tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
       error handling paths of tegra_output_probe()
     - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
     - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
     - drm/panel-edp: use put_sync in unprepare
     - drm/lima: fix a memleak in lima_heap_alloc
     - [x86] ASoC: amd: acp: Add missing error handling in sof-mach
     - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
     - media: tc358743: register v4l2 async device only after successful setup
     - PCI/DPC: Print all TLP Prefixes, not just the first
     - perf record: Fix possible incorrect free in record__switch_output()
     - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
     - drm/amd/display: Fix a potential buffer overflow in
       'dp_dsc_clock_en_read()'
     - drm/amd/display: Fix potential NULL pointer dereferences in
       'dcn10_set_output_transfer_func()'
     - pinctrl: renesas: r8a779g0: Add Audio SSI pins, groups, and functions
     - pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
     - clk: samsung: exynos850: Propagate SPI IPCLK rate change
     - perf evsel: Fix duplicate initialization of data->id in
       evsel__parse_sample()
     - clk: meson: Add missing clocks to axg_clk_regmaps
     - media: em28xx: annotate unchecked call to media_device_register()
     - media: v4l2-tpg: fix some memleaks in tpg_alloc
     - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
     - media: edia: dvbdev: fix a use-after-free
     - clk: qcom: reset: Commonize the de/assert functions
     - clk: qcom: reset: Ensure write completion on reset de/assertion
     - quota: simplify drop_dquot_ref()
     - quota: Fix potential NULL pointer dereference
     - quota: Fix rcu annotations of inode dquot pointers
     - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
     - crypto: xilinx - call finalize with bh disabled
     - perf thread_map: Free strlist on normal path in
       thread_map__new_by_tid_str()
     - [arm64] drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
     - [arm64] drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
       enabled
     - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
     - ALSA: seq: fix function cast warnings
     - perf stat: Avoid metric-only segv
     - [arm64,armhf] ASoC: meson: aiu: fix function pointer type mismatch
     - [arm64,armhf] ASoC: meson: t9015: fix function pointer type mismatch
     - [powerpc*] Force inlining of arch_vmap_p{u/m}d_supported()
     - [x86] ASoC: SOF: Introduce container struct for SOF firmware
     - [x86] ASoC: SOF: Add some bounds checking to firmware data
     - NTB: EPF: fix possible memory leak in pci_vntb_probe()
     - NTB: fix possible name leak in ntb_register_device()
     - media: cedrus: h265: Associate mv col buffers with buffer
     - media: cedrus: h265: Fix configuring bitstream size
     - media: sun8i-di: Fix coefficient writes
     - media: sun8i-di: Fix power on/off sequences
     - media: sun8i-di: Fix chroma difference threshold
     - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
     - media: go7007: add check of return value of go7007_read_addr()
     - media: pvrusb2: remove redundant NULL check
     - media: pvrusb2: fix pvr2_stream_callback casts
     - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
     - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
     - clk: hisilicon: hi3519: Release the correct number of gates in
       hi3519_clk_unregister()
     - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
     - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
       tegra_fb_create
     - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
     - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
       a ref
     - crypto: jitter - fix CRYPTO_JITTERENTROPY help text
     - drm/tidss: Fix initial plane zpos values
     - drm/tidss: Fix sync-lost issue with two displays
     - mtd: maps: physmap-core: fix flash size larger than 32-bit
     - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: fix mclk setup without
       mclk-fs
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: add frame rate constraint
     - HID: amd_sfh: Update HPD sensor structure elements
     - HID: amd_sfh: Avoid disabling the interrupt
     - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
     - media: pvrusb2: fix uaf in pvr2_context_set_notify
     - media: dvb-frontends: avoid stack overflow warnings with clang
     - media: go7007: fix a memleak in go7007_load_encoder
     - media: ttpci: fix two memleaks in budget_av_attach
     - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
     - gpio: nomadik: fix offset bug in nmk_pmx_set()
     - [powerpc*] pseries: Fix potential memleak in papr_get_attr()
     - [powerpc*] hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value
       checks
     - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
     - modules: wait do_free_init correctly
     - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
     - leds: aw2013: Unlock mutex before destroying it
     - leds: sgm3140: Add missing timer cleanup and flash gpio control
     - backlight: lm3630a: Initialize backlight_properties on init
     - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
     - backlight: da9052: Fully initialize backlight_properties during probe
     - backlight: lm3639: Fully initialize backlight_properties during probe
     - backlight: lp8788: Fully initialize backlight_properties during probe
     - clk: Fix clk_core_get NULL dereference
     - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
     - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
     - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
     - RDMA/irdma: Allow accurate reporting on QP max send/recv WR
     - RDMA/irdma: Remove duplicate assignment
     - RDMA/srpt: Do not register event handler until srpt device is fully setup
     - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
     - f2fs: compress: fix to guarantee persisting compressed blocks by CP
     - f2fs: compress: fix to cover normal cluster write with cp_rwsem
     - f2fs: compress: fix to check unreleased compressed cluster
     - f2fs: simplify __allocate_data_block
     - f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN
     - f2fs: delete obsolete FI_DROP_CACHE
     - f2fs: introduce get_dnode_addr() to clean up codes
     - f2fs: update blkaddr in __set_data_blkaddr() for cleanup
     - f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
     - f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
     - f2fs: fix to avoid potential panic during recovery
     - scsi: csiostor: Avoid function pointer casts
     - [arm64] RDMA/hns: Fix mis-modifying default congestion control algorithm
     - RDMA/device: Fix a race between mad_client and cm_client init
     - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
     - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
     - f2fs: compress: fix to check zstd compress level correctly in mount option
     - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
     - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
     - NFSv4.2: fix listxattr maximum XDR buffer size
     - f2fs: compress: fix to check compress flag w/ .i_sem lock
     - f2fs: check number of blocks in a current section
     - watchdog: stm32_iwdg: initialize default timeout
     - f2fs: ro: compress: fix to avoid caching unaligned extent
     - NFS: Fix an off by one in root_nfs_cat()
     - f2fs: convert to use sbi directly
     - f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
     - f2fs: compress: fix reserve_cblocks counting error when out of space
     - [x86] perf/x86/amd/core: Avoid register reset when CPU is dead
     - afs: Revert "afs: Hide silly-rename files from userspace"
     - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
     - io_uring/net: correct the type of variable
     - comedi: comedi_test: Prevent timers rescheduling during deletion
     - [armhf] remoteproc: stm32: use correct format strings on 64-bit
     - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
     - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
       stm32_rproc_get_loaded_rsc_tablef
     - usb: phy: generic: Get the vbus supply
     - tty: vt: fix 20 vs 0x20 typo in EScsiignore
     - serial: max310x: fix syntax error in IRQ error message
     - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
     - [arm64] dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
     - hwtracing: hisi_ptt: Move type check to the beginning of
       hisi_ptt_pmu_event_init()
     - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
     - serial: 8250_exar: Don't remove GPIO device on suspend
     - staging: greybus: fix get_channel_from_mode() failure path
     - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
     - nouveau: reset the bo resource bus info after an eviction
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
     - [s390x] vtime: fix average steal time calculation
     - net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)
     - soc: fsl: dpio: fix kcalloc() argument order
     - tcp: Fix refcnt handling in __inet_hash_connect().
     - hsr: Fix uninit-value access in hsr_get_node()
     - nvme: only set reserved_tags in nvme_alloc_io_tag_set for fabrics
       controllers
     - nvme: add the Apple shared tag workaround to nvme_alloc_io_tag_set
     - nvme: fix reconnection fail due to reserved tag allocation
     - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
     - net: ethernet: mtk_eth_soc: fix PPE hanging issue
     - packet: annotate data-races around ignore_outgoing
     - net: veth: do not manipulate GRO when using XDP
     - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
     - drm: Fix drm_fixp2int_round() making it add 0.5
     - vdpa_sim: reset must not run
     - vdpa/mlx5: Allow CVQ size changes
     - wireguard: receive: annotate data-race around receiving_counter.counter
     - rds: introduce acquire/release ordering in acquire/release_in_xmit()
     - hsr: Handle failures in module init
     - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
     - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
     - dm-integrity: fix a memory leak when rechecking the data
     - net/bnx2x: Prevent access to a freed page in page_pool
     - netfilter: nft_set_pipapo: release elements in clone only from destroy
       path (CVE-2024-26809)
     - netfilter: nf_tables: do not compare internal table flags on updates
     - rcu: add a helper to report consolidated flavor QS
     - net: report RCU QS on threaded NAPI repolling
     - bpf: report RCU QS in cpumap kthread
     - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
     - net: dsa: mt7530: fix handling of all link-local frames
     - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
     - dm: address indent/space issues
     - dm io: Support IO priority
     - dm-integrity: align the outgoing bio in integrity_recheck
     - [armhf] remoteproc: stm32: fix incorrect optional pointers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
     - [x86] cpu: Support AMD Automatic IBRS
     - [x86] bugs: Use sysfs_emit()
     - [x86] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
       leafs
     - [x86] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - [x86] KVM: x86: Use a switch statement and macros in __feature_translate()
     - timers: Update kernel-doc for various functions
     - timers: Use del_timer_sync() even on UP
     - timers: Rename del_timer_sync() to timer_delete_sync()
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
     - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
     - [arm64] dts: qcom: sc7280: Add additional MSI interrupts
     - [arm64,armhf] remoteproc: virtio: Fix wdg cannot recovery remote processor
     - [arm64] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
     - [armhf] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
     - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
     - serial: max310x: fix NULL pointer dereference in I2C instantiation
     - pci_iounmap(): Fix MMIO mapping leak
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
     - media: mc: Add local pad to pipeline regardless of the link state
     - media: mc: Fix flags handling when creating pad links
     - media: mc: Add num_links flag to media_pad
     - media: mc: Rename pad variable to clarify intent
     - media: mc: Expand MUST_CONNECT flag to always require an enabled link
     - KVM: Always flush async #PF workqueue when vCPU is being destroyed
     - [x86] cpufreq: amd-pstate: Fix min_perf assignment in
       amd_pstate_adjust_perf()
     - [powerpc*] smp: Adjust nr_cpu_ids to cover all threads of a core
     - [powerpc*] smp: Increase nr_cpu_ids to include the boot CPU
     - [x86] crypto: qat - fix double free during reset
     - [x86] crypto: qat - resolve race condition during AER recovery
     - ext4: correct best extent lstart adjustment logic
     - block: Clear zone limits for a non-zoned stacked queue
     - bounds: support non-power-of-two CONFIG_NR_CPUS
     - fat: fix uninitialized field in nostale filehandles
     - ubifs: Set page uptodate in the correct place
     - ubi: Check for too small LEB size in VTBL code
     - ubi: correct the calculation of fastmap size
     - md/raid5: fix atomicity violation in raid5_cache_count
     - cpufreq: Limit resolving a frequency to policy min/max
     - PM: suspend: Set mem_sleep_current during kernel command line setup
     - usb: xhci: Add error handling in xhci_map_urb_for_dma
     - [powerpc*] fsl: Fix mfpmr build errors with newer binutils
     - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
     - USB: serial: add device ID for VeriFone adapter
     - USB: serial: cp210x: add ID for MGP Instruments PDS100
     - USB: serial: option: add MeiG Smart SLM320 product
     - [x86] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
     - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
     - PM: sleep: wakeirq: fix wake irq warning in system suspend
     - mmc: tmio: avoid concurrent runs of mmc_request_done()
     - fuse: fix root lookup with nonzero generation
     - fuse: don't unhash root
     - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
     - serial: Lock console when calling into driver before registration
     - btrfs: qgroup: always free reserved space for extent records
     - btrfs: fix off-by-one chunk length calculation at
       contains_pending_extent()
     - PCI/PM: Drain runtime-idle callbacks before driver removal
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
     - dm-raid: fix lockdep waring in "pers->hot_add_disk"
     - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
     - mac802154: fix llsec key resources release in mac802154_llsec_key_del
     - swap: comments get_swap_device() with usage rule
     - mm: swap: fix race between free_swap_and_cache() and swapoff()
     - mmc: core: Fix switch on gp3 partition
     - [arm64,armhf] drm/etnaviv: Restore some id values
     - landlock: Warn once if a Landlock action is requested while disabled
     - hwmon: (amc6821) add of_match table
     - ext4: fix corruption during on-line resize
     - nvmem: meson-efuse: fix function pointer type mismatch
     - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
     - phy: tegra: xusb: Add API to retrieve the port number of phy
     - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
     - speakup: Fix 8bit characters from direct synth
     - PCI/AER: Block runtime suspend when handling errors
     - io_uring/net: correctly handle multishot recvmsg retry setup
     - nfs: fix UAF in direct writes
     - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
     - [arm64] PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP
       version
     - [arm64] PCI: qcom: Enable BDF to SID translation properly
     - [amd64,arm64] PCI: hv: Fix ring buffer size calculation
     - vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
     - vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
     - vfio/pci: Remove negative check on unsigned vector
     - vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
     - vfio/platform: Disable virqfds on cleanup
     - ksmbd: retrieve number of blocks using vfs_getattr in
       set_file_allocation_info
     - ring-buffer: Fix waking up ring buffer readers
     - ring-buffer: Do not set shortest_full when full target is hit
     - ring-buffer: Fix resetting of shortest_full
     - ring-buffer: Fix full_waiters_pending in poll
     - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
     - [s390x] zcrypt: fix reference counting on zcrypt card objects
     - drm/probe-helper: warn about negative .get_modes()
     - drm/panel: do not return negative error codes from drm_panel_get_modes()
     - [armhf] drm/exynos: do not return negative values from .get_modes()
     - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
     - [arm64,armhf] drm/vc4: hdmi: do not return negative values from
       .get_modes()
     - memtest: use {READ,WRITE}_ONCE in memory scanning
     - Revert "block/mq-deadline: use correct way to throttling write requests"
     - f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
     - f2fs: truncate page cache before clearing flags when aborting atomic write
     - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
     - nilfs2: prevent kernel bug at submit_bh_wbc()
     - cifs: open_cached_dir(): add FILE_READ_EA to desired access
     - cpufreq: dt: always allocate zeroed cpumask
     - [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
     - NFSD: Fix nfsd_clid_class use of __string_len() macro
     - net: hns3: tracing: fix hclgevf trace event strings
     - wireguard: netlink: check for dangling peer via is_dead instead of empty
       list
     - wireguard: netlink: access device through ctx instead of peer
     - ahci: asm1064: correct count of reported ports
     - ahci: asm1064: asm1166: don't limit reported ports
     - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
     - drm/amd/display: Return the correct HDCP error code
     - drm/amd/display: Fix noise issue on HDMI AV mute
     - dm snapshot: fix lockup in dm_exception_table_exit
     - [x86] pm: Work around false positive kmemleak report in
       msr_build_context()
     - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
       return value"
     - [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
       (Closes: #1065320)
     - tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout (CVE-2024-26643)
     - netfilter: nf_tables: disallow anonymous set with timeout flag
       (CVE-2024-26642)
     - netfilter: nf_tables: reject constant set with timeout
     - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
       memory
     - init/Kconfig: lower GCC version check for -Warray-bounds
     - [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
     - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
       svm_register_enc_region()
     - tracing: Use .flush() call to wake up readers
     - drm/amdgpu/pm: Fix the error of pwm1_enable setting
     - [x86] drm/i915: Check before removing mm notifier
     - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
       ALC897 platform
     - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
     - usb: gadget: ncm: Fix handling of zero block length packets
     - usb: port: Don't try to peer unused USB ports based on location
     - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
     - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
       suspend/resume
     - mei: me: add arrow lake point S DID
     - mei: me: add arrow lake point H DID
     - vt: fix unicode buffer corruption when deleting characters
     - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
     - ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
     - tee: optee: Fix kernel panic caused by incorrect error handling
     - mm, vmscan: prevent infinite loop for costly GFP_NOIO |
       __GFP_RETRY_MAYFAIL allocations
     - iio: accel: adxl367: fix DEVID read after reset
     - iio: accel: adxl367: fix I2C FIFO data register
     - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
     - drm/amd/display: handle range offsets in VRR ranges
     - [x86] efistub: Call mixed mode boot services on the firmware's stack
     - net: tls: handle backlogging of crypto requests (CVE-2024-26584)
     - [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
     - iommu: Avoid races around default domain allocations
     - clocksource/drivers/arm_global_timer: Fix maximum prescaler value
     - entry: Respect changes to system call number by trace_sys_enter()
     - minmax: add umin(a, b) and umax(a, b)
     - swiotlb: Fix alignment checks when both allocation and DMA masks are
       present
     - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
     - printk: Update @console_may_schedule in console_trylock_spinning()
     - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
     - irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
     - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
       on register's index
     - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
     - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
     - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
       type
     - [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
       address
     - [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
     - pwm: img: fix pwm clock lookup
     - tty: serial: imx: Fix broken RS485
     - block: Fix page refcounts for unaligned buffers in __bio_release_pages()
     - blk-mq: release scheduler resource when request completes
     - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
     - vfio: Introduce interface to flush virqfd inject workqueue
     - vfio/pci: Create persistent INTx handler (CVE-2024-26812)
     - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
     - vfio/fsl-mc: Block calling interrupt handler without trigger
       (CVE-2024-26814)
     - [x86] coco: Export cc_vendor
     - [x86] coco: Get rid of accessor functions
     - [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
     - [x86] sev: Fix position dependent variable references in startup code
     - mm/migrate: set swap entry values of THP tail pages properly.
     - init: open /initrd.image with O_LARGEFILE
     - [x86] efistub: Add missing boot_params for mixed mode compat entry
     - btrfs: zoned: don't skip block groups with 100% zone unusable
     - btrfs: zoned: use zone aware sb location for scrub
     - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
     - wifi: iwlwifi: fw: don't always use FW dump trig
     - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
     - hexagon: vmlinux.lds.S: handle attributes section
     - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
       HS200 mode
     - mmc: core: Initialize mmc_blk_ioc_data
     - mmc: core: Avoid negative index with array access
     - block: Do not force full zone append completion in req_bio_endio()
     - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
     - nouveau/dmem: handle kcalloc() allocation failure
     - net: ll_temac: platform_get_resource replaced by wrong function
     - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
     - [x86] drm/i915/bios: Tolerate devdata==NULL in
       intel_bios_encoder_supports_dp_dual_mode()
     - [x86] drm/i915/gt: Reset queue_priority_hint on parking
     - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
     - Revert "usb: phy: generic: Get the vbus supply"
     - usb: cdc-wdm: close race between read and workqueue
     - USB: UAS: return ENODEV when submit urbs fail with device not attached
     - usb: dwc3-am62: Rename private data
     - usb: dwc3-am62: fix module unload/reload behavior
     - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
       (CVE-2024-26654)
     - scsi: core: Fix unremoved procfs host directory regression
     - staging: vc04_services: changen strncpy() to strscpy_pad()
     - staging: vc04_services: fix information leak in create_component()
     - USB: core: Add hub_get() and hub_put() routines
     - USB: core: Fix deadlock in port "disable" sysfs attribute
     - scsi: sd: Fix TCG OPAL unlock on system resume
     - usb: dwc2: host: Fix remote wakeup from hibernation
     - usb: dwc2: host: Fix hibernation flow
     - usb: dwc2: host: Fix ISOC flow in DDMA mode
     - usb: dwc2: gadget: Fix exiting from clock gating
     - usb: dwc2: gadget: LPM flow fix
     - usb: udc: remove warning when queue disabled ep
     - usb: typec: Return size of buffer if pd_set operation succeeds
     - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
     - usb: typec: ucsi: Ack unsupported commands
     - usb: typec: ucsi_acpi: Refactor and fix DELL quirk
     - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
     - scsi: qla2xxx: Prevent command send on chip reset
     - scsi: qla2xxx: Fix N2N stuck connection
     - scsi: qla2xxx: Split FCE|EFT trace control
     - scsi: qla2xxx: Update manufacturer detail
     - scsi: qla2xxx: NVME|FCP prefer flag not being honored
     - scsi: qla2xxx: Fix command flush on cable pull
     - scsi: qla2xxx: Fix double free of fcport
     - scsi: qla2xxx: Change debug message during driver unload
     - scsi: qla2xxx: Delay I/O Abort on PCI error
     - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
     - tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
     - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
     - scsi: lpfc: Correct size for wqe for memset()
     - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
     - scsi: libsas: Fix disk not being scanned in after being removed
     - [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
     - USB: core: Fix deadlock in usb_deauthorize_interface()
     - tools/resolve_btfids: fix build with musl libc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
     - scripts/bpf_doc: Use silent mode when exec make cmd
     - dma-buf: Fix NULL pointer dereference in sanitycheck()
     - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
     - mlxbf_gige: stop PHY during open() error paths
     - wifi: iwlwifi: mvm: rfi: fix potential response leaks
     - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
     - [s390x] qeth: handle deferred cc1
     - tcp: properly terminate timers for kernel sockets
     - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
     - [arm64] net: hns3: fix index limit to support all queue stats
     - [arm64] net: hns3: fix kernel crash when devlink reload during pf
       initialization
     - [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
     - tls: recv: process_rx_list shouldn't use an offset with kvec
     - tls: adjust recv return with async crypto and failed copy to userspace
     - tls: get psock ref after taking rxlock to avoid leak
     - mlxbf_gige: call request_irq() after NAPI initialized
     - bpf: Protect against int overflow for stack access size
     - cifs: Fix duplicate fscache cookie warnings
     - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
     - inet: inet_defrag: prevent sk release while still in use
     - dm integrity: fix out-of-range warning
     - [x86] cpufeatures: Add new word for scattered features
     - [x86] perf/x86/amd/lbr: Use freeze based on availability
     - [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
     - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
     - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
       word
     - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
     - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
     - Bluetooth: qca: fix device-address endianness
     - Bluetooth: add quirk for broken address properties
     - Bluetooth: hci_event: set the conn encrypted before conn establishes
     - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
       CVE-2024-24858)
     - xen-netfront: Add missing skb_mark_for_recycle
     - net/rds: fix possible cp null dereference
     - net: usb: ax88179_178a: avoid the interface always configured as random
       address
     - vsock/virtio: fix packet delivery to tap device
     - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
       mapped."
     - netfilter: nf_tables: reject new basechain after table flag update
     - netfilter: nf_tables: flush pending destroy work before exit_net release
     - netfilter: nf_tables: Fix potential data-race in
       __nft_flowtable_type_get()
     - netfilter: validate user input for expected length
     - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
     - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
     - net/sched: act_skbmod: prevent kernel-infoleak
     - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
     - net: stmmac: fix rx queue priority assignment
     - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
     - net: phy: micrel: Fix potential null pointer dereference
     - gro: fix ownership transfer
     - [x86] bugs: Fix the SRSO mitigation on Zen3/4
     - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
       for !SRSO
     - i40e: Fix VF MAC filter removal
     - erspan: make sure erspan_base_hdr is present in skb->head
     - ipv6: Fix infinite recursion in fib6_dump_done().
     - mlxbf_gige: stop interface during shutdown
     - r8169: skip DASH fw status checks when DASH is disabled
     - udp: do not accept non-tunnel GSO skbs landing in a tunnel
     - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
     - udp: prevent local UDP tunnel packets from being GROed
     - i40e: fix i40e_count_filters() to count only active/new filters
     - i40e: fix vf may be used uninitialized in this function warning
     - drm/amd: Evict resources during PM ops prepare() callback
     - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
     - drm/amd: Flush GFXOFF requests in prepare stage
     - i40e: Store the irq number in i40e_q_vector
     - i40e: Remove _t suffix from enum type names
     - i40e: Enforce software interrupt during busy-poll exit
     - r8169: use spinlock to protect mac ocp register access
     - r8169: use spinlock to protect access to registers Config2 and Config5
     - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
     - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
       non-wildcard addresses.
     - drivers: net: convert to boolean for the mac_managed_pm flag
     - net: fec: Set mac_managed_pm during probe
     - [x86] KVM: SVM: enhance info printk's in SEV init
     - [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
     - [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
     - [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
     - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
     - 9p: Fix read/write debug statements to report server reply
     - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
     - drm/panfrost: fix power transition timeout warnings
     - ASoC: rt5682-sdw: fix locking sequence
     - [x86] ASoC: rt711-sdca: fix locking sequence
     - ASoC: rt711-sdw: fix locking sequence
     - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
     - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
     - scsi: mylex: Fix sysfs buffer lengths
     - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
     - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
     - ata: sata_mv: Fix PCI device ID table declaration compilation warning
     - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
     - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
     - ksmbd: don't send oplock break if rename fails
     - ksmbd: validate payload size in ipc response (CVE-2024-26811)
     - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
     - ALSA: hda/realtek - Fix inactive headset mic jack
     - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
       microphone
     - driver core: Introduce device_link_wait_removal()
     - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
     - [x86] mm/pat: fix VM_PAT handling in COW mappings
     - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
     - [x86] coco: Require seeding RNG with RDRAND on CoCo systems
     - [s390x] entry: align system call table on 8 bytes
     - smb3: retrying on failed server close
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - smb: client: fix potential UAF in cifs_stats_proc_write()
     - smb: client: fix potential UAF in cifs_stats_proc_show()
     - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_valid_lease_break()
     - smb: client: fix potential UAF in is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_network_name_deleted()
     - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
     - mptcp: don't account accept() of non-MPC client as fallback to TCP
     - mm/secretmem: fix GUP-fast succeeding on secretmem folios
     - nvme: fix miss command type check
     - [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - [x86] syscall: Don't force use of indirect calls for system calls
     - [x86] Mitigate Native Branch History Injection vulnerability
       (CVE-2024-2201):
       + [x86] bhi: Add support for clearing branch history at syscall entry
       + [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
       + [x86] bhi: Enumerate Branch History Injection (BHI) bug
       + [x86] bhi: Add BHI mitigation knob
       + [x86] bhi: Mitigate KVM by default
       + [x86] KVM: x86: Add BHI_NO
       + [x86] set SPECTRE_BHI_ON as default
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 20
   * Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
     changes in 6.1.84)
   * [rt] Refresh "serial: 8250: implement write_atomic"
   * Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
   * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
     (Closes: #1068770)
   * Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
     properties" (Closes: #1068675)
   * Revert "scsi: core: Add struct for args to execution functions"
   * scsi: sd: usb_storage: uas: Access media prior to querying device properties
 .
 linux (6.1.82-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
     - [arm64] irq: set the correct node for VMAP stack
     - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - [powerpc*] Fix build error due to is_valid_bugaddr()
     - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
     - [x86] boot: Ignore NMIs during very early boot
     - [powerpc*] pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - [powerpc*] lib: Validate size for vector operations
     - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
       kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - UBSAN: array-index-out-of-bounds in dtSplitRoot
     - jfs: fix slab-out-of-bounds Read in dtSearch
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - jfs: fix uaf in jfs_evict_inode
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - erofs: fix ztailpacking for subpage compressed blocks
     - [armhf] crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
     - [s390x] ptrace: handle setting of fpc register correctly
     - [s390x] KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
       (CVE-2023-52622)
     - wifi: rt2x00: restart beacon queue when hardware reset
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - [arm64] soc: xilinx: Fix for call trace due to the usage of
       smp_processor_id()
     - [arm64] soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
       early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
       (CVE-2023-52621)
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
       path
     - block: prevent an integer overflow in bvec_try_merge_hw_page
     - md: Whenassemble the array, consult the superblock of the freshest device
     - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
     - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
     - ice: fix pre-shifted bit usage
     - [arm64] dts: amlogic: fix format for s4 uart node
     - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
     - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
     - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
     - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
     - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
     - Bluetooth: hci_sync: fix BR/EDR wakeup bug
     - Bluetooth: L2CAP: Fix possible multiple reject send
     - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
     - i40e: Fix VF disable behavior to block all traffic
     - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
     - f2fs: fix to check return value of f2fs_reserve_new_block()
     - ALSA: hda: Refer to correct stream index at loops
     - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
     - fast_dput(): handle underflows gracefully
     - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
     - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
     - drm/amd/display: Fix tiled display misalignment
     - f2fs: fix write pointers on zoned device after roll forward
     - [x86] ASoC: amd: Add new dmi entries for acp5x platform
     - drm/drm_file: fix use of uninitialized variable
     - drm/framebuffer: Fix use of uninitialized variable
     - drm/mipi-dsi: Fix detach call without attach
     - media: stk1160: Fixed high volume of stk1160_dbg messages
     - [arm64,armhf]  media: rockchip: rga: fix swizzling for RGB formats
     - PCI: add INTEL_HDA_ARL to pci_ids.h
     - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
     - [arm64] media: rkisp1: Drop IRQF_SHARED
     - [arm64] media: rkisp1: Fix IRQ handler return values
     - [arm64] media: rkisp1: Store IRQ lines
     - [arm64] media: rkisp1: Fix IRQ disable race issue
     - hwmon: (nct6775) Fix fan speed set failure in automatic mode
     - f2fs: fix to tag gcing flag on page during block migration
     - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
       time
     - IB/ipoib: Fix mcast list locking
     - media: ddbridge: fix an error code problem in ddb_probe
     - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
     - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
     - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
     - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
     - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
     - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
     - drm/amdgpu: Fix ecc irq enable/disable unpaired
     - drm/amdgpu: Let KFD sync with VM fences
     - drm/amdgpu: Fix '*fw' from request_firmware() not released in
       'amdgpu_ucode_request()'
     - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
     - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
     - leds: trigger: panic: Don't register panic notifier if creating the
       trigger failed
     - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
     - PCI: Only override AMD USB controller if required
     - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
     - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
     - usb: hub: Replace hardcoded quirk value with BIT() macro
     - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
       hub
     - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
     - fs/kernfs/dir: obey S_ISGID
     - PCI: Fix 64GT/s effective data rate calculation
     - PCI/AER: Decode Requester ID when no error info found
     - 9p: Fix initialisation of netfs_inode for 9p
     - libsubcmd: Fix memory leak in uniq()
     - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
       region of size 10" warnings
     - blk-mq: fix IO hang from sbitmap wakeup race
     - ceph: reinitialize mds feature bit even when session in open
     - ceph: fix deadlock or deadcode of misusing dget()
     - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
     - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
       'get_platform_power_management_table()'
     - drm/amdgpu: Fix with right return code '-EIO' in
       'amdgpu_gmc_vram_checking()'
     - drm/amdgpu: Release 'adev->pm.fw' before return in
       'amdgpu_device_need_post()'
     - perf: Fix the nr_addr_filters fix
     - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
     - drm: using mul_u32_u32() requires linux/math64.h
     - scsi: isci: Fix an error code problem in isci_io_request_build()
     - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
       for shared interrupt register
     - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
       handler
     - HID: hidraw: fix a problem of memory leak in hidraw_release()
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
     - ipv4: raw: add drop reasons
     - ipmr: fix kernel panic when forwarding mcast packets
     - tcp: add sanity checks to rx zerocopy
     - ixgbe: Refactor returning internal error codes
     - ixgbe: Refactor overtemp event handling
     - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
     - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
     - llc: call sock_orphan() at release time
     - bridge: mcast: fix disabled snooping after long uptime
     - netfilter: conntrack: correct window scaling with retransmitted SYN
     - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
     - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
     - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
       expectations
     - net: ipv4: fix a memleak in ip_setup_cork
     - af_unix: fix lockdep positive in sk_diag_dump_icons()
     - net: sysfs: Fix /sys/class/net/<iface> path
     - [arm64] irq: set the correct node for shadow call stack
     - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
     - [arm64] drm/msm/dsi: Enable runtime PM
     - gve: Fix use-after-free vulnerability
     - bonding: remove print in bond_verify_device_path
     - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
     - ext4: regenerate buddy after block freeing failed if under fc replay
     - [arm64] dmaengine: ti: k3-udma: Report short packet errors
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
       DMA
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
       command DMA
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
     - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
     - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
     - cifs: failure to add channel on iface should bump up weight
     - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
       unknown case
     - [arm64] drm/msm/dp: return correct Colorimetry for
       DP_TEST_DYNAMIC_RANGE_CEA case
     - [arm64] drm/msm/dpu: check for valid hw_pp in
       dpu_encoder_helper_phys_cleanup
     - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
     - wifi: mac80211: fix waiting for beacons logic
     - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
     - net: atlantic: Fix DMA mapping for PTP hwts ring
     - tunnels: fix out of bounds access when building IPv6 PMTU error
     - atm: idt77252: fix a memleak in open_card_ubr0
     - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
     - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
     - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
     - inet: read sk->sk_family once in inet_recv_error()
     - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
     - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
     - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
     - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
     - ppp_async: limit MRU to 64K
     - selftests: cmsg_ipv6: repeat the exact packet
     - netfilter: nft_compat: narrow down revision to unsigned 8-bits
     - netfilter: nft_compat: reject unused compat flag
     - netfilter: nft_compat: restrict match/target protocol to u16
     - drm/amd/display: Implement bounds check for stream encoder creation in
       DCN301
     - netfilter: nft_ct: reject direction for ct id
     - netfilter: nft_set_pipapo: store index in scratch maps
     - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
     - netfilter: nft_set_pipapo: remove scratch_aligned pointer
     - fs/ntfs3: Fix an NULL dereference bug
     - scsi: core: Move scsi_host_busy() out of host lock if it is for
       per-command
     - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
     - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
     - mtd: parsers: ofpart: add workaround for #size-cells 0
     - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
     - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
     - ALSA: usb-audio: add quirk for RODE NT-USB+
     - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
     - USB: serial: option: add Fibocom FM101-GL variant
     - USB: serial: cp210x: add ID for IMST iM871A-USB
     - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - [arm64,armhf] usb: host: xhci-plat: Add support for
       XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - hrtimer: Report offline hrtimer enqueue
     - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
     - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
       (Closes: #1061521)
     - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
     - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
       (CVE-2024-0340)
     - RDMA/irdma: Fix support for 64k pages
     - f2fs: add helper to check compression level (Closes: #1063422)
     - block: treat poll queue enter similarly to timeouts
     - clocksource: Skip watchdog check for large watchdog intervals
     - net: stmmac: xgmac: use #define for string constants
     - ALSA: usb-audio: Sort quirk table entries
     - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
     - netfilter: nft_set_rbtree: skip end interval element from gc
       (CVE-2024-26581)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
     - work around gcc bugs with 'asm goto' with outputs
     - update workarounds for gcc "asm goto" issue
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: do not ASSERT() if the newly created subvolume already got read
       (CVE-2024-23850)
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
       (CVE-2024-1151)
     - lan966x: Fix crash when adding interface under a lag
     - tls/sw: Use splice_eof() to flush
     - tls: extract context alloc/initialization out of tls_set_sw_offload
     - net: tls: factor out tls_*crypt_async_wait()
     - tls: fix race between async notify and socket close (CVE-2024-26583)
     - net: tls: fix use-after-free with partial reads and async decrypt
       (CVE-2024-26582)
     - net: tls: fix returned read length with async decrypt
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/<iface> path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
       Swift 1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct struct type in
       eiointc_domain_alloc()
     - i2c: pasemi: split driver into two separate modules
     - i2c: i801: Fix block process call transactions (CVE-2024-26593)
     - modpost: trim leading spaces when processing source files list
     - mptcp: get rid of msk->subflow
     - mptcp: fix data re-injection from stale subflow
     - mptcp: drop the push_pending field
     - mptcp: check addrs list in userspace_pm_get_local_id
     - media: Revert "media: rkisp1: Drop IRQF_SHARED"
     - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
     - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
     - drm/virtio: Set segment size for virtio_gpu device
     - lsm: fix the logic in security_inode_getsecctx()
     - firewire: core: correct documentation of fw_csr_string() kernel API
     - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
     - kbuild: Fix changing ELF file type for output of gen_btf for big endian
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
     - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
     - net: stmmac: do not clear TBS enable bit on link up/down
     - xen-netback: properly sync TX responses
     - modpost: propagate W=1 build option to modpost
     - modpost: Don't let "driver"s reference .exit.*
     - linux/init: remove __memexit* annotations
     - modpost: Include '.text.*' in TEXT_SECTIONS
     - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
     - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
     - ASoC: codecs: wcd938x: handle deferred probe
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
     - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
     - misc: fastrpc: Mark all sessions as invalid in cb_remove
     - ext4: fix double-free of blocks due to wrong extents moved_len
     - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
     - tracing: Fix wasted memory in saved_cmdlines logic
     - staging: iio: ad5933: fix type mismatch regression
     - iio: magnetometer: rm3100: add boundary check for the value read from
       RM3100_REG_TMRC
     - iio: core: fix memleak in iio_device_register_sysfs
     - iio: commom: st_sensors: ensure proper DMA alignment
     - iio: accel: bma400: Fix a compilation problem
     - iio: adc: ad_sigma_delta: ensure proper DMA alignment
     - iio: imu: adis: ensure proper DMA alignment
     - iio: imu: bno055: serdev requires REGMAP
     - media: rc: bpf attach/detach requires write permission
     - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
     - xfrm: Remove inner/outer modes from output path
     - xfrm: Remove inner/outer modes from input path
     - [arm64] drm/msm: Wire up tlb ops
     - drm/prime: Support page array >= 4GB
     - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
     - drm/amd/display: Preserve original aspect ratio in create stream
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - ring-buffer: Clean ring_buffer_poll_wait() error return
     - nfp: flower: fix hardware offload for the transfer layer port
     - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
     - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
     - [powerpc*] pseries: fix accuracy of stolen time
     - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
       (CVE-2024-26603)
     - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
     - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
     - io_uring/net: fix multishot accept overflow handling
     - mmc: slot-gpio: Allow non-sleeping GPIO ro
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
     - ALSA: hda/conexant: Add quirk for SWS JS201D
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
     - crypto: ccp - Fix null pointer dereference in
       __sev_platform_shutdown_locked
     - nfp: use correct macro for LengthSelect in BAR config
     - nfp: flower: prevent re-adding mac index for bonded port
     - wifi: cfg80211: fix wiphy delayed work queueing
     - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
     - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
     - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
     - zonefs: Improve error handling
     - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
       detected by BIOS (Closes: #1056056)
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
     - fs: relax mount_setattr() permission checks
     - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
     - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
     - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
     - ceph: prevent use-after-free in encode_cap_msg()
     - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
       (CVE-2024-0841)
     - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
     - of: property: fix typo in io-channels
     - can: netlink: Fix TDCO calculation using the old data bittiming
     - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
     - can: j1939: Fix UAF in j1939_sk_match_filter during
       setsockopt(SO_J1939_FILTER)
     - pmdomain: core: Move the unused cleanup to a _sync initcall
     - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - tracing: Inform kmemleak of saved_cmdlines allocation
     - xfrm: Use xfrm_state selector for BEET input
     - xfrm: Silence warnings triggerable by bad packets
     - tls: fix NULL deref on tls_sw_splice_eof() with empty record
     - md: bypass block throttle for superblock update
     - wifi: mwifiex: Support SD8978 chipset
     - wifi: mwifiex: add extra delay for firmware ready
     - bus: moxtet: Add spi device table
     - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
     - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
     - [arm64] dts: qcom: sdm845: fix USB SS wakeup
     - [arm64] dts: qcom: sm8150: fix USB SS wakeup
     - wifi: mwifiex: fix uninitialized firmware_stat
     - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
     - block: fix partial zone append completion handling in req_bio_endio()
     - netfilter: ipset: fix performance regression in swap operation
     - netfilter: ipset: Missing gc cancellations fixed
     - nfsd: fix RELEASE_LOCKOWNER
     - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
     - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
     - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
     - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
     - smb: client: fix parsing of SMB3.1.1 POSIX create context
     - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
     - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
     - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
     - bpf: Remove trace_printk_lock
     - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
     - dmaengine: ioat: Free up __cleanup() name
     - apparmor: Free up __cleanup() name
     - locking: Introduce __cleanup() based infrastructure
     - kbuild: Drop -Wdeclaration-after-statement
     - sched/membarrier: reduce the ability to hammer on sys_membarrier
       (CVE-2024-26602)
     - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
     - nilfs2: fix potential bug in end_buffer_async_write
     - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
     - dm: limit the number of targets and parameter size area (CVE-2024-23851,
       CVE-2023-52429)
     - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
     - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
     - net/sched: Retire CBQ qdisc
     - net/sched: Retire ATM qdisc
     - net/sched: Retire dsmark qdisc
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - scsi: target: core: Add TMF to tmr_list handling
     - cifs: open_cached_dir should not rely on primary channel
     - wifi: cfg80211: fix missing interfaces when dumping
     - wifi: mac80211: fix race condition on enabling fast-xmit
     - fbdev: savage: Error out if pixclock equals zero
     - fbdev: sis: Error out if pixclock equals zero
     - block: Fix WARNING in _copy_from_iter
     - smb: Work around Clang __bdos() type confusion
     - cifs: translate network errors on send to -ECONNABORTED
     - ahci: asm1166: correct count of reported ports
     - aoe: avoid potential deadlock at set_capacity
     - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
     - [mips*] reserve exception vector space ONLY ONCE
     - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
       tablet
     - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
       bitmap corrupt
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_try_best_found()
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_find_by_goal()
     - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
       == 0
     - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
       edma_probe
     - [arm64] regulator: pwm-regulator: Add validity checks in continuous
       .get_voltage
     - nvmet-tcp: fix nvme tcp ida memory leak
     - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
     - ALSA: usb-audio: Check presence of valid altsetting control
     - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
     - Input: xpad - add Lenovo Legion Go controllers
     - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
       sctp_new
     - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
     - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
     - ALSA: usb-audio: Ignore clock selector errors for single connection
     - nvme-fc: do not wait in vain when unloading module
     - nvmet-fcloop: swap the list_add_tail arguments
     - nvmet-fc: release reference on target port
     - nvmet-fc: defer cleanup using RCU properly
     - nvmet-fc: hold reference on hostport match
     - nvmet-fc: abort command when there is no binding
     - nvmet-fc: avoid deadlock on delete association path
     - nvmet-fc: take ref count on tgtport before delete assoc
     - smb: client: increase number of PDUs allowed in a compound request
     - ext4: correct the hole length returned by ext4_map_blocks()
     - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
     - wifi: mac80211: set station RX-NSS on reconfig
     - wifi: mac80211: adding missing drv_mgd_complete_tx() call
     - efi: runtime: Fix potential overflow of soft-reserved region size
     - efi: Don't add memblocks for soft-reserved memory
     - [x86] hwmon: (coretemp) Enlarge per package core count limit
     - scsi: lpfc: Use unsigned type for num_sge
     - scsi: ufs: core: Remove the ufshcd_release() in
       ufshcd_err_handling_prepare()
     - firewire: core: send bus reset promptly on gap count error
     - drm/amdgpu: skip to program GFXDEC registers for suspend abort
     - drm/amdgpu: reset gpu for s3 suspend abort case
     - smb: client: set correct d_type for reparse points under DFS mounts
     - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
     - smb3: clarify mount warning
     - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
     - drm/ttm: Fix an invalid freeing on already freed page in error path
     - [s390x] cio: fix invalid -EBUSY on ccw_device_start
     - ata: libata-core: Do not try to set sleeping devices to standby
     - dm-crypt: recheck the integrity tag after a failure
     - dm-integrity: recheck the integrity tag after a failure
     - dm-crypt: don't modify the data when using authenticated encryption
     - dm-verity: recheck the hash after a failure
     - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
       window
     - scsi: target: pscsi: Fix bio_put() for error case
     - scsi: core: Consult supported VPD page list prior to fetching page
     - mm/swap: fix race when skipping swapcache
     - mm: memcontrol: clarify swapaccount=0 deprecation warning
     - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
     - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
       ACPI names
     - cachefiles: fix memory leak in cachefiles_add_cache()
     - md: Fix missing release of 'active_io' for flush
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
       its_sync_lpi_pending_table()
     - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
     - crypto: virtio/akcipher - Fix stack overflow on memcpy
     - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
     - irqchip/sifive-plic: Enable interrupt if needed before EOI
     - PCI/MSI: Prevent MSI hardware interrupt number truncation
     - l2tp: pass correct message length to ip6_append_data
     - [x86] returnthunk: Allow different return thunks
     - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
     - [x86] alternative: Make custom return thunk unconditional
     - dm-integrity, dm-verity: reduce stack usage for recheck
     - erofs: fix refcount on the metabuf used for inode lookup
     - serial: amba-pl011: Fix DMA transmission in RS485 mode
     - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
     - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
     - usb: roles: fix NULL pointer issue when put module's reference
     - usb: roles: don't get/set_role() when usb_role_switch is unregistered
     - mptcp: make userspace_pm_append_new_local_addr static
     - mptcp: add needs_id for userspace appending addr
     - mptcp: fix lockless access in subflow ULP diag
     - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
     - [amd64] IB/hfi1: Fix a memleak in init_credit_return
     - RDMA/bnxt_re: Return error for SRQ resize
     - RDMA/irdma: Fix KASAN issue with tasklet
     - RDMA/irdma: Validate max_send_wr and max_recv_wr
     - RDMA/irdma: Set the CQ read threshold for GEN 1
     - RDMA/irdma: Add AE for too many RNRS
     - RDMA/srpt: Support specifying the srpt_service_guid parameter
     - iommufd/iova_bitmap: Bounds check mapped::pages access
     - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
     - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
     - RDMA/qedr: Fix qedr_create_user_qp error flow
     - [arm64] dts: rockchip: set num-cs property for spi on px30
     - RDMA/srpt: fix function pointer cast warnings
     - bpf, scripts: Correct GPL license name
     - scsi: smartpqi: Fix disable_managed_interrupts
     - net: bridge: switchdev: Skip MDB replays of deferred events on offload
     - net: bridge: switchdev: Ensure deferred event delivery on unoffload
     - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
       check_estalblished().
     - nouveau: fix function cast warnings
     - [x86] numa: Fix the address overlap check in numa_fill_memblks()
     - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
     - net: stmmac: Fix incorrect dereference in interrupt handlers
     - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
     - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
     - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
     - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
     - afs: Increase buffer size in afs_update_volume_status()
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
     - net: dev: Convert sa_data to flexible array in struct sockaddr
     - [arm64] sme: Restore SME registers on exit from suspend
     - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
       converted
     - [s390x] use the correct count for __iowrite64_copy()
     - bpf, sockmap: Fix NULL pointer dereference in
       sk_psock_verdict_data_ready()
     - tls: break out of main loop when PEEK gets a non-data record
     - tls: stop recv() if initial process_rx_list gave us non-DATA
     - tls: don't skip over different type records from the rx_list
     - netfilter: nf_tables: set dormant flag on hook register failure
     - netfilter: flowtable: simplify route logic
     - netfilter: nft_flow_offload: reset dst in route object after setting up
       flow
     - netfilter: nft_flow_offload: release dst in case direct xmit path is used
     - netfilter: nf_tables: rename function to destroy hook list
     - netfilter: nf_tables: register hooks last when adding new chain/flowtable
     - netfilter: nf_tables: use kzalloc for hook allocation
     - net: mctp: put sock on tag allocation failure
     - Fix write to cloned skb in ipv6_hop_ioam()
     - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
     - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
       set
     - drm/amd/display: Fix memory leak in dm_sw_fini()
     - [arm64,armhf] i2c: imx: when being a target, mark the last read as
       processed
     - erofs: simplify compression configuration parser
     - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
     - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
     - mm: zswap: fix missing folio cleanup in writeback race path
     - mptcp: userspace pm send RM_ADDR for ID 0
     - mptcp: add needs_id for netlink appending addr
     - ata: ahci: add identifiers for ASM2116 series adapters
     - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
     - arp: Prevent overflow in arp_req_get().
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
     - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
     - [arm64] drm/meson: fix unbind path if HDMI fails to bind
     - [arm64] drm/meson: Don't remove bridges which are created by other drivers
     - scsi: core: Add struct for args to execution functions
     - scsi: sd: usb_storage: uas: Access media prior to querying device
       properties
     - af_unix: Fix task hung while purging oob_skb in GC.
     - of: overlay: Reorder struct fragment fields kerneldoc
     - usb: gadget: Properly configure the device for remote wakeup
     - Input: xpad - add constants for GIP interface numbers
     - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
     - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
     - RDMA/core: Fix multiple -Warray-bounds warnings
     - mm: huge_memory: don't force huge page alignment on 32 bit
       (CVE-2024-26621) (Closes: #1024149)
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
     - netlink: add nla be16/32 types to minlen array
     - net: ip_tunnel: prevent perpetual headroom growth
     - net: mctp: take ownership of skb in mctp_local_output
     - tun: Fix xdp_rxq_info's queue_index when detaching
     - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
       back
     - net: veth: clear GRO when clearing XDP even when down
     - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
     - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
       detected
     - veth: try harder when allocating queue memory
     - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
     - net: lan78xx: fix "softirq work is pending" error
     - uapi: in6: replace temporary label with rfc9486
     - stmmac: Clear variable when destroying workqueue
     - Bluetooth: hci_sync: Check the correct flag before starting a scan
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
     - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
     - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
     - Bluetooth: Enforce validation on max value of connection interval
     - Bluetooth: qca: Fix wrong event type for patch config command
     - Bluetooth: hci_qca: mark OF related data as maybe unused
     - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
     - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
     - Bluetooth: btqca: Add WCN3988 support
     - Bluetooth: qca: use switch case for soc type behavior
     - Bluetooth: qca: add support for WCN7850
     - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
     - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
     - netfilter: let reset rules clean out conntrack entries
     - netfilter: bridge: confirm multicast packets before passing them up the
       stack
     - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
     - igb: extend PTP timestamp adjustments to i211
     - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
     - tls: decrement decrypt_pending if no async completion will be called
     - tls: fix peeking with sync+async decryption
     - efi/capsule-loader: fix incorrect allocation size
     - ALSA: Drop leftover snd-rtctimer stuff from Makefile
     - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
       display
     - fbcon: always restore the old font data in fbcon_do_set_font()
     - afs: Fix endless loop in directory parsing
     - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
     - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
     - ALSA: firewire-lib: fix to check cycle continuity
     - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
     - landlock: Fix asymmetric private inodes referring
     - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
     - wifi: nl80211: reject iftype change with mesh ID change
     - btrfs: fix double free of anonymous device after snapshot creation failure
     - btrfs: dev-replace: properly validate device names
     - btrfs: send: don't issue unnecessary zero writes for trailing hole
     - Revert "drm/amd/pm: resolve reboot exception for si oland"
     - drm/buddy: fix range bias
     - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
     - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
     - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
     - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
     - mmc: core: Fix eMMC initialization with 1-bit bus connection
     - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
     - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
     - efivarfs: Request at most 512 bytes for variable names
     - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
     - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
     - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
     - mptcp: fix data races on local_id
     - mptcp: fix data races on remote_id
     - mptcp: fix duplicate subflow creation
     - mptcp: continue marking the first subflow as UNCONNECTED
     - mptcp: map v4 address to v6 when destroying subflow
     - mptcp: push at DSS boundaries
     - mptcp: fix snd_wnd initialization for passive socket
     - mptcp: fix double-free on socket dismantle
     - mptcp: fix possible deadlock in subflow diag
     - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
     - RDMA/core: Update CMA destination address on rdma_resolve_addr
     - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
     - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
     - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
     - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
     - [x86] boot/compressed: Move efi32_pe_entry into .text section
     - [x86] boot/compressed: Move efi32_entry out of head_64.S
     - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
     - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
       into one
     - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
     - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
     - [x86] boot/compressed: Pull global variable reference into
       startup32_load_idt()
     - [x86] boot/compressed: Move startup32_load_idt() into .text section
     - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
     - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
     - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
     - [x86] boot/compressed: Adhere to calling convention in
       get_sev_encryption_bit()
     - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
     - efi: verify that variable services are supported
     - [x86] efi: Make the deprecated EFI handover protocol optional
     - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
     - [x86] efistub: Branch straight to kernel entry point from C code
     - [x86] decompressor: Store boot_params pointer in callee save register
     - [x86] decompressor: Assign paging related global variables earlier
     - [x86] decompressor: Call trampoline as a normal function
     - [x86] decompressor: Use standard calling convention for trampoline
     - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
     - [x86] decompressor: Call trampoline directly from C code
     - [x86] decompressor: Only call the trampoline when changing paging levels
     - [x86] decompressor: Pass pgtable address to trampoline directly
     - [x86] decompressor: Merge trampoline cleanup with switching code
     - [x86] decompressor: Move global symbol references to C code
     - decompress: Use 8 byte alignment
     - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
     - NFS: Fix data corruption caused by congestion.
     - NFSD: Simplify READ_PLUS
     - NFSD: Remove redundant assignment to variable host_err
     - nfsd: ignore requests to disable unsupported versions
     - nfsd: move nfserrno() to vfs.c
     - nfsd: allow disabling NFSv2 at compile time
     - exportfs: use pr_debug for unreachable debug statements
     - NFSD: Flesh out a documenting comment for filecache.c
     - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
     - NFSD: Trace stateids returned via DELEGRETURN
     - NFSD: Trace delegation revocations
     - NFSD: Use const pointers as parameters to fh_ helpers
     - NFSD: Update file_hashtbl() helpers
     - NFSD: Clean up nfsd4_init_file()
     - NFSD: Add a nfsd4_file_hash_remove() helper
     - NFSD: Clean up find_or_add_file()
     - NFSD: Refactor find_file()
     - NFSD: Use rhashtable for managing nfs4_file objects
     - NFSD: Fix licensing header in filecache.c
     - filelock: add a new locks_inode_context accessor function
     - lockd: use locks_inode_context helper
     - nfsd: use locks_inode_context helper
     - nfsd: fix up the filecache laundrette scheduling
     - NFSD: Use struct_size() helper in alloc_session()
     - lockd: set missing fl_flags field when retrieving args
     - lockd: ensure we use the correct file descriptor when unlocking
     - lockd: fix file selection in nlmsvc_cancel_blocked
     - trace: Relocate event helper files
     - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
     - NFSD: add support for sending CB_RECALL_ANY
     - NFSD: add delegation reaper to react to low memory condition
     - NFSD: add CB_RECALL_ANY tracepoints
     - NFSD: Use only RQ_DROPME to signal the need to drop a reply
     - NFSD: Avoid clashing function prototypes
     - NFSD: Use set_bit(RQ_DROPME)
     - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
       time
     - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
     - nfsd: don't destroy global nfs4_file table in per-net shutdown
     - [arm64] efi: Limit allocations to 48-bit addressable physical region
     - efi: efivars: prevent double registration
     - [x86] efistub: Simplify and clean up handover entry code
     - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
     - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
     - efi/libstub: Add memory attribute protocol definitions
     - efi/libstub: Add limit argument to efi_random_alloc()
     - [x86] efistub: Perform 4/5 level paging switch from the stub
     - [x86] decompressor: Factor out kernel decompression and relocation
     - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
     - [x86] efistub: Perform SNP feature test while running in the firmware
     - [x86] efistub: Avoid legacy decompressor when doing EFI boot
     - [x86] efi/x86: Avoid physical KASLR on older Dell systems
     - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
     - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
     - [x86] boot: efistub: Assign global boot_params variable
     - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
       boot_params->hdr.loadflags
     - af_unix: Drop oob_skb ref before purging queue in GC.
     - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
       dashes
     - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
       SR-IOV
     - gpio: 74x164: Enable output pins after registers are reset
     - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
     - gpio: fix resource unwinding order in error path
     - block: define bvec_iter as __packed __aligned(4)
     - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
     - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
     - [x86] bugs: Add asm helpers for executing VERW
     - [x86] entry_64: Add VERW just before userspace transition
     - [x86] entry_32: Add VERW just before userspace transition
     - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
     - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
     - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
     - bpf: Add table ID to bpf_fib_lookup BPF helper
     - bpf: Derive source IP addr via bpf_*_fib_lookup()
     - [x86] efistub: Give up if memory attribute protocol returns an error
     - xen/events: close evtchn after mapping cleanup
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
     - ceph: switch to corrected encoding of max_xattr_size in mdsmap
     - net: lan78xx: fix runtime PM count underflow on link stop
     - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
     - i40e: disable NAPI right after disabling irqs when handling xsk_pool
     - ice: reorder disabling IRQ and NAPI in ice_qp_dis
     - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
     - geneve: make sure to pull inner header in geneve_rx()
     - ice: virtchnl: stop pretending to support RSS over AQ or registers
     - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
     - igc: avoid returning frame twice in XDP_REDIRECT
     - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
     - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
     - net: dsa: microchip: fix register write order in ksz8_ind_write8()
     - net/rds: fix WARNING in rds_conn_connect_if_down
     - netfilter: nft_ct: fix l3num expectations with inet pseudo family
     - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
     - erofs: apply proper VMA alignment for memory mapped files on THP
     - netrom: Fix a data-race around sysctl_netrom_default_path_quality
     - netrom: Fix a data-race around
       sysctl_netrom_obsolescence_count_initialiser
     - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
     - netrom: Fix a data-race around sysctl_netrom_transport_timeout
     - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
     - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
     - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
     - netrom: Fix a data-race around
       sysctl_netrom_transport_requested_window_size
     - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
     - netrom: Fix a data-race around sysctl_netrom_routing_control
     - netrom: Fix a data-race around sysctl_netrom_link_fails_count
     - netrom: Fix data-races around sysctl_net_busy_read
     - [s390x] KVM: s390: add stat counter for shadow gmap events
     - [s390x] KVM: s390: vsie: fix race during shadow creation
     - drm/amd/display: Fix uninitialized variable usage in core_link_
       'read_dpcd() & write_dpcd()' functions
     - nfp: flower: add goto_chain_index for ct entry
     - nfp: flower: add hardware offload check for post ct entry
     - readahead: avoid multiple marked readahead pages
     - xhci: process isoc TD properly when there was a transaction error mid TD.
     - xhci: handle isoc Babble and Buffer Overrun events properly
     - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
     - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
       (CVE-2023-28746):
       + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
       + Documentation/hw-vuln: Add documentation for RFDS
       + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
       + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
     - drm/amd/display: Wrong colorimetry workaround
     - drm/amd/display: Fix MST Null Ptr for RV
     - getrusage: add the "signal_struct *sig" local variable
     - getrusage: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - getrusage: use __for_each_thread()
     - getrusage: use sig->stats_lock rather than lock_task_sighand()
     - fs/proc: do_task_stat: use __for_each_thread()
     - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
       stats
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 19
   * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
   * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
   * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
   * [x86] efistub: Don't clear BSS twice in mixed mode
   * efi: fix panic in kdump kernel
   * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
     higher address
   * efi/libstub: Cast away type warning in use of max()
   * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     (CVE-2023-6270)
   * wifi: ath10k: fix NULL pointer dereference in
     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
   * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     (CVE-2024-22099)
   * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
   * [rt] Update to 6.1.82-rt27
linux (6.1.85-1) bookworm-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
     - md: fix data corruption for raid456 when reshape restart while grow up
     - md/raid10: prevent soft lockup while flush writes
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - nfsd: allow nfsd_file_get to sanely handle a NULL pointer
     - nfsd: don't open-code clear_and_wake_up_bit
     - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
     - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
     - nfsd: don't kill nfsd_files because of lease break error
     - nfsd: add some comments to nfsd_file_do_acquire
     - nfsd: don't take/put an extra reference when putting a file
     - nfsd: update comment over __nfsd_file_cache_purge
     - nfsd: allow reaping files still under writeback
     - NFSD: Convert filecache to rhltable
     - nfsd: simplify the delayed disposal list code
     - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
     - NFSD: Add an nfsd4_encode_nfstime4() helper
     - nfsd: Fix creation time serialization order
     - [arm64] media: rkisp1: Fix IRQ handling due to shared interrupts
     - perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child
       count)
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
     - [x86] xen: Add some null pointer checking to smp.c
     - [mips*] Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - [arm64] sve: Lower the maximum allocation for the SVE ptrace regset
     - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - [arm64] dts: Fix dtc interrupt_provider warnings
     - btrfs: fix data races when accessing the reserved amount of block reserves
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
     - net: smsc95xx: add support for SYS TEC USB-SPEmodule1
     - wifi: mac80211: only call drv_sta_rc_update for uploaded stations
     - [x86] ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
     - Bluetooth: mgmt: Fix limited discoverable off timeout
     - firewire: core: use long bus reset on gap count error
     - [arm64] tegra: Set the correct PHY mode for MGBE
     - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
       tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - [x86] ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - [x86] ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - [x86] ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - fs: Fix rw_hint validation
     - [s390x] dasd: add autoquiesce feature
     - [s390x] dasd: Use dev_*() for device log messages
     - [s390x] dasd: fix double module refcount decrement
     - rcu/exp: Fix RCU expedited parallel grace period kworker allocation
       failure recovery
     - rcu/exp: Handle RCU expedited grace period kworker allocation failure
     - nbd: null check for nla_nest_start
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
     - io_uring/net: move receive multishot out of the generic msghdr path
     - io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
     - [x86] resctrl: Implement new mba_MBps throttling heuristic
     - [x86] sme: Fix memory encryption setting if enabled by default and not
       overridden
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_smt()
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: do not realloc workqueue everytime an interface is added
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - libbpf: Apply map_set_def_max_entries() for inner_maps on creation
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - libbpf: Fix faccessat() usage on Android
     - pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
     - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - gpio: vf610: allow disabling the vf610 driver
     - [arm64] dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - wifi: wfx: fix memory leak when starting AP
     - printk: Disable passing console lock owner completely during panic()
     - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
     - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
     - tools/resolve_btfids: Fix cross-compilation to non-host endianness
     - wifi: iwlwifi: mvm: don't set replay counters to 0xff
     - [s390x] pai: fix attr_event_free upper limit for pai device drivers
     - [s390x] vdso: drop '-fPIC' from LDFLAGS
     - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
     - [arm64] dts: mt8183: kukui: Split out keyboard node and describe
       detachables
     - [arm64] dts: mt8183: Move CrosEC base detection node to kukui-based DTs
     - [arm64] dts: mediatek: mt7986: add "#reset-cells" to infracfg
     - [arm64] dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
     - [arm64] dts: mediatek: mt8192: fix vencoder clock name
     - [arm64] dts: mediatek: mt7622: add missing "device_type" to memory nodes
     - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
     - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
       interfaces
     - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
     - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
     - [amd64] iommu/amd: Mark interrupt as managed
     - wifi: brcmsmac: avoid function pointer casts
     - [arm64] dts: qcom: sdm845-db845c: correct PCIe wake-gpios
     - [arm64] dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs
     - [arm64] dts: qcom: sm8150: correct PCIe wake-gpios
     - powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
     - net: ena: Remove ena_select_queue
     - [arm64] dts: mt8195-cherry-tomato: change watchdog reset boot flow
     - firmware: arm_scmi: Fix double free in SMC transport cleanup path
     - wifi: wilc1000: revert reset line logic flip
     - net: mctp: copy skb ext data when fragmenting
     - pstore: inode: Convert mutex usage to guard(mutex)
     - pstore: inode: Only d_invalidate() is needed
     - [arm64] dts: allwinner: h6: Add RX DMA channel for SPDIF
     - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
     - ACPI: resource: Do IRQ override on Lunnen Ground laptops
     - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
     - ACPI: scan: Fix device check notification handling
     - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
     - SUNRPC: fix some memleaks in gssx_dec_option_array
     - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
       .remove function
     - ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
     - wifi: rtw88: 8821c: Fix beacon loss and disconnect
     - wifi: rtw88: 8821c: Fix false alarm count
     - PCI: Make pci_dev_is_disconnected() helper public for other drivers
     - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
       disconnected
     - igb: Fix missing time sync events
     - Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
     - Bluetooth: mgmt: Remove leftover queuing of power_off work
     - Bluetooth: Remove superfluous call to hci_conn_check_pending()
     - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
     - Bluetooth: Cancel sync command before suspend and power off
     - Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
     - Bluetooth: hci_conn: Consolidate code for aborting connections
     - Bluetooth: hci_core: Cancel request on command timeout
     - Bluetooth: hci_sync: Fix overwriting request callback
     - Bluetooth: hci_core: Fix possible buffer overflow
     - Bluetooth: af_bluetooth: Fix deadlock
     - Bluetooth: fix use-after-free in accessing skb after sending it
     - [s390x] cache: prevent rebuild of shared_cpu_list
     - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
     - bpf: Fix hashtab overflow check on 32-bit arches
     - bpf: Fix stackmap overflow check on 32-bit arches
     - [amd64] iommu/vt-d: Retrieve IOMMU perfmon capability information
     - ipv6: fib6_rules: flush route cache when rule is changed
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
     - net: phy: fix phy_get_internal_delay accessing an empty array
     - [arm64] net: hns3: fix wrong judgment condition issue
     - [arm64] net: hns3: fix kernel crash when 1588 is received on HIP08 devices
     - [arm64] net: hns3: fix port duplex configure error in IMP reset
     - Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH
     - Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
     - Bluetooth: Fix eir name length
     - net: phy: dp83822: Fix RGMII TX delay configuration
     - OPP: debugfs: Fix warning around icc_get_name()
     - tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
       function
     - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
       function
     - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
       function
     - udp: fix incorrect parameter validation in the udp_lib_getsockopt()
       function
     - net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
       function
     - nfp: flower: handle acti_netdevs allocation failure
     - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
     - dm raid: fix false positive for requeue needed during reshape
     - dm: call the resume method on internal suspend
     - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
     - [arm64,armhf] drm/tegra: dpaux: Fix PM disable depth imbalance in
       tegra_dpaux_probe
     - [arm64,armhf] drm/tegra: dsi: Make use of the helper function
       dev_err_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
       tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
       error handling path of tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
     - [arm64,armhf] drm/tegra: hdmi: Fix some error handling paths in
       tegra_hdmi_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix some error handling paths in
       tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix missing clk_put() in the error handling
       paths of tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
       error handling paths of tegra_output_probe()
     - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
     - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
     - drm/panel-edp: use put_sync in unprepare
     - drm/lima: fix a memleak in lima_heap_alloc
     - [x86] ASoC: amd: acp: Add missing error handling in sof-mach
     - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
     - media: tc358743: register v4l2 async device only after successful setup
     - PCI/DPC: Print all TLP Prefixes, not just the first
     - perf record: Fix possible incorrect free in record__switch_output()
     - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
     - drm/amd/display: Fix a potential buffer overflow in
       'dp_dsc_clock_en_read()'
     - drm/amd/display: Fix potential NULL pointer dereferences in
       'dcn10_set_output_transfer_func()'
     - pinctrl: renesas: r8a779g0: Add Audio SSI pins, groups, and functions
     - pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
     - clk: samsung: exynos850: Propagate SPI IPCLK rate change
     - perf evsel: Fix duplicate initialization of data->id in
       evsel__parse_sample()
     - clk: meson: Add missing clocks to axg_clk_regmaps
     - media: em28xx: annotate unchecked call to media_device_register()
     - media: v4l2-tpg: fix some memleaks in tpg_alloc
     - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
     - media: edia: dvbdev: fix a use-after-free
     - clk: qcom: reset: Commonize the de/assert functions
     - clk: qcom: reset: Ensure write completion on reset de/assertion
     - quota: simplify drop_dquot_ref()
     - quota: Fix potential NULL pointer dereference
     - quota: Fix rcu annotations of inode dquot pointers
     - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
     - crypto: xilinx - call finalize with bh disabled
     - perf thread_map: Free strlist on normal path in
       thread_map__new_by_tid_str()
     - [arm64] drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
     - [arm64] drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
       enabled
     - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
     - ALSA: seq: fix function cast warnings
     - perf stat: Avoid metric-only segv
     - [arm64,armhf] ASoC: meson: aiu: fix function pointer type mismatch
     - [arm64,armhf] ASoC: meson: t9015: fix function pointer type mismatch
     - [powerpc*] Force inlining of arch_vmap_p{u/m}d_supported()
     - [x86] ASoC: SOF: Introduce container struct for SOF firmware
     - [x86] ASoC: SOF: Add some bounds checking to firmware data
     - NTB: EPF: fix possible memory leak in pci_vntb_probe()
     - NTB: fix possible name leak in ntb_register_device()
     - media: cedrus: h265: Associate mv col buffers with buffer
     - media: cedrus: h265: Fix configuring bitstream size
     - media: sun8i-di: Fix coefficient writes
     - media: sun8i-di: Fix power on/off sequences
     - media: sun8i-di: Fix chroma difference threshold
     - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
     - media: go7007: add check of return value of go7007_read_addr()
     - media: pvrusb2: remove redundant NULL check
     - media: pvrusb2: fix pvr2_stream_callback casts
     - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
     - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
     - clk: hisilicon: hi3519: Release the correct number of gates in
       hi3519_clk_unregister()
     - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
     - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
       tegra_fb_create
     - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
     - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
       a ref
     - crypto: jitter - fix CRYPTO_JITTERENTROPY help text
     - drm/tidss: Fix initial plane zpos values
     - drm/tidss: Fix sync-lost issue with two displays
     - mtd: maps: physmap-core: fix flash size larger than 32-bit
     - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: fix mclk setup without
       mclk-fs
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: add frame rate constraint
     - HID: amd_sfh: Update HPD sensor structure elements
     - HID: amd_sfh: Avoid disabling the interrupt
     - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
     - media: pvrusb2: fix uaf in pvr2_context_set_notify
     - media: dvb-frontends: avoid stack overflow warnings with clang
     - media: go7007: fix a memleak in go7007_load_encoder
     - media: ttpci: fix two memleaks in budget_av_attach
     - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
     - gpio: nomadik: fix offset bug in nmk_pmx_set()
     - [powerpc*] pseries: Fix potential memleak in papr_get_attr()
     - [powerpc*] hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value
       checks
     - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
     - modules: wait do_free_init correctly
     - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
     - leds: aw2013: Unlock mutex before destroying it
     - leds: sgm3140: Add missing timer cleanup and flash gpio control
     - backlight: lm3630a: Initialize backlight_properties on init
     - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
     - backlight: da9052: Fully initialize backlight_properties during probe
     - backlight: lm3639: Fully initialize backlight_properties during probe
     - backlight: lp8788: Fully initialize backlight_properties during probe
     - clk: Fix clk_core_get NULL dereference
     - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
     - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
     - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
     - RDMA/irdma: Allow accurate reporting on QP max send/recv WR
     - RDMA/irdma: Remove duplicate assignment
     - RDMA/srpt: Do not register event handler until srpt device is fully setup
     - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
     - f2fs: compress: fix to guarantee persisting compressed blocks by CP
     - f2fs: compress: fix to cover normal cluster write with cp_rwsem
     - f2fs: compress: fix to check unreleased compressed cluster
     - f2fs: simplify __allocate_data_block
     - f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN
     - f2fs: delete obsolete FI_DROP_CACHE
     - f2fs: introduce get_dnode_addr() to clean up codes
     - f2fs: update blkaddr in __set_data_blkaddr() for cleanup
     - f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
     - f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
     - f2fs: fix to avoid potential panic during recovery
     - scsi: csiostor: Avoid function pointer casts
     - [arm64] RDMA/hns: Fix mis-modifying default congestion control algorithm
     - RDMA/device: Fix a race between mad_client and cm_client init
     - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
     - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
     - f2fs: compress: fix to check zstd compress level correctly in mount option
     - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
     - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
     - NFSv4.2: fix listxattr maximum XDR buffer size
     - f2fs: compress: fix to check compress flag w/ .i_sem lock
     - f2fs: check number of blocks in a current section
     - watchdog: stm32_iwdg: initialize default timeout
     - f2fs: ro: compress: fix to avoid caching unaligned extent
     - NFS: Fix an off by one in root_nfs_cat()
     - f2fs: convert to use sbi directly
     - f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
     - f2fs: compress: fix reserve_cblocks counting error when out of space
     - [x86] perf/x86/amd/core: Avoid register reset when CPU is dead
     - afs: Revert "afs: Hide silly-rename files from userspace"
     - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
     - io_uring/net: correct the type of variable
     - comedi: comedi_test: Prevent timers rescheduling during deletion
     - [armhf] remoteproc: stm32: use correct format strings on 64-bit
     - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
     - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
       stm32_rproc_get_loaded_rsc_tablef
     - usb: phy: generic: Get the vbus supply
     - tty: vt: fix 20 vs 0x20 typo in EScsiignore
     - serial: max310x: fix syntax error in IRQ error message
     - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
     - [arm64] dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
     - hwtracing: hisi_ptt: Move type check to the beginning of
       hisi_ptt_pmu_event_init()
     - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
     - serial: 8250_exar: Don't remove GPIO device on suspend
     - staging: greybus: fix get_channel_from_mode() failure path
     - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
     - nouveau: reset the bo resource bus info after an eviction
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
     - [s390x] vtime: fix average steal time calculation
     - net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)
     - soc: fsl: dpio: fix kcalloc() argument order
     - tcp: Fix refcnt handling in __inet_hash_connect().
     - hsr: Fix uninit-value access in hsr_get_node()
     - nvme: only set reserved_tags in nvme_alloc_io_tag_set for fabrics
       controllers
     - nvme: add the Apple shared tag workaround to nvme_alloc_io_tag_set
     - nvme: fix reconnection fail due to reserved tag allocation
     - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
     - net: ethernet: mtk_eth_soc: fix PPE hanging issue
     - packet: annotate data-races around ignore_outgoing
     - net: veth: do not manipulate GRO when using XDP
     - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
     - drm: Fix drm_fixp2int_round() making it add 0.5
     - vdpa_sim: reset must not run
     - vdpa/mlx5: Allow CVQ size changes
     - wireguard: receive: annotate data-race around receiving_counter.counter
     - rds: introduce acquire/release ordering in acquire/release_in_xmit()
     - hsr: Handle failures in module init
     - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
     - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
     - dm-integrity: fix a memory leak when rechecking the data
     - net/bnx2x: Prevent access to a freed page in page_pool
     - netfilter: nft_set_pipapo: release elements in clone only from destroy
       path (CVE-2024-26809)
     - netfilter: nf_tables: do not compare internal table flags on updates
     - rcu: add a helper to report consolidated flavor QS
     - net: report RCU QS on threaded NAPI repolling
     - bpf: report RCU QS in cpumap kthread
     - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
     - net: dsa: mt7530: fix handling of all link-local frames
     - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
     - dm: address indent/space issues
     - dm io: Support IO priority
     - dm-integrity: align the outgoing bio in integrity_recheck
     - [armhf] remoteproc: stm32: fix incorrect optional pointers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
     - [x86] cpu: Support AMD Automatic IBRS
     - [x86] bugs: Use sysfs_emit()
     - [x86] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
       leafs
     - [x86] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - [x86] KVM: x86: Use a switch statement and macros in __feature_translate()
     - timers: Update kernel-doc for various functions
     - timers: Use del_timer_sync() even on UP
     - timers: Rename del_timer_sync() to timer_delete_sync()
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
     - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
     - [arm64] dts: qcom: sc7280: Add additional MSI interrupts
     - [arm64,armhf] remoteproc: virtio: Fix wdg cannot recovery remote processor
     - [arm64] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
     - [armhf] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
     - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
     - serial: max310x: fix NULL pointer dereference in I2C instantiation
     - pci_iounmap(): Fix MMIO mapping leak
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
     - media: mc: Add local pad to pipeline regardless of the link state
     - media: mc: Fix flags handling when creating pad links
     - media: mc: Add num_links flag to media_pad
     - media: mc: Rename pad variable to clarify intent
     - media: mc: Expand MUST_CONNECT flag to always require an enabled link
     - KVM: Always flush async #PF workqueue when vCPU is being destroyed
     - [x86] cpufreq: amd-pstate: Fix min_perf assignment in
       amd_pstate_adjust_perf()
     - [powerpc*] smp: Adjust nr_cpu_ids to cover all threads of a core
     - [powerpc*] smp: Increase nr_cpu_ids to include the boot CPU
     - [x86] crypto: qat - fix double free during reset
     - [x86] crypto: qat - resolve race condition during AER recovery
     - ext4: correct best extent lstart adjustment logic
     - block: Clear zone limits for a non-zoned stacked queue
     - bounds: support non-power-of-two CONFIG_NR_CPUS
     - fat: fix uninitialized field in nostale filehandles
     - ubifs: Set page uptodate in the correct place
     - ubi: Check for too small LEB size in VTBL code
     - ubi: correct the calculation of fastmap size
     - md/raid5: fix atomicity violation in raid5_cache_count
     - cpufreq: Limit resolving a frequency to policy min/max
     - PM: suspend: Set mem_sleep_current during kernel command line setup
     - usb: xhci: Add error handling in xhci_map_urb_for_dma
     - [powerpc*] fsl: Fix mfpmr build errors with newer binutils
     - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
     - USB: serial: add device ID for VeriFone adapter
     - USB: serial: cp210x: add ID for MGP Instruments PDS100
     - USB: serial: option: add MeiG Smart SLM320 product
     - [x86] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
     - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
     - PM: sleep: wakeirq: fix wake irq warning in system suspend
     - mmc: tmio: avoid concurrent runs of mmc_request_done()
     - fuse: fix root lookup with nonzero generation
     - fuse: don't unhash root
     - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
     - serial: Lock console when calling into driver before registration
     - btrfs: qgroup: always free reserved space for extent records
     - btrfs: fix off-by-one chunk length calculation at
       contains_pending_extent()
     - PCI/PM: Drain runtime-idle callbacks before driver removal
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
     - dm-raid: fix lockdep waring in "pers->hot_add_disk"
     - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
     - mac802154: fix llsec key resources release in mac802154_llsec_key_del
     - swap: comments get_swap_device() with usage rule
     - mm: swap: fix race between free_swap_and_cache() and swapoff()
     - mmc: core: Fix switch on gp3 partition
     - [arm64,armhf] drm/etnaviv: Restore some id values
     - landlock: Warn once if a Landlock action is requested while disabled
     - hwmon: (amc6821) add of_match table
     - ext4: fix corruption during on-line resize
     - nvmem: meson-efuse: fix function pointer type mismatch
     - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
     - phy: tegra: xusb: Add API to retrieve the port number of phy
     - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
     - speakup: Fix 8bit characters from direct synth
     - PCI/AER: Block runtime suspend when handling errors
     - io_uring/net: correctly handle multishot recvmsg retry setup
     - nfs: fix UAF in direct writes
     - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
     - [arm64] PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP
       version
     - [arm64] PCI: qcom: Enable BDF to SID translation properly
     - [amd64,arm64] PCI: hv: Fix ring buffer size calculation
     - vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
     - vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
     - vfio/pci: Remove negative check on unsigned vector
     - vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
     - vfio/platform: Disable virqfds on cleanup
     - ksmbd: retrieve number of blocks using vfs_getattr in
       set_file_allocation_info
     - ring-buffer: Fix waking up ring buffer readers
     - ring-buffer: Do not set shortest_full when full target is hit
     - ring-buffer: Fix resetting of shortest_full
     - ring-buffer: Fix full_waiters_pending in poll
     - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
     - [s390x] zcrypt: fix reference counting on zcrypt card objects
     - drm/probe-helper: warn about negative .get_modes()
     - drm/panel: do not return negative error codes from drm_panel_get_modes()
     - [armhf] drm/exynos: do not return negative values from .get_modes()
     - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
     - [arm64,armhf] drm/vc4: hdmi: do not return negative values from
       .get_modes()
     - memtest: use {READ,WRITE}_ONCE in memory scanning
     - Revert "block/mq-deadline: use correct way to throttling write requests"
     - f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
     - f2fs: truncate page cache before clearing flags when aborting atomic write
     - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
     - nilfs2: prevent kernel bug at submit_bh_wbc()
     - cifs: open_cached_dir(): add FILE_READ_EA to desired access
     - cpufreq: dt: always allocate zeroed cpumask
     - [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
     - NFSD: Fix nfsd_clid_class use of __string_len() macro
     - net: hns3: tracing: fix hclgevf trace event strings
     - wireguard: netlink: check for dangling peer via is_dead instead of empty
       list
     - wireguard: netlink: access device through ctx instead of peer
     - ahci: asm1064: correct count of reported ports
     - ahci: asm1064: asm1166: don't limit reported ports
     - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
     - drm/amd/display: Return the correct HDCP error code
     - drm/amd/display: Fix noise issue on HDMI AV mute
     - dm snapshot: fix lockup in dm_exception_table_exit
     - [x86] pm: Work around false positive kmemleak report in
       msr_build_context()
     - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
       return value"
     - [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
       (Closes: #1065320)
     - tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout (CVE-2024-26643)
     - netfilter: nf_tables: disallow anonymous set with timeout flag
       (CVE-2024-26642)
     - netfilter: nf_tables: reject constant set with timeout
     - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
       memory
     - init/Kconfig: lower GCC version check for -Warray-bounds
     - [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
     - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
       svm_register_enc_region()
     - tracing: Use .flush() call to wake up readers
     - drm/amdgpu/pm: Fix the error of pwm1_enable setting
     - [x86] drm/i915: Check before removing mm notifier
     - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
       ALC897 platform
     - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
     - usb: gadget: ncm: Fix handling of zero block length packets
     - usb: port: Don't try to peer unused USB ports based on location
     - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
     - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
       suspend/resume
     - mei: me: add arrow lake point S DID
     - mei: me: add arrow lake point H DID
     - vt: fix unicode buffer corruption when deleting characters
     - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
     - ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
     - tee: optee: Fix kernel panic caused by incorrect error handling
     - mm, vmscan: prevent infinite loop for costly GFP_NOIO |
       __GFP_RETRY_MAYFAIL allocations
     - iio: accel: adxl367: fix DEVID read after reset
     - iio: accel: adxl367: fix I2C FIFO data register
     - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
     - drm/amd/display: handle range offsets in VRR ranges
     - [x86] efistub: Call mixed mode boot services on the firmware's stack
     - net: tls: handle backlogging of crypto requests (CVE-2024-26584)
     - [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
     - iommu: Avoid races around default domain allocations
     - clocksource/drivers/arm_global_timer: Fix maximum prescaler value
     - entry: Respect changes to system call number by trace_sys_enter()
     - minmax: add umin(a, b) and umax(a, b)
     - swiotlb: Fix alignment checks when both allocation and DMA masks are
       present
     - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
     - printk: Update @console_may_schedule in console_trylock_spinning()
     - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
     - irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
     - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
       on register's index
     - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
     - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
     - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
       type
     - [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
       address
     - [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
     - pwm: img: fix pwm clock lookup
     - tty: serial: imx: Fix broken RS485
     - block: Fix page refcounts for unaligned buffers in __bio_release_pages()
     - blk-mq: release scheduler resource when request completes
     - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
     - vfio: Introduce interface to flush virqfd inject workqueue
     - vfio/pci: Create persistent INTx handler (CVE-2024-26812)
     - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
     - vfio/fsl-mc: Block calling interrupt handler without trigger
       (CVE-2024-26814)
     - [x86] coco: Export cc_vendor
     - [x86] coco: Get rid of accessor functions
     - [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
     - [x86] sev: Fix position dependent variable references in startup code
     - mm/migrate: set swap entry values of THP tail pages properly.
     - init: open /initrd.image with O_LARGEFILE
     - [x86] efistub: Add missing boot_params for mixed mode compat entry
     - btrfs: zoned: don't skip block groups with 100% zone unusable
     - btrfs: zoned: use zone aware sb location for scrub
     - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
     - wifi: iwlwifi: fw: don't always use FW dump trig
     - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
     - hexagon: vmlinux.lds.S: handle attributes section
     - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
       HS200 mode
     - mmc: core: Initialize mmc_blk_ioc_data
     - mmc: core: Avoid negative index with array access
     - block: Do not force full zone append completion in req_bio_endio()
     - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
     - nouveau/dmem: handle kcalloc() allocation failure
     - net: ll_temac: platform_get_resource replaced by wrong function
     - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
     - [x86] drm/i915/bios: Tolerate devdata==NULL in
       intel_bios_encoder_supports_dp_dual_mode()
     - [x86] drm/i915/gt: Reset queue_priority_hint on parking
     - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
     - Revert "usb: phy: generic: Get the vbus supply"
     - usb: cdc-wdm: close race between read and workqueue
     - USB: UAS: return ENODEV when submit urbs fail with device not attached
     - usb: dwc3-am62: Rename private data
     - usb: dwc3-am62: fix module unload/reload behavior
     - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
       (CVE-2024-26654)
     - scsi: core: Fix unremoved procfs host directory regression
     - staging: vc04_services: changen strncpy() to strscpy_pad()
     - staging: vc04_services: fix information leak in create_component()
     - USB: core: Add hub_get() and hub_put() routines
     - USB: core: Fix deadlock in port "disable" sysfs attribute
     - scsi: sd: Fix TCG OPAL unlock on system resume
     - usb: dwc2: host: Fix remote wakeup from hibernation
     - usb: dwc2: host: Fix hibernation flow
     - usb: dwc2: host: Fix ISOC flow in DDMA mode
     - usb: dwc2: gadget: Fix exiting from clock gating
     - usb: dwc2: gadget: LPM flow fix
     - usb: udc: remove warning when queue disabled ep
     - usb: typec: Return size of buffer if pd_set operation succeeds
     - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
     - usb: typec: ucsi: Ack unsupported commands
     - usb: typec: ucsi_acpi: Refactor and fix DELL quirk
     - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
     - scsi: qla2xxx: Prevent command send on chip reset
     - scsi: qla2xxx: Fix N2N stuck connection
     - scsi: qla2xxx: Split FCE|EFT trace control
     - scsi: qla2xxx: Update manufacturer detail
     - scsi: qla2xxx: NVME|FCP prefer flag not being honored
     - scsi: qla2xxx: Fix command flush on cable pull
     - scsi: qla2xxx: Fix double free of fcport
     - scsi: qla2xxx: Change debug message during driver unload
     - scsi: qla2xxx: Delay I/O Abort on PCI error
     - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
     - tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
     - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
     - scsi: lpfc: Correct size for wqe for memset()
     - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
     - scsi: libsas: Fix disk not being scanned in after being removed
     - [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
     - USB: core: Fix deadlock in usb_deauthorize_interface()
     - tools/resolve_btfids: fix build with musl libc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
     - scripts/bpf_doc: Use silent mode when exec make cmd
     - dma-buf: Fix NULL pointer dereference in sanitycheck()
     - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
     - mlxbf_gige: stop PHY during open() error paths
     - wifi: iwlwifi: mvm: rfi: fix potential response leaks
     - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
     - [s390x] qeth: handle deferred cc1
     - tcp: properly terminate timers for kernel sockets
     - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
     - [arm64] net: hns3: fix index limit to support all queue stats
     - [arm64] net: hns3: fix kernel crash when devlink reload during pf
       initialization
     - [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
     - tls: recv: process_rx_list shouldn't use an offset with kvec
     - tls: adjust recv return with async crypto and failed copy to userspace
     - tls: get psock ref after taking rxlock to avoid leak
     - mlxbf_gige: call request_irq() after NAPI initialized
     - bpf: Protect against int overflow for stack access size
     - cifs: Fix duplicate fscache cookie warnings
     - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
     - inet: inet_defrag: prevent sk release while still in use
     - dm integrity: fix out-of-range warning
     - [x86] cpufeatures: Add new word for scattered features
     - [x86] perf/x86/amd/lbr: Use freeze based on availability
     - [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
     - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
     - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
       word
     - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
     - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
     - Bluetooth: qca: fix device-address endianness
     - Bluetooth: add quirk for broken address properties
     - Bluetooth: hci_event: set the conn encrypted before conn establishes
     - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
       CVE-2024-24858)
     - xen-netfront: Add missing skb_mark_for_recycle
     - net/rds: fix possible cp null dereference
     - net: usb: ax88179_178a: avoid the interface always configured as random
       address
     - vsock/virtio: fix packet delivery to tap device
     - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
       mapped."
     - netfilter: nf_tables: reject new basechain after table flag update
     - netfilter: nf_tables: flush pending destroy work before exit_net release
     - netfilter: nf_tables: Fix potential data-race in
       __nft_flowtable_type_get()
     - netfilter: validate user input for expected length
     - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
     - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
     - net/sched: act_skbmod: prevent kernel-infoleak
     - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
     - net: stmmac: fix rx queue priority assignment
     - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
     - net: phy: micrel: Fix potential null pointer dereference
     - gro: fix ownership transfer
     - [x86] bugs: Fix the SRSO mitigation on Zen3/4
     - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
       for !SRSO
     - i40e: Fix VF MAC filter removal
     - erspan: make sure erspan_base_hdr is present in skb->head
     - ipv6: Fix infinite recursion in fib6_dump_done().
     - mlxbf_gige: stop interface during shutdown
     - r8169: skip DASH fw status checks when DASH is disabled
     - udp: do not accept non-tunnel GSO skbs landing in a tunnel
     - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
     - udp: prevent local UDP tunnel packets from being GROed
     - i40e: fix i40e_count_filters() to count only active/new filters
     - i40e: fix vf may be used uninitialized in this function warning
     - drm/amd: Evict resources during PM ops prepare() callback
     - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
     - drm/amd: Flush GFXOFF requests in prepare stage
     - i40e: Store the irq number in i40e_q_vector
     - i40e: Remove _t suffix from enum type names
     - i40e: Enforce software interrupt during busy-poll exit
     - r8169: use spinlock to protect mac ocp register access
     - r8169: use spinlock to protect access to registers Config2 and Config5
     - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
     - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
       non-wildcard addresses.
     - drivers: net: convert to boolean for the mac_managed_pm flag
     - net: fec: Set mac_managed_pm during probe
     - [x86] KVM: SVM: enhance info printk's in SEV init
     - [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
     - [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
     - [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
     - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
     - 9p: Fix read/write debug statements to report server reply
     - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
     - drm/panfrost: fix power transition timeout warnings
     - ASoC: rt5682-sdw: fix locking sequence
     - [x86] ASoC: rt711-sdca: fix locking sequence
     - ASoC: rt711-sdw: fix locking sequence
     - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
     - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
     - scsi: mylex: Fix sysfs buffer lengths
     - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
     - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
     - ata: sata_mv: Fix PCI device ID table declaration compilation warning
     - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
     - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
     - ksmbd: don't send oplock break if rename fails
     - ksmbd: validate payload size in ipc response (CVE-2024-26811)
     - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
     - ALSA: hda/realtek - Fix inactive headset mic jack
     - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
       microphone
     - driver core: Introduce device_link_wait_removal()
     - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
     - [x86] mm/pat: fix VM_PAT handling in COW mappings
     - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
     - [x86] coco: Require seeding RNG with RDRAND on CoCo systems
     - [s390x] entry: align system call table on 8 bytes
     - smb3: retrying on failed server close
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - smb: client: fix potential UAF in cifs_stats_proc_write()
     - smb: client: fix potential UAF in cifs_stats_proc_show()
     - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_valid_lease_break()
     - smb: client: fix potential UAF in is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_network_name_deleted()
     - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
     - mptcp: don't account accept() of non-MPC client as fallback to TCP
     - mm/secretmem: fix GUP-fast succeeding on secretmem folios
     - nvme: fix miss command type check
     - [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - [x86] syscall: Don't force use of indirect calls for system calls
     - [x86] Mitigate Native Branch History Injection vulnerability
       (CVE-2024-2201):
       + [x86] bhi: Add support for clearing branch history at syscall entry
       + [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
       + [x86] bhi: Enumerate Branch History Injection (BHI) bug
       + [x86] bhi: Add BHI mitigation knob
       + [x86] bhi: Mitigate KVM by default
       + [x86] KVM: x86: Add BHI_NO
       + [x86] set SPECTRE_BHI_ON as default
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 20
   * Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
     changes in 6.1.84)
   * [rt] Refresh "serial: 8250: implement write_atomic"
   * Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
   * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
     (Closes: #1068770)
   * Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
     properties" (Closes: #1068675)
   * Revert "scsi: core: Add struct for args to execution functions"
   * scsi: sd: usb_storage: uas: Access media prior to querying device properties
linux (6.1.82-1) bookworm; urgency=medium
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
     - [arm64] irq: set the correct node for VMAP stack
     - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - [powerpc*] Fix build error due to is_valid_bugaddr()
     - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
     - [x86] boot: Ignore NMIs during very early boot
     - [powerpc*] pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - [powerpc*] lib: Validate size for vector operations
     - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
       kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - UBSAN: array-index-out-of-bounds in dtSplitRoot
     - jfs: fix slab-out-of-bounds Read in dtSearch
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - jfs: fix uaf in jfs_evict_inode
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - erofs: fix ztailpacking for subpage compressed blocks
     - [armhf] crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
     - [s390x] ptrace: handle setting of fpc register correctly
     - [s390x] KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
       (CVE-2023-52622)
     - wifi: rt2x00: restart beacon queue when hardware reset
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - [arm64] soc: xilinx: Fix for call trace due to the usage of
       smp_processor_id()
     - [arm64] soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
       early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
       (CVE-2023-52621)
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
       path
     - block: prevent an integer overflow in bvec_try_merge_hw_page
     - md: Whenassemble the array, consult the superblock of the freshest device
     - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
     - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
     - ice: fix pre-shifted bit usage
     - [arm64] dts: amlogic: fix format for s4 uart node
     - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
     - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
     - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
     - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
     - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
     - Bluetooth: hci_sync: fix BR/EDR wakeup bug
     - Bluetooth: L2CAP: Fix possible multiple reject send
     - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
     - i40e: Fix VF disable behavior to block all traffic
     - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
     - f2fs: fix to check return value of f2fs_reserve_new_block()
     - ALSA: hda: Refer to correct stream index at loops
     - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
     - fast_dput(): handle underflows gracefully
     - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
     - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
     - drm/amd/display: Fix tiled display misalignment
     - f2fs: fix write pointers on zoned device after roll forward
     - [x86] ASoC: amd: Add new dmi entries for acp5x platform
     - drm/drm_file: fix use of uninitialized variable
     - drm/framebuffer: Fix use of uninitialized variable
     - drm/mipi-dsi: Fix detach call without attach
     - media: stk1160: Fixed high volume of stk1160_dbg messages
     - [arm64,armhf]  media: rockchip: rga: fix swizzling for RGB formats
     - PCI: add INTEL_HDA_ARL to pci_ids.h
     - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
     - [arm64] media: rkisp1: Drop IRQF_SHARED
     - [arm64] media: rkisp1: Fix IRQ handler return values
     - [arm64] media: rkisp1: Store IRQ lines
     - [arm64] media: rkisp1: Fix IRQ disable race issue
     - hwmon: (nct6775) Fix fan speed set failure in automatic mode
     - f2fs: fix to tag gcing flag on page during block migration
     - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
       time
     - IB/ipoib: Fix mcast list locking
     - media: ddbridge: fix an error code problem in ddb_probe
     - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
     - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
     - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
     - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
     - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
     - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
     - drm/amdgpu: Fix ecc irq enable/disable unpaired
     - drm/amdgpu: Let KFD sync with VM fences
     - drm/amdgpu: Fix '*fw' from request_firmware() not released in
       'amdgpu_ucode_request()'
     - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
     - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
     - leds: trigger: panic: Don't register panic notifier if creating the
       trigger failed
     - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
     - PCI: Only override AMD USB controller if required
     - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
     - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
     - usb: hub: Replace hardcoded quirk value with BIT() macro
     - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
       hub
     - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
     - fs/kernfs/dir: obey S_ISGID
     - PCI: Fix 64GT/s effective data rate calculation
     - PCI/AER: Decode Requester ID when no error info found
     - 9p: Fix initialisation of netfs_inode for 9p
     - libsubcmd: Fix memory leak in uniq()
     - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
       region of size 10" warnings
     - blk-mq: fix IO hang from sbitmap wakeup race
     - ceph: reinitialize mds feature bit even when session in open
     - ceph: fix deadlock or deadcode of misusing dget()
     - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
     - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
       'get_platform_power_management_table()'
     - drm/amdgpu: Fix with right return code '-EIO' in
       'amdgpu_gmc_vram_checking()'
     - drm/amdgpu: Release 'adev->pm.fw' before return in
       'amdgpu_device_need_post()'
     - perf: Fix the nr_addr_filters fix
     - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
     - drm: using mul_u32_u32() requires linux/math64.h
     - scsi: isci: Fix an error code problem in isci_io_request_build()
     - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
       for shared interrupt register
     - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
       handler
     - HID: hidraw: fix a problem of memory leak in hidraw_release()
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
     - ipv4: raw: add drop reasons
     - ipmr: fix kernel panic when forwarding mcast packets
     - tcp: add sanity checks to rx zerocopy
     - ixgbe: Refactor returning internal error codes
     - ixgbe: Refactor overtemp event handling
     - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
     - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
     - llc: call sock_orphan() at release time
     - bridge: mcast: fix disabled snooping after long uptime
     - netfilter: conntrack: correct window scaling with retransmitted SYN
     - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
     - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
     - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
       expectations
     - net: ipv4: fix a memleak in ip_setup_cork
     - af_unix: fix lockdep positive in sk_diag_dump_icons()
     - net: sysfs: Fix /sys/class/net/<iface> path
     - [arm64] irq: set the correct node for shadow call stack
     - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
     - [arm64] drm/msm/dsi: Enable runtime PM
     - gve: Fix use-after-free vulnerability
     - bonding: remove print in bond_verify_device_path
     - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
     - ext4: regenerate buddy after block freeing failed if under fc replay
     - [arm64] dmaengine: ti: k3-udma: Report short packet errors
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
       DMA
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
       command DMA
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
     - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
     - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
     - cifs: failure to add channel on iface should bump up weight
     - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
       unknown case
     - [arm64] drm/msm/dp: return correct Colorimetry for
       DP_TEST_DYNAMIC_RANGE_CEA case
     - [arm64] drm/msm/dpu: check for valid hw_pp in
       dpu_encoder_helper_phys_cleanup
     - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
     - wifi: mac80211: fix waiting for beacons logic
     - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
     - net: atlantic: Fix DMA mapping for PTP hwts ring
     - tunnels: fix out of bounds access when building IPv6 PMTU error
     - atm: idt77252: fix a memleak in open_card_ubr0
     - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
     - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
     - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
     - inet: read sk->sk_family once in inet_recv_error()
     - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
     - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
     - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
     - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
     - ppp_async: limit MRU to 64K
     - selftests: cmsg_ipv6: repeat the exact packet
     - netfilter: nft_compat: narrow down revision to unsigned 8-bits
     - netfilter: nft_compat: reject unused compat flag
     - netfilter: nft_compat: restrict match/target protocol to u16
     - drm/amd/display: Implement bounds check for stream encoder creation in
       DCN301
     - netfilter: nft_ct: reject direction for ct id
     - netfilter: nft_set_pipapo: store index in scratch maps
     - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
     - netfilter: nft_set_pipapo: remove scratch_aligned pointer
     - fs/ntfs3: Fix an NULL dereference bug
     - scsi: core: Move scsi_host_busy() out of host lock if it is for
       per-command
     - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
     - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
     - mtd: parsers: ofpart: add workaround for #size-cells 0
     - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
     - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
     - ALSA: usb-audio: add quirk for RODE NT-USB+
     - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
     - USB: serial: option: add Fibocom FM101-GL variant
     - USB: serial: cp210x: add ID for IMST iM871A-USB
     - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - [arm64,armhf] usb: host: xhci-plat: Add support for
       XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - hrtimer: Report offline hrtimer enqueue
     - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
     - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
       (Closes: #1061521)
     - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
     - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
       (CVE-2024-0340)
     - RDMA/irdma: Fix support for 64k pages
     - f2fs: add helper to check compression level (Closes: #1063422)
     - block: treat poll queue enter similarly to timeouts
     - clocksource: Skip watchdog check for large watchdog intervals
     - net: stmmac: xgmac: use #define for string constants
     - ALSA: usb-audio: Sort quirk table entries
     - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
     - netfilter: nft_set_rbtree: skip end interval element from gc
       (CVE-2024-26581)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
     - work around gcc bugs with 'asm goto' with outputs
     - update workarounds for gcc "asm goto" issue
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: do not ASSERT() if the newly created subvolume already got read
       (CVE-2024-23850)
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
       (CVE-2024-1151)
     - lan966x: Fix crash when adding interface under a lag
     - tls/sw: Use splice_eof() to flush
     - tls: extract context alloc/initialization out of tls_set_sw_offload
     - net: tls: factor out tls_*crypt_async_wait()
     - tls: fix race between async notify and socket close (CVE-2024-26583)
     - net: tls: fix use-after-free with partial reads and async decrypt
       (CVE-2024-26582)
     - net: tls: fix returned read length with async decrypt
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/<iface> path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
       Swift 1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct struct type in
       eiointc_domain_alloc()
     - i2c: pasemi: split driver into two separate modules
     - i2c: i801: Fix block process call transactions (CVE-2024-26593)
     - modpost: trim leading spaces when processing source files list
     - mptcp: get rid of msk->subflow
     - mptcp: fix data re-injection from stale subflow
     - mptcp: drop the push_pending field
     - mptcp: check addrs list in userspace_pm_get_local_id
     - media: Revert "media: rkisp1: Drop IRQF_SHARED"
     - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
     - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
     - drm/virtio: Set segment size for virtio_gpu device
     - lsm: fix the logic in security_inode_getsecctx()
     - firewire: core: correct documentation of fw_csr_string() kernel API
     - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
     - kbuild: Fix changing ELF file type for output of gen_btf for big endian
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
     - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
     - net: stmmac: do not clear TBS enable bit on link up/down
     - xen-netback: properly sync TX responses
     - modpost: propagate W=1 build option to modpost
     - modpost: Don't let "driver"s reference .exit.*
     - linux/init: remove __memexit* annotations
     - modpost: Include '.text.*' in TEXT_SECTIONS
     - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
     - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
     - ASoC: codecs: wcd938x: handle deferred probe
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
     - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
     - misc: fastrpc: Mark all sessions as invalid in cb_remove
     - ext4: fix double-free of blocks due to wrong extents moved_len
     - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
     - tracing: Fix wasted memory in saved_cmdlines logic
     - staging: iio: ad5933: fix type mismatch regression
     - iio: magnetometer: rm3100: add boundary check for the value read from
       RM3100_REG_TMRC
     - iio: core: fix memleak in iio_device_register_sysfs
     - iio: commom: st_sensors: ensure proper DMA alignment
     - iio: accel: bma400: Fix a compilation problem
     - iio: adc: ad_sigma_delta: ensure proper DMA alignment
     - iio: imu: adis: ensure proper DMA alignment
     - iio: imu: bno055: serdev requires REGMAP
     - media: rc: bpf attach/detach requires write permission
     - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
     - xfrm: Remove inner/outer modes from output path
     - xfrm: Remove inner/outer modes from input path
     - [arm64] drm/msm: Wire up tlb ops
     - drm/prime: Support page array >= 4GB
     - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
     - drm/amd/display: Preserve original aspect ratio in create stream
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - ring-buffer: Clean ring_buffer_poll_wait() error return
     - nfp: flower: fix hardware offload for the transfer layer port
     - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
     - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
     - [powerpc*] pseries: fix accuracy of stolen time
     - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
       (CVE-2024-26603)
     - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
     - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
     - io_uring/net: fix multishot accept overflow handling
     - mmc: slot-gpio: Allow non-sleeping GPIO ro
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
     - ALSA: hda/conexant: Add quirk for SWS JS201D
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
     - crypto: ccp - Fix null pointer dereference in
       __sev_platform_shutdown_locked
     - nfp: use correct macro for LengthSelect in BAR config
     - nfp: flower: prevent re-adding mac index for bonded port
     - wifi: cfg80211: fix wiphy delayed work queueing
     - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
     - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
     - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
     - zonefs: Improve error handling
     - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
       detected by BIOS (Closes: #1056056)
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
     - fs: relax mount_setattr() permission checks
     - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
     - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
     - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
     - ceph: prevent use-after-free in encode_cap_msg()
     - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
       (CVE-2024-0841)
     - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
     - of: property: fix typo in io-channels
     - can: netlink: Fix TDCO calculation using the old data bittiming
     - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
     - can: j1939: Fix UAF in j1939_sk_match_filter during
       setsockopt(SO_J1939_FILTER)
     - pmdomain: core: Move the unused cleanup to a _sync initcall
     - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - tracing: Inform kmemleak of saved_cmdlines allocation
     - xfrm: Use xfrm_state selector for BEET input
     - xfrm: Silence warnings triggerable by bad packets
     - tls: fix NULL deref on tls_sw_splice_eof() with empty record
     - md: bypass block throttle for superblock update
     - wifi: mwifiex: Support SD8978 chipset
     - wifi: mwifiex: add extra delay for firmware ready
     - bus: moxtet: Add spi device table
     - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
     - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
     - [arm64] dts: qcom: sdm845: fix USB SS wakeup
     - [arm64] dts: qcom: sm8150: fix USB SS wakeup
     - wifi: mwifiex: fix uninitialized firmware_stat
     - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
     - block: fix partial zone append completion handling in req_bio_endio()
     - netfilter: ipset: fix performance regression in swap operation
     - netfilter: ipset: Missing gc cancellations fixed
     - nfsd: fix RELEASE_LOCKOWNER
     - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
     - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
     - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
     - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
     - smb: client: fix parsing of SMB3.1.1 POSIX create context
     - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
     - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
     - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
     - bpf: Remove trace_printk_lock
     - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
     - dmaengine: ioat: Free up __cleanup() name
     - apparmor: Free up __cleanup() name
     - locking: Introduce __cleanup() based infrastructure
     - kbuild: Drop -Wdeclaration-after-statement
     - sched/membarrier: reduce the ability to hammer on sys_membarrier
       (CVE-2024-26602)
     - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
     - nilfs2: fix potential bug in end_buffer_async_write
     - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
     - dm: limit the number of targets and parameter size area (CVE-2024-23851,
       CVE-2023-52429)
     - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
     - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
     - net/sched: Retire CBQ qdisc
     - net/sched: Retire ATM qdisc
     - net/sched: Retire dsmark qdisc
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - scsi: target: core: Add TMF to tmr_list handling
     - cifs: open_cached_dir should not rely on primary channel
     - wifi: cfg80211: fix missing interfaces when dumping
     - wifi: mac80211: fix race condition on enabling fast-xmit
     - fbdev: savage: Error out if pixclock equals zero
     - fbdev: sis: Error out if pixclock equals zero
     - block: Fix WARNING in _copy_from_iter
     - smb: Work around Clang __bdos() type confusion
     - cifs: translate network errors on send to -ECONNABORTED
     - ahci: asm1166: correct count of reported ports
     - aoe: avoid potential deadlock at set_capacity
     - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
     - [mips*] reserve exception vector space ONLY ONCE
     - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
       tablet
     - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
       bitmap corrupt
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_try_best_found()
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_find_by_goal()
     - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
       == 0
     - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
       edma_probe
     - [arm64] regulator: pwm-regulator: Add validity checks in continuous
       .get_voltage
     - nvmet-tcp: fix nvme tcp ida memory leak
     - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
     - ALSA: usb-audio: Check presence of valid altsetting control
     - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
     - Input: xpad - add Lenovo Legion Go controllers
     - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
       sctp_new
     - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
     - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
     - ALSA: usb-audio: Ignore clock selector errors for single connection
     - nvme-fc: do not wait in vain when unloading module
     - nvmet-fcloop: swap the list_add_tail arguments
     - nvmet-fc: release reference on target port
     - nvmet-fc: defer cleanup using RCU properly
     - nvmet-fc: hold reference on hostport match
     - nvmet-fc: abort command when there is no binding
     - nvmet-fc: avoid deadlock on delete association path
     - nvmet-fc: take ref count on tgtport before delete assoc
     - smb: client: increase number of PDUs allowed in a compound request
     - ext4: correct the hole length returned by ext4_map_blocks()
     - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
     - wifi: mac80211: set station RX-NSS on reconfig
     - wifi: mac80211: adding missing drv_mgd_complete_tx() call
     - efi: runtime: Fix potential overflow of soft-reserved region size
     - efi: Don't add memblocks for soft-reserved memory
     - [x86] hwmon: (coretemp) Enlarge per package core count limit
     - scsi: lpfc: Use unsigned type for num_sge
     - scsi: ufs: core: Remove the ufshcd_release() in
       ufshcd_err_handling_prepare()
     - firewire: core: send bus reset promptly on gap count error
     - drm/amdgpu: skip to program GFXDEC registers for suspend abort
     - drm/amdgpu: reset gpu for s3 suspend abort case
     - smb: client: set correct d_type for reparse points under DFS mounts
     - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
     - smb3: clarify mount warning
     - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
     - drm/ttm: Fix an invalid freeing on already freed page in error path
     - [s390x] cio: fix invalid -EBUSY on ccw_device_start
     - ata: libata-core: Do not try to set sleeping devices to standby
     - dm-crypt: recheck the integrity tag after a failure
     - dm-integrity: recheck the integrity tag after a failure
     - dm-crypt: don't modify the data when using authenticated encryption
     - dm-verity: recheck the hash after a failure
     - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
       window
     - scsi: target: pscsi: Fix bio_put() for error case
     - scsi: core: Consult supported VPD page list prior to fetching page
     - mm/swap: fix race when skipping swapcache
     - mm: memcontrol: clarify swapaccount=0 deprecation warning
     - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
     - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
       ACPI names
     - cachefiles: fix memory leak in cachefiles_add_cache()
     - md: Fix missing release of 'active_io' for flush
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
       its_sync_lpi_pending_table()
     - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
     - crypto: virtio/akcipher - Fix stack overflow on memcpy
     - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
     - irqchip/sifive-plic: Enable interrupt if needed before EOI
     - PCI/MSI: Prevent MSI hardware interrupt number truncation
     - l2tp: pass correct message length to ip6_append_data
     - [x86] returnthunk: Allow different return thunks
     - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
     - [x86] alternative: Make custom return thunk unconditional
     - dm-integrity, dm-verity: reduce stack usage for recheck
     - erofs: fix refcount on the metabuf used for inode lookup
     - serial: amba-pl011: Fix DMA transmission in RS485 mode
     - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
     - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
     - usb: roles: fix NULL pointer issue when put module's reference
     - usb: roles: don't get/set_role() when usb_role_switch is unregistered
     - mptcp: make userspace_pm_append_new_local_addr static
     - mptcp: add needs_id for userspace appending addr
     - mptcp: fix lockless access in subflow ULP diag
     - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
     - [amd64] IB/hfi1: Fix a memleak in init_credit_return
     - RDMA/bnxt_re: Return error for SRQ resize
     - RDMA/irdma: Fix KASAN issue with tasklet
     - RDMA/irdma: Validate max_send_wr and max_recv_wr
     - RDMA/irdma: Set the CQ read threshold for GEN 1
     - RDMA/irdma: Add AE for too many RNRS
     - RDMA/srpt: Support specifying the srpt_service_guid parameter
     - iommufd/iova_bitmap: Bounds check mapped::pages access
     - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
     - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
     - RDMA/qedr: Fix qedr_create_user_qp error flow
     - [arm64] dts: rockchip: set num-cs property for spi on px30
     - RDMA/srpt: fix function pointer cast warnings
     - bpf, scripts: Correct GPL license name
     - scsi: smartpqi: Fix disable_managed_interrupts
     - net: bridge: switchdev: Skip MDB replays of deferred events on offload
     - net: bridge: switchdev: Ensure deferred event delivery on unoffload
     - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
       check_estalblished().
     - nouveau: fix function cast warnings
     - [x86] numa: Fix the address overlap check in numa_fill_memblks()
     - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
     - net: stmmac: Fix incorrect dereference in interrupt handlers
     - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
     - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
     - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
     - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
     - afs: Increase buffer size in afs_update_volume_status()
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
     - net: dev: Convert sa_data to flexible array in struct sockaddr
     - [arm64] sme: Restore SME registers on exit from suspend
     - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
       converted
     - [s390x] use the correct count for __iowrite64_copy()
     - bpf, sockmap: Fix NULL pointer dereference in
       sk_psock_verdict_data_ready()
     - tls: break out of main loop when PEEK gets a non-data record
     - tls: stop recv() if initial process_rx_list gave us non-DATA
     - tls: don't skip over different type records from the rx_list
     - netfilter: nf_tables: set dormant flag on hook register failure
     - netfilter: flowtable: simplify route logic
     - netfilter: nft_flow_offload: reset dst in route object after setting up
       flow
     - netfilter: nft_flow_offload: release dst in case direct xmit path is used
     - netfilter: nf_tables: rename function to destroy hook list
     - netfilter: nf_tables: register hooks last when adding new chain/flowtable
     - netfilter: nf_tables: use kzalloc for hook allocation
     - net: mctp: put sock on tag allocation failure
     - Fix write to cloned skb in ipv6_hop_ioam()
     - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
     - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
       set
     - drm/amd/display: Fix memory leak in dm_sw_fini()
     - [arm64,armhf] i2c: imx: when being a target, mark the last read as
       processed
     - erofs: simplify compression configuration parser
     - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
     - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
     - mm: zswap: fix missing folio cleanup in writeback race path
     - mptcp: userspace pm send RM_ADDR for ID 0
     - mptcp: add needs_id for netlink appending addr
     - ata: ahci: add identifiers for ASM2116 series adapters
     - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
     - arp: Prevent overflow in arp_req_get().
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
     - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
     - [arm64] drm/meson: fix unbind path if HDMI fails to bind
     - [arm64] drm/meson: Don't remove bridges which are created by other drivers
     - scsi: core: Add struct for args to execution functions
     - scsi: sd: usb_storage: uas: Access media prior to querying device
       properties
     - af_unix: Fix task hung while purging oob_skb in GC.
     - of: overlay: Reorder struct fragment fields kerneldoc
     - usb: gadget: Properly configure the device for remote wakeup
     - Input: xpad - add constants for GIP interface numbers
     - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
     - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
     - RDMA/core: Fix multiple -Warray-bounds warnings
     - mm: huge_memory: don't force huge page alignment on 32 bit
       (CVE-2024-26621) (Closes: #1024149)
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
     - netlink: add nla be16/32 types to minlen array
     - net: ip_tunnel: prevent perpetual headroom growth
     - net: mctp: take ownership of skb in mctp_local_output
     - tun: Fix xdp_rxq_info's queue_index when detaching
     - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
       back
     - net: veth: clear GRO when clearing XDP even when down
     - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
     - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
       detected
     - veth: try harder when allocating queue memory
     - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
     - net: lan78xx: fix "softirq work is pending" error
     - uapi: in6: replace temporary label with rfc9486
     - stmmac: Clear variable when destroying workqueue
     - Bluetooth: hci_sync: Check the correct flag before starting a scan
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
     - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
     - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
     - Bluetooth: Enforce validation on max value of connection interval
     - Bluetooth: qca: Fix wrong event type for patch config command
     - Bluetooth: hci_qca: mark OF related data as maybe unused
     - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
     - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
     - Bluetooth: btqca: Add WCN3988 support
     - Bluetooth: qca: use switch case for soc type behavior
     - Bluetooth: qca: add support for WCN7850
     - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
     - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
     - netfilter: let reset rules clean out conntrack entries
     - netfilter: bridge: confirm multicast packets before passing them up the
       stack
     - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
     - igb: extend PTP timestamp adjustments to i211
     - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
     - tls: decrement decrypt_pending if no async completion will be called
     - tls: fix peeking with sync+async decryption
     - efi/capsule-loader: fix incorrect allocation size
     - ALSA: Drop leftover snd-rtctimer stuff from Makefile
     - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
       display
     - fbcon: always restore the old font data in fbcon_do_set_font()
     - afs: Fix endless loop in directory parsing
     - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
     - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
     - ALSA: firewire-lib: fix to check cycle continuity
     - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
     - landlock: Fix asymmetric private inodes referring
     - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
     - wifi: nl80211: reject iftype change with mesh ID change
     - btrfs: fix double free of anonymous device after snapshot creation failure
     - btrfs: dev-replace: properly validate device names
     - btrfs: send: don't issue unnecessary zero writes for trailing hole
     - Revert "drm/amd/pm: resolve reboot exception for si oland"
     - drm/buddy: fix range bias
     - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
     - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
     - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
     - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
     - mmc: core: Fix eMMC initialization with 1-bit bus connection
     - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
     - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
     - efivarfs: Request at most 512 bytes for variable names
     - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
     - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
     - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
     - mptcp: fix data races on local_id
     - mptcp: fix data races on remote_id
     - mptcp: fix duplicate subflow creation
     - mptcp: continue marking the first subflow as UNCONNECTED
     - mptcp: map v4 address to v6 when destroying subflow
     - mptcp: push at DSS boundaries
     - mptcp: fix snd_wnd initialization for passive socket
     - mptcp: fix double-free on socket dismantle
     - mptcp: fix possible deadlock in subflow diag
     - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
     - RDMA/core: Update CMA destination address on rdma_resolve_addr
     - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
     - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
     - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
     - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
     - [x86] boot/compressed: Move efi32_pe_entry into .text section
     - [x86] boot/compressed: Move efi32_entry out of head_64.S
     - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
     - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
       into one
     - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
     - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
     - [x86] boot/compressed: Pull global variable reference into
       startup32_load_idt()
     - [x86] boot/compressed: Move startup32_load_idt() into .text section
     - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
     - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
     - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
     - [x86] boot/compressed: Adhere to calling convention in
       get_sev_encryption_bit()
     - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
     - efi: verify that variable services are supported
     - [x86] efi: Make the deprecated EFI handover protocol optional
     - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
     - [x86] efistub: Branch straight to kernel entry point from C code
     - [x86] decompressor: Store boot_params pointer in callee save register
     - [x86] decompressor: Assign paging related global variables earlier
     - [x86] decompressor: Call trampoline as a normal function
     - [x86] decompressor: Use standard calling convention for trampoline
     - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
     - [x86] decompressor: Call trampoline directly from C code
     - [x86] decompressor: Only call the trampoline when changing paging levels
     - [x86] decompressor: Pass pgtable address to trampoline directly
     - [x86] decompressor: Merge trampoline cleanup with switching code
     - [x86] decompressor: Move global symbol references to C code
     - decompress: Use 8 byte alignment
     - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
     - NFS: Fix data corruption caused by congestion.
     - NFSD: Simplify READ_PLUS
     - NFSD: Remove redundant assignment to variable host_err
     - nfsd: ignore requests to disable unsupported versions
     - nfsd: move nfserrno() to vfs.c
     - nfsd: allow disabling NFSv2 at compile time
     - exportfs: use pr_debug for unreachable debug statements
     - NFSD: Flesh out a documenting comment for filecache.c
     - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
     - NFSD: Trace stateids returned via DELEGRETURN
     - NFSD: Trace delegation revocations
     - NFSD: Use const pointers as parameters to fh_ helpers
     - NFSD: Update file_hashtbl() helpers
     - NFSD: Clean up nfsd4_init_file()
     - NFSD: Add a nfsd4_file_hash_remove() helper
     - NFSD: Clean up find_or_add_file()
     - NFSD: Refactor find_file()
     - NFSD: Use rhashtable for managing nfs4_file objects
     - NFSD: Fix licensing header in filecache.c
     - filelock: add a new locks_inode_context accessor function
     - lockd: use locks_inode_context helper
     - nfsd: use locks_inode_context helper
     - nfsd: fix up the filecache laundrette scheduling
     - NFSD: Use struct_size() helper in alloc_session()
     - lockd: set missing fl_flags field when retrieving args
     - lockd: ensure we use the correct file descriptor when unlocking
     - lockd: fix file selection in nlmsvc_cancel_blocked
     - trace: Relocate event helper files
     - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
     - NFSD: add support for sending CB_RECALL_ANY
     - NFSD: add delegation reaper to react to low memory condition
     - NFSD: add CB_RECALL_ANY tracepoints
     - NFSD: Use only RQ_DROPME to signal the need to drop a reply
     - NFSD: Avoid clashing function prototypes
     - NFSD: Use set_bit(RQ_DROPME)
     - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
       time
     - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
     - nfsd: don't destroy global nfs4_file table in per-net shutdown
     - [arm64] efi: Limit allocations to 48-bit addressable physical region
     - efi: efivars: prevent double registration
     - [x86] efistub: Simplify and clean up handover entry code
     - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
     - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
     - efi/libstub: Add memory attribute protocol definitions
     - efi/libstub: Add limit argument to efi_random_alloc()
     - [x86] efistub: Perform 4/5 level paging switch from the stub
     - [x86] decompressor: Factor out kernel decompression and relocation
     - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
     - [x86] efistub: Perform SNP feature test while running in the firmware
     - [x86] efistub: Avoid legacy decompressor when doing EFI boot
     - [x86] efi/x86: Avoid physical KASLR on older Dell systems
     - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
     - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
     - [x86] boot: efistub: Assign global boot_params variable
     - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
       boot_params->hdr.loadflags
     - af_unix: Drop oob_skb ref before purging queue in GC.
     - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
       dashes
     - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
       SR-IOV
     - gpio: 74x164: Enable output pins after registers are reset
     - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
     - gpio: fix resource unwinding order in error path
     - block: define bvec_iter as __packed __aligned(4)
     - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
     - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
     - [x86] bugs: Add asm helpers for executing VERW
     - [x86] entry_64: Add VERW just before userspace transition
     - [x86] entry_32: Add VERW just before userspace transition
     - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
     - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
     - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
     - bpf: Add table ID to bpf_fib_lookup BPF helper
     - bpf: Derive source IP addr via bpf_*_fib_lookup()
     - [x86] efistub: Give up if memory attribute protocol returns an error
     - xen/events: close evtchn after mapping cleanup
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
     - ceph: switch to corrected encoding of max_xattr_size in mdsmap
     - net: lan78xx: fix runtime PM count underflow on link stop
     - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
     - i40e: disable NAPI right after disabling irqs when handling xsk_pool
     - ice: reorder disabling IRQ and NAPI in ice_qp_dis
     - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
     - geneve: make sure to pull inner header in geneve_rx()
     - ice: virtchnl: stop pretending to support RSS over AQ or registers
     - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
     - igc: avoid returning frame twice in XDP_REDIRECT
     - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
     - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
     - net: dsa: microchip: fix register write order in ksz8_ind_write8()
     - net/rds: fix WARNING in rds_conn_connect_if_down
     - netfilter: nft_ct: fix l3num expectations with inet pseudo family
     - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
     - erofs: apply proper VMA alignment for memory mapped files on THP
     - netrom: Fix a data-race around sysctl_netrom_default_path_quality
     - netrom: Fix a data-race around
       sysctl_netrom_obsolescence_count_initialiser
     - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
     - netrom: Fix a data-race around sysctl_netrom_transport_timeout
     - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
     - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
     - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
     - netrom: Fix a data-race around
       sysctl_netrom_transport_requested_window_size
     - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
     - netrom: Fix a data-race around sysctl_netrom_routing_control
     - netrom: Fix a data-race around sysctl_netrom_link_fails_count
     - netrom: Fix data-races around sysctl_net_busy_read
     - [s390x] KVM: s390: add stat counter for shadow gmap events
     - [s390x] KVM: s390: vsie: fix race during shadow creation
     - drm/amd/display: Fix uninitialized variable usage in core_link_
       'read_dpcd() & write_dpcd()' functions
     - nfp: flower: add goto_chain_index for ct entry
     - nfp: flower: add hardware offload check for post ct entry
     - readahead: avoid multiple marked readahead pages
     - xhci: process isoc TD properly when there was a transaction error mid TD.
     - xhci: handle isoc Babble and Buffer Overrun events properly
     - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
     - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
       (CVE-2023-28746):
       + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
       + Documentation/hw-vuln: Add documentation for RFDS
       + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
       + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
     - drm/amd/display: Wrong colorimetry workaround
     - drm/amd/display: Fix MST Null Ptr for RV
     - getrusage: add the "signal_struct *sig" local variable
     - getrusage: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - getrusage: use __for_each_thread()
     - getrusage: use sig->stats_lock rather than lock_task_sighand()
     - fs/proc: do_task_stat: use __for_each_thread()
     - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
       stats
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 19
   * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
   * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
   * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
   * [x86] efistub: Don't clear BSS twice in mixed mode
   * efi: fix panic in kdump kernel
   * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
     higher address
   * efi/libstub: Cast away type warning in use of max()
   * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     (CVE-2023-6270)
   * wifi: ath10k: fix NULL pointer dereference in
     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
   * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     (CVE-2024-22099)
   * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
   * [rt] Update to 6.1.82-rt27

linux-signed-amd64 (6.1.94+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.94-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
     - [arm64,armhf] dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition (CVE-2024-35848)
     - Bluetooth: qca: add support for QCA2066
     - mm/hugetlb: add folio support to hugetlb specific flag macros
     - mm: add private field of first tail to struct page and struct folio
     - mm/hugetlb: add hugetlb_folio_subpool() helpers
     - mm/hugetlb: add folio_hstate()
     - mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios
     - mm/hugetlb: convert free_huge_page to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
     - mm/hugetlb: fix missing hugetlb_lock for resv uncharge
     - kbuild: refactor host*_flags
     - kbuild: specify output names separately for each emission type from rustc
     - cifs: use the least loaded channel for sending requests
     - smb3: missing lock when picking channel
     - [armhf] pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of
       GPIOR-T
     - [arm64] pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro
     - [x86] pinctrl: intel: Make use of struct pinfunction and
       PINCTRL_PINFUNCTION()
     - [x86] pinctrl: baytrail: Fix selecting gpio pinctrl state
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: change stubbed devm_regulator_get_enable to return Ok
     - regulator: change devm_regulator_get_enable_optional() stub to return Ok
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - nvme: fix warn output about shared namespaces without
       CONFIG_NVME_MULTIPATH
     - bpf: Fix a verifier verbose message
     - spi: introduce new helpers with using modern naming
     - [arm64] bpf, arm64: Fix incorrect runtime stats
     - [s390x] mm: Fix storage key clearing for guest huge pages
     - [s390x] mm: Fix clearing storage keys for huge pages
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - [s390x] vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr() for flower
     - net: qede: use return from qede_parse_flow_attr() for flow_spec
     - net: qede: use return from qede_parse_actions()
     - [arm64] ASoC: meson: axg-fifo: use FIELD helpers
     - [arm64] ASoC: meson: axg-fifo: use threaded irq to check periods
     - [arm64] ASoC: meson: axg-card: make links nonatomic
     - [arm64] ASoC: meson: axg-tdm-interface: manage formatters in trigger
     - [arm64] ASoC: meson: cards: select SND_DYNAMIC_MINORS
     - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
     - [s390x] cio: Ensure the copied buf is NUL terminated
     - cxgb4: Properly lock TX queue for the selftest.
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 /
       88E6341
     - spi: fix null pointer dereference within spi_sync
     - net: bridge: fix multicast-to-unicast with fraglist GSO
     - net: core: reject skb_copy(_expand) for fraglist GSO skbs
     - vxlan: Pull inner IP header in vxlan_rcv().
     - [s390x] qeth: Fix kernel panic after setting hsuid
     - net: gro: add flush check in udp_gro_receive_segment
     - [arm64] clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
     - [powerpc*] pseries: replace kmalloc with kzalloc in PLPKS driver
     - [powerpc*] pseries: Move PLPKS constants to header file
     - [powerpc*] pseries: make max polling consistent for longer H_CALLs
     - [powerpc*] pseries/iommu: LPAR panics during boot up with a frozen PE
     - [arm64] KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
     - [arm64] KVM: arm64: vgic-v2: Check for non-NULL vCPU in
       vgic_v2_parse_attr()
     - scsi: lpfc: Move NPIV's transport unregistration to after resource clean
       up
     - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
     - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
     - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
     - gfs2: Fix invalid metadata access in punch_hole
     - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
     - wifi: cfg80211: fix rdev_dump_mpp() arguments order
     - net: mark racy access on sk->sk_rcvbuf
     - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
     - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
     - btrfs: return accurate error code on open failure in open_fs_devices()
     - bpf: Check bloom filter map value size
     - kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
     - scsi: ufs: core: WLUN suspend dev/link state error recovery
     - ALSA: line6: Zero-initialize message buffers
     - block: fix overflow in blk_ioctl_discard()
     - net: bcmgenet: Reset RBUF on first open
     - ata: sata_gemini: Check clk_enable() result
     - firewire: ohci: mask bus reset interrupts between ISR and bottom half
     - tools/power turbostat: Fix added raw MSR output
     - tools/power turbostat: Increase the limit for fd opened
     - tools/power turbostat: Fix Bzy_MHz documentation typo
     - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
     - btrfs: always clear PERTRANS metadata during commit
     - scsi: target: Fix SELinux error when systemd-modules loads the target
       module
     - blk-iocost: avoid out of bounds shift
     - [arm64,armhf] gpu: host1x: Do not setup DMA for virtual devices
     - [mips*] scall: Save thread_info.syscall unconditionally on entry
       (Closes: #1068365)
     - tools/power/turbostat: Fix uncore frequency file string
     - drm/amdgpu: Refine IB schedule error logging
     - Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
     - [x86] uio_hv_generic: Don't free decrypted memory
     - Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
     - fs/9p: only translate RWX permissions for plain 9P2000
     - fs/9p: translate O_TRUNC into OTRUNC
     - 9p: explicitly deny setlease attempts
     - gpio: wcove: Use -ENOTSUPP consistently
     - gpio: crystalcove: Use -ENOTSUPP consistently
     - clk: Don't hold prepare_lock when calling kref_put()
     - fs/9p: drop inodes immediately on non-.L too
     - drm/nouveau/dp: Don't probe eDP ports twice harder
     - net:usb:qmi_wwan: support Rolling modules
     - kbuild: rust: avoid creating temporary files
     - spi: Merge spi_controller.{slave,target}_abort()
     - perf unwind-libunwind: Fix base address for .eh_frame
     - perf unwind-libdw: Handle JIT-generated DSOs properly
     - qibfs: fix dentry leak
     - xfrm: Preserve vlan tags for transport mode software GRO
     - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
     - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
     - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
       (CVE-2024-27398)
     - Bluetooth: msft: fix slab-use-after-free in msft_do_close()
     - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
       (CVE-2024-27399)
     - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
     - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
     - [x86] hwmon: (corsair-cpro) Use a separate buffer for sending commands
     - [x86] hwmon: (corsair-cpro) Use complete_all() instead of complete() in
       ccp_raw_event()
     - [x86] hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
     - phonet: fix rtm_phonet_notify() skb allocation
     - net: bridge: fix corrupted ethernet header on multicast-to-unicast
     - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
     - timers: Get rid of del_singleshot_timer_sync()
     - timers: Rename del_timer() to timer_delete()
     - net-sysfs: convert dev->operstate reads to lockless ones
     - hsr: Simplify code for announcing HSR nodes timer setup
     - ipv6: annotate data-races around cnf.disable_ipv6
     - ipv6: prevent NULL dereference in ip6_output()
     - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
     - [arm64] net: hns3: using user configure after hardware reset
     - [arm64] net: hns3: direct return when receive a unknown mailbox message
     - [arm64] net: hns3: change type of numa_node_mask as nodemask_t
     - [arm64] net: hns3: release PTP resources if pf initialization failed
     - [arm64] net: hns3: use appropriate barrier function after setting a bit
       value
     - [arm64] net: hns3: fix port vlan filter not disabled issue
     - [arm64] net: hns3: fix kernel crash when devlink reload during
       initialization
     - [arm64] drm/meson: dw-hdmi: power up phy on device init
     - [arm64] drm/meson: dw-hdmi: add bandgap setting for g12
     - drm/connector: Add \n to message about demoting connector force-probes
     - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11
       users
     - gpiolib: cdev: Add missing header(s)
     - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc
     - gpiolib: cdev: fix uninitialised kfifo
     - drm/amd/display: Atom Integrated System Info v2_2 for DCN35
     - MAINTAINERS: add leah to 6.1 MAINTAINERS file
     - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
     - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
     - firewire: nosy: ensure user_length is taken into account when fetching
       packet contents (CVE-2024-27401)
     - Reapply "drm/qxl: simplify qxl_fence_wait"
     - btf, scripts: rust: drop is_rust_module.sh
     - usb: typec: ucsi: Check for notifications after init
     - usb: typec: ucsi: Fix connector check on init
     - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed
       device
     - usb: ohci: Prevent missed ohci interrupts
     - USB: core: Fix access violation during port device removal
     - usb: gadget: composite: fix OS descriptors w_value logic
     - usb: gadget: f_fs: Fix a race condition when processing setup packets.
     - usb: xhci-plat: Don't include xhci.h
     - usb: dwc3: core: Prevent phy suspend during init
     - usb: typec: tcpm: unregister existing source caps before re-registration
     - usb: typec: tcpm: Check for port partner validity before consuming it
     - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
     - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
     - mm/slab: make __free(kfree) accept error pointers
     - mptcp: ensure snd_nxt is properly initialized on connect
     - dt-bindings: iio: health: maxim,max30102: fix compatible check
     - iio:imu: adis16475: Fix sync mode setting
     - iio: accel: mxc4005: Interrupt handling fixes
     - [armhf] ASoC: ti: davinci-mcasp: Fix race condition during probe
     - dyndbg: fix old BUG_ON in >control parser
     - slimbus: qcom-ngd-ctrl: Add timeout for wait operation
     - mei: me: add lunar lake point M DID
     - drm/vmwgfx: Fix invalid reads in fence signaled events
     - [x86] drm/i915/bios: Fix parsing backlight BDB data
     - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
     - net: fix out-of-bounds access in ops_init
     - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
     - mm: use memalloc_nofs_save() in page_cache_ra_order()
     - regulator: core: fix debugfs creation regression
     - spi: microchip-core-qspi: fix setting spi bus clock rate
     - ksmbd: off ipv6only for both ipv4/ipv6 binding
     - ksmbd: avoid to send duplicate lease break notifications
     - ksmbd: do not grant v2 lease if parent lease key and epoch are not set
     - Bluetooth: qca: add missing firmware sanity checks
     - Bluetooth: qca: fix NVM configuration parsing
     - Bluetooth: qca: fix info leak when fetching board id
     - Bluetooth: qca: fix info leak when fetching fw build id
     - Bluetooth: qca: fix firmware check error path
     - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (CVE-2024-21823)
     - dmaengine: idxd: add a new security check to deal with a hardware erratum
       (CVE-2024-21823)
     - dmaengine: idxd: add a write() method for applications to submit work
       (CVE-2024-21823)
     - keys: Fix overwrite of key expiration on instantiation
     - btrfs: do not wait for short bulk allocation
     - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
     - mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
     - md: fix kmemleak of rdev->serial (CVE-2024-26900)
     - net: bcmgenet: Clear RGMII_LINK upon link down
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
     - net: bcmgenet: synchronize UMAC_CMD access
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.92
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - net: ks8851: Fix another TX stall caused by wrong ISR flag handling
     - ice: pass VSI pointer into ice_vc_isvalid_q_id
     - ice: remove unnecessary duplicate checks for VF VSI ID
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - mfd: stpmic1: Fix swapped mask/unmask in irq chip
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - mmc: core: Add HS400 tuning in HS400es initialization
     - xfs: write page faults in iomap are not buffered writes
     - xfs: punching delalloc extents on write failure is racy
     - xfs: use byte ranges for write cleanup ranges
     - xfs,iomap: move delalloc punching to iomap
     - iomap: buffered write failure should not truncate the page cache
     - xfs: xfs_bmap_punch_delalloc_range() should take a byte range
     - iomap: write iomap validity checks
     - xfs: use iomap_valid method to detect stale cached iomaps
     - xfs: drop write error injection is unfixable, remove it
     - xfs: fix off-by-one-block in xfs_discard_folio()
     - xfs: fix incorrect error-out in xfs_remove
     - xfs: fix sb write verify for lazysbcount
     - xfs: fix incorrect i_nlink caused by inode racing
     - xfs: invalidate block device page cache during unmount
     - xfs: attach dquots to inode before reading data/cow fork mappings
     - xfs: wait iclog complete before tearing down AIL
     - xfs: fix super block buf log item UAF during force shutdown
     - xfs: hoist refcount record merge predicates
     - xfs: estimate post-merge refcounts correctly
     - xfs: invalidate xfs_bufs when allocating cow extents
     - xfs: allow inode inactivation during a ro mount log recovery
     - xfs: fix log recovery when unknown rocompat bits are set
     - xfs: get root inode correctly at bulkstat
     - xfs: short circuit xfs_growfs_data_private() if delta is zero
     - [arm64] atomics: lse: remove stale dependency on JUMP_LABEL
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper() (CVE-2023-52585)
     - [arm*] binder: fix max_thread type inconsistency
     - [arm64,armhf] usb: dwc3: Wait unconditionally after issuing EndXfer
       command
     - net: usb: ax88179_178a: fix link status when link is set to down/up
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - usb: typec: tipd: fix event checking for tps6598x
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
     - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
     - [x86] tsc: Trust initial offset in architectural TSC-adjust MSRs
     - ftrace: Fix possible use-after-free issue in ftrace_location()
     - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
     - tty: n_gsm: fix missing receive state reset after mode switch
     - speakup: Fix sizeof() vs ARRAY_SIZE() bug
     - serial: 8250_bcm7271: use default_mux_rate if possible
     - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
     - io_uring: fail NOP if non-zero op flags is passed in
     - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
       already"
     - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
     - ring-buffer: Fix a race between readers and resize checks
     - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
     - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
     - nilfs2: fix potential hang in nilfs_detach_log_writer()
     - ksmbd: avoid to send duplicate oplock break notifications
     - ksmbd: ignore trailing slashes in share paths
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460
       G11.
     - ALSA: core: Fix NULL module pointer assignment at card init
     - ALSA: Fix deadlocks with kctl removals at disconnection
     - KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
     - wifi: mac80211: don't use rate mask for scanning
     - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon
       timestamp field
     - wifi: cfg80211: fix the order of arguments for trace events of the
       tx_rx_evt class
     - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
     - net: usb: qmi_wwan: add Telit FN920C04 compositions
     - drm/amd/display: Set color_mgmt_changed to true on unsuspend
     - drm/amdgpu: Update BO eviction priorities
     - drm/amdgpu: Fix the ring buffer size for queue VM flush
     - drm/amdgpu/mes: fix use-after-free issue
     - sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
     - [x86] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM
       too
     - regulator: irq_helpers: duplicate IRQ name
     - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
     - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
     - regulator: vqmmc-ipq4019: fix module autoloading
     - ASoC: rt715: add vendor clear control register
     - ASoC: rt715-sdca: volume step modification
     - [x86] efistub: Omit physical KASLR when memory reservations exist
     - efi: libstub: only free priv.runtime_map when allocated
     - [x86] KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in
       CPUID
     - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
     - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
     - softirq: Fix suspicious RCU usage in __do_softirq()
     - ASoC: da7219-aad: fix usage of device_get_named_child_node()
     - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
     - drm/amd/display: Add dtbclk access to dcn315
     - drm/amd/display: Add VCO speed parameter for DCN31 FPU
     - drm/amdkfd: Flush the process wq before creating a kfd_process
     - [x86] mm: Remove broken vsyscall emulation code from the page fault code
     - nvme: find numa distance only if controller has valid numa id
     - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
     - nvmet-auth: replace pr_debug() with pr_err() to report an error.
     - nvmet-tcp: fix possible memory leak when tearing down a controller
     - nvmet: fix nvme status code when namespace is disabled
     - epoll: be better about file lifetimes
     - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
     - openpromfs: finish conversion to the new mount API
     - crypto: bcm - Fix pointer arithmetic
     - mm/slub, kunit: Use inverted data to corrupt kmem cache
     - firmware: raspberrypi: Use correct device for DMA mappings
     - ecryptfs: Fix buffer size for tag 66 packet
     - nilfs2: fix out-of-range warning
     - [x86] crypto: ccp - drop platform ifdef checks
     - [amd64] crypto: x86/nh-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha256-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha512-avx2 - add missing vzeroupper
     - [s390x] cio: fix tracepoint subchannel type field
     - io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of
       task_work
     - io_uring: use the right type for work_llist empty check
     - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
     - rcu: Fix buffer overflow in print_cpu_stall_info()
     - jffs2: prevent xattr node from overflowing the eraseblock
     - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
     - null_blk: Fix missing mutex_destroy() at module removal
     - md: fix resync softlockup when bitmap size is less than array size
     - block: open code __blk_account_io_start()
     - block: open code __blk_account_io_done()
     - block: support to account io_ticks precisely
     - wifi: ath10k: poll service ready message before failing
     - wifi: brcmfmac: pcie: handle randbuf allocation failure
     - wifi: ath11k: don't force enable power save on non-running vdevs
     - bpftool: Fix missing pids during link show
     - [x86] boot: Ignore relocations in .notes sections in walk_relocs() too
     - sched/fair: Add EAS checks before updating root_domain::overutilized
     - ACPI: Fix Generic Initiator Affinity _OSC bit
     - qed: avoid truncating work queue length
     - net/mlx5e: Fail with messages when params are not valid for XSK
     - mlx5: stop warning for 64KB pages
     - bitops: add missing prototype check
     - wifi: carl9170: re-fix fortified-memset warning
     - bpf: Pack struct bpf_fib_lookup
     - scsi: ufs: qcom: Perform read back after writing reset bit
     - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
     - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
     - scsi: ufs: qcom: Perform read back after writing unipro mode
     - scsi: ufs: qcom: Perform read back after writing CGC enable
     - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
     - scsi: ufs: core: Perform read back after disabling interrupts
     - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
     - ACPI: LPSS: Advertise number of chip selects via property
     - irqchip/alpine-msi: Fix off-by-one in allocation error path
     - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
     - ACPI: disable -Wstringop-truncation
     - gfs2: Don't forget to complete delayed withdraw
     - gfs2: Fix "ignore unlock failures after withdraw"
     - [x86] boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
     - cpufreq: exit() callback is optional
     - [x86] pat: Introduce lookup_address_in_pgd_attr()
     - [x86] pat: Restructure _lookup_address_cpa()
     - [x86] pat: Fix W^X violation false-positives when running as Xen PV guest
     - net: export inet_lookup_reuseport and inet6_lookup_reuseport
     - net: remove duplicate reuseport_lookup functions
     - udp: Avoid call to compute_score on multiple sites
     - cppc_cpufreq: Fix possible null pointer dereference
     - scsi: libsas: Fix the failure of adding phy with zero-address to port
     - scsi: hpsa: Fix allocation size for Scsi_Host private data
     - [x86] purgatory: Switch to the position-independent small code model
     - thermal/drivers/tsens: Fix null pointer dereference
     - wifi: ath10k: Fix an error code problem in
       ath10k_dbg_sta_write_peer_debug_trigger()
     - wifi: ath10k: populate board data for WCN3990
     - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset
       handlers
     - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family
       switches
     - tcp: avoid premature drops in tcp_add_backlog()
     - pwm: sti: Convert to platform remove callback returning void
     - pwm: sti: Prepare removing pwm_chip from driver data
     - pwm: sti: Simplify probe function using devm functions
     - drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
     - net: give more chances to rcu in netdev_wait_allrefs_any()
     - wifi: carl9170: add a proper sanity check for endpoints
     - wifi: ar5523: enable proper endpoint verification
     - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
     - libbpf: Fix error message in attach_kprobe_multi
     - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
     - scsi: bfa: Ensure the copied buf is NUL terminated
     - scsi: qedf: Ensure the copied buf is NUL terminated
     - scsi: qla2xxx: Fix debugfs output for fw_resource_count
     - kernel/numa.c: Move logging out of numa.h
     - [x86] numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
     - wifi: mwl8k: initialize cmd->addr[] properly
     - HID: amd_sfh: Handle "no sensors" in PM operations
     - usb: aqc111: stop lying about skb->truesize
     - net: usb: sr9700: stop lying about skb->truesize
     - net: ipv6: fix wrong start position when receive hop-by-hop fragment
     - eth: sungem: remove .ndo_poll_controller to avoid deadlocks
     - net: ethernet: cortina: Locking fixes
     - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
     - net: usb: smsc95xx: stop lying about skb->truesize
     - net: openvswitch: fix overwriting ct original tuple for ICMPv6
     - ipv6: sr: add missing seg6_local_exit
     - ipv6: sr: fix incorrect unregister order
     - ipv6: sr: fix invalid unregister error path
     - net/mlx5: Add a timeout to acquire the command queue semaphore
     - net/mlx5: Discard command completions in internal error
     - [s390x] bpf: Emit a barrier for BPF_FETCH instructions
     - riscv, bpf: make some atomic operations fully ordered
     - ax25: Use kernel universal linked list to implement ax25_dev_list
     - ax25: Fix reference count leak issues of ax25_dev
     - ax25: Fix reference count leak issue of net_device
     - mptcp: SO_KEEPALIVE: fix getsockopt support
     - Bluetooth: Consolidate code around sk_alloc into a helper function
     - Bluetooth: compute LE flow credits based on recvbuf space
     - Bluetooth: qca: Fix error code in qca_read_fw_build_info()
     - drm/bridge: Fix improper bridge init order with pre_enable_prev_first
     - printk: Let no_printk() use _printk()
     - dev_printk: Add and use dev_no_printk()
     - drm/lcdif: Do not disable clocks on already suspended hardware
     - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
     - drm/dp: Don't attempt AUX transfers when eDP panels are not powered
     - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't
       assert
     - drm/amd/display: Fix potential index out of bounds in color transformation
       function
     - [x86] ASoC: Intel: Disable route checks for Skylake boards
     - [x86] ASoC: Intel: avs: ssm4567: Do not ignore route checks
     - mtd: core: Report error if first mtd_otp_size() call fails in
       mtd_otp_nvmem_add()
     - mtd: rawnand: hynix: fixed typo
     - fbdev: shmobile: fix snprintf truncation
     - [armel,armhf] ASoC: kirkwood: Fix potential NULL dereference
     - drm/meson: vclk: fix calculation of 59.94 fractional rates
     - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
     - [powerpc*] fsl-soc: hide unused const variable
     - fbdev: sisfb: hide unused variables
     - [x86] ASoC: Intel: avs: Fix ASRC module initialization
     - [x86] ASoC: Intel: avs: Fix potential integer overflow
     - media: ngene: Add dvb_ca_en50221_init return value check
     - media: rcar-vin: work around -Wenum-compare-conditional warning
     - media: radio-shark2: Avoid led_names truncations
     - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
     - [arm64] drm/msm/dp: allow voltage swing / pre emphasis of 3
     - [arm64] drm/msm/dp: Return IRQ_NONE for unhandled interrupts
     - [arm64] drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
       connected
     - media: ipu3-cio2: Request IRQ earlier
     - media: dt-bindings: ovti,ov2680: Fix the power supply names
     - fbdev: sh7760fb: allow modular build
     - media: atomisp: ssh_css: Fix a null-pointer dereference in
       load_video_binaries
     - [arm64] drm/arm/malidp: fix a possible null pointer dereference
       (CVE-2024-36014)
     - drm: vc4: Fix possible null pointer dereference
     - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
     - drm/bridge: anx7625: Don't log an error when DSI host can't be found
     - drm/bridge: icn6211: Don't log an error when DSI host can't be found
     - drm/bridge: lt8912b: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
     - drm/bridge: tc358775: Don't log an error when DSI host can't be found
     - drm/bridge: dpc3433: Don't log an error when DSI host can't be found
     - drm/panel: novatek-nt35950: Don't log an error when DSI host can't be
       found
     - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
     - drm/mipi-dsi: use correct return type for the DSC functions
     - drm/rockchip: vop2: Do not divide height twice for YUV
     - clk: samsung: exynosautov9: fix wrong pll clock id value
     - RDMA/mlx5: Adding remote atomic access flag to updatable flags
     - [arm64] RDMA/hns: Fix return value in hns_roce_map_mr_sg
     - [arm64] RDMA/hns: Fix deadlock on SRQ async events.
     - [arm64] RDMA/hns: Fix UAF for cq async event
     - [arm64] RDMA/hns: Fix GMV table pagesize
     - [arm64] RDMA/hns: Use complete parentheses in macros
     - [arm64] RDMA/hns: Modify the print level of CQE error
     - clk: mediatek: mt8365-mm: fix DPI0 parent
     - clk: rs9: fix wrong default value for clock amplitude
     - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
     - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
     - RDMA/rxe: Fix incorrect rxe_put in error path
     - IB/mlx5: Use __iowrite64_copy() for write combining stores
     - clk: renesas: r8a779a0: Fix CANFD parent clock
     - clk: renesas: r9a07g043: Add clock and reset entry for PLIC
     - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
     - clk: qcom: dispcc-sm8450: fix DisplayPort clocks
     - clk: qcom: dispcc-sm6350: fix DisplayPort clocks
     - clk: qcom: mmcc-msm8998: fix venus clock issue
     - [x86] insn: Fix PUSH instruction in x86 instruction decoder opcode map
     - [x86] insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and
       VPDPWSSDS
     - ext4: avoid excessive credit estimate in ext4_tmpfile()
     - virt: acrn: stop using follow_pfn
     - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
     - sunrpc: removed redundant procp check
     - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
     - ext4: fix unit mismatch in ext4_mb_new_blocks_simple
     - ext4: try all groups in ext4_mb_new_blocks_simple
     - ext4: remove unused parameter from ext4_mb_new_blocks_simple()
     - ext4: fix potential unnitialized variable
     - SUNRPC: Fix gss_free_in_token_pages()
     - RDMA/IPoIB: Fix format truncation compilation errors
     - net: add pskb_may_pull_reason() helper
     - net: bridge: xmit: make sure we have at least eth header len bytes
     - net: bridge: mst: fix vlan use-after-free
     - net: qrtr: ns: Fix module refcnt
     - netrom: fix possible dead-lock in nr_rt_ioctl()
     - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
     - sched/fair: Allow disabling sched_balance_newidle with
       sched_relax_domain_level
     - sched/core: Fix incorrect initialization of the 'burst' parameter in
       cpu_max_write()
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
     - perf record: Delete session after stopping sideband thread
     - perf probe: Add missing libgen.h header needed for using basename()
     - iio: core: Leave private pointer NULL when no private data supplied
     - greybus: lights: check return of get_channel_from_mode
     - f2fs: multidev: fix to recognize valid zero block address
     - f2fs: fix to wait on page writeback in __clone_blkaddrs()
     - counter: linux/counter.h: fix Excess kernel-doc description warning
     - perf annotate: Get rid of duplicate --group option item
     - soundwire: cadence: fix invalid PDI offset
     - dmaengine: idma64: Add check for dma_set_max_seg_size
     - firmware: dmi-id: add a release callback function
     - serial: max3100: Lock port->lock when calling uart_handle_cts_change()
     - serial: max3100: Update uart_driver_registered on driver removal
     - serial: max3100: Fix bitwise types
     - greybus: arche-ctrl: move device table to its right location
     - PCI: tegra194: Fix probe path for Endpoint mode
     - serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
     - [arm64] dts: meson: fix S4 power-controller node
     - perf tests: Make "test data symbol" more robust on Neoverse N1
     - dt-bindings: PCI: rcar-pci-host: Add optional regulators
     - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
     - f2fs: compress: fix to relocate check condition in
       f2fs_{release,reserve}_compress_blocks()
     - f2fs: compress: fix to relocate check condition in
       f2fs_ioc_{,de}compress_file()
     - f2fs: fix typos in comments
     - f2fs: fix to relocate check condition in f2fs_fallocate()
     - f2fs: fix to check pinfile flag in f2fs_move_file_range()
     - iio: adc: stm32: Fixing err code to not indicate success
     - coresight: etm4x: Fix unbalanced pm_runtime_enable()
     - perf docs: Document bpf event modifier
     - iio: pressure: dps310: support negative temperature values
     - coresight: etm4x: Do not hardcode IOMEM access for register restore
     - coresight: etm4x: Do not save/restore Data trace control registers
     - coresight: etm4x: Safe access for TRCQCLTR
     - coresight: etm4x: Fix access to resource selector registers
     - fpga: region: add owner module and take its refcount
     - microblaze: Remove gcc flag for non existing early_printk.c file
     - microblaze: Remove early printk call from cpuinfo-static.c
     - perf intel-pt: Fix unassigned instruction op (discovered by
       MemorySanitizer)
     - ovl: remove upper umask handling from ovl_create_upper()
     - VMCI: Fix an error handling path in vmci_guest_probe_device()
     - dt-bindings: pinctrl: mediatek: mt7622: fix array properties
     - watchdog: bd9576: Drop "always-running" property
     - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
     - usb: gadget: u_audio: Fix race condition use of controls after free during
       gadget unbind.
     - usb: gadget: u_audio: Clear uac pointer when freed.
     - stm class: Fix a double free in stm_register_device()
     - ppdev: Remove usage of the deprecated ida_simple_xx() API
     - ppdev: Add an error check in register_device (CVE-2024-36015)
     - perf bench internals inject-build-id: Fix trap divide when collecting just
       one DSO
     - perf ui browser: Don't save pointer to stack memory
     - extcon: max8997: select IRQ_DOMAIN instead of depending on it
     - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
     - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
     - perf ui browser: Avoid SEGV on title
     - perf report: Avoid SEGV in report__setup_sample_type()
     - f2fs: compress: fix to update i_compr_blocks correctly
     - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/
       cp_rwsem lock
     - f2fs: fix to release node block count in error path of
       f2fs_new_node_page()
     - f2fs: compress: don't allow unaligned truncation on released compress
       inode
     - serial: sh-sci: protect invalidating RXDMA on shutdown
     - libsubcmd: Fix parse-options memory leak
     - perf daemon: Fix file leak in daemon_session__control
     - f2fs: fix to add missing iput() in gc_data_segment()
     - perf stat: Don't display metric header for non-leader uncore events
     - [s390x] vdso: filter out mno-pic-data-is-text-relative cflag
     - [s390x] vdso64: filter out munaligned-symbols flag for vdso
     - [s390x] vdso: Generate unwind information for C modules
     - [s390x] vdso: Use standard stack frame layout
     - [s390x] ipl: Fix incorrect initialization of len fields in nvme reipl
       block
     - [s390x] ipl: Fix incorrect initialization of nvme dump block
     - [s390x] boot: Remove alt_stfle_fac_list from decompressor
     - Input: ims-pcu - fix printf string overflow
     - Input: ioc3kbd - convert to platform remove callback returning void
     - Input: ioc3kbd - add device table
     - mmc: sdhci_am654: Add tuning algorithm for delay chain
     - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
     - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
     - mmc: sdhci_am654: Add OTAP/ITAP delay enable
     - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
     - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
     - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
     - [arm64] drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode
       pclk
     - [arm64] drm/msm/dpu: Always flush the slave INTF on the CTL
     - drm/bridge: tc358775: fix support for jeida-18 and jeida-24
     - media: stk1160: fix bounds checking in stk1160_copy_video()
     - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
     - Input: cyapa - add missing input core locking to suspend/resume functions
     - media: flexcop-usb: fix sanity check of bNumEndpoints
     - [powerpc*] pseries: Add failure related checks for h_get_mpp and h_get_ppp
     - media: sunxi: a83-mips-csi2: also select GENERIC_PHY
     - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
     - media: cec: cec-api: add locking in cec_release()
     - media: cec: core: avoid recursive cec_claim_log_addrs
     - media: cec: core: avoid confusing "transmit timed out" message
     - Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
     - [arm64] drm/msm: Enable clamp_to_idle for 7c3
     - [arm64] drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
       fails
     - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
     - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
     - ASoC: mediatek: mt8192: fix register configuration for tdm
     - regulator: bd71828: Don't overwrite runtime voltages
     - perf/arm-dmc620: Fix lockdep assert in ->event_init()
     - [x86] kconfig: Select ARCH_WANT_FRAME_POINTERS again when
       UNWINDER_FRAME_POINTER=y
     - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
     - ipv6: sr: fix missing sk_buff release in seg6_input_core
     - nfc: nci: Fix uninit-value in nci_rx_work
     - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
     - NFSv4: Fixup smatch warning for ambiguous return
     - nfs: keep server info for remounts
     - sunrpc: fix NFSACL RPC retry on soft mount
     - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
     - af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
       (CVE-2024-36972)
     - ipv6: sr: fix memleak in seg6_hmac_init_algo
     - tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
     - pNFS/filelayout: fixup pNfs allocation modes
     - openvswitch: Set the skbuff pkt_type for proper pmtud support.
     - [arm64] asm-bug: Add .align 2 to the end of __BUG_ENTRY
     - rv: Update rv_en(dis)able_monitor doc to match kernel-doc
     - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
     - Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
     - net: fec: avoid lock evasion when reading pps_enable
     - tls: fix missing memory barrier in tls_init
     - inet: factor out locked section of inet_accept() in a new helper
     - net: relax socket state check at accept time.
     - nfc: nci: Fix kcov check in nci_rx_work()
     - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
     - drivers/xen: Improve the late XenStore init protocol
     - ice: Interpret .set_channels() input differently
     - netfilter: nfnetlink_queue: acquire rcu_read_lock() in
       instance_destroy_rcu()
     - netfilter: nft_payload: restore vlan q-in-q match support
     - spi: Don't mark message DMA mapped when no transfer in it is
     - dma-mapping: benchmark: fix node id validation
     - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
     - nvmet: fix ns enable/disable possible hang
     - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
     - net/mlx5: Lag, do bond only if slaves agree on roce state
     - net/mlx5e: Fix IPsec tunnel mode offload feature check
     - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
       exhaustion
     - net/mlx5e: Fix UDP GSO for encapsulated packets
     - dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
     - bpf: Fix potential integer overflow in resolve_btfids
     - ALSA: jack: Use guard() for locking
     - ALSA: core: Remove debugfs at disconnection
     - ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
     - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
     - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
     - enic: Validate length of nl attributes in enic_set_vf_port
     - af_unix: Read sk->sk_hash under bindlock during bind().
     - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
     - bpf: Allow delete from sockmap/sockhash only if update is allowed
     - net:fec: Add fec_enet_deinit()
     - ice: fix accounting if a VLAN already exists
     - netfilter: nft_payload: move struct nft_payload_set definition where it
       belongs
     - netfilter: nft_payload: rebuild vlan header when needed
     - netfilter: nft_payload: rebuild vlan header on h_proto access
     - netfilter: nft_payload: skbuff vlan metadata mangle support
     - netfilter: tproxy: bail out if IP has been disabled on the device
     - netfilter: nft_fib: allow from forward/input without iif selector
     - kconfig: fix comparison to constant symbols, 'm', 'n'
     - [x86] drm/i915/guc: avoid FIELD_PREP warning
     - spi: stm32: Don't warn about spurious interrupts
     - net: dsa: microchip: fix RGMII error in KSZ DSA driver
     - net: ena: Add dynamic recycling mechanism for rx buffers
     - net: ena: Reduce lines with longer column width boundary
     - net: ena: Fix redundant device NUMA node override
     - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
     - [powerpc*] pseries/lparcfg: drop error message from guest name lookup
     - hwmon: (shtc1) Fix property misspelling
     - ALSA: timer: Set lower bound of start tick time
     - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.94
     - drm: Check output polling initialized before disabling (CVE-2024-35927)
     - drm: Check polling initialized before enabling in
       drm_helper_probe_single_connector_modes
     - Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations
     - maple_tree: fix allocation in mas_sparse_area()
     - maple_tree: fix mas_empty_area_rev() null pointer dereference
       (CVE-2024-36891)
     - mmc: core: Do not force a retune before RPMB switch
     - afs: Don't cross .backup mountpoint from backup volume
     - nilfs2: fix use-after-free of timer for log writer thread (CVE-2024-38583)
     - [x86] drm/i915/audio: Fix audio time stamp programming for DP
     - mptcp: avoid some duplicate code in socket option handling
     - mptcp: cleanup SOL_TCP handling
     - mptcp: fix full TCP keep-alive support
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - scripts/gdb: fix SB_* constants parsing
     - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
     - media: lgdt3306a: Add a check against null-pointer-def
     - drm/amdgpu: add error handle to avoid out-of-bounds
     - bcache: fix variable length array abuse in btree_iter
     - wifi: rtw89: correct aSIFSTime for 6GHz band
     - ata: pata_legacy: make legacy_exit() work again
     - thermal/drivers/qcom/lmh: Check for SCM availability at probe
     - [arm64] soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
     - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
     - [arm64] tegra: Correct Tegra132 I2C alias
     - [arm64] dts: qcom: qcs404: fix bluetooth device address
     - md/raid5: fix deadlock that raid5d() wait for itself to clear
       MD_SB_CHANGE_PENDING
     - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
       firmware command
     - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
     - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
     - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
     - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
     - [arm64] dts: hi3798cv200: fix the size of GICR
     - media: mc: Fix graph walk in media_pipeline_start
     - media: mc: mark the media devnode as registered from the, start
     - media: mxl5xx: Move xpt structures off stack
     - media: v4l2-core: hold videodev_lock until dev reg, finishes
     - mmc: core: Add mmc_gpiod_set_cd_config() function
     - mmc: sdhci: Add support for "Tuning Error" interrupts
     - mmc: sdhci-acpi: Sort DMI quirks alphabetically
     - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
     - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
     - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on
       Asus T100TA
     - fbdev: savage: Handle err return when savagefb_check_var failed
     - drm/amdgpu/atomfirmware: add intergrated info v2.3 table
     - 9p: add missing locking around taking dentry fid list
     - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
     - [arm64] KVM: arm64: Fix AArch32 register narrowing on userspace write
     - [arm64] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
     - [arm64] KVM: arm64: AArch32: Fix spurious trapping of conditional
       instructions
     - crypto: ecdsa - Fix module auto-load on add-key
     - crypto: ecrdsa - Fix module auto-load on add_key
     - [x86] crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
     - mm: fix race between __split_huge_pmd_locked() and GUP-fast
     - scsi: core: Handle devices which return an unusually large VPD page count
     - net/ipv6: Fix route deleting failure when metric equals 0
     - net/9p: fix uninit-value in p9_client_rpc()
     - kmsan: do not wipe out origin when doing partial unpoisoning
     - cpufreq: amd-pstate: Fix the inconsistency in max frequency units
     - [x86] intel_th: pci: Add Meteor Lake-S CPU support
     - mm/cma: drop incorrect alignment check in cma_init_reserved_mem
     - mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
     - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
     - kdb: Fix buffer overflow during tab-complete
     - kdb: Use format-strings rather than '\0' injection in kdb_read()
     - kdb: Fix console handling when editing and tab-completing commands
     - kdb: Merge identical case statements in kdb_read()
     - kdb: Use format-specifiers rather than memset() for padding in kdb_read()
     - net: fix __dst_negative_advice() race (CVE-2024-36971)
     - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
     - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
     - [s390x] ap: Fix crash in AP internal function modify_bitmap()
     - [s390x] cpacf: Split and rework cpacf query functions
     - [s390x] cpacf: Make use of invalid opcode produce a link error
     - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
     - EDAC/igen6: Convert PCIBIOS_* return codes to errnos
     - nfs: fix undefined behavior in nfs_block_bits()
     - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
     - btrfs: fix crash on racing fsync and size-extending write into prealloc
     - [powerpc*] bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
     - smb: client: fix deadlock in smb2_find_smb_tcon()
     - smp: Provide 'setup_max_cpus' definition on UP too
 .
   [ Uwe Kleine-König ]
   * [arm*] Enable symbols in Raspberry Pi device trees for simplified overlay
     application.
   * d/rules: Let blhc ignore perf tests binaries that are compiled without
     fortification
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 22
   * [rt] Update to 6.1.90-rt30
   * net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (CVE-2024-36974)
linux-signed-amd64 (6.1.90+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.90-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
     - amdkfd: use calloc instead of kzalloc to avoid integer overflow
       (CVE-2024-26817)
     - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
     - bnx2x: Fix firmware version string character counts
     - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
     - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
     - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
     - panic: Flush kernel log buffer at the end
     - cpuidle: Avoid potential overflow in integer multiplication
     - [arm64] dts: rockchip: fix rk3328 hdmi ports node
     - [arm64] dts: rockchip: fix rk3399 hdmi ports node
     - ionic: set adminq irq affinity
     - net: skbuff: add overflow debug check to pull/push helpers
     - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
     - pstore/zone: Add a null pointer check to the psz_kmsg_read
     - net: pcs: xpcs: Return EINVAL in the internal methods
     - dma-direct: Leak pages on dma_set_decrypted() failure
     - wifi: ath11k: decrease MHI channel buffer length to 8KB
     - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
     - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
     - btrfs: export: handle invalid inode or root reference in
       btrfs_get_parent()
     - btrfs: send: handle path ref underflow in header iterate_inode_ref()
     - ice: use relative VSI index for VFs instead of PF VSI number
     - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
     - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
     - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
     - [arm64,armhf] drm/vc4: don't check if plane->state->fb == state->fb
     - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
     - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
     - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
     - sysv: don't call sb_bread() with pointers_lock held
     - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
     - isofs: handle CDs with bad root inode but good Joliet root directory
     - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
       laptops
     - rcu-tasks: Repair RCU Tasks Trace quiescence check
     - Julia Lawall reported this null pointer dereference, this should fix it.
     - media: sta2x11: fix irq handler cast
     - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data
       block counter
     - ext4: add a hint for block bitmap corrupt state in mb_groups
     - ext4: forbid commit inconsistent quota data when errors=remount-ro
     - drm/amd/display: Fix nanosec stat overflow
     - drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()
     - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
       unsigned int
     - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
     - libperf evlist: Avoid out-of-bounds access
     - input/touchscreen: imagis: Correct the maximum touch area value
     - block: prevent division by zero in blk_rq_stat_sum()
     - RDMA/cm: add timeout to cm_destroy_id wait
     - Input: imagis - use FIELD_GET where applicable
     - Input: allocate keycode for Display refresh rate toggle
     - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the
       Chuwi Vi8 tablet
     - [x86] perf/x86/amd/lbr: Discard erroneous branch entries
     - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
       environment
     - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
     - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
     - [x86] thunderbolt: Keep the domain powered when USB4 port is in redrive
       mode
     - usb: typec: tcpci: add generic tcpci fallback compatible
     - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
     - thermal/of: Assume polling-delay(-passive) 0 when absent
     - ASoC: soc-core.c: Skip dummy codec when adding platforms
     - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
     - io_uring: clear opcode specific data for an early failure
     - drivers/nvme: Add quirks for device 126f:2262
     - fbmon: prevent division by zero in fb_videomode_from_videomode()
     - netfilter: nf_tables: release batch on table validation from abort path
     - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
       (CVE-2024-26925)
     - netfilter: nf_tables: discard table flag update with pending basechain
       deletion
     - gcc-plugins/stackleak: Avoid .head.text section
     - virtio: reenable config if freezing device failed
     - randomize_kstack: Improve entropy diffusion
     - [x86] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
     - Bluetooth: btintel: Fixe build regression
     - net: mpls: error out if inner headers are not set
     - [x86] VMCI: Fix possible memcpy() run-time warning in
       vmci_datagram_invoke_guest_handler()
     - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
     - smb3: fix Open files on server counter going negative
     - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
     - batman-adv: Avoid infinite loop trying to resize local TT
     - ring-buffer: Only update pages_touched when a new page is touched
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
     - PM: s2idle: Make sure CPUs will wakeup directly on resume
     - media: cec: core: remove length check of Timer Status
     - Revert "drm/qxl: simplify qxl_fence_wait" (Closes: #1054514)
     - nouveau: fix function cast warning
     - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
     - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
       file
     - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
     - geneve: fix header validation in geneve[6]_xmit_skb
     - bnxt_en: Reset PTP tx_avail after possible firmware reset
     - af_unix: Clear stale u->oob_skb.
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - Bluetooth: SCO: Fix not validating setsockopt user input
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
     - netfilter: complete validation of user input
     - net/mlx5: Properly link new fs rules into the tree
     - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
     - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
     - net: ena: Fix potential sign extension issue
     - net: ena: Wrong missing IO completions check order
     - net: ena: Fix incorrect descriptor free behavior
     - tracing: hide unused ftrace_event_id_fops
     - [amd64] iommu/vt-d: Allocate local memory for page request queue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - btrfs: record delayed inode root in transaction
     - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
     - io_uring/net: restore msg_control on sendzc retry
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - [x86] drm/i915/vrr: Disable VRR when using bigjoiner
     - drm/ast: Fix soft lockup
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - vhost: Add smp_rmb() in vhost_enable_notify()
     - [x86] perf/x86: Fix out of range data
     - [x86] cpu: Actually turn off mitigations by default for
       SPECULATION_MITIGATIONS=n
     - [x86] apic: Force native_apic_mem_read() to use the MOV instruction
     - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
     - [x86] bugs: Fix return type of spectre_bhi_state()
     - [x86] bugs: Fix BHI documentation
     - [x86] bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
     - [x86] bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
     - [x86] bugs: Fix BHI handling of RRSBA
     - [x86] bugs: Clarify that syscall hardening isn't a BHI mitigation
     - [x86] bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
     - [x86] bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
       CONFIG_MITIGATION_SPECTRE_BHI
     - [x86] drm/i915/cdclk: Fix CDCLK programming order when pipes are active
     - [x86] drm/i915: Disable port sync when bigjoiner is used
     - drm/amdgpu: Reset dGPU if suspend got aborted
     - drm/amdgpu: always force full reset for SOC21
     - drm/amd/display: fix disable otg wa logic in DCN316
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.88
     - drm/vmwgfx: Enable DMA mappings with SEV
     - drm/amdgpu: fix incorrect active rb bitmap for gfx11
     - drm/amdgpu: fix incorrect number of active RBs for gfx11
     - drm/amd/display: Do not recursively call manual trigger programming
     - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
       failure
     - SUNRPC: Fix rpcgss_context trace event acceptor field
     - random: handle creditable entropy from atomic process context
     - net: usb: ax88179_178a: avoid writing the mac address before first reading
     - [x86] drm/i915/vma: Fix UAF on destroy against retire race
     - [x86] efi: Drop EFI stub .bss from .data section
     - [x86] efi: Disregard setup header of loaded image
     - [x86] efistub: Reinstate soft limit for initrd loading
     - [x86] efi: Drop alignment flags from PE section headers
     - [x86] boot: Remove the 'bugger off' message
     - [x86] boot: Omit compression buffer from PE/COFF image memory footprint
     - [x86] boot: Drop redundant code setting the root device
     - [x86] boot: Drop references to startup_64
     - [x86] boot: Grab kernel_info offset from zoffset header directly
     - [x86] boot: Set EFI handover offset directly in header asm
     - [x86] boot: Define setup size in linker script
     - [x86] boot: Derive file size from _edata symbol
     - [x86] boot: Construct PE/COFF .text section from assembler
     - [x86] boot: Drop PE/COFF .reloc section
     - [x86] boot: Split off PE/COFF .data section
     - [x86] boot: Increase section and file alignment to 4k/512
     - [x86] efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
     - [x86] mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros
     - [x86] head/64: Add missing __head annotation to startup_64_load_idt()
     - [x86] head/64: Move the __head definition to <asm/init.h>
     - [x86] sme: Move early SME kernel encryption handling into .head.text
     - [x86] sev: Move early startup code into .head.text section
     - [x86] efistub: Remap kernel text read-only before dropping NX attribute
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
     - netfilter: br_netfilter: skip conntrack input hook for promisc packets
     - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
     - netfilter: flowtable: validate pppoe header
     - netfilter: flowtable: incorrect pppoe tuple
     - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
     - af_unix: Don't peek OOB data without MSG_OOB.
     - net/mlx5: Lag, restore buckets number to default after hash LAG
       deactivation
     - net/mlx5e: Prevent deadlock while disabling aRFS
     - ice: tc: allow zero flags in parsing tc flower
     - tun: limit printing rate when illegal packet received by tun dev
     - [arm64] net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before
       using them
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/cm: Print the old state when cm_destroy_id gets timeout
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - [s390x] qdio: handle deferred cc1
     - [s390x] cio: fix race condition during online processing
     - drm: nv04: Fix out of bounds access
     - [armhf] omap2: n8x0: stop instantiating codec platform data
     - PCI: Avoid FLR for SolidRun SNET DPU rev 1
     - HID: kye: Sort kye devices
     - usb: pci-quirks: Reduce the length of a spinlock section in
       usb_amd_find_chipset_info()
     - PCI: Delay after FLR of Solidigm P44 Pro NVMe
     - [x86] quirks: Include linux/pnp.h for arch_pnpbios_disabled()
     - [x86] thunderbolt: Log function name of the called quirk
     - [x86] thunderbolt: Add debug log for link controller power quirk
     - PCI: Execute quirk_enable_clear_retrain_link() earlier
     - ALSA: scarlett2: Move USB IDs out from device_info struct
     - ALSA: scarlett2: Add support for Clarett 8Pre USB
     - ASoC: ti: Convert Pandora ASoC to GPIO descriptors
     - ALSA: scarlett2: Default mixer driver to enabled
     - ALSA: scarlett2: Add correct product series name to messages
     - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
     - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
     - PCI/DPC: Use FIELD_GET()
     - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
     - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2
     - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
     - usb: xhci: Add timeout argument in address_device USB HCD callback
     - usb: new quirk to reduce the SET_ADDRESS request timeout
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - clk: remove unnecessary (void*) conversions
     - clk: Show active consumers of clocks in debugfs
     - clk: Get runtime PM before walking tree for clk_summary
     - [x86] bugs: Fix BHI retpoline check
     - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
     - [arm*] binder: check offset alignment in binder_get_object()
       (CVE-2024-26926)
     - [x86] thunderbolt: Avoid notify PM core about runtime PM resume
     - [x86] thunderbolt: Fix wake configurations after device unplug
     - [x86] comedi: vmk80xx: fix incomplete endpoint checking
     - [armhf] serial: stm32: Return IRQ_NONE in the ISR if no handling happend
     - [armhf] serial: stm32: Reset .throttled state in .startup()
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - Revert "usb: cdc-wdm: close race between read and workqueue"
     - [arm64,armhf] usb: dwc2: host: Fix dereference issue in DDMA completion
       flow.
     - usb: Disable USB3 LPM at shutdown
     - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
       error
     - mei: me: disable RPL-S on SPS and IGN firmwares
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - [x86] KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel
       compatible
     - [x86] KVM: x86/pmu: Disable support for adaptive PEBS
     - [x86] KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
     - [arm64] hibernate: Fix level3 translation fault in swsusp_save()
     - init/main.c: Fix potential static_command_line memory overflow
     - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
       (CVE-2024-26922)
     - drm/vmwgfx: Sort primary plane formats by order of preference
     - drm/vmwgfx: Fix crtc's atomic check conditional
     - nouveau: fix instmem race condition around ptr stores
     - bootconfig: use memblock_free_late to free xbc memory to buddy
     - nilfs2: fix OOB in nilfs_set_de_type
     - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - ksmbd: common: use struct_group_attr instead of struct_group for
       network_open_info
     - PCI/ASPM: Fix deadlock when enabling ASPM (CVE-2024-26605)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.89
     - Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
     - smb: client: fix rename(2) regression against samba
     - cifs: reinstate original behavior again for forceuid/forcegid
     - [amd64] HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
       dev->devc
     - HID: logitech-dj: allow mice to use all types of reports
     - wifi: iwlwifi: mvm: remove old PASN station when adding a new one
     - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
     - vxlan: drop packets from invalid src-address
     - icmp: prevent possible NULL dereferences from icmp_build_probe()
     - bridge/br_netlink.c: no need to return void function
     - bnxt_en: refactor reset close code
     - bnxt_en: Fix the PCI-AER routines
     - NFC: trf7970a: disable all regulators on removal
     - ax25: Fix netdev refcount issue
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
     - ipv4: check for NULL idev in ip_route_use_hint()
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
     - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
     - Bluetooth: qca: set power_ctrl_enabled on NULL returned by
       gpiod_get_optional()
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - eth: bnxt: fix counting packets discarded due to OOM and netpoll
     - netfilter: nf_tables: honor table dormant flag from netdev release event
       path
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - i40e: Report MFS in decimal base instead of hex
     - iavf: Fix TC config comparison with existing adapter TC config
     - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - cifs: Replace remaining 1-element arrays (Closes: #1069102, #1069092)
     - Revert "crypto: api - Disallow identical driver names"
     - virtio_net: Do not send RSS key if it is not supported
     - fork: defer linking file vma until vma is fully initialized
       (CVE-2024-27022)
     - [x86] cpu: Fix check for RDPKRU in __show_regs()
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - Bluetooth: qca: fix NULL-deref on non-serdev suspend
     - [arm64] mmc: sdhci-msm: pervent access to suspended controller
     - smb: client: Fix struct_group() usage in __packed structs
     - smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
     - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - cpu: Re-enable CPU mitigations by default for !X86 architectures
     - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ACPI: CPPC: Use access_width over bit_width for system memory accesses
     - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
     - ACPI: CPPC: Fix access width used for PCC registers
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - fbdev: fix incorrect address computation in deferred IO
     - udp: preserve the connected status if only UDP cmsg
     - mtd: diskonchip: work around ubsan link failure
     - [x86] tdx: Preserve shared bit on mprotect()
     - [x86] idma64: Don't try to serve interrupts when device is powered off
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix out of bounds read
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix hardcoded array size
     - [arm64] phy: rockchip-snps-pcie3: fix bifurcation on rk3588
     - [arm64] phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits
     - [amd64] dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
     - i2c: smbus: fix NULL function pointer dereference
     - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
     - macsec: Enable devices to advertise whether they update sk_buff md_dst
       during offloads
     - macsec: Detect if Rx skb is macsec-related for offloading devices that
       update md_dst
     - net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for
       MACsec
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 21
   * drivers/tty: Disable N_GSM
   * tipc: fix UAF in error path
   * tipc: fix a possible memleak in tipc_buf_append
linux-signed-amd64 (6.1.90+1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Sign kernel from linux 6.1.90-1~bpo11+1
 .
   * Rebuild for bullseye-backports:
     - Set ABI to 0.deb11.21
linux-signed-amd64 (6.1.85+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.85-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
     - md: fix data corruption for raid456 when reshape restart while grow up
     - md/raid10: prevent soft lockup while flush writes
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - nfsd: allow nfsd_file_get to sanely handle a NULL pointer
     - nfsd: don't open-code clear_and_wake_up_bit
     - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
     - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
     - nfsd: don't kill nfsd_files because of lease break error
     - nfsd: add some comments to nfsd_file_do_acquire
     - nfsd: don't take/put an extra reference when putting a file
     - nfsd: update comment over __nfsd_file_cache_purge
     - nfsd: allow reaping files still under writeback
     - NFSD: Convert filecache to rhltable
     - nfsd: simplify the delayed disposal list code
     - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
     - NFSD: Add an nfsd4_encode_nfstime4() helper
     - nfsd: Fix creation time serialization order
     - [arm64] media: rkisp1: Fix IRQ handling due to shared interrupts
     - perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child
       count)
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
     - [x86] xen: Add some null pointer checking to smp.c
     - [mips*] Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - [arm64] sve: Lower the maximum allocation for the SVE ptrace regset
     - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - [arm64] dts: Fix dtc interrupt_provider warnings
     - btrfs: fix data races when accessing the reserved amount of block reserves
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
     - net: smsc95xx: add support for SYS TEC USB-SPEmodule1
     - wifi: mac80211: only call drv_sta_rc_update for uploaded stations
     - [x86] ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
     - Bluetooth: mgmt: Fix limited discoverable off timeout
     - firewire: core: use long bus reset on gap count error
     - [arm64] tegra: Set the correct PHY mode for MGBE
     - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
       tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - [x86] ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - [x86] ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - [x86] ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - fs: Fix rw_hint validation
     - [s390x] dasd: add autoquiesce feature
     - [s390x] dasd: Use dev_*() for device log messages
     - [s390x] dasd: fix double module refcount decrement
     - rcu/exp: Fix RCU expedited parallel grace period kworker allocation
       failure recovery
     - rcu/exp: Handle RCU expedited grace period kworker allocation failure
     - nbd: null check for nla_nest_start
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
     - io_uring/net: move receive multishot out of the generic msghdr path
     - io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
     - [x86] resctrl: Implement new mba_MBps throttling heuristic
     - [x86] sme: Fix memory encryption setting if enabled by default and not
       overridden
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_smt()
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: do not realloc workqueue everytime an interface is added
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - libbpf: Apply map_set_def_max_entries() for inner_maps on creation
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - libbpf: Fix faccessat() usage on Android
     - pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
     - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - gpio: vf610: allow disabling the vf610 driver
     - [arm64] dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - wifi: wfx: fix memory leak when starting AP
     - printk: Disable passing console lock owner completely during panic()
     - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
     - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
     - tools/resolve_btfids: Fix cross-compilation to non-host endianness
     - wifi: iwlwifi: mvm: don't set replay counters to 0xff
     - [s390x] pai: fix attr_event_free upper limit for pai device drivers
     - [s390x] vdso: drop '-fPIC' from LDFLAGS
     - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
     - [arm64] dts: mt8183: kukui: Split out keyboard node and describe
       detachables
     - [arm64] dts: mt8183: Move CrosEC base detection node to kukui-based DTs
     - [arm64] dts: mediatek: mt7986: add "#reset-cells" to infracfg
     - [arm64] dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
     - [arm64] dts: mediatek: mt8192: fix vencoder clock name
     - [arm64] dts: mediatek: mt7622: add missing "device_type" to memory nodes
     - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
     - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
       interfaces
     - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
     - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
     - [amd64] iommu/amd: Mark interrupt as managed
     - wifi: brcmsmac: avoid function pointer casts
     - [arm64] dts: qcom: sdm845-db845c: correct PCIe wake-gpios
     - [arm64] dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs
     - [arm64] dts: qcom: sm8150: correct PCIe wake-gpios
     - powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
     - net: ena: Remove ena_select_queue
     - [arm64] dts: mt8195-cherry-tomato: change watchdog reset boot flow
     - firmware: arm_scmi: Fix double free in SMC transport cleanup path
     - wifi: wilc1000: revert reset line logic flip
     - net: mctp: copy skb ext data when fragmenting
     - pstore: inode: Convert mutex usage to guard(mutex)
     - pstore: inode: Only d_invalidate() is needed
     - [arm64] dts: allwinner: h6: Add RX DMA channel for SPDIF
     - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
     - ACPI: resource: Do IRQ override on Lunnen Ground laptops
     - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
     - ACPI: scan: Fix device check notification handling
     - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
     - SUNRPC: fix some memleaks in gssx_dec_option_array
     - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
       .remove function
     - ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
     - wifi: rtw88: 8821c: Fix beacon loss and disconnect
     - wifi: rtw88: 8821c: Fix false alarm count
     - PCI: Make pci_dev_is_disconnected() helper public for other drivers
     - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
       disconnected
     - igb: Fix missing time sync events
     - Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
     - Bluetooth: mgmt: Remove leftover queuing of power_off work
     - Bluetooth: Remove superfluous call to hci_conn_check_pending()
     - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
     - Bluetooth: Cancel sync command before suspend and power off
     - Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
     - Bluetooth: hci_conn: Consolidate code for aborting connections
     - Bluetooth: hci_core: Cancel request on command timeout
     - Bluetooth: hci_sync: Fix overwriting request callback
     - Bluetooth: hci_core: Fix possible buffer overflow
     - Bluetooth: af_bluetooth: Fix deadlock
     - Bluetooth: fix use-after-free in accessing skb after sending it
     - [s390x] cache: prevent rebuild of shared_cpu_list
     - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
     - bpf: Fix hashtab overflow check on 32-bit arches
     - bpf: Fix stackmap overflow check on 32-bit arches
     - [amd64] iommu/vt-d: Retrieve IOMMU perfmon capability information
     - ipv6: fib6_rules: flush route cache when rule is changed
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
     - net: phy: fix phy_get_internal_delay accessing an empty array
     - [arm64] net: hns3: fix wrong judgment condition issue
     - [arm64] net: hns3: fix kernel crash when 1588 is received on HIP08 devices
     - [arm64] net: hns3: fix port duplex configure error in IMP reset
     - Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH
     - Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
     - Bluetooth: Fix eir name length
     - net: phy: dp83822: Fix RGMII TX delay configuration
     - OPP: debugfs: Fix warning around icc_get_name()
     - tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
       function
     - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
       function
     - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
       function
     - udp: fix incorrect parameter validation in the udp_lib_getsockopt()
       function
     - net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
       function
     - nfp: flower: handle acti_netdevs allocation failure
     - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
     - dm raid: fix false positive for requeue needed during reshape
     - dm: call the resume method on internal suspend
     - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
     - [arm64,armhf] drm/tegra: dpaux: Fix PM disable depth imbalance in
       tegra_dpaux_probe
     - [arm64,armhf] drm/tegra: dsi: Make use of the helper function
       dev_err_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
       tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
       error handling path of tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
     - [arm64,armhf] drm/tegra: hdmi: Fix some error handling paths in
       tegra_hdmi_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix some error handling paths in
       tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix missing clk_put() in the error handling
       paths of tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
       error handling paths of tegra_output_probe()
     - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
     - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
     - drm/panel-edp: use put_sync in unprepare
     - drm/lima: fix a memleak in lima_heap_alloc
     - [x86] ASoC: amd: acp: Add missing error handling in sof-mach
     - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
     - media: tc358743: register v4l2 async device only after successful setup
     - PCI/DPC: Print all TLP Prefixes, not just the first
     - perf record: Fix possible incorrect free in record__switch_output()
     - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
     - drm/amd/display: Fix a potential buffer overflow in
       'dp_dsc_clock_en_read()'
     - drm/amd/display: Fix potential NULL pointer dereferences in
       'dcn10_set_output_transfer_func()'
     - pinctrl: renesas: r8a779g0: Add Audio SSI pins, groups, and functions
     - pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
     - clk: samsung: exynos850: Propagate SPI IPCLK rate change
     - perf evsel: Fix duplicate initialization of data->id in
       evsel__parse_sample()
     - clk: meson: Add missing clocks to axg_clk_regmaps
     - media: em28xx: annotate unchecked call to media_device_register()
     - media: v4l2-tpg: fix some memleaks in tpg_alloc
     - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
     - media: edia: dvbdev: fix a use-after-free
     - clk: qcom: reset: Commonize the de/assert functions
     - clk: qcom: reset: Ensure write completion on reset de/assertion
     - quota: simplify drop_dquot_ref()
     - quota: Fix potential NULL pointer dereference
     - quota: Fix rcu annotations of inode dquot pointers
     - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
     - crypto: xilinx - call finalize with bh disabled
     - perf thread_map: Free strlist on normal path in
       thread_map__new_by_tid_str()
     - [arm64] drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
     - [arm64] drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
       enabled
     - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
     - ALSA: seq: fix function cast warnings
     - perf stat: Avoid metric-only segv
     - [arm64,armhf] ASoC: meson: aiu: fix function pointer type mismatch
     - [arm64,armhf] ASoC: meson: t9015: fix function pointer type mismatch
     - [powerpc*] Force inlining of arch_vmap_p{u/m}d_supported()
     - [x86] ASoC: SOF: Introduce container struct for SOF firmware
     - [x86] ASoC: SOF: Add some bounds checking to firmware data
     - NTB: EPF: fix possible memory leak in pci_vntb_probe()
     - NTB: fix possible name leak in ntb_register_device()
     - media: cedrus: h265: Associate mv col buffers with buffer
     - media: cedrus: h265: Fix configuring bitstream size
     - media: sun8i-di: Fix coefficient writes
     - media: sun8i-di: Fix power on/off sequences
     - media: sun8i-di: Fix chroma difference threshold
     - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
     - media: go7007: add check of return value of go7007_read_addr()
     - media: pvrusb2: remove redundant NULL check
     - media: pvrusb2: fix pvr2_stream_callback casts
     - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
     - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
     - clk: hisilicon: hi3519: Release the correct number of gates in
       hi3519_clk_unregister()
     - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
     - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
       tegra_fb_create
     - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
     - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
       a ref
     - crypto: jitter - fix CRYPTO_JITTERENTROPY help text
     - drm/tidss: Fix initial plane zpos values
     - drm/tidss: Fix sync-lost issue with two displays
     - mtd: maps: physmap-core: fix flash size larger than 32-bit
     - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: fix mclk setup without
       mclk-fs
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: add frame rate constraint
     - HID: amd_sfh: Update HPD sensor structure elements
     - HID: amd_sfh: Avoid disabling the interrupt
     - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
     - media: pvrusb2: fix uaf in pvr2_context_set_notify
     - media: dvb-frontends: avoid stack overflow warnings with clang
     - media: go7007: fix a memleak in go7007_load_encoder
     - media: ttpci: fix two memleaks in budget_av_attach
     - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
     - gpio: nomadik: fix offset bug in nmk_pmx_set()
     - [powerpc*] pseries: Fix potential memleak in papr_get_attr()
     - [powerpc*] hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value
       checks
     - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
     - modules: wait do_free_init correctly
     - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
     - leds: aw2013: Unlock mutex before destroying it
     - leds: sgm3140: Add missing timer cleanup and flash gpio control
     - backlight: lm3630a: Initialize backlight_properties on init
     - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
     - backlight: da9052: Fully initialize backlight_properties during probe
     - backlight: lm3639: Fully initialize backlight_properties during probe
     - backlight: lp8788: Fully initialize backlight_properties during probe
     - clk: Fix clk_core_get NULL dereference
     - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
     - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
     - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
     - RDMA/irdma: Allow accurate reporting on QP max send/recv WR
     - RDMA/irdma: Remove duplicate assignment
     - RDMA/srpt: Do not register event handler until srpt device is fully setup
     - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
     - f2fs: compress: fix to guarantee persisting compressed blocks by CP
     - f2fs: compress: fix to cover normal cluster write with cp_rwsem
     - f2fs: compress: fix to check unreleased compressed cluster
     - f2fs: simplify __allocate_data_block
     - f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN
     - f2fs: delete obsolete FI_DROP_CACHE
     - f2fs: introduce get_dnode_addr() to clean up codes
     - f2fs: update blkaddr in __set_data_blkaddr() for cleanup
     - f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
     - f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
     - f2fs: fix to avoid potential panic during recovery
     - scsi: csiostor: Avoid function pointer casts
     - [arm64] RDMA/hns: Fix mis-modifying default congestion control algorithm
     - RDMA/device: Fix a race between mad_client and cm_client init
     - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
     - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
     - f2fs: compress: fix to check zstd compress level correctly in mount option
     - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
     - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
     - NFSv4.2: fix listxattr maximum XDR buffer size
     - f2fs: compress: fix to check compress flag w/ .i_sem lock
     - f2fs: check number of blocks in a current section
     - watchdog: stm32_iwdg: initialize default timeout
     - f2fs: ro: compress: fix to avoid caching unaligned extent
     - NFS: Fix an off by one in root_nfs_cat()
     - f2fs: convert to use sbi directly
     - f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
     - f2fs: compress: fix reserve_cblocks counting error when out of space
     - [x86] perf/x86/amd/core: Avoid register reset when CPU is dead
     - afs: Revert "afs: Hide silly-rename files from userspace"
     - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
     - io_uring/net: correct the type of variable
     - comedi: comedi_test: Prevent timers rescheduling during deletion
     - [armhf] remoteproc: stm32: use correct format strings on 64-bit
     - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
     - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
       stm32_rproc_get_loaded_rsc_tablef
     - usb: phy: generic: Get the vbus supply
     - tty: vt: fix 20 vs 0x20 typo in EScsiignore
     - serial: max310x: fix syntax error in IRQ error message
     - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
     - [arm64] dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
     - hwtracing: hisi_ptt: Move type check to the beginning of
       hisi_ptt_pmu_event_init()
     - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
     - serial: 8250_exar: Don't remove GPIO device on suspend
     - staging: greybus: fix get_channel_from_mode() failure path
     - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
     - nouveau: reset the bo resource bus info after an eviction
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
     - [s390x] vtime: fix average steal time calculation
     - net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)
     - soc: fsl: dpio: fix kcalloc() argument order
     - tcp: Fix refcnt handling in __inet_hash_connect().
     - hsr: Fix uninit-value access in hsr_get_node()
     - nvme: only set reserved_tags in nvme_alloc_io_tag_set for fabrics
       controllers
     - nvme: add the Apple shared tag workaround to nvme_alloc_io_tag_set
     - nvme: fix reconnection fail due to reserved tag allocation
     - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
     - net: ethernet: mtk_eth_soc: fix PPE hanging issue
     - packet: annotate data-races around ignore_outgoing
     - net: veth: do not manipulate GRO when using XDP
     - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
     - drm: Fix drm_fixp2int_round() making it add 0.5
     - vdpa_sim: reset must not run
     - vdpa/mlx5: Allow CVQ size changes
     - wireguard: receive: annotate data-race around receiving_counter.counter
     - rds: introduce acquire/release ordering in acquire/release_in_xmit()
     - hsr: Handle failures in module init
     - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
     - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
     - dm-integrity: fix a memory leak when rechecking the data
     - net/bnx2x: Prevent access to a freed page in page_pool
     - netfilter: nft_set_pipapo: release elements in clone only from destroy
       path (CVE-2024-26809)
     - netfilter: nf_tables: do not compare internal table flags on updates
     - rcu: add a helper to report consolidated flavor QS
     - net: report RCU QS on threaded NAPI repolling
     - bpf: report RCU QS in cpumap kthread
     - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
     - net: dsa: mt7530: fix handling of all link-local frames
     - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
     - dm: address indent/space issues
     - dm io: Support IO priority
     - dm-integrity: align the outgoing bio in integrity_recheck
     - [armhf] remoteproc: stm32: fix incorrect optional pointers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
     - [x86] cpu: Support AMD Automatic IBRS
     - [x86] bugs: Use sysfs_emit()
     - [x86] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
       leafs
     - [x86] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - [x86] KVM: x86: Use a switch statement and macros in __feature_translate()
     - timers: Update kernel-doc for various functions
     - timers: Use del_timer_sync() even on UP
     - timers: Rename del_timer_sync() to timer_delete_sync()
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
     - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
     - [arm64] dts: qcom: sc7280: Add additional MSI interrupts
     - [arm64,armhf] remoteproc: virtio: Fix wdg cannot recovery remote processor
     - [arm64] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
     - [armhf] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
     - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
     - serial: max310x: fix NULL pointer dereference in I2C instantiation
     - pci_iounmap(): Fix MMIO mapping leak
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
     - media: mc: Add local pad to pipeline regardless of the link state
     - media: mc: Fix flags handling when creating pad links
     - media: mc: Add num_links flag to media_pad
     - media: mc: Rename pad variable to clarify intent
     - media: mc: Expand MUST_CONNECT flag to always require an enabled link
     - KVM: Always flush async #PF workqueue when vCPU is being destroyed
     - [x86] cpufreq: amd-pstate: Fix min_perf assignment in
       amd_pstate_adjust_perf()
     - [powerpc*] smp: Adjust nr_cpu_ids to cover all threads of a core
     - [powerpc*] smp: Increase nr_cpu_ids to include the boot CPU
     - [x86] crypto: qat - fix double free during reset
     - [x86] crypto: qat - resolve race condition during AER recovery
     - ext4: correct best extent lstart adjustment logic
     - block: Clear zone limits for a non-zoned stacked queue
     - bounds: support non-power-of-two CONFIG_NR_CPUS
     - fat: fix uninitialized field in nostale filehandles
     - ubifs: Set page uptodate in the correct place
     - ubi: Check for too small LEB size in VTBL code
     - ubi: correct the calculation of fastmap size
     - md/raid5: fix atomicity violation in raid5_cache_count
     - cpufreq: Limit resolving a frequency to policy min/max
     - PM: suspend: Set mem_sleep_current during kernel command line setup
     - usb: xhci: Add error handling in xhci_map_urb_for_dma
     - [powerpc*] fsl: Fix mfpmr build errors with newer binutils
     - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
     - USB: serial: add device ID for VeriFone adapter
     - USB: serial: cp210x: add ID for MGP Instruments PDS100
     - USB: serial: option: add MeiG Smart SLM320 product
     - [x86] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
     - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
     - PM: sleep: wakeirq: fix wake irq warning in system suspend
     - mmc: tmio: avoid concurrent runs of mmc_request_done()
     - fuse: fix root lookup with nonzero generation
     - fuse: don't unhash root
     - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
     - serial: Lock console when calling into driver before registration
     - btrfs: qgroup: always free reserved space for extent records
     - btrfs: fix off-by-one chunk length calculation at
       contains_pending_extent()
     - PCI/PM: Drain runtime-idle callbacks before driver removal
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
     - dm-raid: fix lockdep waring in "pers->hot_add_disk"
     - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
     - mac802154: fix llsec key resources release in mac802154_llsec_key_del
     - swap: comments get_swap_device() with usage rule
     - mm: swap: fix race between free_swap_and_cache() and swapoff()
     - mmc: core: Fix switch on gp3 partition
     - [arm64,armhf] drm/etnaviv: Restore some id values
     - landlock: Warn once if a Landlock action is requested while disabled
     - hwmon: (amc6821) add of_match table
     - ext4: fix corruption during on-line resize
     - nvmem: meson-efuse: fix function pointer type mismatch
     - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
     - phy: tegra: xusb: Add API to retrieve the port number of phy
     - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
     - speakup: Fix 8bit characters from direct synth
     - PCI/AER: Block runtime suspend when handling errors
     - io_uring/net: correctly handle multishot recvmsg retry setup
     - nfs: fix UAF in direct writes
     - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
     - [arm64] PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP
       version
     - [arm64] PCI: qcom: Enable BDF to SID translation properly
     - [amd64,arm64] PCI: hv: Fix ring buffer size calculation
     - vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
     - vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
     - vfio/pci: Remove negative check on unsigned vector
     - vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
     - vfio/platform: Disable virqfds on cleanup
     - ksmbd: retrieve number of blocks using vfs_getattr in
       set_file_allocation_info
     - ring-buffer: Fix waking up ring buffer readers
     - ring-buffer: Do not set shortest_full when full target is hit
     - ring-buffer: Fix resetting of shortest_full
     - ring-buffer: Fix full_waiters_pending in poll
     - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
     - [s390x] zcrypt: fix reference counting on zcrypt card objects
     - drm/probe-helper: warn about negative .get_modes()
     - drm/panel: do not return negative error codes from drm_panel_get_modes()
     - [armhf] drm/exynos: do not return negative values from .get_modes()
     - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
     - [arm64,armhf] drm/vc4: hdmi: do not return negative values from
       .get_modes()
     - memtest: use {READ,WRITE}_ONCE in memory scanning
     - Revert "block/mq-deadline: use correct way to throttling write requests"
     - f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
     - f2fs: truncate page cache before clearing flags when aborting atomic write
     - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
     - nilfs2: prevent kernel bug at submit_bh_wbc()
     - cifs: open_cached_dir(): add FILE_READ_EA to desired access
     - cpufreq: dt: always allocate zeroed cpumask
     - [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
     - NFSD: Fix nfsd_clid_class use of __string_len() macro
     - net: hns3: tracing: fix hclgevf trace event strings
     - wireguard: netlink: check for dangling peer via is_dead instead of empty
       list
     - wireguard: netlink: access device through ctx instead of peer
     - ahci: asm1064: correct count of reported ports
     - ahci: asm1064: asm1166: don't limit reported ports
     - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
     - drm/amd/display: Return the correct HDCP error code
     - drm/amd/display: Fix noise issue on HDMI AV mute
     - dm snapshot: fix lockup in dm_exception_table_exit
     - [x86] pm: Work around false positive kmemleak report in
       msr_build_context()
     - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
       return value"
     - [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
       (Closes: #1065320)
     - tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout (CVE-2024-26643)
     - netfilter: nf_tables: disallow anonymous set with timeout flag
       (CVE-2024-26642)
     - netfilter: nf_tables: reject constant set with timeout
     - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
       memory
     - init/Kconfig: lower GCC version check for -Warray-bounds
     - [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
     - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
       svm_register_enc_region()
     - tracing: Use .flush() call to wake up readers
     - drm/amdgpu/pm: Fix the error of pwm1_enable setting
     - [x86] drm/i915: Check before removing mm notifier
     - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
       ALC897 platform
     - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
     - usb: gadget: ncm: Fix handling of zero block length packets
     - usb: port: Don't try to peer unused USB ports based on location
     - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
     - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
       suspend/resume
     - mei: me: add arrow lake point S DID
     - mei: me: add arrow lake point H DID
     - vt: fix unicode buffer corruption when deleting characters
     - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
     - ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
     - tee: optee: Fix kernel panic caused by incorrect error handling
     - mm, vmscan: prevent infinite loop for costly GFP_NOIO |
       __GFP_RETRY_MAYFAIL allocations
     - iio: accel: adxl367: fix DEVID read after reset
     - iio: accel: adxl367: fix I2C FIFO data register
     - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
     - drm/amd/display: handle range offsets in VRR ranges
     - [x86] efistub: Call mixed mode boot services on the firmware's stack
     - net: tls: handle backlogging of crypto requests (CVE-2024-26584)
     - [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
     - iommu: Avoid races around default domain allocations
     - clocksource/drivers/arm_global_timer: Fix maximum prescaler value
     - entry: Respect changes to system call number by trace_sys_enter()
     - minmax: add umin(a, b) and umax(a, b)
     - swiotlb: Fix alignment checks when both allocation and DMA masks are
       present
     - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
     - printk: Update @console_may_schedule in console_trylock_spinning()
     - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
     - irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
     - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
       on register's index
     - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
     - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
     - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
       type
     - [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
       address
     - [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
     - pwm: img: fix pwm clock lookup
     - tty: serial: imx: Fix broken RS485
     - block: Fix page refcounts for unaligned buffers in __bio_release_pages()
     - blk-mq: release scheduler resource when request completes
     - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
     - vfio: Introduce interface to flush virqfd inject workqueue
     - vfio/pci: Create persistent INTx handler (CVE-2024-26812)
     - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
     - vfio/fsl-mc: Block calling interrupt handler without trigger
       (CVE-2024-26814)
     - [x86] coco: Export cc_vendor
     - [x86] coco: Get rid of accessor functions
     - [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
     - [x86] sev: Fix position dependent variable references in startup code
     - mm/migrate: set swap entry values of THP tail pages properly.
     - init: open /initrd.image with O_LARGEFILE
     - [x86] efistub: Add missing boot_params for mixed mode compat entry
     - btrfs: zoned: don't skip block groups with 100% zone unusable
     - btrfs: zoned: use zone aware sb location for scrub
     - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
     - wifi: iwlwifi: fw: don't always use FW dump trig
     - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
     - hexagon: vmlinux.lds.S: handle attributes section
     - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
       HS200 mode
     - mmc: core: Initialize mmc_blk_ioc_data
     - mmc: core: Avoid negative index with array access
     - block: Do not force full zone append completion in req_bio_endio()
     - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
     - nouveau/dmem: handle kcalloc() allocation failure
     - net: ll_temac: platform_get_resource replaced by wrong function
     - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
     - [x86] drm/i915/bios: Tolerate devdata==NULL in
       intel_bios_encoder_supports_dp_dual_mode()
     - [x86] drm/i915/gt: Reset queue_priority_hint on parking
     - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
     - Revert "usb: phy: generic: Get the vbus supply"
     - usb: cdc-wdm: close race between read and workqueue
     - USB: UAS: return ENODEV when submit urbs fail with device not attached
     - usb: dwc3-am62: Rename private data
     - usb: dwc3-am62: fix module unload/reload behavior
     - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
       (CVE-2024-26654)
     - scsi: core: Fix unremoved procfs host directory regression
     - staging: vc04_services: changen strncpy() to strscpy_pad()
     - staging: vc04_services: fix information leak in create_component()
     - USB: core: Add hub_get() and hub_put() routines
     - USB: core: Fix deadlock in port "disable" sysfs attribute
     - scsi: sd: Fix TCG OPAL unlock on system resume
     - usb: dwc2: host: Fix remote wakeup from hibernation
     - usb: dwc2: host: Fix hibernation flow
     - usb: dwc2: host: Fix ISOC flow in DDMA mode
     - usb: dwc2: gadget: Fix exiting from clock gating
     - usb: dwc2: gadget: LPM flow fix
     - usb: udc: remove warning when queue disabled ep
     - usb: typec: Return size of buffer if pd_set operation succeeds
     - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
     - usb: typec: ucsi: Ack unsupported commands
     - usb: typec: ucsi_acpi: Refactor and fix DELL quirk
     - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
     - scsi: qla2xxx: Prevent command send on chip reset
     - scsi: qla2xxx: Fix N2N stuck connection
     - scsi: qla2xxx: Split FCE|EFT trace control
     - scsi: qla2xxx: Update manufacturer detail
     - scsi: qla2xxx: NVME|FCP prefer flag not being honored
     - scsi: qla2xxx: Fix command flush on cable pull
     - scsi: qla2xxx: Fix double free of fcport
     - scsi: qla2xxx: Change debug message during driver unload
     - scsi: qla2xxx: Delay I/O Abort on PCI error
     - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
     - tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
     - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
     - scsi: lpfc: Correct size for wqe for memset()
     - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
     - scsi: libsas: Fix disk not being scanned in after being removed
     - [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
     - USB: core: Fix deadlock in usb_deauthorize_interface()
     - tools/resolve_btfids: fix build with musl libc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
     - scripts/bpf_doc: Use silent mode when exec make cmd
     - dma-buf: Fix NULL pointer dereference in sanitycheck()
     - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
     - mlxbf_gige: stop PHY during open() error paths
     - wifi: iwlwifi: mvm: rfi: fix potential response leaks
     - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
     - [s390x] qeth: handle deferred cc1
     - tcp: properly terminate timers for kernel sockets
     - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
     - [arm64] net: hns3: fix index limit to support all queue stats
     - [arm64] net: hns3: fix kernel crash when devlink reload during pf
       initialization
     - [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
     - tls: recv: process_rx_list shouldn't use an offset with kvec
     - tls: adjust recv return with async crypto and failed copy to userspace
     - tls: get psock ref after taking rxlock to avoid leak
     - mlxbf_gige: call request_irq() after NAPI initialized
     - bpf: Protect against int overflow for stack access size
     - cifs: Fix duplicate fscache cookie warnings
     - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
     - inet: inet_defrag: prevent sk release while still in use
     - dm integrity: fix out-of-range warning
     - [x86] cpufeatures: Add new word for scattered features
     - [x86] perf/x86/amd/lbr: Use freeze based on availability
     - [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
     - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
     - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
       word
     - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
     - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
     - Bluetooth: qca: fix device-address endianness
     - Bluetooth: add quirk for broken address properties
     - Bluetooth: hci_event: set the conn encrypted before conn establishes
     - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
       CVE-2024-24858)
     - xen-netfront: Add missing skb_mark_for_recycle
     - net/rds: fix possible cp null dereference
     - net: usb: ax88179_178a: avoid the interface always configured as random
       address
     - vsock/virtio: fix packet delivery to tap device
     - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
       mapped."
     - netfilter: nf_tables: reject new basechain after table flag update
     - netfilter: nf_tables: flush pending destroy work before exit_net release
     - netfilter: nf_tables: Fix potential data-race in
       __nft_flowtable_type_get()
     - netfilter: validate user input for expected length
     - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
     - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
     - net/sched: act_skbmod: prevent kernel-infoleak
     - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
     - net: stmmac: fix rx queue priority assignment
     - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
     - net: phy: micrel: Fix potential null pointer dereference
     - gro: fix ownership transfer
     - [x86] bugs: Fix the SRSO mitigation on Zen3/4
     - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
       for !SRSO
     - i40e: Fix VF MAC filter removal
     - erspan: make sure erspan_base_hdr is present in skb->head
     - ipv6: Fix infinite recursion in fib6_dump_done().
     - mlxbf_gige: stop interface during shutdown
     - r8169: skip DASH fw status checks when DASH is disabled
     - udp: do not accept non-tunnel GSO skbs landing in a tunnel
     - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
     - udp: prevent local UDP tunnel packets from being GROed
     - i40e: fix i40e_count_filters() to count only active/new filters
     - i40e: fix vf may be used uninitialized in this function warning
     - drm/amd: Evict resources during PM ops prepare() callback
     - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
     - drm/amd: Flush GFXOFF requests in prepare stage
     - i40e: Store the irq number in i40e_q_vector
     - i40e: Remove _t suffix from enum type names
     - i40e: Enforce software interrupt during busy-poll exit
     - r8169: use spinlock to protect mac ocp register access
     - r8169: use spinlock to protect access to registers Config2 and Config5
     - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
     - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
       non-wildcard addresses.
     - drivers: net: convert to boolean for the mac_managed_pm flag
     - net: fec: Set mac_managed_pm during probe
     - [x86] KVM: SVM: enhance info printk's in SEV init
     - [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
     - [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
     - [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
     - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
     - 9p: Fix read/write debug statements to report server reply
     - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
     - drm/panfrost: fix power transition timeout warnings
     - ASoC: rt5682-sdw: fix locking sequence
     - [x86] ASoC: rt711-sdca: fix locking sequence
     - ASoC: rt711-sdw: fix locking sequence
     - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
     - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
     - scsi: mylex: Fix sysfs buffer lengths
     - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
     - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
     - ata: sata_mv: Fix PCI device ID table declaration compilation warning
     - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
     - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
     - ksmbd: don't send oplock break if rename fails
     - ksmbd: validate payload size in ipc response (CVE-2024-26811)
     - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
     - ALSA: hda/realtek - Fix inactive headset mic jack
     - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
       microphone
     - driver core: Introduce device_link_wait_removal()
     - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
     - [x86] mm/pat: fix VM_PAT handling in COW mappings
     - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
     - [x86] coco: Require seeding RNG with RDRAND on CoCo systems
     - [s390x] entry: align system call table on 8 bytes
     - smb3: retrying on failed server close
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - smb: client: fix potential UAF in cifs_stats_proc_write()
     - smb: client: fix potential UAF in cifs_stats_proc_show()
     - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_valid_lease_break()
     - smb: client: fix potential UAF in is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_network_name_deleted()
     - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
     - mptcp: don't account accept() of non-MPC client as fallback to TCP
     - mm/secretmem: fix GUP-fast succeeding on secretmem folios
     - nvme: fix miss command type check
     - [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - [x86] syscall: Don't force use of indirect calls for system calls
     - [x86] Mitigate Native Branch History Injection vulnerability
       (CVE-2024-2201):
       + [x86] bhi: Add support for clearing branch history at syscall entry
       + [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
       + [x86] bhi: Enumerate Branch History Injection (BHI) bug
       + [x86] bhi: Add BHI mitigation knob
       + [x86] bhi: Mitigate KVM by default
       + [x86] KVM: x86: Add BHI_NO
       + [x86] set SPECTRE_BHI_ON as default
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 20
   * Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
     changes in 6.1.84)
   * [rt] Refresh "serial: 8250: implement write_atomic"
   * Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
   * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
     (Closes: #1068770)
   * Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
     properties" (Closes: #1068675)
   * Revert "scsi: core: Add struct for args to execution functions"
   * scsi: sd: usb_storage: uas: Access media prior to querying device properties
linux-signed-amd64 (6.1.82+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.82-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
     - [arm64] irq: set the correct node for VMAP stack
     - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - [powerpc*] Fix build error due to is_valid_bugaddr()
     - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
     - [x86] boot: Ignore NMIs during very early boot
     - [powerpc*] pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - [powerpc*] lib: Validate size for vector operations
     - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
       kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - UBSAN: array-index-out-of-bounds in dtSplitRoot
     - jfs: fix slab-out-of-bounds Read in dtSearch
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - jfs: fix uaf in jfs_evict_inode
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - erofs: fix ztailpacking for subpage compressed blocks
     - [armhf] crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
     - [s390x] ptrace: handle setting of fpc register correctly
     - [s390x] KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
       (CVE-2023-52622)
     - wifi: rt2x00: restart beacon queue when hardware reset
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - [arm64] soc: xilinx: Fix for call trace due to the usage of
       smp_processor_id()
     - [arm64] soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
       early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
       (CVE-2023-52621)
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
       path
     - block: prevent an integer overflow in bvec_try_merge_hw_page
     - md: Whenassemble the array, consult the superblock of the freshest device
     - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
     - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
     - ice: fix pre-shifted bit usage
     - [arm64] dts: amlogic: fix format for s4 uart node
     - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
     - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
     - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
     - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
     - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
     - Bluetooth: hci_sync: fix BR/EDR wakeup bug
     - Bluetooth: L2CAP: Fix possible multiple reject send
     - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
     - i40e: Fix VF disable behavior to block all traffic
     - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
     - f2fs: fix to check return value of f2fs_reserve_new_block()
     - ALSA: hda: Refer to correct stream index at loops
     - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
     - fast_dput(): handle underflows gracefully
     - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
     - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
     - drm/amd/display: Fix tiled display misalignment
     - f2fs: fix write pointers on zoned device after roll forward
     - [x86] ASoC: amd: Add new dmi entries for acp5x platform
     - drm/drm_file: fix use of uninitialized variable
     - drm/framebuffer: Fix use of uninitialized variable
     - drm/mipi-dsi: Fix detach call without attach
     - media: stk1160: Fixed high volume of stk1160_dbg messages
     - [arm64,armhf]  media: rockchip: rga: fix swizzling for RGB formats
     - PCI: add INTEL_HDA_ARL to pci_ids.h
     - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
     - [arm64] media: rkisp1: Drop IRQF_SHARED
     - [arm64] media: rkisp1: Fix IRQ handler return values
     - [arm64] media: rkisp1: Store IRQ lines
     - [arm64] media: rkisp1: Fix IRQ disable race issue
     - hwmon: (nct6775) Fix fan speed set failure in automatic mode
     - f2fs: fix to tag gcing flag on page during block migration
     - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
       time
     - IB/ipoib: Fix mcast list locking
     - media: ddbridge: fix an error code problem in ddb_probe
     - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
     - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
     - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
     - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
     - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
     - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
     - drm/amdgpu: Fix ecc irq enable/disable unpaired
     - drm/amdgpu: Let KFD sync with VM fences
     - drm/amdgpu: Fix '*fw' from request_firmware() not released in
       'amdgpu_ucode_request()'
     - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
     - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
     - leds: trigger: panic: Don't register panic notifier if creating the
       trigger failed
     - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
     - PCI: Only override AMD USB controller if required
     - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
     - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
     - usb: hub: Replace hardcoded quirk value with BIT() macro
     - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
       hub
     - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
     - fs/kernfs/dir: obey S_ISGID
     - PCI: Fix 64GT/s effective data rate calculation
     - PCI/AER: Decode Requester ID when no error info found
     - 9p: Fix initialisation of netfs_inode for 9p
     - libsubcmd: Fix memory leak in uniq()
     - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
       region of size 10" warnings
     - blk-mq: fix IO hang from sbitmap wakeup race
     - ceph: reinitialize mds feature bit even when session in open
     - ceph: fix deadlock or deadcode of misusing dget()
     - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
     - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
       'get_platform_power_management_table()'
     - drm/amdgpu: Fix with right return code '-EIO' in
       'amdgpu_gmc_vram_checking()'
     - drm/amdgpu: Release 'adev->pm.fw' before return in
       'amdgpu_device_need_post()'
     - perf: Fix the nr_addr_filters fix
     - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
     - drm: using mul_u32_u32() requires linux/math64.h
     - scsi: isci: Fix an error code problem in isci_io_request_build()
     - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
       for shared interrupt register
     - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
       handler
     - HID: hidraw: fix a problem of memory leak in hidraw_release()
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
     - ipv4: raw: add drop reasons
     - ipmr: fix kernel panic when forwarding mcast packets
     - tcp: add sanity checks to rx zerocopy
     - ixgbe: Refactor returning internal error codes
     - ixgbe: Refactor overtemp event handling
     - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
     - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
     - llc: call sock_orphan() at release time
     - bridge: mcast: fix disabled snooping after long uptime
     - netfilter: conntrack: correct window scaling with retransmitted SYN
     - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
     - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
     - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
       expectations
     - net: ipv4: fix a memleak in ip_setup_cork
     - af_unix: fix lockdep positive in sk_diag_dump_icons()
     - net: sysfs: Fix /sys/class/net/<iface> path
     - [arm64] irq: set the correct node for shadow call stack
     - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
     - [arm64] drm/msm/dsi: Enable runtime PM
     - gve: Fix use-after-free vulnerability
     - bonding: remove print in bond_verify_device_path
     - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
     - ext4: regenerate buddy after block freeing failed if under fc replay
     - [arm64] dmaengine: ti: k3-udma: Report short packet errors
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
       DMA
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
       command DMA
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
     - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
     - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
     - cifs: failure to add channel on iface should bump up weight
     - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
       unknown case
     - [arm64] drm/msm/dp: return correct Colorimetry for
       DP_TEST_DYNAMIC_RANGE_CEA case
     - [arm64] drm/msm/dpu: check for valid hw_pp in
       dpu_encoder_helper_phys_cleanup
     - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
     - wifi: mac80211: fix waiting for beacons logic
     - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
     - net: atlantic: Fix DMA mapping for PTP hwts ring
     - tunnels: fix out of bounds access when building IPv6 PMTU error
     - atm: idt77252: fix a memleak in open_card_ubr0
     - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
     - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
     - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
     - inet: read sk->sk_family once in inet_recv_error()
     - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
     - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
     - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
     - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
     - ppp_async: limit MRU to 64K
     - selftests: cmsg_ipv6: repeat the exact packet
     - netfilter: nft_compat: narrow down revision to unsigned 8-bits
     - netfilter: nft_compat: reject unused compat flag
     - netfilter: nft_compat: restrict match/target protocol to u16
     - drm/amd/display: Implement bounds check for stream encoder creation in
       DCN301
     - netfilter: nft_ct: reject direction for ct id
     - netfilter: nft_set_pipapo: store index in scratch maps
     - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
     - netfilter: nft_set_pipapo: remove scratch_aligned pointer
     - fs/ntfs3: Fix an NULL dereference bug
     - scsi: core: Move scsi_host_busy() out of host lock if it is for
       per-command
     - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
     - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
     - mtd: parsers: ofpart: add workaround for #size-cells 0
     - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
     - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
     - ALSA: usb-audio: add quirk for RODE NT-USB+
     - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
     - USB: serial: option: add Fibocom FM101-GL variant
     - USB: serial: cp210x: add ID for IMST iM871A-USB
     - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - [arm64,armhf] usb: host: xhci-plat: Add support for
       XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - hrtimer: Report offline hrtimer enqueue
     - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
     - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
       (Closes: #1061521)
     - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
     - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
       (CVE-2024-0340)
     - RDMA/irdma: Fix support for 64k pages
     - f2fs: add helper to check compression level (Closes: #1063422)
     - block: treat poll queue enter similarly to timeouts
     - clocksource: Skip watchdog check for large watchdog intervals
     - net: stmmac: xgmac: use #define for string constants
     - ALSA: usb-audio: Sort quirk table entries
     - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
     - netfilter: nft_set_rbtree: skip end interval element from gc
       (CVE-2024-26581)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
     - work around gcc bugs with 'asm goto' with outputs
     - update workarounds for gcc "asm goto" issue
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: do not ASSERT() if the newly created subvolume already got read
       (CVE-2024-23850)
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
       (CVE-2024-1151)
     - lan966x: Fix crash when adding interface under a lag
     - tls/sw: Use splice_eof() to flush
     - tls: extract context alloc/initialization out of tls_set_sw_offload
     - net: tls: factor out tls_*crypt_async_wait()
     - tls: fix race between async notify and socket close (CVE-2024-26583)
     - net: tls: fix use-after-free with partial reads and async decrypt
       (CVE-2024-26582)
     - net: tls: fix returned read length with async decrypt
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/<iface> path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
       Swift 1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct struct type in
       eiointc_domain_alloc()
     - i2c: pasemi: split driver into two separate modules
     - i2c: i801: Fix block process call transactions (CVE-2024-26593)
     - modpost: trim leading spaces when processing source files list
     - mptcp: get rid of msk->subflow
     - mptcp: fix data re-injection from stale subflow
     - mptcp: drop the push_pending field
     - mptcp: check addrs list in userspace_pm_get_local_id
     - media: Revert "media: rkisp1: Drop IRQF_SHARED"
     - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
     - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
     - drm/virtio: Set segment size for virtio_gpu device
     - lsm: fix the logic in security_inode_getsecctx()
     - firewire: core: correct documentation of fw_csr_string() kernel API
     - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
     - kbuild: Fix changing ELF file type for output of gen_btf for big endian
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
     - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
     - net: stmmac: do not clear TBS enable bit on link up/down
     - xen-netback: properly sync TX responses
     - modpost: propagate W=1 build option to modpost
     - modpost: Don't let "driver"s reference .exit.*
     - linux/init: remove __memexit* annotations
     - modpost: Include '.text.*' in TEXT_SECTIONS
     - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
     - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
     - ASoC: codecs: wcd938x: handle deferred probe
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
     - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
     - misc: fastrpc: Mark all sessions as invalid in cb_remove
     - ext4: fix double-free of blocks due to wrong extents moved_len
     - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
     - tracing: Fix wasted memory in saved_cmdlines logic
     - staging: iio: ad5933: fix type mismatch regression
     - iio: magnetometer: rm3100: add boundary check for the value read from
       RM3100_REG_TMRC
     - iio: core: fix memleak in iio_device_register_sysfs
     - iio: commom: st_sensors: ensure proper DMA alignment
     - iio: accel: bma400: Fix a compilation problem
     - iio: adc: ad_sigma_delta: ensure proper DMA alignment
     - iio: imu: adis: ensure proper DMA alignment
     - iio: imu: bno055: serdev requires REGMAP
     - media: rc: bpf attach/detach requires write permission
     - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
     - xfrm: Remove inner/outer modes from output path
     - xfrm: Remove inner/outer modes from input path
     - [arm64] drm/msm: Wire up tlb ops
     - drm/prime: Support page array >= 4GB
     - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
     - drm/amd/display: Preserve original aspect ratio in create stream
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - ring-buffer: Clean ring_buffer_poll_wait() error return
     - nfp: flower: fix hardware offload for the transfer layer port
     - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
     - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
     - [powerpc*] pseries: fix accuracy of stolen time
     - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
       (CVE-2024-26603)
     - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
     - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
     - io_uring/net: fix multishot accept overflow handling
     - mmc: slot-gpio: Allow non-sleeping GPIO ro
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
     - ALSA: hda/conexant: Add quirk for SWS JS201D
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
     - crypto: ccp - Fix null pointer dereference in
       __sev_platform_shutdown_locked
     - nfp: use correct macro for LengthSelect in BAR config
     - nfp: flower: prevent re-adding mac index for bonded port
     - wifi: cfg80211: fix wiphy delayed work queueing
     - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
     - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
     - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
     - zonefs: Improve error handling
     - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
       detected by BIOS (Closes: #1056056)
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
     - fs: relax mount_setattr() permission checks
     - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
     - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
     - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
     - ceph: prevent use-after-free in encode_cap_msg()
     - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
       (CVE-2024-0841)
     - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
     - of: property: fix typo in io-channels
     - can: netlink: Fix TDCO calculation using the old data bittiming
     - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
     - can: j1939: Fix UAF in j1939_sk_match_filter during
       setsockopt(SO_J1939_FILTER)
     - pmdomain: core: Move the unused cleanup to a _sync initcall
     - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - tracing: Inform kmemleak of saved_cmdlines allocation
     - xfrm: Use xfrm_state selector for BEET input
     - xfrm: Silence warnings triggerable by bad packets
     - tls: fix NULL deref on tls_sw_splice_eof() with empty record
     - md: bypass block throttle for superblock update
     - wifi: mwifiex: Support SD8978 chipset
     - wifi: mwifiex: add extra delay for firmware ready
     - bus: moxtet: Add spi device table
     - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
     - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
     - [arm64] dts: qcom: sdm845: fix USB SS wakeup
     - [arm64] dts: qcom: sm8150: fix USB SS wakeup
     - wifi: mwifiex: fix uninitialized firmware_stat
     - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
     - block: fix partial zone append completion handling in req_bio_endio()
     - netfilter: ipset: fix performance regression in swap operation
     - netfilter: ipset: Missing gc cancellations fixed
     - nfsd: fix RELEASE_LOCKOWNER
     - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
     - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
     - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
     - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
     - smb: client: fix parsing of SMB3.1.1 POSIX create context
     - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
     - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
     - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
     - bpf: Remove trace_printk_lock
     - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
     - dmaengine: ioat: Free up __cleanup() name
     - apparmor: Free up __cleanup() name
     - locking: Introduce __cleanup() based infrastructure
     - kbuild: Drop -Wdeclaration-after-statement
     - sched/membarrier: reduce the ability to hammer on sys_membarrier
       (CVE-2024-26602)
     - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
     - nilfs2: fix potential bug in end_buffer_async_write
     - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
     - dm: limit the number of targets and parameter size area (CVE-2024-23851,
       CVE-2023-52429)
     - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
     - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
     - net/sched: Retire CBQ qdisc
     - net/sched: Retire ATM qdisc
     - net/sched: Retire dsmark qdisc
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - scsi: target: core: Add TMF to tmr_list handling
     - cifs: open_cached_dir should not rely on primary channel
     - wifi: cfg80211: fix missing interfaces when dumping
     - wifi: mac80211: fix race condition on enabling fast-xmit
     - fbdev: savage: Error out if pixclock equals zero
     - fbdev: sis: Error out if pixclock equals zero
     - block: Fix WARNING in _copy_from_iter
     - smb: Work around Clang __bdos() type confusion
     - cifs: translate network errors on send to -ECONNABORTED
     - ahci: asm1166: correct count of reported ports
     - aoe: avoid potential deadlock at set_capacity
     - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
     - [mips*] reserve exception vector space ONLY ONCE
     - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
       tablet
     - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
       bitmap corrupt
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_try_best_found()
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_find_by_goal()
     - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
       == 0
     - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
       edma_probe
     - [arm64] regulator: pwm-regulator: Add validity checks in continuous
       .get_voltage
     - nvmet-tcp: fix nvme tcp ida memory leak
     - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
     - ALSA: usb-audio: Check presence of valid altsetting control
     - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
     - Input: xpad - add Lenovo Legion Go controllers
     - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
       sctp_new
     - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
     - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
     - ALSA: usb-audio: Ignore clock selector errors for single connection
     - nvme-fc: do not wait in vain when unloading module
     - nvmet-fcloop: swap the list_add_tail arguments
     - nvmet-fc: release reference on target port
     - nvmet-fc: defer cleanup using RCU properly
     - nvmet-fc: hold reference on hostport match
     - nvmet-fc: abort command when there is no binding
     - nvmet-fc: avoid deadlock on delete association path
     - nvmet-fc: take ref count on tgtport before delete assoc
     - smb: client: increase number of PDUs allowed in a compound request
     - ext4: correct the hole length returned by ext4_map_blocks()
     - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
     - wifi: mac80211: set station RX-NSS on reconfig
     - wifi: mac80211: adding missing drv_mgd_complete_tx() call
     - efi: runtime: Fix potential overflow of soft-reserved region size
     - efi: Don't add memblocks for soft-reserved memory
     - [x86] hwmon: (coretemp) Enlarge per package core count limit
     - scsi: lpfc: Use unsigned type for num_sge
     - scsi: ufs: core: Remove the ufshcd_release() in
       ufshcd_err_handling_prepare()
     - firewire: core: send bus reset promptly on gap count error
     - drm/amdgpu: skip to program GFXDEC registers for suspend abort
     - drm/amdgpu: reset gpu for s3 suspend abort case
     - smb: client: set correct d_type for reparse points under DFS mounts
     - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
     - smb3: clarify mount warning
     - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
     - drm/ttm: Fix an invalid freeing on already freed page in error path
     - [s390x] cio: fix invalid -EBUSY on ccw_device_start
     - ata: libata-core: Do not try to set sleeping devices to standby
     - dm-crypt: recheck the integrity tag after a failure
     - dm-integrity: recheck the integrity tag after a failure
     - dm-crypt: don't modify the data when using authenticated encryption
     - dm-verity: recheck the hash after a failure
     - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
       window
     - scsi: target: pscsi: Fix bio_put() for error case
     - scsi: core: Consult supported VPD page list prior to fetching page
     - mm/swap: fix race when skipping swapcache
     - mm: memcontrol: clarify swapaccount=0 deprecation warning
     - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
     - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
       ACPI names
     - cachefiles: fix memory leak in cachefiles_add_cache()
     - md: Fix missing release of 'active_io' for flush
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
       its_sync_lpi_pending_table()
     - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
     - crypto: virtio/akcipher - Fix stack overflow on memcpy
     - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
     - irqchip/sifive-plic: Enable interrupt if needed before EOI
     - PCI/MSI: Prevent MSI hardware interrupt number truncation
     - l2tp: pass correct message length to ip6_append_data
     - [x86] returnthunk: Allow different return thunks
     - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
     - [x86] alternative: Make custom return thunk unconditional
     - dm-integrity, dm-verity: reduce stack usage for recheck
     - erofs: fix refcount on the metabuf used for inode lookup
     - serial: amba-pl011: Fix DMA transmission in RS485 mode
     - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
     - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
     - usb: roles: fix NULL pointer issue when put module's reference
     - usb: roles: don't get/set_role() when usb_role_switch is unregistered
     - mptcp: make userspace_pm_append_new_local_addr static
     - mptcp: add needs_id for userspace appending addr
     - mptcp: fix lockless access in subflow ULP diag
     - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
     - [amd64] IB/hfi1: Fix a memleak in init_credit_return
     - RDMA/bnxt_re: Return error for SRQ resize
     - RDMA/irdma: Fix KASAN issue with tasklet
     - RDMA/irdma: Validate max_send_wr and max_recv_wr
     - RDMA/irdma: Set the CQ read threshold for GEN 1
     - RDMA/irdma: Add AE for too many RNRS
     - RDMA/srpt: Support specifying the srpt_service_guid parameter
     - iommufd/iova_bitmap: Bounds check mapped::pages access
     - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
     - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
     - RDMA/qedr: Fix qedr_create_user_qp error flow
     - [arm64] dts: rockchip: set num-cs property for spi on px30
     - RDMA/srpt: fix function pointer cast warnings
     - bpf, scripts: Correct GPL license name
     - scsi: smartpqi: Fix disable_managed_interrupts
     - net: bridge: switchdev: Skip MDB replays of deferred events on offload
     - net: bridge: switchdev: Ensure deferred event delivery on unoffload
     - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
       check_estalblished().
     - nouveau: fix function cast warnings
     - [x86] numa: Fix the address overlap check in numa_fill_memblks()
     - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
     - net: stmmac: Fix incorrect dereference in interrupt handlers
     - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
     - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
     - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
     - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
     - afs: Increase buffer size in afs_update_volume_status()
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
     - net: dev: Convert sa_data to flexible array in struct sockaddr
     - [arm64] sme: Restore SME registers on exit from suspend
     - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
       converted
     - [s390x] use the correct count for __iowrite64_copy()
     - bpf, sockmap: Fix NULL pointer dereference in
       sk_psock_verdict_data_ready()
     - tls: break out of main loop when PEEK gets a non-data record
     - tls: stop recv() if initial process_rx_list gave us non-DATA
     - tls: don't skip over different type records from the rx_list
     - netfilter: nf_tables: set dormant flag on hook register failure
     - netfilter: flowtable: simplify route logic
     - netfilter: nft_flow_offload: reset dst in route object after setting up
       flow
     - netfilter: nft_flow_offload: release dst in case direct xmit path is used
     - netfilter: nf_tables: rename function to destroy hook list
     - netfilter: nf_tables: register hooks last when adding new chain/flowtable
     - netfilter: nf_tables: use kzalloc for hook allocation
     - net: mctp: put sock on tag allocation failure
     - Fix write to cloned skb in ipv6_hop_ioam()
     - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
     - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
       set
     - drm/amd/display: Fix memory leak in dm_sw_fini()
     - [arm64,armhf] i2c: imx: when being a target, mark the last read as
       processed
     - erofs: simplify compression configuration parser
     - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
     - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
     - mm: zswap: fix missing folio cleanup in writeback race path
     - mptcp: userspace pm send RM_ADDR for ID 0
     - mptcp: add needs_id for netlink appending addr
     - ata: ahci: add identifiers for ASM2116 series adapters
     - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
     - arp: Prevent overflow in arp_req_get().
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
     - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
     - [arm64] drm/meson: fix unbind path if HDMI fails to bind
     - [arm64] drm/meson: Don't remove bridges which are created by other drivers
     - scsi: core: Add struct for args to execution functions
     - scsi: sd: usb_storage: uas: Access media prior to querying device
       properties
     - af_unix: Fix task hung while purging oob_skb in GC.
     - of: overlay: Reorder struct fragment fields kerneldoc
     - usb: gadget: Properly configure the device for remote wakeup
     - Input: xpad - add constants for GIP interface numbers
     - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
     - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
     - RDMA/core: Fix multiple -Warray-bounds warnings
     - mm: huge_memory: don't force huge page alignment on 32 bit
       (CVE-2024-26621) (Closes: #1024149)
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
     - netlink: add nla be16/32 types to minlen array
     - net: ip_tunnel: prevent perpetual headroom growth
     - net: mctp: take ownership of skb in mctp_local_output
     - tun: Fix xdp_rxq_info's queue_index when detaching
     - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
       back
     - net: veth: clear GRO when clearing XDP even when down
     - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
     - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
       detected
     - veth: try harder when allocating queue memory
     - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
     - net: lan78xx: fix "softirq work is pending" error
     - uapi: in6: replace temporary label with rfc9486
     - stmmac: Clear variable when destroying workqueue
     - Bluetooth: hci_sync: Check the correct flag before starting a scan
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
     - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
     - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
     - Bluetooth: Enforce validation on max value of connection interval
     - Bluetooth: qca: Fix wrong event type for patch config command
     - Bluetooth: hci_qca: mark OF related data as maybe unused
     - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
     - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
     - Bluetooth: btqca: Add WCN3988 support
     - Bluetooth: qca: use switch case for soc type behavior
     - Bluetooth: qca: add support for WCN7850
     - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
     - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
     - netfilter: let reset rules clean out conntrack entries
     - netfilter: bridge: confirm multicast packets before passing them up the
       stack
     - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
     - igb: extend PTP timestamp adjustments to i211
     - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
     - tls: decrement decrypt_pending if no async completion will be called
     - tls: fix peeking with sync+async decryption
     - efi/capsule-loader: fix incorrect allocation size
     - ALSA: Drop leftover snd-rtctimer stuff from Makefile
     - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
       display
     - fbcon: always restore the old font data in fbcon_do_set_font()
     - afs: Fix endless loop in directory parsing
     - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
     - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
     - ALSA: firewire-lib: fix to check cycle continuity
     - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
     - landlock: Fix asymmetric private inodes referring
     - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
     - wifi: nl80211: reject iftype change with mesh ID change
     - btrfs: fix double free of anonymous device after snapshot creation failure
     - btrfs: dev-replace: properly validate device names
     - btrfs: send: don't issue unnecessary zero writes for trailing hole
     - Revert "drm/amd/pm: resolve reboot exception for si oland"
     - drm/buddy: fix range bias
     - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
     - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
     - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
     - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
     - mmc: core: Fix eMMC initialization with 1-bit bus connection
     - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
     - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
     - efivarfs: Request at most 512 bytes for variable names
     - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
     - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
     - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
     - mptcp: fix data races on local_id
     - mptcp: fix data races on remote_id
     - mptcp: fix duplicate subflow creation
     - mptcp: continue marking the first subflow as UNCONNECTED
     - mptcp: map v4 address to v6 when destroying subflow
     - mptcp: push at DSS boundaries
     - mptcp: fix snd_wnd initialization for passive socket
     - mptcp: fix double-free on socket dismantle
     - mptcp: fix possible deadlock in subflow diag
     - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
     - RDMA/core: Update CMA destination address on rdma_resolve_addr
     - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
     - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
     - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
     - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
     - [x86] boot/compressed: Move efi32_pe_entry into .text section
     - [x86] boot/compressed: Move efi32_entry out of head_64.S
     - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
     - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
       into one
     - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
     - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
     - [x86] boot/compressed: Pull global variable reference into
       startup32_load_idt()
     - [x86] boot/compressed: Move startup32_load_idt() into .text section
     - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
     - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
     - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
     - [x86] boot/compressed: Adhere to calling convention in
       get_sev_encryption_bit()
     - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
     - efi: verify that variable services are supported
     - [x86] efi: Make the deprecated EFI handover protocol optional
     - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
     - [x86] efistub: Branch straight to kernel entry point from C code
     - [x86] decompressor: Store boot_params pointer in callee save register
     - [x86] decompressor: Assign paging related global variables earlier
     - [x86] decompressor: Call trampoline as a normal function
     - [x86] decompressor: Use standard calling convention for trampoline
     - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
     - [x86] decompressor: Call trampoline directly from C code
     - [x86] decompressor: Only call the trampoline when changing paging levels
     - [x86] decompressor: Pass pgtable address to trampoline directly
     - [x86] decompressor: Merge trampoline cleanup with switching code
     - [x86] decompressor: Move global symbol references to C code
     - decompress: Use 8 byte alignment
     - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
     - NFS: Fix data corruption caused by congestion.
     - NFSD: Simplify READ_PLUS
     - NFSD: Remove redundant assignment to variable host_err
     - nfsd: ignore requests to disable unsupported versions
     - nfsd: move nfserrno() to vfs.c
     - nfsd: allow disabling NFSv2 at compile time
     - exportfs: use pr_debug for unreachable debug statements
     - NFSD: Flesh out a documenting comment for filecache.c
     - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
     - NFSD: Trace stateids returned via DELEGRETURN
     - NFSD: Trace delegation revocations
     - NFSD: Use const pointers as parameters to fh_ helpers
     - NFSD: Update file_hashtbl() helpers
     - NFSD: Clean up nfsd4_init_file()
     - NFSD: Add a nfsd4_file_hash_remove() helper
     - NFSD: Clean up find_or_add_file()
     - NFSD: Refactor find_file()
     - NFSD: Use rhashtable for managing nfs4_file objects
     - NFSD: Fix licensing header in filecache.c
     - filelock: add a new locks_inode_context accessor function
     - lockd: use locks_inode_context helper
     - nfsd: use locks_inode_context helper
     - nfsd: fix up the filecache laundrette scheduling
     - NFSD: Use struct_size() helper in alloc_session()
     - lockd: set missing fl_flags field when retrieving args
     - lockd: ensure we use the correct file descriptor when unlocking
     - lockd: fix file selection in nlmsvc_cancel_blocked
     - trace: Relocate event helper files
     - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
     - NFSD: add support for sending CB_RECALL_ANY
     - NFSD: add delegation reaper to react to low memory condition
     - NFSD: add CB_RECALL_ANY tracepoints
     - NFSD: Use only RQ_DROPME to signal the need to drop a reply
     - NFSD: Avoid clashing function prototypes
     - NFSD: Use set_bit(RQ_DROPME)
     - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
       time
     - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
     - nfsd: don't destroy global nfs4_file table in per-net shutdown
     - [arm64] efi: Limit allocations to 48-bit addressable physical region
     - efi: efivars: prevent double registration
     - [x86] efistub: Simplify and clean up handover entry code
     - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
     - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
     - efi/libstub: Add memory attribute protocol definitions
     - efi/libstub: Add limit argument to efi_random_alloc()
     - [x86] efistub: Perform 4/5 level paging switch from the stub
     - [x86] decompressor: Factor out kernel decompression and relocation
     - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
     - [x86] efistub: Perform SNP feature test while running in the firmware
     - [x86] efistub: Avoid legacy decompressor when doing EFI boot
     - [x86] efi/x86: Avoid physical KASLR on older Dell systems
     - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
     - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
     - [x86] boot: efistub: Assign global boot_params variable
     - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
       boot_params->hdr.loadflags
     - af_unix: Drop oob_skb ref before purging queue in GC.
     - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
       dashes
     - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
       SR-IOV
     - gpio: 74x164: Enable output pins after registers are reset
     - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
     - gpio: fix resource unwinding order in error path
     - block: define bvec_iter as __packed __aligned(4)
     - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
     - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
     - [x86] bugs: Add asm helpers for executing VERW
     - [x86] entry_64: Add VERW just before userspace transition
     - [x86] entry_32: Add VERW just before userspace transition
     - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
     - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
     - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
     - bpf: Add table ID to bpf_fib_lookup BPF helper
     - bpf: Derive source IP addr via bpf_*_fib_lookup()
     - [x86] efistub: Give up if memory attribute protocol returns an error
     - xen/events: close evtchn after mapping cleanup
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
     - ceph: switch to corrected encoding of max_xattr_size in mdsmap
     - net: lan78xx: fix runtime PM count underflow on link stop
     - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
     - i40e: disable NAPI right after disabling irqs when handling xsk_pool
     - ice: reorder disabling IRQ and NAPI in ice_qp_dis
     - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
     - geneve: make sure to pull inner header in geneve_rx()
     - ice: virtchnl: stop pretending to support RSS over AQ or registers
     - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
     - igc: avoid returning frame twice in XDP_REDIRECT
     - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
     - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
     - net: dsa: microchip: fix register write order in ksz8_ind_write8()
     - net/rds: fix WARNING in rds_conn_connect_if_down
     - netfilter: nft_ct: fix l3num expectations with inet pseudo family
     - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
     - erofs: apply proper VMA alignment for memory mapped files on THP
     - netrom: Fix a data-race around sysctl_netrom_default_path_quality
     - netrom: Fix a data-race around
       sysctl_netrom_obsolescence_count_initialiser
     - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
     - netrom: Fix a data-race around sysctl_netrom_transport_timeout
     - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
     - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
     - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
     - netrom: Fix a data-race around
       sysctl_netrom_transport_requested_window_size
     - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
     - netrom: Fix a data-race around sysctl_netrom_routing_control
     - netrom: Fix a data-race around sysctl_netrom_link_fails_count
     - netrom: Fix data-races around sysctl_net_busy_read
     - [s390x] KVM: s390: add stat counter for shadow gmap events
     - [s390x] KVM: s390: vsie: fix race during shadow creation
     - drm/amd/display: Fix uninitialized variable usage in core_link_
       'read_dpcd() & write_dpcd()' functions
     - nfp: flower: add goto_chain_index for ct entry
     - nfp: flower: add hardware offload check for post ct entry
     - readahead: avoid multiple marked readahead pages
     - xhci: process isoc TD properly when there was a transaction error mid TD.
     - xhci: handle isoc Babble and Buffer Overrun events properly
     - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
     - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
       (CVE-2023-28746):
       + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
       + Documentation/hw-vuln: Add documentation for RFDS
       + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
       + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
     - drm/amd/display: Wrong colorimetry workaround
     - drm/amd/display: Fix MST Null Ptr for RV
     - getrusage: add the "signal_struct *sig" local variable
     - getrusage: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - getrusage: use __for_each_thread()
     - getrusage: use sig->stats_lock rather than lock_task_sighand()
     - fs/proc: do_task_stat: use __for_each_thread()
     - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
       stats
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 19
   * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
   * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
   * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
   * [x86] efistub: Don't clear BSS twice in mixed mode
   * efi: fix panic in kdump kernel
   * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
     higher address
   * efi/libstub: Cast away type warning in use of max()
   * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     (CVE-2023-6270)
   * wifi: ath10k: fix NULL pointer dereference in
     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
   * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     (CVE-2024-22099)
   * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
   * [rt] Update to 6.1.82-rt27

linux-signed-arm64 (6.1.94+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.94-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
     - [arm64,armhf] dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition (CVE-2024-35848)
     - Bluetooth: qca: add support for QCA2066
     - mm/hugetlb: add folio support to hugetlb specific flag macros
     - mm: add private field of first tail to struct page and struct folio
     - mm/hugetlb: add hugetlb_folio_subpool() helpers
     - mm/hugetlb: add folio_hstate()
     - mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios
     - mm/hugetlb: convert free_huge_page to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
     - mm/hugetlb: fix missing hugetlb_lock for resv uncharge
     - kbuild: refactor host*_flags
     - kbuild: specify output names separately for each emission type from rustc
     - cifs: use the least loaded channel for sending requests
     - smb3: missing lock when picking channel
     - [armhf] pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of
       GPIOR-T
     - [arm64] pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro
     - [x86] pinctrl: intel: Make use of struct pinfunction and
       PINCTRL_PINFUNCTION()
     - [x86] pinctrl: baytrail: Fix selecting gpio pinctrl state
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: change stubbed devm_regulator_get_enable to return Ok
     - regulator: change devm_regulator_get_enable_optional() stub to return Ok
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - nvme: fix warn output about shared namespaces without
       CONFIG_NVME_MULTIPATH
     - bpf: Fix a verifier verbose message
     - spi: introduce new helpers with using modern naming
     - [arm64] bpf, arm64: Fix incorrect runtime stats
     - [s390x] mm: Fix storage key clearing for guest huge pages
     - [s390x] mm: Fix clearing storage keys for huge pages
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - [s390x] vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr() for flower
     - net: qede: use return from qede_parse_flow_attr() for flow_spec
     - net: qede: use return from qede_parse_actions()
     - [arm64] ASoC: meson: axg-fifo: use FIELD helpers
     - [arm64] ASoC: meson: axg-fifo: use threaded irq to check periods
     - [arm64] ASoC: meson: axg-card: make links nonatomic
     - [arm64] ASoC: meson: axg-tdm-interface: manage formatters in trigger
     - [arm64] ASoC: meson: cards: select SND_DYNAMIC_MINORS
     - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
     - [s390x] cio: Ensure the copied buf is NUL terminated
     - cxgb4: Properly lock TX queue for the selftest.
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 /
       88E6341
     - spi: fix null pointer dereference within spi_sync
     - net: bridge: fix multicast-to-unicast with fraglist GSO
     - net: core: reject skb_copy(_expand) for fraglist GSO skbs
     - vxlan: Pull inner IP header in vxlan_rcv().
     - [s390x] qeth: Fix kernel panic after setting hsuid
     - net: gro: add flush check in udp_gro_receive_segment
     - [arm64] clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
     - [powerpc*] pseries: replace kmalloc with kzalloc in PLPKS driver
     - [powerpc*] pseries: Move PLPKS constants to header file
     - [powerpc*] pseries: make max polling consistent for longer H_CALLs
     - [powerpc*] pseries/iommu: LPAR panics during boot up with a frozen PE
     - [arm64] KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
     - [arm64] KVM: arm64: vgic-v2: Check for non-NULL vCPU in
       vgic_v2_parse_attr()
     - scsi: lpfc: Move NPIV's transport unregistration to after resource clean
       up
     - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
     - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
     - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
     - gfs2: Fix invalid metadata access in punch_hole
     - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
     - wifi: cfg80211: fix rdev_dump_mpp() arguments order
     - net: mark racy access on sk->sk_rcvbuf
     - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
     - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
     - btrfs: return accurate error code on open failure in open_fs_devices()
     - bpf: Check bloom filter map value size
     - kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
     - scsi: ufs: core: WLUN suspend dev/link state error recovery
     - ALSA: line6: Zero-initialize message buffers
     - block: fix overflow in blk_ioctl_discard()
     - net: bcmgenet: Reset RBUF on first open
     - ata: sata_gemini: Check clk_enable() result
     - firewire: ohci: mask bus reset interrupts between ISR and bottom half
     - tools/power turbostat: Fix added raw MSR output
     - tools/power turbostat: Increase the limit for fd opened
     - tools/power turbostat: Fix Bzy_MHz documentation typo
     - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
     - btrfs: always clear PERTRANS metadata during commit
     - scsi: target: Fix SELinux error when systemd-modules loads the target
       module
     - blk-iocost: avoid out of bounds shift
     - [arm64,armhf] gpu: host1x: Do not setup DMA for virtual devices
     - [mips*] scall: Save thread_info.syscall unconditionally on entry
       (Closes: #1068365)
     - tools/power/turbostat: Fix uncore frequency file string
     - drm/amdgpu: Refine IB schedule error logging
     - Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
     - [x86] uio_hv_generic: Don't free decrypted memory
     - Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
     - fs/9p: only translate RWX permissions for plain 9P2000
     - fs/9p: translate O_TRUNC into OTRUNC
     - 9p: explicitly deny setlease attempts
     - gpio: wcove: Use -ENOTSUPP consistently
     - gpio: crystalcove: Use -ENOTSUPP consistently
     - clk: Don't hold prepare_lock when calling kref_put()
     - fs/9p: drop inodes immediately on non-.L too
     - drm/nouveau/dp: Don't probe eDP ports twice harder
     - net:usb:qmi_wwan: support Rolling modules
     - kbuild: rust: avoid creating temporary files
     - spi: Merge spi_controller.{slave,target}_abort()
     - perf unwind-libunwind: Fix base address for .eh_frame
     - perf unwind-libdw: Handle JIT-generated DSOs properly
     - qibfs: fix dentry leak
     - xfrm: Preserve vlan tags for transport mode software GRO
     - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
     - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
     - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
       (CVE-2024-27398)
     - Bluetooth: msft: fix slab-use-after-free in msft_do_close()
     - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
       (CVE-2024-27399)
     - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
     - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
     - [x86] hwmon: (corsair-cpro) Use a separate buffer for sending commands
     - [x86] hwmon: (corsair-cpro) Use complete_all() instead of complete() in
       ccp_raw_event()
     - [x86] hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
     - phonet: fix rtm_phonet_notify() skb allocation
     - net: bridge: fix corrupted ethernet header on multicast-to-unicast
     - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
     - timers: Get rid of del_singleshot_timer_sync()
     - timers: Rename del_timer() to timer_delete()
     - net-sysfs: convert dev->operstate reads to lockless ones
     - hsr: Simplify code for announcing HSR nodes timer setup
     - ipv6: annotate data-races around cnf.disable_ipv6
     - ipv6: prevent NULL dereference in ip6_output()
     - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
     - [arm64] net: hns3: using user configure after hardware reset
     - [arm64] net: hns3: direct return when receive a unknown mailbox message
     - [arm64] net: hns3: change type of numa_node_mask as nodemask_t
     - [arm64] net: hns3: release PTP resources if pf initialization failed
     - [arm64] net: hns3: use appropriate barrier function after setting a bit
       value
     - [arm64] net: hns3: fix port vlan filter not disabled issue
     - [arm64] net: hns3: fix kernel crash when devlink reload during
       initialization
     - [arm64] drm/meson: dw-hdmi: power up phy on device init
     - [arm64] drm/meson: dw-hdmi: add bandgap setting for g12
     - drm/connector: Add \n to message about demoting connector force-probes
     - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11
       users
     - gpiolib: cdev: Add missing header(s)
     - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc
     - gpiolib: cdev: fix uninitialised kfifo
     - drm/amd/display: Atom Integrated System Info v2_2 for DCN35
     - MAINTAINERS: add leah to 6.1 MAINTAINERS file
     - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
     - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
     - firewire: nosy: ensure user_length is taken into account when fetching
       packet contents (CVE-2024-27401)
     - Reapply "drm/qxl: simplify qxl_fence_wait"
     - btf, scripts: rust: drop is_rust_module.sh
     - usb: typec: ucsi: Check for notifications after init
     - usb: typec: ucsi: Fix connector check on init
     - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed
       device
     - usb: ohci: Prevent missed ohci interrupts
     - USB: core: Fix access violation during port device removal
     - usb: gadget: composite: fix OS descriptors w_value logic
     - usb: gadget: f_fs: Fix a race condition when processing setup packets.
     - usb: xhci-plat: Don't include xhci.h
     - usb: dwc3: core: Prevent phy suspend during init
     - usb: typec: tcpm: unregister existing source caps before re-registration
     - usb: typec: tcpm: Check for port partner validity before consuming it
     - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
     - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
     - mm/slab: make __free(kfree) accept error pointers
     - mptcp: ensure snd_nxt is properly initialized on connect
     - dt-bindings: iio: health: maxim,max30102: fix compatible check
     - iio:imu: adis16475: Fix sync mode setting
     - iio: accel: mxc4005: Interrupt handling fixes
     - [armhf] ASoC: ti: davinci-mcasp: Fix race condition during probe
     - dyndbg: fix old BUG_ON in >control parser
     - slimbus: qcom-ngd-ctrl: Add timeout for wait operation
     - mei: me: add lunar lake point M DID
     - drm/vmwgfx: Fix invalid reads in fence signaled events
     - [x86] drm/i915/bios: Fix parsing backlight BDB data
     - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
     - net: fix out-of-bounds access in ops_init
     - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
     - mm: use memalloc_nofs_save() in page_cache_ra_order()
     - regulator: core: fix debugfs creation regression
     - spi: microchip-core-qspi: fix setting spi bus clock rate
     - ksmbd: off ipv6only for both ipv4/ipv6 binding
     - ksmbd: avoid to send duplicate lease break notifications
     - ksmbd: do not grant v2 lease if parent lease key and epoch are not set
     - Bluetooth: qca: add missing firmware sanity checks
     - Bluetooth: qca: fix NVM configuration parsing
     - Bluetooth: qca: fix info leak when fetching board id
     - Bluetooth: qca: fix info leak when fetching fw build id
     - Bluetooth: qca: fix firmware check error path
     - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (CVE-2024-21823)
     - dmaengine: idxd: add a new security check to deal with a hardware erratum
       (CVE-2024-21823)
     - dmaengine: idxd: add a write() method for applications to submit work
       (CVE-2024-21823)
     - keys: Fix overwrite of key expiration on instantiation
     - btrfs: do not wait for short bulk allocation
     - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
     - mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
     - md: fix kmemleak of rdev->serial (CVE-2024-26900)
     - net: bcmgenet: Clear RGMII_LINK upon link down
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
     - net: bcmgenet: synchronize UMAC_CMD access
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.92
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - net: ks8851: Fix another TX stall caused by wrong ISR flag handling
     - ice: pass VSI pointer into ice_vc_isvalid_q_id
     - ice: remove unnecessary duplicate checks for VF VSI ID
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - mfd: stpmic1: Fix swapped mask/unmask in irq chip
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - mmc: core: Add HS400 tuning in HS400es initialization
     - xfs: write page faults in iomap are not buffered writes
     - xfs: punching delalloc extents on write failure is racy
     - xfs: use byte ranges for write cleanup ranges
     - xfs,iomap: move delalloc punching to iomap
     - iomap: buffered write failure should not truncate the page cache
     - xfs: xfs_bmap_punch_delalloc_range() should take a byte range
     - iomap: write iomap validity checks
     - xfs: use iomap_valid method to detect stale cached iomaps
     - xfs: drop write error injection is unfixable, remove it
     - xfs: fix off-by-one-block in xfs_discard_folio()
     - xfs: fix incorrect error-out in xfs_remove
     - xfs: fix sb write verify for lazysbcount
     - xfs: fix incorrect i_nlink caused by inode racing
     - xfs: invalidate block device page cache during unmount
     - xfs: attach dquots to inode before reading data/cow fork mappings
     - xfs: wait iclog complete before tearing down AIL
     - xfs: fix super block buf log item UAF during force shutdown
     - xfs: hoist refcount record merge predicates
     - xfs: estimate post-merge refcounts correctly
     - xfs: invalidate xfs_bufs when allocating cow extents
     - xfs: allow inode inactivation during a ro mount log recovery
     - xfs: fix log recovery when unknown rocompat bits are set
     - xfs: get root inode correctly at bulkstat
     - xfs: short circuit xfs_growfs_data_private() if delta is zero
     - [arm64] atomics: lse: remove stale dependency on JUMP_LABEL
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper() (CVE-2023-52585)
     - [arm*] binder: fix max_thread type inconsistency
     - [arm64,armhf] usb: dwc3: Wait unconditionally after issuing EndXfer
       command
     - net: usb: ax88179_178a: fix link status when link is set to down/up
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - usb: typec: tipd: fix event checking for tps6598x
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
     - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
     - [x86] tsc: Trust initial offset in architectural TSC-adjust MSRs
     - ftrace: Fix possible use-after-free issue in ftrace_location()
     - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
     - tty: n_gsm: fix missing receive state reset after mode switch
     - speakup: Fix sizeof() vs ARRAY_SIZE() bug
     - serial: 8250_bcm7271: use default_mux_rate if possible
     - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
     - io_uring: fail NOP if non-zero op flags is passed in
     - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
       already"
     - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
     - ring-buffer: Fix a race between readers and resize checks
     - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
     - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
     - nilfs2: fix potential hang in nilfs_detach_log_writer()
     - ksmbd: avoid to send duplicate oplock break notifications
     - ksmbd: ignore trailing slashes in share paths
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460
       G11.
     - ALSA: core: Fix NULL module pointer assignment at card init
     - ALSA: Fix deadlocks with kctl removals at disconnection
     - KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
     - wifi: mac80211: don't use rate mask for scanning
     - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon
       timestamp field
     - wifi: cfg80211: fix the order of arguments for trace events of the
       tx_rx_evt class
     - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
     - net: usb: qmi_wwan: add Telit FN920C04 compositions
     - drm/amd/display: Set color_mgmt_changed to true on unsuspend
     - drm/amdgpu: Update BO eviction priorities
     - drm/amdgpu: Fix the ring buffer size for queue VM flush
     - drm/amdgpu/mes: fix use-after-free issue
     - sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
     - [x86] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM
       too
     - regulator: irq_helpers: duplicate IRQ name
     - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
     - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
     - regulator: vqmmc-ipq4019: fix module autoloading
     - ASoC: rt715: add vendor clear control register
     - ASoC: rt715-sdca: volume step modification
     - [x86] efistub: Omit physical KASLR when memory reservations exist
     - efi: libstub: only free priv.runtime_map when allocated
     - [x86] KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in
       CPUID
     - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
     - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
     - softirq: Fix suspicious RCU usage in __do_softirq()
     - ASoC: da7219-aad: fix usage of device_get_named_child_node()
     - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
     - drm/amd/display: Add dtbclk access to dcn315
     - drm/amd/display: Add VCO speed parameter for DCN31 FPU
     - drm/amdkfd: Flush the process wq before creating a kfd_process
     - [x86] mm: Remove broken vsyscall emulation code from the page fault code
     - nvme: find numa distance only if controller has valid numa id
     - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
     - nvmet-auth: replace pr_debug() with pr_err() to report an error.
     - nvmet-tcp: fix possible memory leak when tearing down a controller
     - nvmet: fix nvme status code when namespace is disabled
     - epoll: be better about file lifetimes
     - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
     - openpromfs: finish conversion to the new mount API
     - crypto: bcm - Fix pointer arithmetic
     - mm/slub, kunit: Use inverted data to corrupt kmem cache
     - firmware: raspberrypi: Use correct device for DMA mappings
     - ecryptfs: Fix buffer size for tag 66 packet
     - nilfs2: fix out-of-range warning
     - [x86] crypto: ccp - drop platform ifdef checks
     - [amd64] crypto: x86/nh-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha256-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha512-avx2 - add missing vzeroupper
     - [s390x] cio: fix tracepoint subchannel type field
     - io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of
       task_work
     - io_uring: use the right type for work_llist empty check
     - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
     - rcu: Fix buffer overflow in print_cpu_stall_info()
     - jffs2: prevent xattr node from overflowing the eraseblock
     - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
     - null_blk: Fix missing mutex_destroy() at module removal
     - md: fix resync softlockup when bitmap size is less than array size
     - block: open code __blk_account_io_start()
     - block: open code __blk_account_io_done()
     - block: support to account io_ticks precisely
     - wifi: ath10k: poll service ready message before failing
     - wifi: brcmfmac: pcie: handle randbuf allocation failure
     - wifi: ath11k: don't force enable power save on non-running vdevs
     - bpftool: Fix missing pids during link show
     - [x86] boot: Ignore relocations in .notes sections in walk_relocs() too
     - sched/fair: Add EAS checks before updating root_domain::overutilized
     - ACPI: Fix Generic Initiator Affinity _OSC bit
     - qed: avoid truncating work queue length
     - net/mlx5e: Fail with messages when params are not valid for XSK
     - mlx5: stop warning for 64KB pages
     - bitops: add missing prototype check
     - wifi: carl9170: re-fix fortified-memset warning
     - bpf: Pack struct bpf_fib_lookup
     - scsi: ufs: qcom: Perform read back after writing reset bit
     - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
     - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
     - scsi: ufs: qcom: Perform read back after writing unipro mode
     - scsi: ufs: qcom: Perform read back after writing CGC enable
     - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
     - scsi: ufs: core: Perform read back after disabling interrupts
     - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
     - ACPI: LPSS: Advertise number of chip selects via property
     - irqchip/alpine-msi: Fix off-by-one in allocation error path
     - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
     - ACPI: disable -Wstringop-truncation
     - gfs2: Don't forget to complete delayed withdraw
     - gfs2: Fix "ignore unlock failures after withdraw"
     - [x86] boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
     - cpufreq: exit() callback is optional
     - [x86] pat: Introduce lookup_address_in_pgd_attr()
     - [x86] pat: Restructure _lookup_address_cpa()
     - [x86] pat: Fix W^X violation false-positives when running as Xen PV guest
     - net: export inet_lookup_reuseport and inet6_lookup_reuseport
     - net: remove duplicate reuseport_lookup functions
     - udp: Avoid call to compute_score on multiple sites
     - cppc_cpufreq: Fix possible null pointer dereference
     - scsi: libsas: Fix the failure of adding phy with zero-address to port
     - scsi: hpsa: Fix allocation size for Scsi_Host private data
     - [x86] purgatory: Switch to the position-independent small code model
     - thermal/drivers/tsens: Fix null pointer dereference
     - wifi: ath10k: Fix an error code problem in
       ath10k_dbg_sta_write_peer_debug_trigger()
     - wifi: ath10k: populate board data for WCN3990
     - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset
       handlers
     - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family
       switches
     - tcp: avoid premature drops in tcp_add_backlog()
     - pwm: sti: Convert to platform remove callback returning void
     - pwm: sti: Prepare removing pwm_chip from driver data
     - pwm: sti: Simplify probe function using devm functions
     - drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
     - net: give more chances to rcu in netdev_wait_allrefs_any()
     - wifi: carl9170: add a proper sanity check for endpoints
     - wifi: ar5523: enable proper endpoint verification
     - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
     - libbpf: Fix error message in attach_kprobe_multi
     - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
     - scsi: bfa: Ensure the copied buf is NUL terminated
     - scsi: qedf: Ensure the copied buf is NUL terminated
     - scsi: qla2xxx: Fix debugfs output for fw_resource_count
     - kernel/numa.c: Move logging out of numa.h
     - [x86] numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
     - wifi: mwl8k: initialize cmd->addr[] properly
     - HID: amd_sfh: Handle "no sensors" in PM operations
     - usb: aqc111: stop lying about skb->truesize
     - net: usb: sr9700: stop lying about skb->truesize
     - net: ipv6: fix wrong start position when receive hop-by-hop fragment
     - eth: sungem: remove .ndo_poll_controller to avoid deadlocks
     - net: ethernet: cortina: Locking fixes
     - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
     - net: usb: smsc95xx: stop lying about skb->truesize
     - net: openvswitch: fix overwriting ct original tuple for ICMPv6
     - ipv6: sr: add missing seg6_local_exit
     - ipv6: sr: fix incorrect unregister order
     - ipv6: sr: fix invalid unregister error path
     - net/mlx5: Add a timeout to acquire the command queue semaphore
     - net/mlx5: Discard command completions in internal error
     - [s390x] bpf: Emit a barrier for BPF_FETCH instructions
     - riscv, bpf: make some atomic operations fully ordered
     - ax25: Use kernel universal linked list to implement ax25_dev_list
     - ax25: Fix reference count leak issues of ax25_dev
     - ax25: Fix reference count leak issue of net_device
     - mptcp: SO_KEEPALIVE: fix getsockopt support
     - Bluetooth: Consolidate code around sk_alloc into a helper function
     - Bluetooth: compute LE flow credits based on recvbuf space
     - Bluetooth: qca: Fix error code in qca_read_fw_build_info()
     - drm/bridge: Fix improper bridge init order with pre_enable_prev_first
     - printk: Let no_printk() use _printk()
     - dev_printk: Add and use dev_no_printk()
     - drm/lcdif: Do not disable clocks on already suspended hardware
     - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
     - drm/dp: Don't attempt AUX transfers when eDP panels are not powered
     - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't
       assert
     - drm/amd/display: Fix potential index out of bounds in color transformation
       function
     - [x86] ASoC: Intel: Disable route checks for Skylake boards
     - [x86] ASoC: Intel: avs: ssm4567: Do not ignore route checks
     - mtd: core: Report error if first mtd_otp_size() call fails in
       mtd_otp_nvmem_add()
     - mtd: rawnand: hynix: fixed typo
     - fbdev: shmobile: fix snprintf truncation
     - [armel,armhf] ASoC: kirkwood: Fix potential NULL dereference
     - drm/meson: vclk: fix calculation of 59.94 fractional rates
     - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
     - [powerpc*] fsl-soc: hide unused const variable
     - fbdev: sisfb: hide unused variables
     - [x86] ASoC: Intel: avs: Fix ASRC module initialization
     - [x86] ASoC: Intel: avs: Fix potential integer overflow
     - media: ngene: Add dvb_ca_en50221_init return value check
     - media: rcar-vin: work around -Wenum-compare-conditional warning
     - media: radio-shark2: Avoid led_names truncations
     - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
     - [arm64] drm/msm/dp: allow voltage swing / pre emphasis of 3
     - [arm64] drm/msm/dp: Return IRQ_NONE for unhandled interrupts
     - [arm64] drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
       connected
     - media: ipu3-cio2: Request IRQ earlier
     - media: dt-bindings: ovti,ov2680: Fix the power supply names
     - fbdev: sh7760fb: allow modular build
     - media: atomisp: ssh_css: Fix a null-pointer dereference in
       load_video_binaries
     - [arm64] drm/arm/malidp: fix a possible null pointer dereference
       (CVE-2024-36014)
     - drm: vc4: Fix possible null pointer dereference
     - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
     - drm/bridge: anx7625: Don't log an error when DSI host can't be found
     - drm/bridge: icn6211: Don't log an error when DSI host can't be found
     - drm/bridge: lt8912b: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
     - drm/bridge: tc358775: Don't log an error when DSI host can't be found
     - drm/bridge: dpc3433: Don't log an error when DSI host can't be found
     - drm/panel: novatek-nt35950: Don't log an error when DSI host can't be
       found
     - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
     - drm/mipi-dsi: use correct return type for the DSC functions
     - drm/rockchip: vop2: Do not divide height twice for YUV
     - clk: samsung: exynosautov9: fix wrong pll clock id value
     - RDMA/mlx5: Adding remote atomic access flag to updatable flags
     - [arm64] RDMA/hns: Fix return value in hns_roce_map_mr_sg
     - [arm64] RDMA/hns: Fix deadlock on SRQ async events.
     - [arm64] RDMA/hns: Fix UAF for cq async event
     - [arm64] RDMA/hns: Fix GMV table pagesize
     - [arm64] RDMA/hns: Use complete parentheses in macros
     - [arm64] RDMA/hns: Modify the print level of CQE error
     - clk: mediatek: mt8365-mm: fix DPI0 parent
     - clk: rs9: fix wrong default value for clock amplitude
     - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
     - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
     - RDMA/rxe: Fix incorrect rxe_put in error path
     - IB/mlx5: Use __iowrite64_copy() for write combining stores
     - clk: renesas: r8a779a0: Fix CANFD parent clock
     - clk: renesas: r9a07g043: Add clock and reset entry for PLIC
     - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
     - clk: qcom: dispcc-sm8450: fix DisplayPort clocks
     - clk: qcom: dispcc-sm6350: fix DisplayPort clocks
     - clk: qcom: mmcc-msm8998: fix venus clock issue
     - [x86] insn: Fix PUSH instruction in x86 instruction decoder opcode map
     - [x86] insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and
       VPDPWSSDS
     - ext4: avoid excessive credit estimate in ext4_tmpfile()
     - virt: acrn: stop using follow_pfn
     - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
     - sunrpc: removed redundant procp check
     - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
     - ext4: fix unit mismatch in ext4_mb_new_blocks_simple
     - ext4: try all groups in ext4_mb_new_blocks_simple
     - ext4: remove unused parameter from ext4_mb_new_blocks_simple()
     - ext4: fix potential unnitialized variable
     - SUNRPC: Fix gss_free_in_token_pages()
     - RDMA/IPoIB: Fix format truncation compilation errors
     - net: add pskb_may_pull_reason() helper
     - net: bridge: xmit: make sure we have at least eth header len bytes
     - net: bridge: mst: fix vlan use-after-free
     - net: qrtr: ns: Fix module refcnt
     - netrom: fix possible dead-lock in nr_rt_ioctl()
     - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
     - sched/fair: Allow disabling sched_balance_newidle with
       sched_relax_domain_level
     - sched/core: Fix incorrect initialization of the 'burst' parameter in
       cpu_max_write()
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
     - perf record: Delete session after stopping sideband thread
     - perf probe: Add missing libgen.h header needed for using basename()
     - iio: core: Leave private pointer NULL when no private data supplied
     - greybus: lights: check return of get_channel_from_mode
     - f2fs: multidev: fix to recognize valid zero block address
     - f2fs: fix to wait on page writeback in __clone_blkaddrs()
     - counter: linux/counter.h: fix Excess kernel-doc description warning
     - perf annotate: Get rid of duplicate --group option item
     - soundwire: cadence: fix invalid PDI offset
     - dmaengine: idma64: Add check for dma_set_max_seg_size
     - firmware: dmi-id: add a release callback function
     - serial: max3100: Lock port->lock when calling uart_handle_cts_change()
     - serial: max3100: Update uart_driver_registered on driver removal
     - serial: max3100: Fix bitwise types
     - greybus: arche-ctrl: move device table to its right location
     - PCI: tegra194: Fix probe path for Endpoint mode
     - serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
     - [arm64] dts: meson: fix S4 power-controller node
     - perf tests: Make "test data symbol" more robust on Neoverse N1
     - dt-bindings: PCI: rcar-pci-host: Add optional regulators
     - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
     - f2fs: compress: fix to relocate check condition in
       f2fs_{release,reserve}_compress_blocks()
     - f2fs: compress: fix to relocate check condition in
       f2fs_ioc_{,de}compress_file()
     - f2fs: fix typos in comments
     - f2fs: fix to relocate check condition in f2fs_fallocate()
     - f2fs: fix to check pinfile flag in f2fs_move_file_range()
     - iio: adc: stm32: Fixing err code to not indicate success
     - coresight: etm4x: Fix unbalanced pm_runtime_enable()
     - perf docs: Document bpf event modifier
     - iio: pressure: dps310: support negative temperature values
     - coresight: etm4x: Do not hardcode IOMEM access for register restore
     - coresight: etm4x: Do not save/restore Data trace control registers
     - coresight: etm4x: Safe access for TRCQCLTR
     - coresight: etm4x: Fix access to resource selector registers
     - fpga: region: add owner module and take its refcount
     - microblaze: Remove gcc flag for non existing early_printk.c file
     - microblaze: Remove early printk call from cpuinfo-static.c
     - perf intel-pt: Fix unassigned instruction op (discovered by
       MemorySanitizer)
     - ovl: remove upper umask handling from ovl_create_upper()
     - VMCI: Fix an error handling path in vmci_guest_probe_device()
     - dt-bindings: pinctrl: mediatek: mt7622: fix array properties
     - watchdog: bd9576: Drop "always-running" property
     - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
     - usb: gadget: u_audio: Fix race condition use of controls after free during
       gadget unbind.
     - usb: gadget: u_audio: Clear uac pointer when freed.
     - stm class: Fix a double free in stm_register_device()
     - ppdev: Remove usage of the deprecated ida_simple_xx() API
     - ppdev: Add an error check in register_device (CVE-2024-36015)
     - perf bench internals inject-build-id: Fix trap divide when collecting just
       one DSO
     - perf ui browser: Don't save pointer to stack memory
     - extcon: max8997: select IRQ_DOMAIN instead of depending on it
     - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
     - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
     - perf ui browser: Avoid SEGV on title
     - perf report: Avoid SEGV in report__setup_sample_type()
     - f2fs: compress: fix to update i_compr_blocks correctly
     - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/
       cp_rwsem lock
     - f2fs: fix to release node block count in error path of
       f2fs_new_node_page()
     - f2fs: compress: don't allow unaligned truncation on released compress
       inode
     - serial: sh-sci: protect invalidating RXDMA on shutdown
     - libsubcmd: Fix parse-options memory leak
     - perf daemon: Fix file leak in daemon_session__control
     - f2fs: fix to add missing iput() in gc_data_segment()
     - perf stat: Don't display metric header for non-leader uncore events
     - [s390x] vdso: filter out mno-pic-data-is-text-relative cflag
     - [s390x] vdso64: filter out munaligned-symbols flag for vdso
     - [s390x] vdso: Generate unwind information for C modules
     - [s390x] vdso: Use standard stack frame layout
     - [s390x] ipl: Fix incorrect initialization of len fields in nvme reipl
       block
     - [s390x] ipl: Fix incorrect initialization of nvme dump block
     - [s390x] boot: Remove alt_stfle_fac_list from decompressor
     - Input: ims-pcu - fix printf string overflow
     - Input: ioc3kbd - convert to platform remove callback returning void
     - Input: ioc3kbd - add device table
     - mmc: sdhci_am654: Add tuning algorithm for delay chain
     - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
     - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
     - mmc: sdhci_am654: Add OTAP/ITAP delay enable
     - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
     - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
     - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
     - [arm64] drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode
       pclk
     - [arm64] drm/msm/dpu: Always flush the slave INTF on the CTL
     - drm/bridge: tc358775: fix support for jeida-18 and jeida-24
     - media: stk1160: fix bounds checking in stk1160_copy_video()
     - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
     - Input: cyapa - add missing input core locking to suspend/resume functions
     - media: flexcop-usb: fix sanity check of bNumEndpoints
     - [powerpc*] pseries: Add failure related checks for h_get_mpp and h_get_ppp
     - media: sunxi: a83-mips-csi2: also select GENERIC_PHY
     - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
     - media: cec: cec-api: add locking in cec_release()
     - media: cec: core: avoid recursive cec_claim_log_addrs
     - media: cec: core: avoid confusing "transmit timed out" message
     - Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
     - [arm64] drm/msm: Enable clamp_to_idle for 7c3
     - [arm64] drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
       fails
     - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
     - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
     - ASoC: mediatek: mt8192: fix register configuration for tdm
     - regulator: bd71828: Don't overwrite runtime voltages
     - perf/arm-dmc620: Fix lockdep assert in ->event_init()
     - [x86] kconfig: Select ARCH_WANT_FRAME_POINTERS again when
       UNWINDER_FRAME_POINTER=y
     - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
     - ipv6: sr: fix missing sk_buff release in seg6_input_core
     - nfc: nci: Fix uninit-value in nci_rx_work
     - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
     - NFSv4: Fixup smatch warning for ambiguous return
     - nfs: keep server info for remounts
     - sunrpc: fix NFSACL RPC retry on soft mount
     - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
     - af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
       (CVE-2024-36972)
     - ipv6: sr: fix memleak in seg6_hmac_init_algo
     - tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
     - pNFS/filelayout: fixup pNfs allocation modes
     - openvswitch: Set the skbuff pkt_type for proper pmtud support.
     - [arm64] asm-bug: Add .align 2 to the end of __BUG_ENTRY
     - rv: Update rv_en(dis)able_monitor doc to match kernel-doc
     - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
     - Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
     - net: fec: avoid lock evasion when reading pps_enable
     - tls: fix missing memory barrier in tls_init
     - inet: factor out locked section of inet_accept() in a new helper
     - net: relax socket state check at accept time.
     - nfc: nci: Fix kcov check in nci_rx_work()
     - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
     - drivers/xen: Improve the late XenStore init protocol
     - ice: Interpret .set_channels() input differently
     - netfilter: nfnetlink_queue: acquire rcu_read_lock() in
       instance_destroy_rcu()
     - netfilter: nft_payload: restore vlan q-in-q match support
     - spi: Don't mark message DMA mapped when no transfer in it is
     - dma-mapping: benchmark: fix node id validation
     - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
     - nvmet: fix ns enable/disable possible hang
     - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
     - net/mlx5: Lag, do bond only if slaves agree on roce state
     - net/mlx5e: Fix IPsec tunnel mode offload feature check
     - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
       exhaustion
     - net/mlx5e: Fix UDP GSO for encapsulated packets
     - dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
     - bpf: Fix potential integer overflow in resolve_btfids
     - ALSA: jack: Use guard() for locking
     - ALSA: core: Remove debugfs at disconnection
     - ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
     - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
     - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
     - enic: Validate length of nl attributes in enic_set_vf_port
     - af_unix: Read sk->sk_hash under bindlock during bind().
     - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
     - bpf: Allow delete from sockmap/sockhash only if update is allowed
     - net:fec: Add fec_enet_deinit()
     - ice: fix accounting if a VLAN already exists
     - netfilter: nft_payload: move struct nft_payload_set definition where it
       belongs
     - netfilter: nft_payload: rebuild vlan header when needed
     - netfilter: nft_payload: rebuild vlan header on h_proto access
     - netfilter: nft_payload: skbuff vlan metadata mangle support
     - netfilter: tproxy: bail out if IP has been disabled on the device
     - netfilter: nft_fib: allow from forward/input without iif selector
     - kconfig: fix comparison to constant symbols, 'm', 'n'
     - [x86] drm/i915/guc: avoid FIELD_PREP warning
     - spi: stm32: Don't warn about spurious interrupts
     - net: dsa: microchip: fix RGMII error in KSZ DSA driver
     - net: ena: Add dynamic recycling mechanism for rx buffers
     - net: ena: Reduce lines with longer column width boundary
     - net: ena: Fix redundant device NUMA node override
     - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
     - [powerpc*] pseries/lparcfg: drop error message from guest name lookup
     - hwmon: (shtc1) Fix property misspelling
     - ALSA: timer: Set lower bound of start tick time
     - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.94
     - drm: Check output polling initialized before disabling (CVE-2024-35927)
     - drm: Check polling initialized before enabling in
       drm_helper_probe_single_connector_modes
     - Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations
     - maple_tree: fix allocation in mas_sparse_area()
     - maple_tree: fix mas_empty_area_rev() null pointer dereference
       (CVE-2024-36891)
     - mmc: core: Do not force a retune before RPMB switch
     - afs: Don't cross .backup mountpoint from backup volume
     - nilfs2: fix use-after-free of timer for log writer thread (CVE-2024-38583)
     - [x86] drm/i915/audio: Fix audio time stamp programming for DP
     - mptcp: avoid some duplicate code in socket option handling
     - mptcp: cleanup SOL_TCP handling
     - mptcp: fix full TCP keep-alive support
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - scripts/gdb: fix SB_* constants parsing
     - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
     - media: lgdt3306a: Add a check against null-pointer-def
     - drm/amdgpu: add error handle to avoid out-of-bounds
     - bcache: fix variable length array abuse in btree_iter
     - wifi: rtw89: correct aSIFSTime for 6GHz band
     - ata: pata_legacy: make legacy_exit() work again
     - thermal/drivers/qcom/lmh: Check for SCM availability at probe
     - [arm64] soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
     - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
     - [arm64] tegra: Correct Tegra132 I2C alias
     - [arm64] dts: qcom: qcs404: fix bluetooth device address
     - md/raid5: fix deadlock that raid5d() wait for itself to clear
       MD_SB_CHANGE_PENDING
     - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
       firmware command
     - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
     - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
     - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
     - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
     - [arm64] dts: hi3798cv200: fix the size of GICR
     - media: mc: Fix graph walk in media_pipeline_start
     - media: mc: mark the media devnode as registered from the, start
     - media: mxl5xx: Move xpt structures off stack
     - media: v4l2-core: hold videodev_lock until dev reg, finishes
     - mmc: core: Add mmc_gpiod_set_cd_config() function
     - mmc: sdhci: Add support for "Tuning Error" interrupts
     - mmc: sdhci-acpi: Sort DMI quirks alphabetically
     - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
     - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
     - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on
       Asus T100TA
     - fbdev: savage: Handle err return when savagefb_check_var failed
     - drm/amdgpu/atomfirmware: add intergrated info v2.3 table
     - 9p: add missing locking around taking dentry fid list
     - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
     - [arm64] KVM: arm64: Fix AArch32 register narrowing on userspace write
     - [arm64] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
     - [arm64] KVM: arm64: AArch32: Fix spurious trapping of conditional
       instructions
     - crypto: ecdsa - Fix module auto-load on add-key
     - crypto: ecrdsa - Fix module auto-load on add_key
     - [x86] crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
     - mm: fix race between __split_huge_pmd_locked() and GUP-fast
     - scsi: core: Handle devices which return an unusually large VPD page count
     - net/ipv6: Fix route deleting failure when metric equals 0
     - net/9p: fix uninit-value in p9_client_rpc()
     - kmsan: do not wipe out origin when doing partial unpoisoning
     - cpufreq: amd-pstate: Fix the inconsistency in max frequency units
     - [x86] intel_th: pci: Add Meteor Lake-S CPU support
     - mm/cma: drop incorrect alignment check in cma_init_reserved_mem
     - mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
     - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
     - kdb: Fix buffer overflow during tab-complete
     - kdb: Use format-strings rather than '\0' injection in kdb_read()
     - kdb: Fix console handling when editing and tab-completing commands
     - kdb: Merge identical case statements in kdb_read()
     - kdb: Use format-specifiers rather than memset() for padding in kdb_read()
     - net: fix __dst_negative_advice() race (CVE-2024-36971)
     - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
     - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
     - [s390x] ap: Fix crash in AP internal function modify_bitmap()
     - [s390x] cpacf: Split and rework cpacf query functions
     - [s390x] cpacf: Make use of invalid opcode produce a link error
     - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
     - EDAC/igen6: Convert PCIBIOS_* return codes to errnos
     - nfs: fix undefined behavior in nfs_block_bits()
     - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
     - btrfs: fix crash on racing fsync and size-extending write into prealloc
     - [powerpc*] bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
     - smb: client: fix deadlock in smb2_find_smb_tcon()
     - smp: Provide 'setup_max_cpus' definition on UP too
 .
   [ Uwe Kleine-König ]
   * [arm*] Enable symbols in Raspberry Pi device trees for simplified overlay
     application.
   * d/rules: Let blhc ignore perf tests binaries that are compiled without
     fortification
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 22
   * [rt] Update to 6.1.90-rt30
   * net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (CVE-2024-36974)
linux-signed-arm64 (6.1.90+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.90-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
     - amdkfd: use calloc instead of kzalloc to avoid integer overflow
       (CVE-2024-26817)
     - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
     - bnx2x: Fix firmware version string character counts
     - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
     - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
     - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
     - panic: Flush kernel log buffer at the end
     - cpuidle: Avoid potential overflow in integer multiplication
     - [arm64] dts: rockchip: fix rk3328 hdmi ports node
     - [arm64] dts: rockchip: fix rk3399 hdmi ports node
     - ionic: set adminq irq affinity
     - net: skbuff: add overflow debug check to pull/push helpers
     - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
     - pstore/zone: Add a null pointer check to the psz_kmsg_read
     - net: pcs: xpcs: Return EINVAL in the internal methods
     - dma-direct: Leak pages on dma_set_decrypted() failure
     - wifi: ath11k: decrease MHI channel buffer length to 8KB
     - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
     - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
     - btrfs: export: handle invalid inode or root reference in
       btrfs_get_parent()
     - btrfs: send: handle path ref underflow in header iterate_inode_ref()
     - ice: use relative VSI index for VFs instead of PF VSI number
     - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
     - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
     - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
     - [arm64,armhf] drm/vc4: don't check if plane->state->fb == state->fb
     - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
     - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
     - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
     - sysv: don't call sb_bread() with pointers_lock held
     - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
     - isofs: handle CDs with bad root inode but good Joliet root directory
     - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
       laptops
     - rcu-tasks: Repair RCU Tasks Trace quiescence check
     - Julia Lawall reported this null pointer dereference, this should fix it.
     - media: sta2x11: fix irq handler cast
     - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data
       block counter
     - ext4: add a hint for block bitmap corrupt state in mb_groups
     - ext4: forbid commit inconsistent quota data when errors=remount-ro
     - drm/amd/display: Fix nanosec stat overflow
     - drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()
     - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
       unsigned int
     - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
     - libperf evlist: Avoid out-of-bounds access
     - input/touchscreen: imagis: Correct the maximum touch area value
     - block: prevent division by zero in blk_rq_stat_sum()
     - RDMA/cm: add timeout to cm_destroy_id wait
     - Input: imagis - use FIELD_GET where applicable
     - Input: allocate keycode for Display refresh rate toggle
     - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the
       Chuwi Vi8 tablet
     - [x86] perf/x86/amd/lbr: Discard erroneous branch entries
     - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
       environment
     - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
     - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
     - [x86] thunderbolt: Keep the domain powered when USB4 port is in redrive
       mode
     - usb: typec: tcpci: add generic tcpci fallback compatible
     - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
     - thermal/of: Assume polling-delay(-passive) 0 when absent
     - ASoC: soc-core.c: Skip dummy codec when adding platforms
     - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
     - io_uring: clear opcode specific data for an early failure
     - drivers/nvme: Add quirks for device 126f:2262
     - fbmon: prevent division by zero in fb_videomode_from_videomode()
     - netfilter: nf_tables: release batch on table validation from abort path
     - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
       (CVE-2024-26925)
     - netfilter: nf_tables: discard table flag update with pending basechain
       deletion
     - gcc-plugins/stackleak: Avoid .head.text section
     - virtio: reenable config if freezing device failed
     - randomize_kstack: Improve entropy diffusion
     - [x86] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
     - Bluetooth: btintel: Fixe build regression
     - net: mpls: error out if inner headers are not set
     - [x86] VMCI: Fix possible memcpy() run-time warning in
       vmci_datagram_invoke_guest_handler()
     - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
     - smb3: fix Open files on server counter going negative
     - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
     - batman-adv: Avoid infinite loop trying to resize local TT
     - ring-buffer: Only update pages_touched when a new page is touched
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
     - PM: s2idle: Make sure CPUs will wakeup directly on resume
     - media: cec: core: remove length check of Timer Status
     - Revert "drm/qxl: simplify qxl_fence_wait" (Closes: #1054514)
     - nouveau: fix function cast warning
     - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
     - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
       file
     - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
     - geneve: fix header validation in geneve[6]_xmit_skb
     - bnxt_en: Reset PTP tx_avail after possible firmware reset
     - af_unix: Clear stale u->oob_skb.
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - Bluetooth: SCO: Fix not validating setsockopt user input
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
     - netfilter: complete validation of user input
     - net/mlx5: Properly link new fs rules into the tree
     - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
     - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
     - net: ena: Fix potential sign extension issue
     - net: ena: Wrong missing IO completions check order
     - net: ena: Fix incorrect descriptor free behavior
     - tracing: hide unused ftrace_event_id_fops
     - [amd64] iommu/vt-d: Allocate local memory for page request queue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - btrfs: record delayed inode root in transaction
     - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
     - io_uring/net: restore msg_control on sendzc retry
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - [x86] drm/i915/vrr: Disable VRR when using bigjoiner
     - drm/ast: Fix soft lockup
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - vhost: Add smp_rmb() in vhost_enable_notify()
     - [x86] perf/x86: Fix out of range data
     - [x86] cpu: Actually turn off mitigations by default for
       SPECULATION_MITIGATIONS=n
     - [x86] apic: Force native_apic_mem_read() to use the MOV instruction
     - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
     - [x86] bugs: Fix return type of spectre_bhi_state()
     - [x86] bugs: Fix BHI documentation
     - [x86] bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
     - [x86] bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
     - [x86] bugs: Fix BHI handling of RRSBA
     - [x86] bugs: Clarify that syscall hardening isn't a BHI mitigation
     - [x86] bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
     - [x86] bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
       CONFIG_MITIGATION_SPECTRE_BHI
     - [x86] drm/i915/cdclk: Fix CDCLK programming order when pipes are active
     - [x86] drm/i915: Disable port sync when bigjoiner is used
     - drm/amdgpu: Reset dGPU if suspend got aborted
     - drm/amdgpu: always force full reset for SOC21
     - drm/amd/display: fix disable otg wa logic in DCN316
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.88
     - drm/vmwgfx: Enable DMA mappings with SEV
     - drm/amdgpu: fix incorrect active rb bitmap for gfx11
     - drm/amdgpu: fix incorrect number of active RBs for gfx11
     - drm/amd/display: Do not recursively call manual trigger programming
     - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
       failure
     - SUNRPC: Fix rpcgss_context trace event acceptor field
     - random: handle creditable entropy from atomic process context
     - net: usb: ax88179_178a: avoid writing the mac address before first reading
     - [x86] drm/i915/vma: Fix UAF on destroy against retire race
     - [x86] efi: Drop EFI stub .bss from .data section
     - [x86] efi: Disregard setup header of loaded image
     - [x86] efistub: Reinstate soft limit for initrd loading
     - [x86] efi: Drop alignment flags from PE section headers
     - [x86] boot: Remove the 'bugger off' message
     - [x86] boot: Omit compression buffer from PE/COFF image memory footprint
     - [x86] boot: Drop redundant code setting the root device
     - [x86] boot: Drop references to startup_64
     - [x86] boot: Grab kernel_info offset from zoffset header directly
     - [x86] boot: Set EFI handover offset directly in header asm
     - [x86] boot: Define setup size in linker script
     - [x86] boot: Derive file size from _edata symbol
     - [x86] boot: Construct PE/COFF .text section from assembler
     - [x86] boot: Drop PE/COFF .reloc section
     - [x86] boot: Split off PE/COFF .data section
     - [x86] boot: Increase section and file alignment to 4k/512
     - [x86] efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
     - [x86] mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros
     - [x86] head/64: Add missing __head annotation to startup_64_load_idt()
     - [x86] head/64: Move the __head definition to <asm/init.h>
     - [x86] sme: Move early SME kernel encryption handling into .head.text
     - [x86] sev: Move early startup code into .head.text section
     - [x86] efistub: Remap kernel text read-only before dropping NX attribute
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
     - netfilter: br_netfilter: skip conntrack input hook for promisc packets
     - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
     - netfilter: flowtable: validate pppoe header
     - netfilter: flowtable: incorrect pppoe tuple
     - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
     - af_unix: Don't peek OOB data without MSG_OOB.
     - net/mlx5: Lag, restore buckets number to default after hash LAG
       deactivation
     - net/mlx5e: Prevent deadlock while disabling aRFS
     - ice: tc: allow zero flags in parsing tc flower
     - tun: limit printing rate when illegal packet received by tun dev
     - [arm64] net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before
       using them
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/cm: Print the old state when cm_destroy_id gets timeout
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - [s390x] qdio: handle deferred cc1
     - [s390x] cio: fix race condition during online processing
     - drm: nv04: Fix out of bounds access
     - [armhf] omap2: n8x0: stop instantiating codec platform data
     - PCI: Avoid FLR for SolidRun SNET DPU rev 1
     - HID: kye: Sort kye devices
     - usb: pci-quirks: Reduce the length of a spinlock section in
       usb_amd_find_chipset_info()
     - PCI: Delay after FLR of Solidigm P44 Pro NVMe
     - [x86] quirks: Include linux/pnp.h for arch_pnpbios_disabled()
     - [x86] thunderbolt: Log function name of the called quirk
     - [x86] thunderbolt: Add debug log for link controller power quirk
     - PCI: Execute quirk_enable_clear_retrain_link() earlier
     - ALSA: scarlett2: Move USB IDs out from device_info struct
     - ALSA: scarlett2: Add support for Clarett 8Pre USB
     - ASoC: ti: Convert Pandora ASoC to GPIO descriptors
     - ALSA: scarlett2: Default mixer driver to enabled
     - ALSA: scarlett2: Add correct product series name to messages
     - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
     - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
     - PCI/DPC: Use FIELD_GET()
     - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
     - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2
     - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
     - usb: xhci: Add timeout argument in address_device USB HCD callback
     - usb: new quirk to reduce the SET_ADDRESS request timeout
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - clk: remove unnecessary (void*) conversions
     - clk: Show active consumers of clocks in debugfs
     - clk: Get runtime PM before walking tree for clk_summary
     - [x86] bugs: Fix BHI retpoline check
     - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
     - [arm*] binder: check offset alignment in binder_get_object()
       (CVE-2024-26926)
     - [x86] thunderbolt: Avoid notify PM core about runtime PM resume
     - [x86] thunderbolt: Fix wake configurations after device unplug
     - [x86] comedi: vmk80xx: fix incomplete endpoint checking
     - [armhf] serial: stm32: Return IRQ_NONE in the ISR if no handling happend
     - [armhf] serial: stm32: Reset .throttled state in .startup()
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - Revert "usb: cdc-wdm: close race between read and workqueue"
     - [arm64,armhf] usb: dwc2: host: Fix dereference issue in DDMA completion
       flow.
     - usb: Disable USB3 LPM at shutdown
     - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
       error
     - mei: me: disable RPL-S on SPS and IGN firmwares
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - [x86] KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel
       compatible
     - [x86] KVM: x86/pmu: Disable support for adaptive PEBS
     - [x86] KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
     - [arm64] hibernate: Fix level3 translation fault in swsusp_save()
     - init/main.c: Fix potential static_command_line memory overflow
     - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
       (CVE-2024-26922)
     - drm/vmwgfx: Sort primary plane formats by order of preference
     - drm/vmwgfx: Fix crtc's atomic check conditional
     - nouveau: fix instmem race condition around ptr stores
     - bootconfig: use memblock_free_late to free xbc memory to buddy
     - nilfs2: fix OOB in nilfs_set_de_type
     - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - ksmbd: common: use struct_group_attr instead of struct_group for
       network_open_info
     - PCI/ASPM: Fix deadlock when enabling ASPM (CVE-2024-26605)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.89
     - Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
     - smb: client: fix rename(2) regression against samba
     - cifs: reinstate original behavior again for forceuid/forcegid
     - [amd64] HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
       dev->devc
     - HID: logitech-dj: allow mice to use all types of reports
     - wifi: iwlwifi: mvm: remove old PASN station when adding a new one
     - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
     - vxlan: drop packets from invalid src-address
     - icmp: prevent possible NULL dereferences from icmp_build_probe()
     - bridge/br_netlink.c: no need to return void function
     - bnxt_en: refactor reset close code
     - bnxt_en: Fix the PCI-AER routines
     - NFC: trf7970a: disable all regulators on removal
     - ax25: Fix netdev refcount issue
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
     - ipv4: check for NULL idev in ip_route_use_hint()
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
     - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
     - Bluetooth: qca: set power_ctrl_enabled on NULL returned by
       gpiod_get_optional()
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - eth: bnxt: fix counting packets discarded due to OOM and netpoll
     - netfilter: nf_tables: honor table dormant flag from netdev release event
       path
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - i40e: Report MFS in decimal base instead of hex
     - iavf: Fix TC config comparison with existing adapter TC config
     - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - cifs: Replace remaining 1-element arrays (Closes: #1069102, #1069092)
     - Revert "crypto: api - Disallow identical driver names"
     - virtio_net: Do not send RSS key if it is not supported
     - fork: defer linking file vma until vma is fully initialized
       (CVE-2024-27022)
     - [x86] cpu: Fix check for RDPKRU in __show_regs()
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - Bluetooth: qca: fix NULL-deref on non-serdev suspend
     - [arm64] mmc: sdhci-msm: pervent access to suspended controller
     - smb: client: Fix struct_group() usage in __packed structs
     - smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
     - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - cpu: Re-enable CPU mitigations by default for !X86 architectures
     - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ACPI: CPPC: Use access_width over bit_width for system memory accesses
     - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
     - ACPI: CPPC: Fix access width used for PCC registers
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - fbdev: fix incorrect address computation in deferred IO
     - udp: preserve the connected status if only UDP cmsg
     - mtd: diskonchip: work around ubsan link failure
     - [x86] tdx: Preserve shared bit on mprotect()
     - [x86] idma64: Don't try to serve interrupts when device is powered off
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix out of bounds read
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix hardcoded array size
     - [arm64] phy: rockchip-snps-pcie3: fix bifurcation on rk3588
     - [arm64] phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits
     - [amd64] dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
     - i2c: smbus: fix NULL function pointer dereference
     - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
     - macsec: Enable devices to advertise whether they update sk_buff md_dst
       during offloads
     - macsec: Detect if Rx skb is macsec-related for offloading devices that
       update md_dst
     - net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for
       MACsec
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 21
   * drivers/tty: Disable N_GSM
   * tipc: fix UAF in error path
   * tipc: fix a possible memleak in tipc_buf_append
linux-signed-arm64 (6.1.90+1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Sign kernel from linux 6.1.90-1~bpo11+1
 .
   * Rebuild for bullseye-backports:
     - Set ABI to 0.deb11.21
linux-signed-arm64 (6.1.85+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.85-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
     - md: fix data corruption for raid456 when reshape restart while grow up
     - md/raid10: prevent soft lockup while flush writes
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - nfsd: allow nfsd_file_get to sanely handle a NULL pointer
     - nfsd: don't open-code clear_and_wake_up_bit
     - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
     - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
     - nfsd: don't kill nfsd_files because of lease break error
     - nfsd: add some comments to nfsd_file_do_acquire
     - nfsd: don't take/put an extra reference when putting a file
     - nfsd: update comment over __nfsd_file_cache_purge
     - nfsd: allow reaping files still under writeback
     - NFSD: Convert filecache to rhltable
     - nfsd: simplify the delayed disposal list code
     - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
     - NFSD: Add an nfsd4_encode_nfstime4() helper
     - nfsd: Fix creation time serialization order
     - [arm64] media: rkisp1: Fix IRQ handling due to shared interrupts
     - perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child
       count)
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
     - [x86] xen: Add some null pointer checking to smp.c
     - [mips*] Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - [arm64] sve: Lower the maximum allocation for the SVE ptrace regset
     - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - [arm64] dts: Fix dtc interrupt_provider warnings
     - btrfs: fix data races when accessing the reserved amount of block reserves
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
     - net: smsc95xx: add support for SYS TEC USB-SPEmodule1
     - wifi: mac80211: only call drv_sta_rc_update for uploaded stations
     - [x86] ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
     - Bluetooth: mgmt: Fix limited discoverable off timeout
     - firewire: core: use long bus reset on gap count error
     - [arm64] tegra: Set the correct PHY mode for MGBE
     - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
       tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - [x86] ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - [x86] ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - [x86] ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - fs: Fix rw_hint validation
     - [s390x] dasd: add autoquiesce feature
     - [s390x] dasd: Use dev_*() for device log messages
     - [s390x] dasd: fix double module refcount decrement
     - rcu/exp: Fix RCU expedited parallel grace period kworker allocation
       failure recovery
     - rcu/exp: Handle RCU expedited grace period kworker allocation failure
     - nbd: null check for nla_nest_start
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
     - io_uring/net: move receive multishot out of the generic msghdr path
     - io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
     - [x86] resctrl: Implement new mba_MBps throttling heuristic
     - [x86] sme: Fix memory encryption setting if enabled by default and not
       overridden
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_smt()
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: do not realloc workqueue everytime an interface is added
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - libbpf: Apply map_set_def_max_entries() for inner_maps on creation
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - libbpf: Fix faccessat() usage on Android
     - pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
     - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - gpio: vf610: allow disabling the vf610 driver
     - [arm64] dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - wifi: wfx: fix memory leak when starting AP
     - printk: Disable passing console lock owner completely during panic()
     - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
     - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
     - tools/resolve_btfids: Fix cross-compilation to non-host endianness
     - wifi: iwlwifi: mvm: don't set replay counters to 0xff
     - [s390x] pai: fix attr_event_free upper limit for pai device drivers
     - [s390x] vdso: drop '-fPIC' from LDFLAGS
     - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
     - [arm64] dts: mt8183: kukui: Split out keyboard node and describe
       detachables
     - [arm64] dts: mt8183: Move CrosEC base detection node to kukui-based DTs
     - [arm64] dts: mediatek: mt7986: add "#reset-cells" to infracfg
     - [arm64] dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
     - [arm64] dts: mediatek: mt8192: fix vencoder clock name
     - [arm64] dts: mediatek: mt7622: add missing "device_type" to memory nodes
     - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
     - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
       interfaces
     - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
     - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
     - [amd64] iommu/amd: Mark interrupt as managed
     - wifi: brcmsmac: avoid function pointer casts
     - [arm64] dts: qcom: sdm845-db845c: correct PCIe wake-gpios
     - [arm64] dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs
     - [arm64] dts: qcom: sm8150: correct PCIe wake-gpios
     - powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
     - net: ena: Remove ena_select_queue
     - [arm64] dts: mt8195-cherry-tomato: change watchdog reset boot flow
     - firmware: arm_scmi: Fix double free in SMC transport cleanup path
     - wifi: wilc1000: revert reset line logic flip
     - net: mctp: copy skb ext data when fragmenting
     - pstore: inode: Convert mutex usage to guard(mutex)
     - pstore: inode: Only d_invalidate() is needed
     - [arm64] dts: allwinner: h6: Add RX DMA channel for SPDIF
     - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
     - ACPI: resource: Do IRQ override on Lunnen Ground laptops
     - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
     - ACPI: scan: Fix device check notification handling
     - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
     - SUNRPC: fix some memleaks in gssx_dec_option_array
     - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
       .remove function
     - ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
     - wifi: rtw88: 8821c: Fix beacon loss and disconnect
     - wifi: rtw88: 8821c: Fix false alarm count
     - PCI: Make pci_dev_is_disconnected() helper public for other drivers
     - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
       disconnected
     - igb: Fix missing time sync events
     - Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
     - Bluetooth: mgmt: Remove leftover queuing of power_off work
     - Bluetooth: Remove superfluous call to hci_conn_check_pending()
     - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
     - Bluetooth: Cancel sync command before suspend and power off
     - Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
     - Bluetooth: hci_conn: Consolidate code for aborting connections
     - Bluetooth: hci_core: Cancel request on command timeout
     - Bluetooth: hci_sync: Fix overwriting request callback
     - Bluetooth: hci_core: Fix possible buffer overflow
     - Bluetooth: af_bluetooth: Fix deadlock
     - Bluetooth: fix use-after-free in accessing skb after sending it
     - [s390x] cache: prevent rebuild of shared_cpu_list
     - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
     - bpf: Fix hashtab overflow check on 32-bit arches
     - bpf: Fix stackmap overflow check on 32-bit arches
     - [amd64] iommu/vt-d: Retrieve IOMMU perfmon capability information
     - ipv6: fib6_rules: flush route cache when rule is changed
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
     - net: phy: fix phy_get_internal_delay accessing an empty array
     - [arm64] net: hns3: fix wrong judgment condition issue
     - [arm64] net: hns3: fix kernel crash when 1588 is received on HIP08 devices
     - [arm64] net: hns3: fix port duplex configure error in IMP reset
     - Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH
     - Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
     - Bluetooth: Fix eir name length
     - net: phy: dp83822: Fix RGMII TX delay configuration
     - OPP: debugfs: Fix warning around icc_get_name()
     - tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
       function
     - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
       function
     - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
       function
     - udp: fix incorrect parameter validation in the udp_lib_getsockopt()
       function
     - net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
       function
     - nfp: flower: handle acti_netdevs allocation failure
     - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
     - dm raid: fix false positive for requeue needed during reshape
     - dm: call the resume method on internal suspend
     - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
     - [arm64,armhf] drm/tegra: dpaux: Fix PM disable depth imbalance in
       tegra_dpaux_probe
     - [arm64,armhf] drm/tegra: dsi: Make use of the helper function
       dev_err_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
       tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
       error handling path of tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
     - [arm64,armhf] drm/tegra: hdmi: Fix some error handling paths in
       tegra_hdmi_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix some error handling paths in
       tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix missing clk_put() in the error handling
       paths of tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
       error handling paths of tegra_output_probe()
     - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
     - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
     - drm/panel-edp: use put_sync in unprepare
     - drm/lima: fix a memleak in lima_heap_alloc
     - [x86] ASoC: amd: acp: Add missing error handling in sof-mach
     - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
     - media: tc358743: register v4l2 async device only after successful setup
     - PCI/DPC: Print all TLP Prefixes, not just the first
     - perf record: Fix possible incorrect free in record__switch_output()
     - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
     - drm/amd/display: Fix a potential buffer overflow in
       'dp_dsc_clock_en_read()'
     - drm/amd/display: Fix potential NULL pointer dereferences in
       'dcn10_set_output_transfer_func()'
     - pinctrl: renesas: r8a779g0: Add Audio SSI pins, groups, and functions
     - pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
     - clk: samsung: exynos850: Propagate SPI IPCLK rate change
     - perf evsel: Fix duplicate initialization of data->id in
       evsel__parse_sample()
     - clk: meson: Add missing clocks to axg_clk_regmaps
     - media: em28xx: annotate unchecked call to media_device_register()
     - media: v4l2-tpg: fix some memleaks in tpg_alloc
     - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
     - media: edia: dvbdev: fix a use-after-free
     - clk: qcom: reset: Commonize the de/assert functions
     - clk: qcom: reset: Ensure write completion on reset de/assertion
     - quota: simplify drop_dquot_ref()
     - quota: Fix potential NULL pointer dereference
     - quota: Fix rcu annotations of inode dquot pointers
     - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
     - crypto: xilinx - call finalize with bh disabled
     - perf thread_map: Free strlist on normal path in
       thread_map__new_by_tid_str()
     - [arm64] drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
     - [arm64] drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
       enabled
     - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
     - ALSA: seq: fix function cast warnings
     - perf stat: Avoid metric-only segv
     - [arm64,armhf] ASoC: meson: aiu: fix function pointer type mismatch
     - [arm64,armhf] ASoC: meson: t9015: fix function pointer type mismatch
     - [powerpc*] Force inlining of arch_vmap_p{u/m}d_supported()
     - [x86] ASoC: SOF: Introduce container struct for SOF firmware
     - [x86] ASoC: SOF: Add some bounds checking to firmware data
     - NTB: EPF: fix possible memory leak in pci_vntb_probe()
     - NTB: fix possible name leak in ntb_register_device()
     - media: cedrus: h265: Associate mv col buffers with buffer
     - media: cedrus: h265: Fix configuring bitstream size
     - media: sun8i-di: Fix coefficient writes
     - media: sun8i-di: Fix power on/off sequences
     - media: sun8i-di: Fix chroma difference threshold
     - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
     - media: go7007: add check of return value of go7007_read_addr()
     - media: pvrusb2: remove redundant NULL check
     - media: pvrusb2: fix pvr2_stream_callback casts
     - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
     - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
     - clk: hisilicon: hi3519: Release the correct number of gates in
       hi3519_clk_unregister()
     - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
     - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
       tegra_fb_create
     - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
     - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
       a ref
     - crypto: jitter - fix CRYPTO_JITTERENTROPY help text
     - drm/tidss: Fix initial plane zpos values
     - drm/tidss: Fix sync-lost issue with two displays
     - mtd: maps: physmap-core: fix flash size larger than 32-bit
     - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: fix mclk setup without
       mclk-fs
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: add frame rate constraint
     - HID: amd_sfh: Update HPD sensor structure elements
     - HID: amd_sfh: Avoid disabling the interrupt
     - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
     - media: pvrusb2: fix uaf in pvr2_context_set_notify
     - media: dvb-frontends: avoid stack overflow warnings with clang
     - media: go7007: fix a memleak in go7007_load_encoder
     - media: ttpci: fix two memleaks in budget_av_attach
     - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
     - gpio: nomadik: fix offset bug in nmk_pmx_set()
     - [powerpc*] pseries: Fix potential memleak in papr_get_attr()
     - [powerpc*] hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value
       checks
     - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
     - modules: wait do_free_init correctly
     - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
     - leds: aw2013: Unlock mutex before destroying it
     - leds: sgm3140: Add missing timer cleanup and flash gpio control
     - backlight: lm3630a: Initialize backlight_properties on init
     - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
     - backlight: da9052: Fully initialize backlight_properties during probe
     - backlight: lm3639: Fully initialize backlight_properties during probe
     - backlight: lp8788: Fully initialize backlight_properties during probe
     - clk: Fix clk_core_get NULL dereference
     - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
     - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
     - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
     - RDMA/irdma: Allow accurate reporting on QP max send/recv WR
     - RDMA/irdma: Remove duplicate assignment
     - RDMA/srpt: Do not register event handler until srpt device is fully setup
     - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
     - f2fs: compress: fix to guarantee persisting compressed blocks by CP
     - f2fs: compress: fix to cover normal cluster write with cp_rwsem
     - f2fs: compress: fix to check unreleased compressed cluster
     - f2fs: simplify __allocate_data_block
     - f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN
     - f2fs: delete obsolete FI_DROP_CACHE
     - f2fs: introduce get_dnode_addr() to clean up codes
     - f2fs: update blkaddr in __set_data_blkaddr() for cleanup
     - f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
     - f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
     - f2fs: fix to avoid potential panic during recovery
     - scsi: csiostor: Avoid function pointer casts
     - [arm64] RDMA/hns: Fix mis-modifying default congestion control algorithm
     - RDMA/device: Fix a race between mad_client and cm_client init
     - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
     - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
     - f2fs: compress: fix to check zstd compress level correctly in mount option
     - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
     - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
     - NFSv4.2: fix listxattr maximum XDR buffer size
     - f2fs: compress: fix to check compress flag w/ .i_sem lock
     - f2fs: check number of blocks in a current section
     - watchdog: stm32_iwdg: initialize default timeout
     - f2fs: ro: compress: fix to avoid caching unaligned extent
     - NFS: Fix an off by one in root_nfs_cat()
     - f2fs: convert to use sbi directly
     - f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
     - f2fs: compress: fix reserve_cblocks counting error when out of space
     - [x86] perf/x86/amd/core: Avoid register reset when CPU is dead
     - afs: Revert "afs: Hide silly-rename files from userspace"
     - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
     - io_uring/net: correct the type of variable
     - comedi: comedi_test: Prevent timers rescheduling during deletion
     - [armhf] remoteproc: stm32: use correct format strings on 64-bit
     - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
     - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
       stm32_rproc_get_loaded_rsc_tablef
     - usb: phy: generic: Get the vbus supply
     - tty: vt: fix 20 vs 0x20 typo in EScsiignore
     - serial: max310x: fix syntax error in IRQ error message
     - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
     - [arm64] dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
     - hwtracing: hisi_ptt: Move type check to the beginning of
       hisi_ptt_pmu_event_init()
     - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
     - serial: 8250_exar: Don't remove GPIO device on suspend
     - staging: greybus: fix get_channel_from_mode() failure path
     - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
     - nouveau: reset the bo resource bus info after an eviction
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
     - [s390x] vtime: fix average steal time calculation
     - net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)
     - soc: fsl: dpio: fix kcalloc() argument order
     - tcp: Fix refcnt handling in __inet_hash_connect().
     - hsr: Fix uninit-value access in hsr_get_node()
     - nvme: only set reserved_tags in nvme_alloc_io_tag_set for fabrics
       controllers
     - nvme: add the Apple shared tag workaround to nvme_alloc_io_tag_set
     - nvme: fix reconnection fail due to reserved tag allocation
     - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
     - net: ethernet: mtk_eth_soc: fix PPE hanging issue
     - packet: annotate data-races around ignore_outgoing
     - net: veth: do not manipulate GRO when using XDP
     - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
     - drm: Fix drm_fixp2int_round() making it add 0.5
     - vdpa_sim: reset must not run
     - vdpa/mlx5: Allow CVQ size changes
     - wireguard: receive: annotate data-race around receiving_counter.counter
     - rds: introduce acquire/release ordering in acquire/release_in_xmit()
     - hsr: Handle failures in module init
     - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
     - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
     - dm-integrity: fix a memory leak when rechecking the data
     - net/bnx2x: Prevent access to a freed page in page_pool
     - netfilter: nft_set_pipapo: release elements in clone only from destroy
       path (CVE-2024-26809)
     - netfilter: nf_tables: do not compare internal table flags on updates
     - rcu: add a helper to report consolidated flavor QS
     - net: report RCU QS on threaded NAPI repolling
     - bpf: report RCU QS in cpumap kthread
     - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
     - net: dsa: mt7530: fix handling of all link-local frames
     - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
     - dm: address indent/space issues
     - dm io: Support IO priority
     - dm-integrity: align the outgoing bio in integrity_recheck
     - [armhf] remoteproc: stm32: fix incorrect optional pointers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
     - [x86] cpu: Support AMD Automatic IBRS
     - [x86] bugs: Use sysfs_emit()
     - [x86] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
       leafs
     - [x86] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - [x86] KVM: x86: Use a switch statement and macros in __feature_translate()
     - timers: Update kernel-doc for various functions
     - timers: Use del_timer_sync() even on UP
     - timers: Rename del_timer_sync() to timer_delete_sync()
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
     - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
     - [arm64] dts: qcom: sc7280: Add additional MSI interrupts
     - [arm64,armhf] remoteproc: virtio: Fix wdg cannot recovery remote processor
     - [arm64] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
     - [armhf] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
     - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
     - serial: max310x: fix NULL pointer dereference in I2C instantiation
     - pci_iounmap(): Fix MMIO mapping leak
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
     - media: mc: Add local pad to pipeline regardless of the link state
     - media: mc: Fix flags handling when creating pad links
     - media: mc: Add num_links flag to media_pad
     - media: mc: Rename pad variable to clarify intent
     - media: mc: Expand MUST_CONNECT flag to always require an enabled link
     - KVM: Always flush async #PF workqueue when vCPU is being destroyed
     - [x86] cpufreq: amd-pstate: Fix min_perf assignment in
       amd_pstate_adjust_perf()
     - [powerpc*] smp: Adjust nr_cpu_ids to cover all threads of a core
     - [powerpc*] smp: Increase nr_cpu_ids to include the boot CPU
     - [x86] crypto: qat - fix double free during reset
     - [x86] crypto: qat - resolve race condition during AER recovery
     - ext4: correct best extent lstart adjustment logic
     - block: Clear zone limits for a non-zoned stacked queue
     - bounds: support non-power-of-two CONFIG_NR_CPUS
     - fat: fix uninitialized field in nostale filehandles
     - ubifs: Set page uptodate in the correct place
     - ubi: Check for too small LEB size in VTBL code
     - ubi: correct the calculation of fastmap size
     - md/raid5: fix atomicity violation in raid5_cache_count
     - cpufreq: Limit resolving a frequency to policy min/max
     - PM: suspend: Set mem_sleep_current during kernel command line setup
     - usb: xhci: Add error handling in xhci_map_urb_for_dma
     - [powerpc*] fsl: Fix mfpmr build errors with newer binutils
     - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
     - USB: serial: add device ID for VeriFone adapter
     - USB: serial: cp210x: add ID for MGP Instruments PDS100
     - USB: serial: option: add MeiG Smart SLM320 product
     - [x86] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
     - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
     - PM: sleep: wakeirq: fix wake irq warning in system suspend
     - mmc: tmio: avoid concurrent runs of mmc_request_done()
     - fuse: fix root lookup with nonzero generation
     - fuse: don't unhash root
     - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
     - serial: Lock console when calling into driver before registration
     - btrfs: qgroup: always free reserved space for extent records
     - btrfs: fix off-by-one chunk length calculation at
       contains_pending_extent()
     - PCI/PM: Drain runtime-idle callbacks before driver removal
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
     - dm-raid: fix lockdep waring in "pers->hot_add_disk"
     - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
     - mac802154: fix llsec key resources release in mac802154_llsec_key_del
     - swap: comments get_swap_device() with usage rule
     - mm: swap: fix race between free_swap_and_cache() and swapoff()
     - mmc: core: Fix switch on gp3 partition
     - [arm64,armhf] drm/etnaviv: Restore some id values
     - landlock: Warn once if a Landlock action is requested while disabled
     - hwmon: (amc6821) add of_match table
     - ext4: fix corruption during on-line resize
     - nvmem: meson-efuse: fix function pointer type mismatch
     - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
     - phy: tegra: xusb: Add API to retrieve the port number of phy
     - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
     - speakup: Fix 8bit characters from direct synth
     - PCI/AER: Block runtime suspend when handling errors
     - io_uring/net: correctly handle multishot recvmsg retry setup
     - nfs: fix UAF in direct writes
     - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
     - [arm64] PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP
       version
     - [arm64] PCI: qcom: Enable BDF to SID translation properly
     - [amd64,arm64] PCI: hv: Fix ring buffer size calculation
     - vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
     - vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
     - vfio/pci: Remove negative check on unsigned vector
     - vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
     - vfio/platform: Disable virqfds on cleanup
     - ksmbd: retrieve number of blocks using vfs_getattr in
       set_file_allocation_info
     - ring-buffer: Fix waking up ring buffer readers
     - ring-buffer: Do not set shortest_full when full target is hit
     - ring-buffer: Fix resetting of shortest_full
     - ring-buffer: Fix full_waiters_pending in poll
     - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
     - [s390x] zcrypt: fix reference counting on zcrypt card objects
     - drm/probe-helper: warn about negative .get_modes()
     - drm/panel: do not return negative error codes from drm_panel_get_modes()
     - [armhf] drm/exynos: do not return negative values from .get_modes()
     - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
     - [arm64,armhf] drm/vc4: hdmi: do not return negative values from
       .get_modes()
     - memtest: use {READ,WRITE}_ONCE in memory scanning
     - Revert "block/mq-deadline: use correct way to throttling write requests"
     - f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
     - f2fs: truncate page cache before clearing flags when aborting atomic write
     - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
     - nilfs2: prevent kernel bug at submit_bh_wbc()
     - cifs: open_cached_dir(): add FILE_READ_EA to desired access
     - cpufreq: dt: always allocate zeroed cpumask
     - [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
     - NFSD: Fix nfsd_clid_class use of __string_len() macro
     - net: hns3: tracing: fix hclgevf trace event strings
     - wireguard: netlink: check for dangling peer via is_dead instead of empty
       list
     - wireguard: netlink: access device through ctx instead of peer
     - ahci: asm1064: correct count of reported ports
     - ahci: asm1064: asm1166: don't limit reported ports
     - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
     - drm/amd/display: Return the correct HDCP error code
     - drm/amd/display: Fix noise issue on HDMI AV mute
     - dm snapshot: fix lockup in dm_exception_table_exit
     - [x86] pm: Work around false positive kmemleak report in
       msr_build_context()
     - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
       return value"
     - [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
       (Closes: #1065320)
     - tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout (CVE-2024-26643)
     - netfilter: nf_tables: disallow anonymous set with timeout flag
       (CVE-2024-26642)
     - netfilter: nf_tables: reject constant set with timeout
     - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
       memory
     - init/Kconfig: lower GCC version check for -Warray-bounds
     - [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
     - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
       svm_register_enc_region()
     - tracing: Use .flush() call to wake up readers
     - drm/amdgpu/pm: Fix the error of pwm1_enable setting
     - [x86] drm/i915: Check before removing mm notifier
     - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
       ALC897 platform
     - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
     - usb: gadget: ncm: Fix handling of zero block length packets
     - usb: port: Don't try to peer unused USB ports based on location
     - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
     - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
       suspend/resume
     - mei: me: add arrow lake point S DID
     - mei: me: add arrow lake point H DID
     - vt: fix unicode buffer corruption when deleting characters
     - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
     - ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
     - tee: optee: Fix kernel panic caused by incorrect error handling
     - mm, vmscan: prevent infinite loop for costly GFP_NOIO |
       __GFP_RETRY_MAYFAIL allocations
     - iio: accel: adxl367: fix DEVID read after reset
     - iio: accel: adxl367: fix I2C FIFO data register
     - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
     - drm/amd/display: handle range offsets in VRR ranges
     - [x86] efistub: Call mixed mode boot services on the firmware's stack
     - net: tls: handle backlogging of crypto requests (CVE-2024-26584)
     - [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
     - iommu: Avoid races around default domain allocations
     - clocksource/drivers/arm_global_timer: Fix maximum prescaler value
     - entry: Respect changes to system call number by trace_sys_enter()
     - minmax: add umin(a, b) and umax(a, b)
     - swiotlb: Fix alignment checks when both allocation and DMA masks are
       present
     - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
     - printk: Update @console_may_schedule in console_trylock_spinning()
     - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
     - irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
     - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
       on register's index
     - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
     - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
     - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
       type
     - [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
       address
     - [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
     - pwm: img: fix pwm clock lookup
     - tty: serial: imx: Fix broken RS485
     - block: Fix page refcounts for unaligned buffers in __bio_release_pages()
     - blk-mq: release scheduler resource when request completes
     - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
     - vfio: Introduce interface to flush virqfd inject workqueue
     - vfio/pci: Create persistent INTx handler (CVE-2024-26812)
     - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
     - vfio/fsl-mc: Block calling interrupt handler without trigger
       (CVE-2024-26814)
     - [x86] coco: Export cc_vendor
     - [x86] coco: Get rid of accessor functions
     - [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
     - [x86] sev: Fix position dependent variable references in startup code
     - mm/migrate: set swap entry values of THP tail pages properly.
     - init: open /initrd.image with O_LARGEFILE
     - [x86] efistub: Add missing boot_params for mixed mode compat entry
     - btrfs: zoned: don't skip block groups with 100% zone unusable
     - btrfs: zoned: use zone aware sb location for scrub
     - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
     - wifi: iwlwifi: fw: don't always use FW dump trig
     - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
     - hexagon: vmlinux.lds.S: handle attributes section
     - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
       HS200 mode
     - mmc: core: Initialize mmc_blk_ioc_data
     - mmc: core: Avoid negative index with array access
     - block: Do not force full zone append completion in req_bio_endio()
     - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
     - nouveau/dmem: handle kcalloc() allocation failure
     - net: ll_temac: platform_get_resource replaced by wrong function
     - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
     - [x86] drm/i915/bios: Tolerate devdata==NULL in
       intel_bios_encoder_supports_dp_dual_mode()
     - [x86] drm/i915/gt: Reset queue_priority_hint on parking
     - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
     - Revert "usb: phy: generic: Get the vbus supply"
     - usb: cdc-wdm: close race between read and workqueue
     - USB: UAS: return ENODEV when submit urbs fail with device not attached
     - usb: dwc3-am62: Rename private data
     - usb: dwc3-am62: fix module unload/reload behavior
     - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
       (CVE-2024-26654)
     - scsi: core: Fix unremoved procfs host directory regression
     - staging: vc04_services: changen strncpy() to strscpy_pad()
     - staging: vc04_services: fix information leak in create_component()
     - USB: core: Add hub_get() and hub_put() routines
     - USB: core: Fix deadlock in port "disable" sysfs attribute
     - scsi: sd: Fix TCG OPAL unlock on system resume
     - usb: dwc2: host: Fix remote wakeup from hibernation
     - usb: dwc2: host: Fix hibernation flow
     - usb: dwc2: host: Fix ISOC flow in DDMA mode
     - usb: dwc2: gadget: Fix exiting from clock gating
     - usb: dwc2: gadget: LPM flow fix
     - usb: udc: remove warning when queue disabled ep
     - usb: typec: Return size of buffer if pd_set operation succeeds
     - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
     - usb: typec: ucsi: Ack unsupported commands
     - usb: typec: ucsi_acpi: Refactor and fix DELL quirk
     - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
     - scsi: qla2xxx: Prevent command send on chip reset
     - scsi: qla2xxx: Fix N2N stuck connection
     - scsi: qla2xxx: Split FCE|EFT trace control
     - scsi: qla2xxx: Update manufacturer detail
     - scsi: qla2xxx: NVME|FCP prefer flag not being honored
     - scsi: qla2xxx: Fix command flush on cable pull
     - scsi: qla2xxx: Fix double free of fcport
     - scsi: qla2xxx: Change debug message during driver unload
     - scsi: qla2xxx: Delay I/O Abort on PCI error
     - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
     - tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
     - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
     - scsi: lpfc: Correct size for wqe for memset()
     - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
     - scsi: libsas: Fix disk not being scanned in after being removed
     - [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
     - USB: core: Fix deadlock in usb_deauthorize_interface()
     - tools/resolve_btfids: fix build with musl libc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
     - scripts/bpf_doc: Use silent mode when exec make cmd
     - dma-buf: Fix NULL pointer dereference in sanitycheck()
     - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
     - mlxbf_gige: stop PHY during open() error paths
     - wifi: iwlwifi: mvm: rfi: fix potential response leaks
     - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
     - [s390x] qeth: handle deferred cc1
     - tcp: properly terminate timers for kernel sockets
     - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
     - [arm64] net: hns3: fix index limit to support all queue stats
     - [arm64] net: hns3: fix kernel crash when devlink reload during pf
       initialization
     - [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
     - tls: recv: process_rx_list shouldn't use an offset with kvec
     - tls: adjust recv return with async crypto and failed copy to userspace
     - tls: get psock ref after taking rxlock to avoid leak
     - mlxbf_gige: call request_irq() after NAPI initialized
     - bpf: Protect against int overflow for stack access size
     - cifs: Fix duplicate fscache cookie warnings
     - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
     - inet: inet_defrag: prevent sk release while still in use
     - dm integrity: fix out-of-range warning
     - [x86] cpufeatures: Add new word for scattered features
     - [x86] perf/x86/amd/lbr: Use freeze based on availability
     - [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
     - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
     - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
       word
     - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
     - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
     - Bluetooth: qca: fix device-address endianness
     - Bluetooth: add quirk for broken address properties
     - Bluetooth: hci_event: set the conn encrypted before conn establishes
     - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
       CVE-2024-24858)
     - xen-netfront: Add missing skb_mark_for_recycle
     - net/rds: fix possible cp null dereference
     - net: usb: ax88179_178a: avoid the interface always configured as random
       address
     - vsock/virtio: fix packet delivery to tap device
     - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
       mapped."
     - netfilter: nf_tables: reject new basechain after table flag update
     - netfilter: nf_tables: flush pending destroy work before exit_net release
     - netfilter: nf_tables: Fix potential data-race in
       __nft_flowtable_type_get()
     - netfilter: validate user input for expected length
     - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
     - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
     - net/sched: act_skbmod: prevent kernel-infoleak
     - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
     - net: stmmac: fix rx queue priority assignment
     - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
     - net: phy: micrel: Fix potential null pointer dereference
     - gro: fix ownership transfer
     - [x86] bugs: Fix the SRSO mitigation on Zen3/4
     - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
       for !SRSO
     - i40e: Fix VF MAC filter removal
     - erspan: make sure erspan_base_hdr is present in skb->head
     - ipv6: Fix infinite recursion in fib6_dump_done().
     - mlxbf_gige: stop interface during shutdown
     - r8169: skip DASH fw status checks when DASH is disabled
     - udp: do not accept non-tunnel GSO skbs landing in a tunnel
     - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
     - udp: prevent local UDP tunnel packets from being GROed
     - i40e: fix i40e_count_filters() to count only active/new filters
     - i40e: fix vf may be used uninitialized in this function warning
     - drm/amd: Evict resources during PM ops prepare() callback
     - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
     - drm/amd: Flush GFXOFF requests in prepare stage
     - i40e: Store the irq number in i40e_q_vector
     - i40e: Remove _t suffix from enum type names
     - i40e: Enforce software interrupt during busy-poll exit
     - r8169: use spinlock to protect mac ocp register access
     - r8169: use spinlock to protect access to registers Config2 and Config5
     - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
     - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
       non-wildcard addresses.
     - drivers: net: convert to boolean for the mac_managed_pm flag
     - net: fec: Set mac_managed_pm during probe
     - [x86] KVM: SVM: enhance info printk's in SEV init
     - [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
     - [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
     - [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
     - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
     - 9p: Fix read/write debug statements to report server reply
     - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
     - drm/panfrost: fix power transition timeout warnings
     - ASoC: rt5682-sdw: fix locking sequence
     - [x86] ASoC: rt711-sdca: fix locking sequence
     - ASoC: rt711-sdw: fix locking sequence
     - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
     - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
     - scsi: mylex: Fix sysfs buffer lengths
     - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
     - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
     - ata: sata_mv: Fix PCI device ID table declaration compilation warning
     - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
     - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
     - ksmbd: don't send oplock break if rename fails
     - ksmbd: validate payload size in ipc response (CVE-2024-26811)
     - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
     - ALSA: hda/realtek - Fix inactive headset mic jack
     - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
       microphone
     - driver core: Introduce device_link_wait_removal()
     - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
     - [x86] mm/pat: fix VM_PAT handling in COW mappings
     - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
     - [x86] coco: Require seeding RNG with RDRAND on CoCo systems
     - [s390x] entry: align system call table on 8 bytes
     - smb3: retrying on failed server close
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - smb: client: fix potential UAF in cifs_stats_proc_write()
     - smb: client: fix potential UAF in cifs_stats_proc_show()
     - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_valid_lease_break()
     - smb: client: fix potential UAF in is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_network_name_deleted()
     - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
     - mptcp: don't account accept() of non-MPC client as fallback to TCP
     - mm/secretmem: fix GUP-fast succeeding on secretmem folios
     - nvme: fix miss command type check
     - [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - [x86] syscall: Don't force use of indirect calls for system calls
     - [x86] Mitigate Native Branch History Injection vulnerability
       (CVE-2024-2201):
       + [x86] bhi: Add support for clearing branch history at syscall entry
       + [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
       + [x86] bhi: Enumerate Branch History Injection (BHI) bug
       + [x86] bhi: Add BHI mitigation knob
       + [x86] bhi: Mitigate KVM by default
       + [x86] KVM: x86: Add BHI_NO
       + [x86] set SPECTRE_BHI_ON as default
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 20
   * Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
     changes in 6.1.84)
   * [rt] Refresh "serial: 8250: implement write_atomic"
   * Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
   * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
     (Closes: #1068770)
   * Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
     properties" (Closes: #1068675)
   * Revert "scsi: core: Add struct for args to execution functions"
   * scsi: sd: usb_storage: uas: Access media prior to querying device properties
linux-signed-arm64 (6.1.82+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.82-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
     - [arm64] irq: set the correct node for VMAP stack
     - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - [powerpc*] Fix build error due to is_valid_bugaddr()
     - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
     - [x86] boot: Ignore NMIs during very early boot
     - [powerpc*] pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - [powerpc*] lib: Validate size for vector operations
     - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
       kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - UBSAN: array-index-out-of-bounds in dtSplitRoot
     - jfs: fix slab-out-of-bounds Read in dtSearch
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - jfs: fix uaf in jfs_evict_inode
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - erofs: fix ztailpacking for subpage compressed blocks
     - [armhf] crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
     - [s390x] ptrace: handle setting of fpc register correctly
     - [s390x] KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
       (CVE-2023-52622)
     - wifi: rt2x00: restart beacon queue when hardware reset
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - [arm64] soc: xilinx: Fix for call trace due to the usage of
       smp_processor_id()
     - [arm64] soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
       early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
       (CVE-2023-52621)
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
       path
     - block: prevent an integer overflow in bvec_try_merge_hw_page
     - md: Whenassemble the array, consult the superblock of the freshest device
     - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
     - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
     - ice: fix pre-shifted bit usage
     - [arm64] dts: amlogic: fix format for s4 uart node
     - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
     - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
     - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
     - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
     - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
     - Bluetooth: hci_sync: fix BR/EDR wakeup bug
     - Bluetooth: L2CAP: Fix possible multiple reject send
     - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
     - i40e: Fix VF disable behavior to block all traffic
     - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
     - f2fs: fix to check return value of f2fs_reserve_new_block()
     - ALSA: hda: Refer to correct stream index at loops
     - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
     - fast_dput(): handle underflows gracefully
     - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
     - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
     - drm/amd/display: Fix tiled display misalignment
     - f2fs: fix write pointers on zoned device after roll forward
     - [x86] ASoC: amd: Add new dmi entries for acp5x platform
     - drm/drm_file: fix use of uninitialized variable
     - drm/framebuffer: Fix use of uninitialized variable
     - drm/mipi-dsi: Fix detach call without attach
     - media: stk1160: Fixed high volume of stk1160_dbg messages
     - [arm64,armhf]  media: rockchip: rga: fix swizzling for RGB formats
     - PCI: add INTEL_HDA_ARL to pci_ids.h
     - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
     - [arm64] media: rkisp1: Drop IRQF_SHARED
     - [arm64] media: rkisp1: Fix IRQ handler return values
     - [arm64] media: rkisp1: Store IRQ lines
     - [arm64] media: rkisp1: Fix IRQ disable race issue
     - hwmon: (nct6775) Fix fan speed set failure in automatic mode
     - f2fs: fix to tag gcing flag on page during block migration
     - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
       time
     - IB/ipoib: Fix mcast list locking
     - media: ddbridge: fix an error code problem in ddb_probe
     - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
     - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
     - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
     - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
     - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
     - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
     - drm/amdgpu: Fix ecc irq enable/disable unpaired
     - drm/amdgpu: Let KFD sync with VM fences
     - drm/amdgpu: Fix '*fw' from request_firmware() not released in
       'amdgpu_ucode_request()'
     - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
     - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
     - leds: trigger: panic: Don't register panic notifier if creating the
       trigger failed
     - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
     - PCI: Only override AMD USB controller if required
     - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
     - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
     - usb: hub: Replace hardcoded quirk value with BIT() macro
     - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
       hub
     - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
     - fs/kernfs/dir: obey S_ISGID
     - PCI: Fix 64GT/s effective data rate calculation
     - PCI/AER: Decode Requester ID when no error info found
     - 9p: Fix initialisation of netfs_inode for 9p
     - libsubcmd: Fix memory leak in uniq()
     - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
       region of size 10" warnings
     - blk-mq: fix IO hang from sbitmap wakeup race
     - ceph: reinitialize mds feature bit even when session in open
     - ceph: fix deadlock or deadcode of misusing dget()
     - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
     - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
       'get_platform_power_management_table()'
     - drm/amdgpu: Fix with right return code '-EIO' in
       'amdgpu_gmc_vram_checking()'
     - drm/amdgpu: Release 'adev->pm.fw' before return in
       'amdgpu_device_need_post()'
     - perf: Fix the nr_addr_filters fix
     - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
     - drm: using mul_u32_u32() requires linux/math64.h
     - scsi: isci: Fix an error code problem in isci_io_request_build()
     - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
       for shared interrupt register
     - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
       handler
     - HID: hidraw: fix a problem of memory leak in hidraw_release()
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
     - ipv4: raw: add drop reasons
     - ipmr: fix kernel panic when forwarding mcast packets
     - tcp: add sanity checks to rx zerocopy
     - ixgbe: Refactor returning internal error codes
     - ixgbe: Refactor overtemp event handling
     - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
     - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
     - llc: call sock_orphan() at release time
     - bridge: mcast: fix disabled snooping after long uptime
     - netfilter: conntrack: correct window scaling with retransmitted SYN
     - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
     - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
     - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
       expectations
     - net: ipv4: fix a memleak in ip_setup_cork
     - af_unix: fix lockdep positive in sk_diag_dump_icons()
     - net: sysfs: Fix /sys/class/net/<iface> path
     - [arm64] irq: set the correct node for shadow call stack
     - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
     - [arm64] drm/msm/dsi: Enable runtime PM
     - gve: Fix use-after-free vulnerability
     - bonding: remove print in bond_verify_device_path
     - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
     - ext4: regenerate buddy after block freeing failed if under fc replay
     - [arm64] dmaengine: ti: k3-udma: Report short packet errors
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
       DMA
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
       command DMA
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
     - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
     - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
     - cifs: failure to add channel on iface should bump up weight
     - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
       unknown case
     - [arm64] drm/msm/dp: return correct Colorimetry for
       DP_TEST_DYNAMIC_RANGE_CEA case
     - [arm64] drm/msm/dpu: check for valid hw_pp in
       dpu_encoder_helper_phys_cleanup
     - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
     - wifi: mac80211: fix waiting for beacons logic
     - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
     - net: atlantic: Fix DMA mapping for PTP hwts ring
     - tunnels: fix out of bounds access when building IPv6 PMTU error
     - atm: idt77252: fix a memleak in open_card_ubr0
     - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
     - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
     - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
     - inet: read sk->sk_family once in inet_recv_error()
     - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
     - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
     - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
     - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
     - ppp_async: limit MRU to 64K
     - selftests: cmsg_ipv6: repeat the exact packet
     - netfilter: nft_compat: narrow down revision to unsigned 8-bits
     - netfilter: nft_compat: reject unused compat flag
     - netfilter: nft_compat: restrict match/target protocol to u16
     - drm/amd/display: Implement bounds check for stream encoder creation in
       DCN301
     - netfilter: nft_ct: reject direction for ct id
     - netfilter: nft_set_pipapo: store index in scratch maps
     - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
     - netfilter: nft_set_pipapo: remove scratch_aligned pointer
     - fs/ntfs3: Fix an NULL dereference bug
     - scsi: core: Move scsi_host_busy() out of host lock if it is for
       per-command
     - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
     - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
     - mtd: parsers: ofpart: add workaround for #size-cells 0
     - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
     - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
     - ALSA: usb-audio: add quirk for RODE NT-USB+
     - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
     - USB: serial: option: add Fibocom FM101-GL variant
     - USB: serial: cp210x: add ID for IMST iM871A-USB
     - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - [arm64,armhf] usb: host: xhci-plat: Add support for
       XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - hrtimer: Report offline hrtimer enqueue
     - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
     - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
       (Closes: #1061521)
     - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
     - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
       (CVE-2024-0340)
     - RDMA/irdma: Fix support for 64k pages
     - f2fs: add helper to check compression level (Closes: #1063422)
     - block: treat poll queue enter similarly to timeouts
     - clocksource: Skip watchdog check for large watchdog intervals
     - net: stmmac: xgmac: use #define for string constants
     - ALSA: usb-audio: Sort quirk table entries
     - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
     - netfilter: nft_set_rbtree: skip end interval element from gc
       (CVE-2024-26581)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
     - work around gcc bugs with 'asm goto' with outputs
     - update workarounds for gcc "asm goto" issue
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: do not ASSERT() if the newly created subvolume already got read
       (CVE-2024-23850)
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
       (CVE-2024-1151)
     - lan966x: Fix crash when adding interface under a lag
     - tls/sw: Use splice_eof() to flush
     - tls: extract context alloc/initialization out of tls_set_sw_offload
     - net: tls: factor out tls_*crypt_async_wait()
     - tls: fix race between async notify and socket close (CVE-2024-26583)
     - net: tls: fix use-after-free with partial reads and async decrypt
       (CVE-2024-26582)
     - net: tls: fix returned read length with async decrypt
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/<iface> path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
       Swift 1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct struct type in
       eiointc_domain_alloc()
     - i2c: pasemi: split driver into two separate modules
     - i2c: i801: Fix block process call transactions (CVE-2024-26593)
     - modpost: trim leading spaces when processing source files list
     - mptcp: get rid of msk->subflow
     - mptcp: fix data re-injection from stale subflow
     - mptcp: drop the push_pending field
     - mptcp: check addrs list in userspace_pm_get_local_id
     - media: Revert "media: rkisp1: Drop IRQF_SHARED"
     - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
     - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
     - drm/virtio: Set segment size for virtio_gpu device
     - lsm: fix the logic in security_inode_getsecctx()
     - firewire: core: correct documentation of fw_csr_string() kernel API
     - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
     - kbuild: Fix changing ELF file type for output of gen_btf for big endian
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
     - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
     - net: stmmac: do not clear TBS enable bit on link up/down
     - xen-netback: properly sync TX responses
     - modpost: propagate W=1 build option to modpost
     - modpost: Don't let "driver"s reference .exit.*
     - linux/init: remove __memexit* annotations
     - modpost: Include '.text.*' in TEXT_SECTIONS
     - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
     - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
     - ASoC: codecs: wcd938x: handle deferred probe
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
     - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
     - misc: fastrpc: Mark all sessions as invalid in cb_remove
     - ext4: fix double-free of blocks due to wrong extents moved_len
     - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
     - tracing: Fix wasted memory in saved_cmdlines logic
     - staging: iio: ad5933: fix type mismatch regression
     - iio: magnetometer: rm3100: add boundary check for the value read from
       RM3100_REG_TMRC
     - iio: core: fix memleak in iio_device_register_sysfs
     - iio: commom: st_sensors: ensure proper DMA alignment
     - iio: accel: bma400: Fix a compilation problem
     - iio: adc: ad_sigma_delta: ensure proper DMA alignment
     - iio: imu: adis: ensure proper DMA alignment
     - iio: imu: bno055: serdev requires REGMAP
     - media: rc: bpf attach/detach requires write permission
     - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
     - xfrm: Remove inner/outer modes from output path
     - xfrm: Remove inner/outer modes from input path
     - [arm64] drm/msm: Wire up tlb ops
     - drm/prime: Support page array >= 4GB
     - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
     - drm/amd/display: Preserve original aspect ratio in create stream
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - ring-buffer: Clean ring_buffer_poll_wait() error return
     - nfp: flower: fix hardware offload for the transfer layer port
     - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
     - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
     - [powerpc*] pseries: fix accuracy of stolen time
     - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
       (CVE-2024-26603)
     - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
     - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
     - io_uring/net: fix multishot accept overflow handling
     - mmc: slot-gpio: Allow non-sleeping GPIO ro
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
     - ALSA: hda/conexant: Add quirk for SWS JS201D
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
     - crypto: ccp - Fix null pointer dereference in
       __sev_platform_shutdown_locked
     - nfp: use correct macro for LengthSelect in BAR config
     - nfp: flower: prevent re-adding mac index for bonded port
     - wifi: cfg80211: fix wiphy delayed work queueing
     - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
     - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
     - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
     - zonefs: Improve error handling
     - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
       detected by BIOS (Closes: #1056056)
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
     - fs: relax mount_setattr() permission checks
     - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
     - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
     - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
     - ceph: prevent use-after-free in encode_cap_msg()
     - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
       (CVE-2024-0841)
     - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
     - of: property: fix typo in io-channels
     - can: netlink: Fix TDCO calculation using the old data bittiming
     - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
     - can: j1939: Fix UAF in j1939_sk_match_filter during
       setsockopt(SO_J1939_FILTER)
     - pmdomain: core: Move the unused cleanup to a _sync initcall
     - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - tracing: Inform kmemleak of saved_cmdlines allocation
     - xfrm: Use xfrm_state selector for BEET input
     - xfrm: Silence warnings triggerable by bad packets
     - tls: fix NULL deref on tls_sw_splice_eof() with empty record
     - md: bypass block throttle for superblock update
     - wifi: mwifiex: Support SD8978 chipset
     - wifi: mwifiex: add extra delay for firmware ready
     - bus: moxtet: Add spi device table
     - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
     - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
     - [arm64] dts: qcom: sdm845: fix USB SS wakeup
     - [arm64] dts: qcom: sm8150: fix USB SS wakeup
     - wifi: mwifiex: fix uninitialized firmware_stat
     - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
     - block: fix partial zone append completion handling in req_bio_endio()
     - netfilter: ipset: fix performance regression in swap operation
     - netfilter: ipset: Missing gc cancellations fixed
     - nfsd: fix RELEASE_LOCKOWNER
     - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
     - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
     - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
     - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
     - smb: client: fix parsing of SMB3.1.1 POSIX create context
     - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
     - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
     - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
     - bpf: Remove trace_printk_lock
     - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
     - dmaengine: ioat: Free up __cleanup() name
     - apparmor: Free up __cleanup() name
     - locking: Introduce __cleanup() based infrastructure
     - kbuild: Drop -Wdeclaration-after-statement
     - sched/membarrier: reduce the ability to hammer on sys_membarrier
       (CVE-2024-26602)
     - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
     - nilfs2: fix potential bug in end_buffer_async_write
     - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
     - dm: limit the number of targets and parameter size area (CVE-2024-23851,
       CVE-2023-52429)
     - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
     - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
     - net/sched: Retire CBQ qdisc
     - net/sched: Retire ATM qdisc
     - net/sched: Retire dsmark qdisc
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - scsi: target: core: Add TMF to tmr_list handling
     - cifs: open_cached_dir should not rely on primary channel
     - wifi: cfg80211: fix missing interfaces when dumping
     - wifi: mac80211: fix race condition on enabling fast-xmit
     - fbdev: savage: Error out if pixclock equals zero
     - fbdev: sis: Error out if pixclock equals zero
     - block: Fix WARNING in _copy_from_iter
     - smb: Work around Clang __bdos() type confusion
     - cifs: translate network errors on send to -ECONNABORTED
     - ahci: asm1166: correct count of reported ports
     - aoe: avoid potential deadlock at set_capacity
     - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
     - [mips*] reserve exception vector space ONLY ONCE
     - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
       tablet
     - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
       bitmap corrupt
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_try_best_found()
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_find_by_goal()
     - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
       == 0
     - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
       edma_probe
     - [arm64] regulator: pwm-regulator: Add validity checks in continuous
       .get_voltage
     - nvmet-tcp: fix nvme tcp ida memory leak
     - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
     - ALSA: usb-audio: Check presence of valid altsetting control
     - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
     - Input: xpad - add Lenovo Legion Go controllers
     - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
       sctp_new
     - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
     - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
     - ALSA: usb-audio: Ignore clock selector errors for single connection
     - nvme-fc: do not wait in vain when unloading module
     - nvmet-fcloop: swap the list_add_tail arguments
     - nvmet-fc: release reference on target port
     - nvmet-fc: defer cleanup using RCU properly
     - nvmet-fc: hold reference on hostport match
     - nvmet-fc: abort command when there is no binding
     - nvmet-fc: avoid deadlock on delete association path
     - nvmet-fc: take ref count on tgtport before delete assoc
     - smb: client: increase number of PDUs allowed in a compound request
     - ext4: correct the hole length returned by ext4_map_blocks()
     - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
     - wifi: mac80211: set station RX-NSS on reconfig
     - wifi: mac80211: adding missing drv_mgd_complete_tx() call
     - efi: runtime: Fix potential overflow of soft-reserved region size
     - efi: Don't add memblocks for soft-reserved memory
     - [x86] hwmon: (coretemp) Enlarge per package core count limit
     - scsi: lpfc: Use unsigned type for num_sge
     - scsi: ufs: core: Remove the ufshcd_release() in
       ufshcd_err_handling_prepare()
     - firewire: core: send bus reset promptly on gap count error
     - drm/amdgpu: skip to program GFXDEC registers for suspend abort
     - drm/amdgpu: reset gpu for s3 suspend abort case
     - smb: client: set correct d_type for reparse points under DFS mounts
     - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
     - smb3: clarify mount warning
     - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
     - drm/ttm: Fix an invalid freeing on already freed page in error path
     - [s390x] cio: fix invalid -EBUSY on ccw_device_start
     - ata: libata-core: Do not try to set sleeping devices to standby
     - dm-crypt: recheck the integrity tag after a failure
     - dm-integrity: recheck the integrity tag after a failure
     - dm-crypt: don't modify the data when using authenticated encryption
     - dm-verity: recheck the hash after a failure
     - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
       window
     - scsi: target: pscsi: Fix bio_put() for error case
     - scsi: core: Consult supported VPD page list prior to fetching page
     - mm/swap: fix race when skipping swapcache
     - mm: memcontrol: clarify swapaccount=0 deprecation warning
     - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
     - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
       ACPI names
     - cachefiles: fix memory leak in cachefiles_add_cache()
     - md: Fix missing release of 'active_io' for flush
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
       its_sync_lpi_pending_table()
     - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
     - crypto: virtio/akcipher - Fix stack overflow on memcpy
     - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
     - irqchip/sifive-plic: Enable interrupt if needed before EOI
     - PCI/MSI: Prevent MSI hardware interrupt number truncation
     - l2tp: pass correct message length to ip6_append_data
     - [x86] returnthunk: Allow different return thunks
     - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
     - [x86] alternative: Make custom return thunk unconditional
     - dm-integrity, dm-verity: reduce stack usage for recheck
     - erofs: fix refcount on the metabuf used for inode lookup
     - serial: amba-pl011: Fix DMA transmission in RS485 mode
     - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
     - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
     - usb: roles: fix NULL pointer issue when put module's reference
     - usb: roles: don't get/set_role() when usb_role_switch is unregistered
     - mptcp: make userspace_pm_append_new_local_addr static
     - mptcp: add needs_id for userspace appending addr
     - mptcp: fix lockless access in subflow ULP diag
     - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
     - [amd64] IB/hfi1: Fix a memleak in init_credit_return
     - RDMA/bnxt_re: Return error for SRQ resize
     - RDMA/irdma: Fix KASAN issue with tasklet
     - RDMA/irdma: Validate max_send_wr and max_recv_wr
     - RDMA/irdma: Set the CQ read threshold for GEN 1
     - RDMA/irdma: Add AE for too many RNRS
     - RDMA/srpt: Support specifying the srpt_service_guid parameter
     - iommufd/iova_bitmap: Bounds check mapped::pages access
     - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
     - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
     - RDMA/qedr: Fix qedr_create_user_qp error flow
     - [arm64] dts: rockchip: set num-cs property for spi on px30
     - RDMA/srpt: fix function pointer cast warnings
     - bpf, scripts: Correct GPL license name
     - scsi: smartpqi: Fix disable_managed_interrupts
     - net: bridge: switchdev: Skip MDB replays of deferred events on offload
     - net: bridge: switchdev: Ensure deferred event delivery on unoffload
     - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
       check_estalblished().
     - nouveau: fix function cast warnings
     - [x86] numa: Fix the address overlap check in numa_fill_memblks()
     - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
     - net: stmmac: Fix incorrect dereference in interrupt handlers
     - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
     - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
     - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
     - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
     - afs: Increase buffer size in afs_update_volume_status()
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
     - net: dev: Convert sa_data to flexible array in struct sockaddr
     - [arm64] sme: Restore SME registers on exit from suspend
     - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
       converted
     - [s390x] use the correct count for __iowrite64_copy()
     - bpf, sockmap: Fix NULL pointer dereference in
       sk_psock_verdict_data_ready()
     - tls: break out of main loop when PEEK gets a non-data record
     - tls: stop recv() if initial process_rx_list gave us non-DATA
     - tls: don't skip over different type records from the rx_list
     - netfilter: nf_tables: set dormant flag on hook register failure
     - netfilter: flowtable: simplify route logic
     - netfilter: nft_flow_offload: reset dst in route object after setting up
       flow
     - netfilter: nft_flow_offload: release dst in case direct xmit path is used
     - netfilter: nf_tables: rename function to destroy hook list
     - netfilter: nf_tables: register hooks last when adding new chain/flowtable
     - netfilter: nf_tables: use kzalloc for hook allocation
     - net: mctp: put sock on tag allocation failure
     - Fix write to cloned skb in ipv6_hop_ioam()
     - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
     - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
       set
     - drm/amd/display: Fix memory leak in dm_sw_fini()
     - [arm64,armhf] i2c: imx: when being a target, mark the last read as
       processed
     - erofs: simplify compression configuration parser
     - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
     - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
     - mm: zswap: fix missing folio cleanup in writeback race path
     - mptcp: userspace pm send RM_ADDR for ID 0
     - mptcp: add needs_id for netlink appending addr
     - ata: ahci: add identifiers for ASM2116 series adapters
     - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
     - arp: Prevent overflow in arp_req_get().
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
     - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
     - [arm64] drm/meson: fix unbind path if HDMI fails to bind
     - [arm64] drm/meson: Don't remove bridges which are created by other drivers
     - scsi: core: Add struct for args to execution functions
     - scsi: sd: usb_storage: uas: Access media prior to querying device
       properties
     - af_unix: Fix task hung while purging oob_skb in GC.
     - of: overlay: Reorder struct fragment fields kerneldoc
     - usb: gadget: Properly configure the device for remote wakeup
     - Input: xpad - add constants for GIP interface numbers
     - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
     - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
     - RDMA/core: Fix multiple -Warray-bounds warnings
     - mm: huge_memory: don't force huge page alignment on 32 bit
       (CVE-2024-26621) (Closes: #1024149)
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
     - netlink: add nla be16/32 types to minlen array
     - net: ip_tunnel: prevent perpetual headroom growth
     - net: mctp: take ownership of skb in mctp_local_output
     - tun: Fix xdp_rxq_info's queue_index when detaching
     - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
       back
     - net: veth: clear GRO when clearing XDP even when down
     - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
     - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
       detected
     - veth: try harder when allocating queue memory
     - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
     - net: lan78xx: fix "softirq work is pending" error
     - uapi: in6: replace temporary label with rfc9486
     - stmmac: Clear variable when destroying workqueue
     - Bluetooth: hci_sync: Check the correct flag before starting a scan
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
     - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
     - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
     - Bluetooth: Enforce validation on max value of connection interval
     - Bluetooth: qca: Fix wrong event type for patch config command
     - Bluetooth: hci_qca: mark OF related data as maybe unused
     - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
     - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
     - Bluetooth: btqca: Add WCN3988 support
     - Bluetooth: qca: use switch case for soc type behavior
     - Bluetooth: qca: add support for WCN7850
     - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
     - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
     - netfilter: let reset rules clean out conntrack entries
     - netfilter: bridge: confirm multicast packets before passing them up the
       stack
     - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
     - igb: extend PTP timestamp adjustments to i211
     - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
     - tls: decrement decrypt_pending if no async completion will be called
     - tls: fix peeking with sync+async decryption
     - efi/capsule-loader: fix incorrect allocation size
     - ALSA: Drop leftover snd-rtctimer stuff from Makefile
     - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
       display
     - fbcon: always restore the old font data in fbcon_do_set_font()
     - afs: Fix endless loop in directory parsing
     - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
     - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
     - ALSA: firewire-lib: fix to check cycle continuity
     - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
     - landlock: Fix asymmetric private inodes referring
     - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
     - wifi: nl80211: reject iftype change with mesh ID change
     - btrfs: fix double free of anonymous device after snapshot creation failure
     - btrfs: dev-replace: properly validate device names
     - btrfs: send: don't issue unnecessary zero writes for trailing hole
     - Revert "drm/amd/pm: resolve reboot exception for si oland"
     - drm/buddy: fix range bias
     - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
     - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
     - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
     - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
     - mmc: core: Fix eMMC initialization with 1-bit bus connection
     - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
     - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
     - efivarfs: Request at most 512 bytes for variable names
     - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
     - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
     - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
     - mptcp: fix data races on local_id
     - mptcp: fix data races on remote_id
     - mptcp: fix duplicate subflow creation
     - mptcp: continue marking the first subflow as UNCONNECTED
     - mptcp: map v4 address to v6 when destroying subflow
     - mptcp: push at DSS boundaries
     - mptcp: fix snd_wnd initialization for passive socket
     - mptcp: fix double-free on socket dismantle
     - mptcp: fix possible deadlock in subflow diag
     - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
     - RDMA/core: Update CMA destination address on rdma_resolve_addr
     - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
     - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
     - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
     - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
     - [x86] boot/compressed: Move efi32_pe_entry into .text section
     - [x86] boot/compressed: Move efi32_entry out of head_64.S
     - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
     - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
       into one
     - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
     - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
     - [x86] boot/compressed: Pull global variable reference into
       startup32_load_idt()
     - [x86] boot/compressed: Move startup32_load_idt() into .text section
     - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
     - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
     - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
     - [x86] boot/compressed: Adhere to calling convention in
       get_sev_encryption_bit()
     - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
     - efi: verify that variable services are supported
     - [x86] efi: Make the deprecated EFI handover protocol optional
     - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
     - [x86] efistub: Branch straight to kernel entry point from C code
     - [x86] decompressor: Store boot_params pointer in callee save register
     - [x86] decompressor: Assign paging related global variables earlier
     - [x86] decompressor: Call trampoline as a normal function
     - [x86] decompressor: Use standard calling convention for trampoline
     - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
     - [x86] decompressor: Call trampoline directly from C code
     - [x86] decompressor: Only call the trampoline when changing paging levels
     - [x86] decompressor: Pass pgtable address to trampoline directly
     - [x86] decompressor: Merge trampoline cleanup with switching code
     - [x86] decompressor: Move global symbol references to C code
     - decompress: Use 8 byte alignment
     - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
     - NFS: Fix data corruption caused by congestion.
     - NFSD: Simplify READ_PLUS
     - NFSD: Remove redundant assignment to variable host_err
     - nfsd: ignore requests to disable unsupported versions
     - nfsd: move nfserrno() to vfs.c
     - nfsd: allow disabling NFSv2 at compile time
     - exportfs: use pr_debug for unreachable debug statements
     - NFSD: Flesh out a documenting comment for filecache.c
     - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
     - NFSD: Trace stateids returned via DELEGRETURN
     - NFSD: Trace delegation revocations
     - NFSD: Use const pointers as parameters to fh_ helpers
     - NFSD: Update file_hashtbl() helpers
     - NFSD: Clean up nfsd4_init_file()
     - NFSD: Add a nfsd4_file_hash_remove() helper
     - NFSD: Clean up find_or_add_file()
     - NFSD: Refactor find_file()
     - NFSD: Use rhashtable for managing nfs4_file objects
     - NFSD: Fix licensing header in filecache.c
     - filelock: add a new locks_inode_context accessor function
     - lockd: use locks_inode_context helper
     - nfsd: use locks_inode_context helper
     - nfsd: fix up the filecache laundrette scheduling
     - NFSD: Use struct_size() helper in alloc_session()
     - lockd: set missing fl_flags field when retrieving args
     - lockd: ensure we use the correct file descriptor when unlocking
     - lockd: fix file selection in nlmsvc_cancel_blocked
     - trace: Relocate event helper files
     - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
     - NFSD: add support for sending CB_RECALL_ANY
     - NFSD: add delegation reaper to react to low memory condition
     - NFSD: add CB_RECALL_ANY tracepoints
     - NFSD: Use only RQ_DROPME to signal the need to drop a reply
     - NFSD: Avoid clashing function prototypes
     - NFSD: Use set_bit(RQ_DROPME)
     - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
       time
     - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
     - nfsd: don't destroy global nfs4_file table in per-net shutdown
     - [arm64] efi: Limit allocations to 48-bit addressable physical region
     - efi: efivars: prevent double registration
     - [x86] efistub: Simplify and clean up handover entry code
     - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
     - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
     - efi/libstub: Add memory attribute protocol definitions
     - efi/libstub: Add limit argument to efi_random_alloc()
     - [x86] efistub: Perform 4/5 level paging switch from the stub
     - [x86] decompressor: Factor out kernel decompression and relocation
     - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
     - [x86] efistub: Perform SNP feature test while running in the firmware
     - [x86] efistub: Avoid legacy decompressor when doing EFI boot
     - [x86] efi/x86: Avoid physical KASLR on older Dell systems
     - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
     - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
     - [x86] boot: efistub: Assign global boot_params variable
     - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
       boot_params->hdr.loadflags
     - af_unix: Drop oob_skb ref before purging queue in GC.
     - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
       dashes
     - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
       SR-IOV
     - gpio: 74x164: Enable output pins after registers are reset
     - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
     - gpio: fix resource unwinding order in error path
     - block: define bvec_iter as __packed __aligned(4)
     - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
     - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
     - [x86] bugs: Add asm helpers for executing VERW
     - [x86] entry_64: Add VERW just before userspace transition
     - [x86] entry_32: Add VERW just before userspace transition
     - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
     - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
     - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
     - bpf: Add table ID to bpf_fib_lookup BPF helper
     - bpf: Derive source IP addr via bpf_*_fib_lookup()
     - [x86] efistub: Give up if memory attribute protocol returns an error
     - xen/events: close evtchn after mapping cleanup
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
     - ceph: switch to corrected encoding of max_xattr_size in mdsmap
     - net: lan78xx: fix runtime PM count underflow on link stop
     - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
     - i40e: disable NAPI right after disabling irqs when handling xsk_pool
     - ice: reorder disabling IRQ and NAPI in ice_qp_dis
     - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
     - geneve: make sure to pull inner header in geneve_rx()
     - ice: virtchnl: stop pretending to support RSS over AQ or registers
     - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
     - igc: avoid returning frame twice in XDP_REDIRECT
     - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
     - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
     - net: dsa: microchip: fix register write order in ksz8_ind_write8()
     - net/rds: fix WARNING in rds_conn_connect_if_down
     - netfilter: nft_ct: fix l3num expectations with inet pseudo family
     - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
     - erofs: apply proper VMA alignment for memory mapped files on THP
     - netrom: Fix a data-race around sysctl_netrom_default_path_quality
     - netrom: Fix a data-race around
       sysctl_netrom_obsolescence_count_initialiser
     - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
     - netrom: Fix a data-race around sysctl_netrom_transport_timeout
     - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
     - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
     - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
     - netrom: Fix a data-race around
       sysctl_netrom_transport_requested_window_size
     - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
     - netrom: Fix a data-race around sysctl_netrom_routing_control
     - netrom: Fix a data-race around sysctl_netrom_link_fails_count
     - netrom: Fix data-races around sysctl_net_busy_read
     - [s390x] KVM: s390: add stat counter for shadow gmap events
     - [s390x] KVM: s390: vsie: fix race during shadow creation
     - drm/amd/display: Fix uninitialized variable usage in core_link_
       'read_dpcd() & write_dpcd()' functions
     - nfp: flower: add goto_chain_index for ct entry
     - nfp: flower: add hardware offload check for post ct entry
     - readahead: avoid multiple marked readahead pages
     - xhci: process isoc TD properly when there was a transaction error mid TD.
     - xhci: handle isoc Babble and Buffer Overrun events properly
     - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
     - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
       (CVE-2023-28746):
       + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
       + Documentation/hw-vuln: Add documentation for RFDS
       + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
       + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
     - drm/amd/display: Wrong colorimetry workaround
     - drm/amd/display: Fix MST Null Ptr for RV
     - getrusage: add the "signal_struct *sig" local variable
     - getrusage: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - getrusage: use __for_each_thread()
     - getrusage: use sig->stats_lock rather than lock_task_sighand()
     - fs/proc: do_task_stat: use __for_each_thread()
     - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
       stats
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 19
   * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
   * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
   * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
   * [x86] efistub: Don't clear BSS twice in mixed mode
   * efi: fix panic in kdump kernel
   * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
     higher address
   * efi/libstub: Cast away type warning in use of max()
   * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     (CVE-2023-6270)
   * wifi: ath10k: fix NULL pointer dereference in
     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
   * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     (CVE-2024-22099)
   * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
   * [rt] Update to 6.1.82-rt27

linux-signed-i386 (6.1.94+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.94-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
     - [arm64,armhf] dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition (CVE-2024-35848)
     - Bluetooth: qca: add support for QCA2066
     - mm/hugetlb: add folio support to hugetlb specific flag macros
     - mm: add private field of first tail to struct page and struct folio
     - mm/hugetlb: add hugetlb_folio_subpool() helpers
     - mm/hugetlb: add folio_hstate()
     - mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios
     - mm/hugetlb: convert free_huge_page to folios
     - mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios
     - mm/hugetlb: fix missing hugetlb_lock for resv uncharge
     - kbuild: refactor host*_flags
     - kbuild: specify output names separately for each emission type from rustc
     - cifs: use the least loaded channel for sending requests
     - smb3: missing lock when picking channel
     - [armhf] pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of
       GPIOR-T
     - [arm64] pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro
     - [x86] pinctrl: intel: Make use of struct pinfunction and
       PINCTRL_PINFUNCTION()
     - [x86] pinctrl: baytrail: Fix selecting gpio pinctrl state
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: change stubbed devm_regulator_get_enable to return Ok
     - regulator: change devm_regulator_get_enable_optional() stub to return Ok
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - nvme: fix warn output about shared namespaces without
       CONFIG_NVME_MULTIPATH
     - bpf: Fix a verifier verbose message
     - spi: introduce new helpers with using modern naming
     - [arm64] bpf, arm64: Fix incorrect runtime stats
     - [s390x] mm: Fix storage key clearing for guest huge pages
     - [s390x] mm: Fix clearing storage keys for huge pages
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - [s390x] vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr() for flower
     - net: qede: use return from qede_parse_flow_attr() for flow_spec
     - net: qede: use return from qede_parse_actions()
     - [arm64] ASoC: meson: axg-fifo: use FIELD helpers
     - [arm64] ASoC: meson: axg-fifo: use threaded irq to check periods
     - [arm64] ASoC: meson: axg-card: make links nonatomic
     - [arm64] ASoC: meson: axg-tdm-interface: manage formatters in trigger
     - [arm64] ASoC: meson: cards: select SND_DYNAMIC_MINORS
     - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
     - [s390x] cio: Ensure the copied buf is NUL terminated
     - cxgb4: Properly lock TX queue for the selftest.
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 /
       88E6341
     - spi: fix null pointer dereference within spi_sync
     - net: bridge: fix multicast-to-unicast with fraglist GSO
     - net: core: reject skb_copy(_expand) for fraglist GSO skbs
     - vxlan: Pull inner IP header in vxlan_rcv().
     - [s390x] qeth: Fix kernel panic after setting hsuid
     - net: gro: add flush check in udp_gro_receive_segment
     - [arm64] clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
     - [powerpc*] pseries: replace kmalloc with kzalloc in PLPKS driver
     - [powerpc*] pseries: Move PLPKS constants to header file
     - [powerpc*] pseries: make max polling consistent for longer H_CALLs
     - [powerpc*] pseries/iommu: LPAR panics during boot up with a frozen PE
     - [arm64] KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
     - [arm64] KVM: arm64: vgic-v2: Check for non-NULL vCPU in
       vgic_v2_parse_attr()
     - scsi: lpfc: Move NPIV's transport unregistration to after resource clean
       up
     - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
     - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
     - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
     - gfs2: Fix invalid metadata access in punch_hole
     - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
     - wifi: cfg80211: fix rdev_dump_mpp() arguments order
     - net: mark racy access on sk->sk_rcvbuf
     - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
     - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
     - btrfs: return accurate error code on open failure in open_fs_devices()
     - bpf: Check bloom filter map value size
     - kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
     - scsi: ufs: core: WLUN suspend dev/link state error recovery
     - ALSA: line6: Zero-initialize message buffers
     - block: fix overflow in blk_ioctl_discard()
     - net: bcmgenet: Reset RBUF on first open
     - ata: sata_gemini: Check clk_enable() result
     - firewire: ohci: mask bus reset interrupts between ISR and bottom half
     - tools/power turbostat: Fix added raw MSR output
     - tools/power turbostat: Increase the limit for fd opened
     - tools/power turbostat: Fix Bzy_MHz documentation typo
     - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
     - btrfs: always clear PERTRANS metadata during commit
     - scsi: target: Fix SELinux error when systemd-modules loads the target
       module
     - blk-iocost: avoid out of bounds shift
     - [arm64,armhf] gpu: host1x: Do not setup DMA for virtual devices
     - [mips*] scall: Save thread_info.syscall unconditionally on entry
       (Closes: #1068365)
     - tools/power/turbostat: Fix uncore frequency file string
     - drm/amdgpu: Refine IB schedule error logging
     - Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
     - [x86] uio_hv_generic: Don't free decrypted memory
     - Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
     - fs/9p: only translate RWX permissions for plain 9P2000
     - fs/9p: translate O_TRUNC into OTRUNC
     - 9p: explicitly deny setlease attempts
     - gpio: wcove: Use -ENOTSUPP consistently
     - gpio: crystalcove: Use -ENOTSUPP consistently
     - clk: Don't hold prepare_lock when calling kref_put()
     - fs/9p: drop inodes immediately on non-.L too
     - drm/nouveau/dp: Don't probe eDP ports twice harder
     - net:usb:qmi_wwan: support Rolling modules
     - kbuild: rust: avoid creating temporary files
     - spi: Merge spi_controller.{slave,target}_abort()
     - perf unwind-libunwind: Fix base address for .eh_frame
     - perf unwind-libdw: Handle JIT-generated DSOs properly
     - qibfs: fix dentry leak
     - xfrm: Preserve vlan tags for transport mode software GRO
     - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
     - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
     - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
       (CVE-2024-27398)
     - Bluetooth: msft: fix slab-use-after-free in msft_do_close()
     - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
       (CVE-2024-27399)
     - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
     - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
     - [x86] hwmon: (corsair-cpro) Use a separate buffer for sending commands
     - [x86] hwmon: (corsair-cpro) Use complete_all() instead of complete() in
       ccp_raw_event()
     - [x86] hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
     - phonet: fix rtm_phonet_notify() skb allocation
     - net: bridge: fix corrupted ethernet header on multicast-to-unicast
     - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
     - timers: Get rid of del_singleshot_timer_sync()
     - timers: Rename del_timer() to timer_delete()
     - net-sysfs: convert dev->operstate reads to lockless ones
     - hsr: Simplify code for announcing HSR nodes timer setup
     - ipv6: annotate data-races around cnf.disable_ipv6
     - ipv6: prevent NULL dereference in ip6_output()
     - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
     - [arm64] net: hns3: using user configure after hardware reset
     - [arm64] net: hns3: direct return when receive a unknown mailbox message
     - [arm64] net: hns3: change type of numa_node_mask as nodemask_t
     - [arm64] net: hns3: release PTP resources if pf initialization failed
     - [arm64] net: hns3: use appropriate barrier function after setting a bit
       value
     - [arm64] net: hns3: fix port vlan filter not disabled issue
     - [arm64] net: hns3: fix kernel crash when devlink reload during
       initialization
     - [arm64] drm/meson: dw-hdmi: power up phy on device init
     - [arm64] drm/meson: dw-hdmi: add bandgap setting for g12
     - drm/connector: Add \n to message about demoting connector force-probes
     - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11
       users
     - gpiolib: cdev: Add missing header(s)
     - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc
     - gpiolib: cdev: fix uninitialised kfifo
     - drm/amd/display: Atom Integrated System Info v2_2 for DCN35
     - MAINTAINERS: add leah to 6.1 MAINTAINERS file
     - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
     - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
     - firewire: nosy: ensure user_length is taken into account when fetching
       packet contents (CVE-2024-27401)
     - Reapply "drm/qxl: simplify qxl_fence_wait"
     - btf, scripts: rust: drop is_rust_module.sh
     - usb: typec: ucsi: Check for notifications after init
     - usb: typec: ucsi: Fix connector check on init
     - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed
       device
     - usb: ohci: Prevent missed ohci interrupts
     - USB: core: Fix access violation during port device removal
     - usb: gadget: composite: fix OS descriptors w_value logic
     - usb: gadget: f_fs: Fix a race condition when processing setup packets.
     - usb: xhci-plat: Don't include xhci.h
     - usb: dwc3: core: Prevent phy suspend during init
     - usb: typec: tcpm: unregister existing source caps before re-registration
     - usb: typec: tcpm: Check for port partner validity before consuming it
     - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
     - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
     - mm/slab: make __free(kfree) accept error pointers
     - mptcp: ensure snd_nxt is properly initialized on connect
     - dt-bindings: iio: health: maxim,max30102: fix compatible check
     - iio:imu: adis16475: Fix sync mode setting
     - iio: accel: mxc4005: Interrupt handling fixes
     - [armhf] ASoC: ti: davinci-mcasp: Fix race condition during probe
     - dyndbg: fix old BUG_ON in >control parser
     - slimbus: qcom-ngd-ctrl: Add timeout for wait operation
     - mei: me: add lunar lake point M DID
     - drm/vmwgfx: Fix invalid reads in fence signaled events
     - [x86] drm/i915/bios: Fix parsing backlight BDB data
     - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
     - net: fix out-of-bounds access in ops_init
     - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
     - mm: use memalloc_nofs_save() in page_cache_ra_order()
     - regulator: core: fix debugfs creation regression
     - spi: microchip-core-qspi: fix setting spi bus clock rate
     - ksmbd: off ipv6only for both ipv4/ipv6 binding
     - ksmbd: avoid to send duplicate lease break notifications
     - ksmbd: do not grant v2 lease if parent lease key and epoch are not set
     - Bluetooth: qca: add missing firmware sanity checks
     - Bluetooth: qca: fix NVM configuration parsing
     - Bluetooth: qca: fix info leak when fetching board id
     - Bluetooth: qca: fix info leak when fetching fw build id
     - Bluetooth: qca: fix firmware check error path
     - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (CVE-2024-21823)
     - dmaengine: idxd: add a new security check to deal with a hardware erratum
       (CVE-2024-21823)
     - dmaengine: idxd: add a write() method for applications to submit work
       (CVE-2024-21823)
     - keys: Fix overwrite of key expiration on instantiation
     - btrfs: do not wait for short bulk allocation
     - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
     - mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
     - md: fix kmemleak of rdev->serial (CVE-2024-26900)
     - net: bcmgenet: Clear RGMII_LINK upon link down
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
     - net: bcmgenet: synchronize UMAC_CMD access
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.92
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - net: ks8851: Fix another TX stall caused by wrong ISR flag handling
     - ice: pass VSI pointer into ice_vc_isvalid_q_id
     - ice: remove unnecessary duplicate checks for VF VSI ID
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - mfd: stpmic1: Fix swapped mask/unmask in irq chip
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - mmc: core: Add HS400 tuning in HS400es initialization
     - xfs: write page faults in iomap are not buffered writes
     - xfs: punching delalloc extents on write failure is racy
     - xfs: use byte ranges for write cleanup ranges
     - xfs,iomap: move delalloc punching to iomap
     - iomap: buffered write failure should not truncate the page cache
     - xfs: xfs_bmap_punch_delalloc_range() should take a byte range
     - iomap: write iomap validity checks
     - xfs: use iomap_valid method to detect stale cached iomaps
     - xfs: drop write error injection is unfixable, remove it
     - xfs: fix off-by-one-block in xfs_discard_folio()
     - xfs: fix incorrect error-out in xfs_remove
     - xfs: fix sb write verify for lazysbcount
     - xfs: fix incorrect i_nlink caused by inode racing
     - xfs: invalidate block device page cache during unmount
     - xfs: attach dquots to inode before reading data/cow fork mappings
     - xfs: wait iclog complete before tearing down AIL
     - xfs: fix super block buf log item UAF during force shutdown
     - xfs: hoist refcount record merge predicates
     - xfs: estimate post-merge refcounts correctly
     - xfs: invalidate xfs_bufs when allocating cow extents
     - xfs: allow inode inactivation during a ro mount log recovery
     - xfs: fix log recovery when unknown rocompat bits are set
     - xfs: get root inode correctly at bulkstat
     - xfs: short circuit xfs_growfs_data_private() if delta is zero
     - [arm64] atomics: lse: remove stale dependency on JUMP_LABEL
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper() (CVE-2023-52585)
     - [arm*] binder: fix max_thread type inconsistency
     - [arm64,armhf] usb: dwc3: Wait unconditionally after issuing EndXfer
       command
     - net: usb: ax88179_178a: fix link status when link is set to down/up
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - usb: typec: tipd: fix event checking for tps6598x
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
     - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
     - [x86] tsc: Trust initial offset in architectural TSC-adjust MSRs
     - ftrace: Fix possible use-after-free issue in ftrace_location()
     - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
     - tty: n_gsm: fix missing receive state reset after mode switch
     - speakup: Fix sizeof() vs ARRAY_SIZE() bug
     - serial: 8250_bcm7271: use default_mux_rate if possible
     - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
     - io_uring: fail NOP if non-zero op flags is passed in
     - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
       already"
     - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
     - ring-buffer: Fix a race between readers and resize checks
     - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
     - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
     - nilfs2: fix potential hang in nilfs_detach_log_writer()
     - ksmbd: avoid to send duplicate oplock break notifications
     - ksmbd: ignore trailing slashes in share paths
     - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460
       G11.
     - ALSA: core: Fix NULL module pointer assignment at card init
     - ALSA: Fix deadlocks with kctl removals at disconnection
     - KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
     - wifi: mac80211: don't use rate mask for scanning
     - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon
       timestamp field
     - wifi: cfg80211: fix the order of arguments for trace events of the
       tx_rx_evt class
     - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
     - net: usb: qmi_wwan: add Telit FN920C04 compositions
     - drm/amd/display: Set color_mgmt_changed to true on unsuspend
     - drm/amdgpu: Update BO eviction priorities
     - drm/amdgpu: Fix the ring buffer size for queue VM flush
     - drm/amdgpu/mes: fix use-after-free issue
     - sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
     - [x86] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM
       too
     - regulator: irq_helpers: duplicate IRQ name
     - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
     - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
     - regulator: vqmmc-ipq4019: fix module autoloading
     - ASoC: rt715: add vendor clear control register
     - ASoC: rt715-sdca: volume step modification
     - [x86] efistub: Omit physical KASLR when memory reservations exist
     - efi: libstub: only free priv.runtime_map when allocated
     - [x86] KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in
       CPUID
     - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
     - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
     - softirq: Fix suspicious RCU usage in __do_softirq()
     - ASoC: da7219-aad: fix usage of device_get_named_child_node()
     - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
     - drm/amd/display: Add dtbclk access to dcn315
     - drm/amd/display: Add VCO speed parameter for DCN31 FPU
     - drm/amdkfd: Flush the process wq before creating a kfd_process
     - [x86] mm: Remove broken vsyscall emulation code from the page fault code
     - nvme: find numa distance only if controller has valid numa id
     - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
     - nvmet-auth: replace pr_debug() with pr_err() to report an error.
     - nvmet-tcp: fix possible memory leak when tearing down a controller
     - nvmet: fix nvme status code when namespace is disabled
     - epoll: be better about file lifetimes
     - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
     - openpromfs: finish conversion to the new mount API
     - crypto: bcm - Fix pointer arithmetic
     - mm/slub, kunit: Use inverted data to corrupt kmem cache
     - firmware: raspberrypi: Use correct device for DMA mappings
     - ecryptfs: Fix buffer size for tag 66 packet
     - nilfs2: fix out-of-range warning
     - [x86] crypto: ccp - drop platform ifdef checks
     - [amd64] crypto: x86/nh-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha256-avx2 - add missing vzeroupper
     - [amd64] crypto: x86/sha512-avx2 - add missing vzeroupper
     - [s390x] cio: fix tracepoint subchannel type field
     - io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of
       task_work
     - io_uring: use the right type for work_llist empty check
     - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
     - rcu: Fix buffer overflow in print_cpu_stall_info()
     - jffs2: prevent xattr node from overflowing the eraseblock
     - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
     - null_blk: Fix missing mutex_destroy() at module removal
     - md: fix resync softlockup when bitmap size is less than array size
     - block: open code __blk_account_io_start()
     - block: open code __blk_account_io_done()
     - block: support to account io_ticks precisely
     - wifi: ath10k: poll service ready message before failing
     - wifi: brcmfmac: pcie: handle randbuf allocation failure
     - wifi: ath11k: don't force enable power save on non-running vdevs
     - bpftool: Fix missing pids during link show
     - [x86] boot: Ignore relocations in .notes sections in walk_relocs() too
     - sched/fair: Add EAS checks before updating root_domain::overutilized
     - ACPI: Fix Generic Initiator Affinity _OSC bit
     - qed: avoid truncating work queue length
     - net/mlx5e: Fail with messages when params are not valid for XSK
     - mlx5: stop warning for 64KB pages
     - bitops: add missing prototype check
     - wifi: carl9170: re-fix fortified-memset warning
     - bpf: Pack struct bpf_fib_lookup
     - scsi: ufs: qcom: Perform read back after writing reset bit
     - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
     - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
     - scsi: ufs: qcom: Perform read back after writing unipro mode
     - scsi: ufs: qcom: Perform read back after writing CGC enable
     - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
     - scsi: ufs: core: Perform read back after disabling interrupts
     - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
     - ACPI: LPSS: Advertise number of chip selects via property
     - irqchip/alpine-msi: Fix off-by-one in allocation error path
     - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
     - ACPI: disable -Wstringop-truncation
     - gfs2: Don't forget to complete delayed withdraw
     - gfs2: Fix "ignore unlock failures after withdraw"
     - [x86] boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
     - cpufreq: exit() callback is optional
     - [x86] pat: Introduce lookup_address_in_pgd_attr()
     - [x86] pat: Restructure _lookup_address_cpa()
     - [x86] pat: Fix W^X violation false-positives when running as Xen PV guest
     - net: export inet_lookup_reuseport and inet6_lookup_reuseport
     - net: remove duplicate reuseport_lookup functions
     - udp: Avoid call to compute_score on multiple sites
     - cppc_cpufreq: Fix possible null pointer dereference
     - scsi: libsas: Fix the failure of adding phy with zero-address to port
     - scsi: hpsa: Fix allocation size for Scsi_Host private data
     - [x86] purgatory: Switch to the position-independent small code model
     - thermal/drivers/tsens: Fix null pointer dereference
     - wifi: ath10k: Fix an error code problem in
       ath10k_dbg_sta_write_peer_debug_trigger()
     - wifi: ath10k: populate board data for WCN3990
     - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset
       handlers
     - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family
       switches
     - tcp: avoid premature drops in tcp_add_backlog()
     - pwm: sti: Convert to platform remove callback returning void
     - pwm: sti: Prepare removing pwm_chip from driver data
     - pwm: sti: Simplify probe function using devm functions
     - drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
     - drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
     - net: give more chances to rcu in netdev_wait_allrefs_any()
     - wifi: carl9170: add a proper sanity check for endpoints
     - wifi: ar5523: enable proper endpoint verification
     - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
     - libbpf: Fix error message in attach_kprobe_multi
     - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
     - scsi: bfa: Ensure the copied buf is NUL terminated
     - scsi: qedf: Ensure the copied buf is NUL terminated
     - scsi: qla2xxx: Fix debugfs output for fw_resource_count
     - kernel/numa.c: Move logging out of numa.h
     - [x86] numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
     - wifi: mwl8k: initialize cmd->addr[] properly
     - HID: amd_sfh: Handle "no sensors" in PM operations
     - usb: aqc111: stop lying about skb->truesize
     - net: usb: sr9700: stop lying about skb->truesize
     - net: ipv6: fix wrong start position when receive hop-by-hop fragment
     - eth: sungem: remove .ndo_poll_controller to avoid deadlocks
     - net: ethernet: cortina: Locking fixes
     - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
     - net: usb: smsc95xx: stop lying about skb->truesize
     - net: openvswitch: fix overwriting ct original tuple for ICMPv6
     - ipv6: sr: add missing seg6_local_exit
     - ipv6: sr: fix incorrect unregister order
     - ipv6: sr: fix invalid unregister error path
     - net/mlx5: Add a timeout to acquire the command queue semaphore
     - net/mlx5: Discard command completions in internal error
     - [s390x] bpf: Emit a barrier for BPF_FETCH instructions
     - riscv, bpf: make some atomic operations fully ordered
     - ax25: Use kernel universal linked list to implement ax25_dev_list
     - ax25: Fix reference count leak issues of ax25_dev
     - ax25: Fix reference count leak issue of net_device
     - mptcp: SO_KEEPALIVE: fix getsockopt support
     - Bluetooth: Consolidate code around sk_alloc into a helper function
     - Bluetooth: compute LE flow credits based on recvbuf space
     - Bluetooth: qca: Fix error code in qca_read_fw_build_info()
     - drm/bridge: Fix improper bridge init order with pre_enable_prev_first
     - printk: Let no_printk() use _printk()
     - dev_printk: Add and use dev_no_printk()
     - drm/lcdif: Do not disable clocks on already suspended hardware
     - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
     - drm/dp: Don't attempt AUX transfers when eDP panels are not powered
     - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't
       assert
     - drm/amd/display: Fix potential index out of bounds in color transformation
       function
     - [x86] ASoC: Intel: Disable route checks for Skylake boards
     - [x86] ASoC: Intel: avs: ssm4567: Do not ignore route checks
     - mtd: core: Report error if first mtd_otp_size() call fails in
       mtd_otp_nvmem_add()
     - mtd: rawnand: hynix: fixed typo
     - fbdev: shmobile: fix snprintf truncation
     - [armel,armhf] ASoC: kirkwood: Fix potential NULL dereference
     - drm/meson: vclk: fix calculation of 59.94 fractional rates
     - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
     - [powerpc*] fsl-soc: hide unused const variable
     - fbdev: sisfb: hide unused variables
     - [x86] ASoC: Intel: avs: Fix ASRC module initialization
     - [x86] ASoC: Intel: avs: Fix potential integer overflow
     - media: ngene: Add dvb_ca_en50221_init return value check
     - media: rcar-vin: work around -Wenum-compare-conditional warning
     - media: radio-shark2: Avoid led_names truncations
     - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
     - [arm64] drm/msm/dp: allow voltage swing / pre emphasis of 3
     - [arm64] drm/msm/dp: Return IRQ_NONE for unhandled interrupts
     - [arm64] drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
       connected
     - media: ipu3-cio2: Request IRQ earlier
     - media: dt-bindings: ovti,ov2680: Fix the power supply names
     - fbdev: sh7760fb: allow modular build
     - media: atomisp: ssh_css: Fix a null-pointer dereference in
       load_video_binaries
     - [arm64] drm/arm/malidp: fix a possible null pointer dereference
       (CVE-2024-36014)
     - drm: vc4: Fix possible null pointer dereference
     - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
     - drm/bridge: anx7625: Don't log an error when DSI host can't be found
     - drm/bridge: icn6211: Don't log an error when DSI host can't be found
     - drm/bridge: lt8912b: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611: Don't log an error when DSI host can't be found
     - drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
     - drm/bridge: tc358775: Don't log an error when DSI host can't be found
     - drm/bridge: dpc3433: Don't log an error when DSI host can't be found
     - drm/panel: novatek-nt35950: Don't log an error when DSI host can't be
       found
     - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
     - drm/mipi-dsi: use correct return type for the DSC functions
     - drm/rockchip: vop2: Do not divide height twice for YUV
     - clk: samsung: exynosautov9: fix wrong pll clock id value
     - RDMA/mlx5: Adding remote atomic access flag to updatable flags
     - [arm64] RDMA/hns: Fix return value in hns_roce_map_mr_sg
     - [arm64] RDMA/hns: Fix deadlock on SRQ async events.
     - [arm64] RDMA/hns: Fix UAF for cq async event
     - [arm64] RDMA/hns: Fix GMV table pagesize
     - [arm64] RDMA/hns: Use complete parentheses in macros
     - [arm64] RDMA/hns: Modify the print level of CQE error
     - clk: mediatek: mt8365-mm: fix DPI0 parent
     - clk: rs9: fix wrong default value for clock amplitude
     - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
     - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
     - RDMA/rxe: Fix incorrect rxe_put in error path
     - IB/mlx5: Use __iowrite64_copy() for write combining stores
     - clk: renesas: r8a779a0: Fix CANFD parent clock
     - clk: renesas: r9a07g043: Add clock and reset entry for PLIC
     - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
     - clk: qcom: dispcc-sm8450: fix DisplayPort clocks
     - clk: qcom: dispcc-sm6350: fix DisplayPort clocks
     - clk: qcom: mmcc-msm8998: fix venus clock issue
     - [x86] insn: Fix PUSH instruction in x86 instruction decoder opcode map
     - [x86] insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and
       VPDPWSSDS
     - ext4: avoid excessive credit estimate in ext4_tmpfile()
     - virt: acrn: stop using follow_pfn
     - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
     - sunrpc: removed redundant procp check
     - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
     - ext4: fix unit mismatch in ext4_mb_new_blocks_simple
     - ext4: try all groups in ext4_mb_new_blocks_simple
     - ext4: remove unused parameter from ext4_mb_new_blocks_simple()
     - ext4: fix potential unnitialized variable
     - SUNRPC: Fix gss_free_in_token_pages()
     - RDMA/IPoIB: Fix format truncation compilation errors
     - net: add pskb_may_pull_reason() helper
     - net: bridge: xmit: make sure we have at least eth header len bytes
     - net: bridge: mst: fix vlan use-after-free
     - net: qrtr: ns: Fix module refcnt
     - netrom: fix possible dead-lock in nr_rt_ioctl()
     - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
     - sched/fair: Allow disabling sched_balance_newidle with
       sched_relax_domain_level
     - sched/core: Fix incorrect initialization of the 'burst' parameter in
       cpu_max_write()
     - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
     - perf record: Delete session after stopping sideband thread
     - perf probe: Add missing libgen.h header needed for using basename()
     - iio: core: Leave private pointer NULL when no private data supplied
     - greybus: lights: check return of get_channel_from_mode
     - f2fs: multidev: fix to recognize valid zero block address
     - f2fs: fix to wait on page writeback in __clone_blkaddrs()
     - counter: linux/counter.h: fix Excess kernel-doc description warning
     - perf annotate: Get rid of duplicate --group option item
     - soundwire: cadence: fix invalid PDI offset
     - dmaengine: idma64: Add check for dma_set_max_seg_size
     - firmware: dmi-id: add a release callback function
     - serial: max3100: Lock port->lock when calling uart_handle_cts_change()
     - serial: max3100: Update uart_driver_registered on driver removal
     - serial: max3100: Fix bitwise types
     - greybus: arche-ctrl: move device table to its right location
     - PCI: tegra194: Fix probe path for Endpoint mode
     - serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
     - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
     - [arm64] dts: meson: fix S4 power-controller node
     - perf tests: Make "test data symbol" more robust on Neoverse N1
     - dt-bindings: PCI: rcar-pci-host: Add optional regulators
     - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
     - f2fs: compress: fix to relocate check condition in
       f2fs_{release,reserve}_compress_blocks()
     - f2fs: compress: fix to relocate check condition in
       f2fs_ioc_{,de}compress_file()
     - f2fs: fix typos in comments
     - f2fs: fix to relocate check condition in f2fs_fallocate()
     - f2fs: fix to check pinfile flag in f2fs_move_file_range()
     - iio: adc: stm32: Fixing err code to not indicate success
     - coresight: etm4x: Fix unbalanced pm_runtime_enable()
     - perf docs: Document bpf event modifier
     - iio: pressure: dps310: support negative temperature values
     - coresight: etm4x: Do not hardcode IOMEM access for register restore
     - coresight: etm4x: Do not save/restore Data trace control registers
     - coresight: etm4x: Safe access for TRCQCLTR
     - coresight: etm4x: Fix access to resource selector registers
     - fpga: region: add owner module and take its refcount
     - microblaze: Remove gcc flag for non existing early_printk.c file
     - microblaze: Remove early printk call from cpuinfo-static.c
     - perf intel-pt: Fix unassigned instruction op (discovered by
       MemorySanitizer)
     - ovl: remove upper umask handling from ovl_create_upper()
     - VMCI: Fix an error handling path in vmci_guest_probe_device()
     - dt-bindings: pinctrl: mediatek: mt7622: fix array properties
     - watchdog: bd9576: Drop "always-running" property
     - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
     - usb: gadget: u_audio: Fix race condition use of controls after free during
       gadget unbind.
     - usb: gadget: u_audio: Clear uac pointer when freed.
     - stm class: Fix a double free in stm_register_device()
     - ppdev: Remove usage of the deprecated ida_simple_xx() API
     - ppdev: Add an error check in register_device (CVE-2024-36015)
     - perf bench internals inject-build-id: Fix trap divide when collecting just
       one DSO
     - perf ui browser: Don't save pointer to stack memory
     - extcon: max8997: select IRQ_DOMAIN instead of depending on it
     - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
     - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
     - perf ui browser: Avoid SEGV on title
     - perf report: Avoid SEGV in report__setup_sample_type()
     - f2fs: compress: fix to update i_compr_blocks correctly
     - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/
       cp_rwsem lock
     - f2fs: fix to release node block count in error path of
       f2fs_new_node_page()
     - f2fs: compress: don't allow unaligned truncation on released compress
       inode
     - serial: sh-sci: protect invalidating RXDMA on shutdown
     - libsubcmd: Fix parse-options memory leak
     - perf daemon: Fix file leak in daemon_session__control
     - f2fs: fix to add missing iput() in gc_data_segment()
     - perf stat: Don't display metric header for non-leader uncore events
     - [s390x] vdso: filter out mno-pic-data-is-text-relative cflag
     - [s390x] vdso64: filter out munaligned-symbols flag for vdso
     - [s390x] vdso: Generate unwind information for C modules
     - [s390x] vdso: Use standard stack frame layout
     - [s390x] ipl: Fix incorrect initialization of len fields in nvme reipl
       block
     - [s390x] ipl: Fix incorrect initialization of nvme dump block
     - [s390x] boot: Remove alt_stfle_fac_list from decompressor
     - Input: ims-pcu - fix printf string overflow
     - Input: ioc3kbd - convert to platform remove callback returning void
     - Input: ioc3kbd - add device table
     - mmc: sdhci_am654: Add tuning algorithm for delay chain
     - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
     - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
     - mmc: sdhci_am654: Add OTAP/ITAP delay enable
     - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
     - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
     - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
     - [arm64] drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode
       pclk
     - [arm64] drm/msm/dpu: Always flush the slave INTF on the CTL
     - drm/bridge: tc358775: fix support for jeida-18 and jeida-24
     - media: stk1160: fix bounds checking in stk1160_copy_video()
     - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
     - Input: cyapa - add missing input core locking to suspend/resume functions
     - media: flexcop-usb: fix sanity check of bNumEndpoints
     - [powerpc*] pseries: Add failure related checks for h_get_mpp and h_get_ppp
     - media: sunxi: a83-mips-csi2: also select GENERIC_PHY
     - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
     - media: cec: cec-api: add locking in cec_release()
     - media: cec: core: avoid recursive cec_claim_log_addrs
     - media: cec: core: avoid confusing "transmit timed out" message
     - Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
     - [arm64] drm/msm: Enable clamp_to_idle for 7c3
     - [arm64] drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
       fails
     - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
     - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
     - ASoC: mediatek: mt8192: fix register configuration for tdm
     - regulator: bd71828: Don't overwrite runtime voltages
     - perf/arm-dmc620: Fix lockdep assert in ->event_init()
     - [x86] kconfig: Select ARCH_WANT_FRAME_POINTERS again when
       UNWINDER_FRAME_POINTER=y
     - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
     - ipv6: sr: fix missing sk_buff release in seg6_input_core
     - nfc: nci: Fix uninit-value in nci_rx_work
     - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
     - NFSv4: Fixup smatch warning for ambiguous return
     - nfs: keep server info for remounts
     - sunrpc: fix NFSACL RPC retry on soft mount
     - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
     - af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
       (CVE-2024-36972)
     - ipv6: sr: fix memleak in seg6_hmac_init_algo
     - tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
     - pNFS/filelayout: fixup pNfs allocation modes
     - openvswitch: Set the skbuff pkt_type for proper pmtud support.
     - [arm64] asm-bug: Add .align 2 to the end of __BUG_ENTRY
     - rv: Update rv_en(dis)able_monitor doc to match kernel-doc
     - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
     - Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
     - net: fec: avoid lock evasion when reading pps_enable
     - tls: fix missing memory barrier in tls_init
     - inet: factor out locked section of inet_accept() in a new helper
     - net: relax socket state check at accept time.
     - nfc: nci: Fix kcov check in nci_rx_work()
     - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
     - drivers/xen: Improve the late XenStore init protocol
     - ice: Interpret .set_channels() input differently
     - netfilter: nfnetlink_queue: acquire rcu_read_lock() in
       instance_destroy_rcu()
     - netfilter: nft_payload: restore vlan q-in-q match support
     - spi: Don't mark message DMA mapped when no transfer in it is
     - dma-mapping: benchmark: fix node id validation
     - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
     - nvmet: fix ns enable/disable possible hang
     - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
     - net/mlx5: Lag, do bond only if slaves agree on roce state
     - net/mlx5e: Fix IPsec tunnel mode offload feature check
     - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
       exhaustion
     - net/mlx5e: Fix UDP GSO for encapsulated packets
     - dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
     - bpf: Fix potential integer overflow in resolve_btfids
     - ALSA: jack: Use guard() for locking
     - ALSA: core: Remove debugfs at disconnection
     - ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
     - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
     - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
     - enic: Validate length of nl attributes in enic_set_vf_port
     - af_unix: Read sk->sk_hash under bindlock during bind().
     - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
     - bpf: Allow delete from sockmap/sockhash only if update is allowed
     - net:fec: Add fec_enet_deinit()
     - ice: fix accounting if a VLAN already exists
     - netfilter: nft_payload: move struct nft_payload_set definition where it
       belongs
     - netfilter: nft_payload: rebuild vlan header when needed
     - netfilter: nft_payload: rebuild vlan header on h_proto access
     - netfilter: nft_payload: skbuff vlan metadata mangle support
     - netfilter: tproxy: bail out if IP has been disabled on the device
     - netfilter: nft_fib: allow from forward/input without iif selector
     - kconfig: fix comparison to constant symbols, 'm', 'n'
     - [x86] drm/i915/guc: avoid FIELD_PREP warning
     - spi: stm32: Don't warn about spurious interrupts
     - net: dsa: microchip: fix RGMII error in KSZ DSA driver
     - net: ena: Add dynamic recycling mechanism for rx buffers
     - net: ena: Reduce lines with longer column width boundary
     - net: ena: Fix redundant device NUMA node override
     - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
     - [powerpc*] pseries/lparcfg: drop error message from guest name lookup
     - hwmon: (shtc1) Fix property misspelling
     - ALSA: timer: Set lower bound of start tick time
     - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.94
     - drm: Check output polling initialized before disabling (CVE-2024-35927)
     - drm: Check polling initialized before enabling in
       drm_helper_probe_single_connector_modes
     - Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations
     - maple_tree: fix allocation in mas_sparse_area()
     - maple_tree: fix mas_empty_area_rev() null pointer dereference
       (CVE-2024-36891)
     - mmc: core: Do not force a retune before RPMB switch
     - afs: Don't cross .backup mountpoint from backup volume
     - nilfs2: fix use-after-free of timer for log writer thread (CVE-2024-38583)
     - [x86] drm/i915/audio: Fix audio time stamp programming for DP
     - mptcp: avoid some duplicate code in socket option handling
     - mptcp: cleanup SOL_TCP handling
     - mptcp: fix full TCP keep-alive support
     - vxlan: Fix regression when dropping packets due to invalid src addresses
     - scripts/gdb: fix SB_* constants parsing
     - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
     - media: lgdt3306a: Add a check against null-pointer-def
     - drm/amdgpu: add error handle to avoid out-of-bounds
     - bcache: fix variable length array abuse in btree_iter
     - wifi: rtw89: correct aSIFSTime for 6GHz band
     - ata: pata_legacy: make legacy_exit() work again
     - thermal/drivers/qcom/lmh: Check for SCM availability at probe
     - [arm64] soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
     - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
     - [arm64] tegra: Correct Tegra132 I2C alias
     - [arm64] dts: qcom: qcs404: fix bluetooth device address
     - md/raid5: fix deadlock that raid5d() wait for itself to clear
       MD_SB_CHANGE_PENDING
     - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
       firmware command
     - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
     - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
     - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
     - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
     - [arm64] dts: hi3798cv200: fix the size of GICR
     - media: mc: Fix graph walk in media_pipeline_start
     - media: mc: mark the media devnode as registered from the, start
     - media: mxl5xx: Move xpt structures off stack
     - media: v4l2-core: hold videodev_lock until dev reg, finishes
     - mmc: core: Add mmc_gpiod_set_cd_config() function
     - mmc: sdhci: Add support for "Tuning Error" interrupts
     - mmc: sdhci-acpi: Sort DMI quirks alphabetically
     - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
     - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
     - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on
       Asus T100TA
     - fbdev: savage: Handle err return when savagefb_check_var failed
     - drm/amdgpu/atomfirmware: add intergrated info v2.3 table
     - 9p: add missing locking around taking dentry fid list
     - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
     - [arm64] KVM: arm64: Fix AArch32 register narrowing on userspace write
     - [arm64] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
     - [arm64] KVM: arm64: AArch32: Fix spurious trapping of conditional
       instructions
     - crypto: ecdsa - Fix module auto-load on add-key
     - crypto: ecrdsa - Fix module auto-load on add_key
     - [x86] crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
     - mm: fix race between __split_huge_pmd_locked() and GUP-fast
     - scsi: core: Handle devices which return an unusually large VPD page count
     - net/ipv6: Fix route deleting failure when metric equals 0
     - net/9p: fix uninit-value in p9_client_rpc()
     - kmsan: do not wipe out origin when doing partial unpoisoning
     - cpufreq: amd-pstate: Fix the inconsistency in max frequency units
     - [x86] intel_th: pci: Add Meteor Lake-S CPU support
     - mm/cma: drop incorrect alignment check in cma_init_reserved_mem
     - mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid
     - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
     - kdb: Fix buffer overflow during tab-complete
     - kdb: Use format-strings rather than '\0' injection in kdb_read()
     - kdb: Fix console handling when editing and tab-completing commands
     - kdb: Merge identical case statements in kdb_read()
     - kdb: Use format-specifiers rather than memset() for padding in kdb_read()
     - net: fix __dst_negative_advice() race (CVE-2024-36971)
     - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
     - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
     - [s390x] ap: Fix crash in AP internal function modify_bitmap()
     - [s390x] cpacf: Split and rework cpacf query functions
     - [s390x] cpacf: Make use of invalid opcode produce a link error
     - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
     - EDAC/igen6: Convert PCIBIOS_* return codes to errnos
     - nfs: fix undefined behavior in nfs_block_bits()
     - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
     - btrfs: fix crash on racing fsync and size-extending write into prealloc
     - [powerpc*] bpf: enforce full ordering for ATOMIC operations with BPF_FETCH
     - smb: client: fix deadlock in smb2_find_smb_tcon()
     - smp: Provide 'setup_max_cpus' definition on UP too
 .
   [ Uwe Kleine-König ]
   * [arm*] Enable symbols in Raspberry Pi device trees for simplified overlay
     application.
   * d/rules: Let blhc ignore perf tests binaries that are compiled without
     fortification
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 22
   * [rt] Update to 6.1.90-rt30
   * net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (CVE-2024-36974)
linux-signed-i386 (6.1.90+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.90-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
     - amdkfd: use calloc instead of kzalloc to avoid integer overflow
       (CVE-2024-26817)
     - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
     - bnx2x: Fix firmware version string character counts
     - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
     - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
     - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
     - panic: Flush kernel log buffer at the end
     - cpuidle: Avoid potential overflow in integer multiplication
     - [arm64] dts: rockchip: fix rk3328 hdmi ports node
     - [arm64] dts: rockchip: fix rk3399 hdmi ports node
     - ionic: set adminq irq affinity
     - net: skbuff: add overflow debug check to pull/push helpers
     - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
     - pstore/zone: Add a null pointer check to the psz_kmsg_read
     - net: pcs: xpcs: Return EINVAL in the internal methods
     - dma-direct: Leak pages on dma_set_decrypted() failure
     - wifi: ath11k: decrease MHI channel buffer length to 8KB
     - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
     - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
     - btrfs: export: handle invalid inode or root reference in
       btrfs_get_parent()
     - btrfs: send: handle path ref underflow in header iterate_inode_ref()
     - ice: use relative VSI index for VFs instead of PF VSI number
     - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
     - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
     - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
     - [arm64,armhf] drm/vc4: don't check if plane->state->fb == state->fb
     - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
     - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
     - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
     - sysv: don't call sb_bread() with pointers_lock held
     - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
     - isofs: handle CDs with bad root inode but good Joliet root directory
     - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
       laptops
     - rcu-tasks: Repair RCU Tasks Trace quiescence check
     - Julia Lawall reported this null pointer dereference, this should fix it.
     - media: sta2x11: fix irq handler cast
     - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data
       block counter
     - ext4: add a hint for block bitmap corrupt state in mb_groups
     - ext4: forbid commit inconsistent quota data when errors=remount-ro
     - drm/amd/display: Fix nanosec stat overflow
     - drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()
     - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
       unsigned int
     - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
     - libperf evlist: Avoid out-of-bounds access
     - input/touchscreen: imagis: Correct the maximum touch area value
     - block: prevent division by zero in blk_rq_stat_sum()
     - RDMA/cm: add timeout to cm_destroy_id wait
     - Input: imagis - use FIELD_GET where applicable
     - Input: allocate keycode for Display refresh rate toggle
     - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the
       Chuwi Vi8 tablet
     - [x86] perf/x86/amd/lbr: Discard erroneous branch entries
     - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
       environment
     - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
     - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
     - [x86] thunderbolt: Keep the domain powered when USB4 port is in redrive
       mode
     - usb: typec: tcpci: add generic tcpci fallback compatible
     - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
     - thermal/of: Assume polling-delay(-passive) 0 when absent
     - ASoC: soc-core.c: Skip dummy codec when adding platforms
     - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
     - io_uring: clear opcode specific data for an early failure
     - drivers/nvme: Add quirks for device 126f:2262
     - fbmon: prevent division by zero in fb_videomode_from_videomode()
     - netfilter: nf_tables: release batch on table validation from abort path
     - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
       (CVE-2024-26925)
     - netfilter: nf_tables: discard table flag update with pending basechain
       deletion
     - gcc-plugins/stackleak: Avoid .head.text section
     - virtio: reenable config if freezing device failed
     - randomize_kstack: Improve entropy diffusion
     - [x86] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
     - Bluetooth: btintel: Fixe build regression
     - net: mpls: error out if inner headers are not set
     - [x86] VMCI: Fix possible memcpy() run-time warning in
       vmci_datagram_invoke_guest_handler()
     - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
       amdgpu_device_init()"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
     - smb3: fix Open files on server counter going negative
     - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
     - batman-adv: Avoid infinite loop trying to resize local TT
     - ring-buffer: Only update pages_touched when a new page is touched
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
     - PM: s2idle: Make sure CPUs will wakeup directly on resume
     - media: cec: core: remove length check of Timer Status
     - Revert "drm/qxl: simplify qxl_fence_wait" (Closes: #1054514)
     - nouveau: fix function cast warning
     - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
     - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
       file
     - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
     - geneve: fix header validation in geneve[6]_xmit_skb
     - bnxt_en: Reset PTP tx_avail after possible firmware reset
     - af_unix: Clear stale u->oob_skb.
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - Bluetooth: SCO: Fix not validating setsockopt user input
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
     - netfilter: complete validation of user input
     - net/mlx5: Properly link new fs rules into the tree
     - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
     - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
     - net: ena: Fix potential sign extension issue
     - net: ena: Wrong missing IO completions check order
     - net: ena: Fix incorrect descriptor free behavior
     - tracing: hide unused ftrace_event_id_fops
     - [amd64] iommu/vt-d: Allocate local memory for page request queue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - btrfs: record delayed inode root in transaction
     - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
     - io_uring/net: restore msg_control on sendzc retry
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - [x86] drm/i915/vrr: Disable VRR when using bigjoiner
     - drm/ast: Fix soft lockup
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - vhost: Add smp_rmb() in vhost_enable_notify()
     - [x86] perf/x86: Fix out of range data
     - [x86] cpu: Actually turn off mitigations by default for
       SPECULATION_MITIGATIONS=n
     - [x86] apic: Force native_apic_mem_read() to use the MOV instruction
     - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
     - [x86] bugs: Fix return type of spectre_bhi_state()
     - [x86] bugs: Fix BHI documentation
     - [x86] bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
     - [x86] bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
     - [x86] bugs: Fix BHI handling of RRSBA
     - [x86] bugs: Clarify that syscall hardening isn't a BHI mitigation
     - [x86] bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
     - [x86] bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
       CONFIG_MITIGATION_SPECTRE_BHI
     - [x86] drm/i915/cdclk: Fix CDCLK programming order when pipes are active
     - [x86] drm/i915: Disable port sync when bigjoiner is used
     - drm/amdgpu: Reset dGPU if suspend got aborted
     - drm/amdgpu: always force full reset for SOC21
     - drm/amd/display: fix disable otg wa logic in DCN316
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.88
     - drm/vmwgfx: Enable DMA mappings with SEV
     - drm/amdgpu: fix incorrect active rb bitmap for gfx11
     - drm/amdgpu: fix incorrect number of active RBs for gfx11
     - drm/amd/display: Do not recursively call manual trigger programming
     - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
       failure
     - SUNRPC: Fix rpcgss_context trace event acceptor field
     - random: handle creditable entropy from atomic process context
     - net: usb: ax88179_178a: avoid writing the mac address before first reading
     - [x86] drm/i915/vma: Fix UAF on destroy against retire race
     - [x86] efi: Drop EFI stub .bss from .data section
     - [x86] efi: Disregard setup header of loaded image
     - [x86] efistub: Reinstate soft limit for initrd loading
     - [x86] efi: Drop alignment flags from PE section headers
     - [x86] boot: Remove the 'bugger off' message
     - [x86] boot: Omit compression buffer from PE/COFF image memory footprint
     - [x86] boot: Drop redundant code setting the root device
     - [x86] boot: Drop references to startup_64
     - [x86] boot: Grab kernel_info offset from zoffset header directly
     - [x86] boot: Set EFI handover offset directly in header asm
     - [x86] boot: Define setup size in linker script
     - [x86] boot: Derive file size from _edata symbol
     - [x86] boot: Construct PE/COFF .text section from assembler
     - [x86] boot: Drop PE/COFF .reloc section
     - [x86] boot: Split off PE/COFF .data section
     - [x86] boot: Increase section and file alignment to 4k/512
     - [x86] efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
     - [x86] mm: Remove P*D_PAGE_MASK and P*D_PAGE_SIZE macros
     - [x86] head/64: Add missing __head annotation to startup_64_load_idt()
     - [x86] head/64: Move the __head definition to <asm/init.h>
     - [x86] sme: Move early SME kernel encryption handling into .head.text
     - [x86] sev: Move early startup code into .head.text section
     - [x86] efistub: Remap kernel text read-only before dropping NX attribute
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
     - netfilter: br_netfilter: skip conntrack input hook for promisc packets
     - netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
     - netfilter: flowtable: validate pppoe header
     - netfilter: flowtable: incorrect pppoe tuple
     - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
     - af_unix: Don't peek OOB data without MSG_OOB.
     - net/mlx5: Lag, restore buckets number to default after hash LAG
       deactivation
     - net/mlx5e: Prevent deadlock while disabling aRFS
     - ice: tc: allow zero flags in parsing tc flower
     - tun: limit printing rate when illegal packet received by tun dev
     - [arm64] net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before
       using them
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/cm: Print the old state when cm_destroy_id gets timeout
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - [s390x] qdio: handle deferred cc1
     - [s390x] cio: fix race condition during online processing
     - drm: nv04: Fix out of bounds access
     - [armhf] omap2: n8x0: stop instantiating codec platform data
     - PCI: Avoid FLR for SolidRun SNET DPU rev 1
     - HID: kye: Sort kye devices
     - usb: pci-quirks: Reduce the length of a spinlock section in
       usb_amd_find_chipset_info()
     - PCI: Delay after FLR of Solidigm P44 Pro NVMe
     - [x86] quirks: Include linux/pnp.h for arch_pnpbios_disabled()
     - [x86] thunderbolt: Log function name of the called quirk
     - [x86] thunderbolt: Add debug log for link controller power quirk
     - PCI: Execute quirk_enable_clear_retrain_link() earlier
     - ALSA: scarlett2: Move USB IDs out from device_info struct
     - ALSA: scarlett2: Add support for Clarett 8Pre USB
     - ASoC: ti: Convert Pandora ASoC to GPIO descriptors
     - ALSA: scarlett2: Default mixer driver to enabled
     - ALSA: scarlett2: Add correct product series name to messages
     - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
     - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
     - PCI/DPC: Use FIELD_GET()
     - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word()
     - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2
     - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
     - usb: xhci: Add timeout argument in address_device USB HCD callback
     - usb: new quirk to reduce the SET_ADDRESS request timeout
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - clk: remove unnecessary (void*) conversions
     - clk: Show active consumers of clocks in debugfs
     - clk: Get runtime PM before walking tree for clk_summary
     - [x86] bugs: Fix BHI retpoline check
     - [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
     - [arm*] binder: check offset alignment in binder_get_object()
       (CVE-2024-26926)
     - [x86] thunderbolt: Avoid notify PM core about runtime PM resume
     - [x86] thunderbolt: Fix wake configurations after device unplug
     - [x86] comedi: vmk80xx: fix incomplete endpoint checking
     - [armhf] serial: stm32: Return IRQ_NONE in the ISR if no handling happend
     - [armhf] serial: stm32: Reset .throttled state in .startup()
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - Revert "usb: cdc-wdm: close race between read and workqueue"
     - [arm64,armhf] usb: dwc2: host: Fix dereference issue in DDMA completion
       flow.
     - usb: Disable USB3 LPM at shutdown
     - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
       error
     - mei: me: disable RPL-S on SPS and IGN firmwares
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - [x86] KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel
       compatible
     - [x86] KVM: x86/pmu: Disable support for adaptive PEBS
     - [x86] KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
     - [arm64] hibernate: Fix level3 translation fault in swsusp_save()
     - init/main.c: Fix potential static_command_line memory overflow
     - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
       (CVE-2024-26922)
     - drm/vmwgfx: Sort primary plane formats by order of preference
     - drm/vmwgfx: Fix crtc's atomic check conditional
     - nouveau: fix instmem race condition around ptr stores
     - bootconfig: use memblock_free_late to free xbc memory to buddy
     - nilfs2: fix OOB in nilfs_set_de_type
     - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - ksmbd: common: use struct_group_attr instead of struct_group for
       network_open_info
     - PCI/ASPM: Fix deadlock when enabling ASPM (CVE-2024-26605)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.89
     - Revert "ASoC: ti: Convert Pandora ASoC to GPIO descriptors"
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
     - smb: client: fix rename(2) regression against samba
     - cifs: reinstate original behavior again for forceuid/forcegid
     - [amd64] HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
       dev->devc
     - HID: logitech-dj: allow mice to use all types of reports
     - wifi: iwlwifi: mvm: remove old PASN station when adding a new one
     - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
     - vxlan: drop packets from invalid src-address
     - icmp: prevent possible NULL dereferences from icmp_build_probe()
     - bridge/br_netlink.c: no need to return void function
     - bnxt_en: refactor reset close code
     - bnxt_en: Fix the PCI-AER routines
     - NFC: trf7970a: disable all regulators on removal
     - ax25: Fix netdev refcount issue
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
     - ipv4: check for NULL idev in ip_route_use_hint()
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
     - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
     - Bluetooth: qca: set power_ctrl_enabled on NULL returned by
       gpiod_get_optional()
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - eth: bnxt: fix counting packets discarded due to OOM and netpoll
     - netfilter: nf_tables: honor table dormant flag from netdev release event
       path
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - i40e: Report MFS in decimal base instead of hex
     - iavf: Fix TC config comparison with existing adapter TC config
     - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - cifs: Replace remaining 1-element arrays (Closes: #1069102, #1069092)
     - Revert "crypto: api - Disallow identical driver names"
     - virtio_net: Do not send RSS key if it is not supported
     - fork: defer linking file vma until vma is fully initialized
       (CVE-2024-27022)
     - [x86] cpu: Fix check for RDPKRU in __show_regs()
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - Bluetooth: qca: fix NULL-deref on non-serdev suspend
     - [arm64] mmc: sdhci-msm: pervent access to suspended controller
     - smb: client: Fix struct_group() usage in __packed structs
     - smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
     - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - cpu: Re-enable CPU mitigations by default for !X86 architectures
     - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ACPI: CPPC: Use access_width over bit_width for system memory accesses
     - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
     - ACPI: CPPC: Fix access width used for PCC registers
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - fbdev: fix incorrect address computation in deferred IO
     - udp: preserve the connected status if only UDP cmsg
     - mtd: diskonchip: work around ubsan link failure
     - [x86] tdx: Preserve shared bit on mprotect()
     - [x86] idma64: Don't try to serve interrupts when device is powered off
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix out of bounds read
     - [arm64,armhf] phy: marvell: a3700-comphy: Fix hardcoded array size
     - [arm64] phy: rockchip-snps-pcie3: fix bifurcation on rk3588
     - [arm64] phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits
     - [amd64] dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
     - i2c: smbus: fix NULL function pointer dereference
     - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
     - macsec: Enable devices to advertise whether they update sk_buff md_dst
       during offloads
     - macsec: Detect if Rx skb is macsec-related for offloading devices that
       update md_dst
     - net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for
       MACsec
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 21
   * drivers/tty: Disable N_GSM
   * tipc: fix UAF in error path
   * tipc: fix a possible memleak in tipc_buf_append
linux-signed-i386 (6.1.90+1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Sign kernel from linux 6.1.90-1~bpo11+1
 .
   * Rebuild for bullseye-backports:
     - Set ABI to 0.deb11.21
linux-signed-i386 (6.1.85+1) bookworm-security; urgency=high
 .
   * Sign kernel from linux 6.1.85-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
     - md: fix data corruption for raid456 when reshape restart while grow up
     - md/raid10: prevent soft lockup while flush writes
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - nfsd: allow nfsd_file_get to sanely handle a NULL pointer
     - nfsd: don't open-code clear_and_wake_up_bit
     - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
     - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
     - nfsd: don't kill nfsd_files because of lease break error
     - nfsd: add some comments to nfsd_file_do_acquire
     - nfsd: don't take/put an extra reference when putting a file
     - nfsd: update comment over __nfsd_file_cache_purge
     - nfsd: allow reaping files still under writeback
     - NFSD: Convert filecache to rhltable
     - nfsd: simplify the delayed disposal list code
     - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
     - NFSD: Add an nfsd4_encode_nfstime4() helper
     - nfsd: Fix creation time serialization order
     - [arm64] media: rkisp1: Fix IRQ handling due to shared interrupts
     - perf/arm-cmn: Workaround AmpereOneX errata AC04_MESH_1 (incorrect child
       count)
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
     - [x86] xen: Add some null pointer checking to smp.c
     - [mips*] Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - [arm64] sve: Lower the maximum allocation for the SVE ptrace regset
     - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - [arm64] dts: Fix dtc interrupt_provider warnings
     - btrfs: fix data races when accessing the reserved amount of block reserves
     - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
     - net: smsc95xx: add support for SYS TEC USB-SPEmodule1
     - wifi: mac80211: only call drv_sta_rc_update for uploaded stations
     - [x86] ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - [x86] ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
     - Bluetooth: mgmt: Fix limited discoverable off timeout
     - firewire: core: use long bus reset on gap count error
     - [arm64] tegra: Set the correct PHY mode for MGBE
     - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
       tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - [x86] ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - [x86] ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - [x86] ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - fs: Fix rw_hint validation
     - [s390x] dasd: add autoquiesce feature
     - [s390x] dasd: Use dev_*() for device log messages
     - [s390x] dasd: fix double module refcount decrement
     - rcu/exp: Fix RCU expedited parallel grace period kworker allocation
       failure recovery
     - rcu/exp: Handle RCU expedited grace period kworker allocation failure
     - nbd: null check for nla_nest_start
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
     - io_uring/net: move receive multishot out of the generic msghdr path
     - io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
     - [x86] resctrl: Implement new mba_MBps throttling heuristic
     - [x86] sme: Fix memory encryption setting if enabled by default and not
       overridden
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_smt()
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: do not realloc workqueue everytime an interface is added
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - libbpf: Apply map_set_def_max_entries() for inner_maps on creation
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - libbpf: Fix faccessat() usage on Android
     - pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL
       i.MX8MM
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pullups for onboard UART signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL OSM-S board
     - [arm64] dts: imx8mm-kontron: Disable pull resistors for SD card signals on
       BL board
     - [arm64] dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
     - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - gpio: vf610: allow disabling the vf610 driver
     - [arm64] dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - wifi: wfx: fix memory leak when starting AP
     - printk: Disable passing console lock owner completely during panic()
     - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
     - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
     - tools/resolve_btfids: Fix cross-compilation to non-host endianness
     - wifi: iwlwifi: mvm: don't set replay counters to 0xff
     - [s390x] pai: fix attr_event_free upper limit for pai device drivers
     - [s390x] vdso: drop '-fPIC' from LDFLAGS
     - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
     - [arm64] dts: mt8183: kukui: Split out keyboard node and describe
       detachables
     - [arm64] dts: mt8183: Move CrosEC base detection node to kukui-based DTs
     - [arm64] dts: mediatek: mt7986: add "#reset-cells" to infracfg
     - [arm64] dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
     - [arm64] dts: mediatek: mt8192: fix vencoder clock name
     - [arm64] dts: mediatek: mt7622: add missing "device_type" to memory nodes
     - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
     - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
       interfaces
     - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
     - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
     - [amd64] iommu/amd: Mark interrupt as managed
     - wifi: brcmsmac: avoid function pointer casts
     - [arm64] dts: qcom: sdm845-db845c: correct PCIe wake-gpios
     - [arm64] dts: qcom: sm8150: use 'gpios' suffix for PCI GPIOs
     - [arm64] dts: qcom: sm8150: correct PCIe wake-gpios
     - powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
     - net: ena: Remove ena_select_queue
     - [arm64] dts: mt8195-cherry-tomato: change watchdog reset boot flow
     - firmware: arm_scmi: Fix double free in SMC transport cleanup path
     - wifi: wilc1000: revert reset line logic flip
     - net: mctp: copy skb ext data when fragmenting
     - pstore: inode: Convert mutex usage to guard(mutex)
     - pstore: inode: Only d_invalidate() is needed
     - [arm64] dts: allwinner: h6: Add RX DMA channel for SPDIF
     - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
     - ACPI: resource: Do IRQ override on Lunnen Ground laptops
     - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
     - ACPI: scan: Fix device check notification handling
     - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
     - SUNRPC: fix some memleaks in gssx_dec_option_array
     - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
       .remove function
     - ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
     - wifi: rtw88: 8821c: Fix beacon loss and disconnect
     - wifi: rtw88: 8821c: Fix false alarm count
     - PCI: Make pci_dev_is_disconnected() helper public for other drivers
     - [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
       disconnected
     - igb: Fix missing time sync events
     - Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
     - Bluetooth: mgmt: Remove leftover queuing of power_off work
     - Bluetooth: Remove superfluous call to hci_conn_check_pending()
     - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
     - Bluetooth: Cancel sync command before suspend and power off
     - Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running
     - Bluetooth: hci_conn: Consolidate code for aborting connections
     - Bluetooth: hci_core: Cancel request on command timeout
     - Bluetooth: hci_sync: Fix overwriting request callback
     - Bluetooth: hci_core: Fix possible buffer overflow
     - Bluetooth: af_bluetooth: Fix deadlock
     - Bluetooth: fix use-after-free in accessing skb after sending it
     - [s390x] cache: prevent rebuild of shared_cpu_list
     - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
     - bpf: Fix hashtab overflow check on 32-bit arches
     - bpf: Fix stackmap overflow check on 32-bit arches
     - [amd64] iommu/vt-d: Retrieve IOMMU perfmon capability information
     - ipv6: fib6_rules: flush route cache when rule is changed
     - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
     - net: phy: fix phy_get_internal_delay accessing an empty array
     - [arm64] net: hns3: fix wrong judgment condition issue
     - [arm64] net: hns3: fix kernel crash when 1588 is received on HIP08 devices
     - [arm64] net: hns3: fix port duplex configure error in IMP reset
     - Bluetooth: MGMT: Fix always using HCI_MAX_AD_LENGTH
     - Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
     - Bluetooth: Fix eir name length
     - net: phy: dp83822: Fix RGMII TX delay configuration
     - OPP: debugfs: Fix warning around icc_get_name()
     - tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
       function
     - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
       function
     - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
       function
     - udp: fix incorrect parameter validation in the udp_lib_getsockopt()
       function
     - net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
       function
     - nfp: flower: handle acti_netdevs allocation failure
     - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
     - dm raid: fix false positive for requeue needed during reshape
     - dm: call the resume method on internal suspend
     - [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
     - [arm64,armhf] drm/tegra: dpaux: Fix PM disable depth imbalance in
       tegra_dpaux_probe
     - [arm64,armhf] drm/tegra: dsi: Make use of the helper function
       dev_err_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
       tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
       error handling path of tegra_dsi_probe()
     - [arm64,armhf] drm/tegra: hdmi: Convert to devm_platform_ioremap_resource()
     - [arm64,armhf] drm/tegra: hdmi: Fix some error handling paths in
       tegra_hdmi_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix some error handling paths in
       tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: rgb: Fix missing clk_put() in the error handling
       paths of tegra_dc_rgb_probe()
     - [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
       error handling paths of tegra_output_probe()
     - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
     - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
     - drm/panel-edp: use put_sync in unprepare
     - drm/lima: fix a memleak in lima_heap_alloc
     - [x86] ASoC: amd: acp: Add missing error handling in sof-mach
     - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
     - media: tc358743: register v4l2 async device only after successful setup
     - PCI/DPC: Print all TLP Prefixes, not just the first
     - perf record: Fix possible incorrect free in record__switch_output()
     - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
     - drm/amd/display: Fix a potential buffer overflow in
       'dp_dsc_clock_en_read()'
     - drm/amd/display: Fix potential NULL pointer dereferences in
       'dcn10_set_output_transfer_func()'
     - pinctrl: renesas: r8a779g0: Add Audio SSI pins, groups, and functions
     - pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
     - clk: samsung: exynos850: Propagate SPI IPCLK rate change
     - perf evsel: Fix duplicate initialization of data->id in
       evsel__parse_sample()
     - clk: meson: Add missing clocks to axg_clk_regmaps
     - media: em28xx: annotate unchecked call to media_device_register()
     - media: v4l2-tpg: fix some memleaks in tpg_alloc
     - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
     - media: edia: dvbdev: fix a use-after-free
     - clk: qcom: reset: Commonize the de/assert functions
     - clk: qcom: reset: Ensure write completion on reset de/assertion
     - quota: simplify drop_dquot_ref()
     - quota: Fix potential NULL pointer dereference
     - quota: Fix rcu annotations of inode dquot pointers
     - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
     - crypto: xilinx - call finalize with bh disabled
     - perf thread_map: Free strlist on normal path in
       thread_map__new_by_tid_str()
     - [arm64] drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
     - [arm64] drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is
       enabled
     - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
     - ALSA: seq: fix function cast warnings
     - perf stat: Avoid metric-only segv
     - [arm64,armhf] ASoC: meson: aiu: fix function pointer type mismatch
     - [arm64,armhf] ASoC: meson: t9015: fix function pointer type mismatch
     - [powerpc*] Force inlining of arch_vmap_p{u/m}d_supported()
     - [x86] ASoC: SOF: Introduce container struct for SOF firmware
     - [x86] ASoC: SOF: Add some bounds checking to firmware data
     - NTB: EPF: fix possible memory leak in pci_vntb_probe()
     - NTB: fix possible name leak in ntb_register_device()
     - media: cedrus: h265: Associate mv col buffers with buffer
     - media: cedrus: h265: Fix configuring bitstream size
     - media: sun8i-di: Fix coefficient writes
     - media: sun8i-di: Fix power on/off sequences
     - media: sun8i-di: Fix chroma difference threshold
     - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
     - media: go7007: add check of return value of go7007_read_addr()
     - media: pvrusb2: remove redundant NULL check
     - media: pvrusb2: fix pvr2_stream_callback casts
     - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
     - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
     - clk: hisilicon: hi3519: Release the correct number of gates in
       hi3519_clk_unregister()
     - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
     - [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
       tegra_fb_create
     - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
     - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
       a ref
     - crypto: jitter - fix CRYPTO_JITTERENTROPY help text
     - drm/tidss: Fix initial plane zpos values
     - drm/tidss: Fix sync-lost issue with two displays
     - mtd: maps: physmap-core: fix flash size larger than 32-bit
     - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: fix mclk setup without
       mclk-fs
     - [arm64,armhf] ASoC: meson: axg-tdm-interface: add frame rate constraint
     - HID: amd_sfh: Update HPD sensor structure elements
     - HID: amd_sfh: Avoid disabling the interrupt
     - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
     - media: pvrusb2: fix uaf in pvr2_context_set_notify
     - media: dvb-frontends: avoid stack overflow warnings with clang
     - media: go7007: fix a memleak in go7007_load_encoder
     - media: ttpci: fix two memleaks in budget_av_attach
     - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
     - gpio: nomadik: fix offset bug in nmk_pmx_set()
     - [powerpc*] pseries: Fix potential memleak in papr_get_attr()
     - [powerpc*] hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value
       checks
     - [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
     - modules: wait do_free_init correctly
     - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
     - leds: aw2013: Unlock mutex before destroying it
     - leds: sgm3140: Add missing timer cleanup and flash gpio control
     - backlight: lm3630a: Initialize backlight_properties on init
     - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
     - backlight: da9052: Fully initialize backlight_properties during probe
     - backlight: lm3639: Fully initialize backlight_properties during probe
     - backlight: lp8788: Fully initialize backlight_properties during probe
     - clk: Fix clk_core_get NULL dereference
     - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
     - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
     - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
     - RDMA/irdma: Allow accurate reporting on QP max send/recv WR
     - RDMA/irdma: Remove duplicate assignment
     - RDMA/srpt: Do not register event handler until srpt device is fully setup
     - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
     - f2fs: compress: fix to guarantee persisting compressed blocks by CP
     - f2fs: compress: fix to cover normal cluster write with cp_rwsem
     - f2fs: compress: fix to check unreleased compressed cluster
     - f2fs: simplify __allocate_data_block
     - f2fs: delete obsolete FI_FIRST_BLOCK_WRITTEN
     - f2fs: delete obsolete FI_DROP_CACHE
     - f2fs: introduce get_dnode_addr() to clean up codes
     - f2fs: update blkaddr in __set_data_blkaddr() for cleanup
     - f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
     - f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
     - f2fs: fix to avoid potential panic during recovery
     - scsi: csiostor: Avoid function pointer casts
     - [arm64] RDMA/hns: Fix mis-modifying default congestion control algorithm
     - RDMA/device: Fix a race between mad_client and cm_client init
     - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
     - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
     - f2fs: compress: fix to check zstd compress level correctly in mount option
     - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
     - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
     - NFSv4.2: fix listxattr maximum XDR buffer size
     - f2fs: compress: fix to check compress flag w/ .i_sem lock
     - f2fs: check number of blocks in a current section
     - watchdog: stm32_iwdg: initialize default timeout
     - f2fs: ro: compress: fix to avoid caching unaligned extent
     - NFS: Fix an off by one in root_nfs_cat()
     - f2fs: convert to use sbi directly
     - f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
     - f2fs: compress: fix reserve_cblocks counting error when out of space
     - [x86] perf/x86/amd/core: Avoid register reset when CPU is dead
     - afs: Revert "afs: Hide silly-rename files from userspace"
     - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
     - io_uring/net: correct the type of variable
     - comedi: comedi_test: Prevent timers rescheduling during deletion
     - [armhf] remoteproc: stm32: use correct format strings on 64-bit
     - [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
     - [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
       stm32_rproc_get_loaded_rsc_tablef
     - usb: phy: generic: Get the vbus supply
     - tty: vt: fix 20 vs 0x20 typo in EScsiignore
     - serial: max310x: fix syntax error in IRQ error message
     - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
     - [arm64] dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
     - hwtracing: hisi_ptt: Move type check to the beginning of
       hisi_ptt_pmu_event_init()
     - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
     - serial: 8250_exar: Don't remove GPIO device on suspend
     - staging: greybus: fix get_channel_from_mode() failure path
     - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
     - nouveau: reset the bo resource bus info after an eviction
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
     - [s390x] vtime: fix average steal time calculation
     - net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check (CVE-2024-26815)
     - soc: fsl: dpio: fix kcalloc() argument order
     - tcp: Fix refcnt handling in __inet_hash_connect().
     - hsr: Fix uninit-value access in hsr_get_node()
     - nvme: only set reserved_tags in nvme_alloc_io_tag_set for fabrics
       controllers
     - nvme: add the Apple shared tag workaround to nvme_alloc_io_tag_set
     - nvme: fix reconnection fail due to reserved tag allocation
     - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
     - net: ethernet: mtk_eth_soc: fix PPE hanging issue
     - packet: annotate data-races around ignore_outgoing
     - net: veth: do not manipulate GRO when using XDP
     - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
     - drm: Fix drm_fixp2int_round() making it add 0.5
     - vdpa_sim: reset must not run
     - vdpa/mlx5: Allow CVQ size changes
     - wireguard: receive: annotate data-race around receiving_counter.counter
     - rds: introduce acquire/release ordering in acquire/release_in_xmit()
     - hsr: Handle failures in module init
     - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
     - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
     - dm-integrity: fix a memory leak when rechecking the data
     - net/bnx2x: Prevent access to a freed page in page_pool
     - netfilter: nft_set_pipapo: release elements in clone only from destroy
       path (CVE-2024-26809)
     - netfilter: nf_tables: do not compare internal table flags on updates
     - rcu: add a helper to report consolidated flavor QS
     - net: report RCU QS on threaded NAPI repolling
     - bpf: report RCU QS in cpumap kthread
     - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
     - net: dsa: mt7530: fix handling of all link-local frames
     - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
     - dm: address indent/space issues
     - dm io: Support IO priority
     - dm-integrity: align the outgoing bio in integrity_recheck
     - [armhf] remoteproc: stm32: fix incorrect optional pointers
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
     - [x86] cpu: Support AMD Automatic IBRS
     - [x86] bugs: Use sysfs_emit()
     - [x86] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
       leafs
     - [x86] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - [x86] KVM: x86: Use a switch statement and macros in __feature_translate()
     - timers: Update kernel-doc for various functions
     - timers: Use del_timer_sync() even on UP
     - timers: Rename del_timer_sync() to timer_delete_sync()
     - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
     - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
     - [arm64] dts: qcom: sc7280: Add additional MSI interrupts
     - [arm64,armhf] remoteproc: virtio: Fix wdg cannot recovery remote processor
     - [arm64] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
     - [armhf] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
     - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
     - serial: max310x: fix NULL pointer dereference in I2C instantiation
     - pci_iounmap(): Fix MMIO mapping leak
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
     - media: mc: Add local pad to pipeline regardless of the link state
     - media: mc: Fix flags handling when creating pad links
     - media: mc: Add num_links flag to media_pad
     - media: mc: Rename pad variable to clarify intent
     - media: mc: Expand MUST_CONNECT flag to always require an enabled link
     - KVM: Always flush async #PF workqueue when vCPU is being destroyed
     - [x86] cpufreq: amd-pstate: Fix min_perf assignment in
       amd_pstate_adjust_perf()
     - [powerpc*] smp: Adjust nr_cpu_ids to cover all threads of a core
     - [powerpc*] smp: Increase nr_cpu_ids to include the boot CPU
     - [x86] crypto: qat - fix double free during reset
     - [x86] crypto: qat - resolve race condition during AER recovery
     - ext4: correct best extent lstart adjustment logic
     - block: Clear zone limits for a non-zoned stacked queue
     - bounds: support non-power-of-two CONFIG_NR_CPUS
     - fat: fix uninitialized field in nostale filehandles
     - ubifs: Set page uptodate in the correct place
     - ubi: Check for too small LEB size in VTBL code
     - ubi: correct the calculation of fastmap size
     - md/raid5: fix atomicity violation in raid5_cache_count
     - cpufreq: Limit resolving a frequency to policy min/max
     - PM: suspend: Set mem_sleep_current during kernel command line setup
     - usb: xhci: Add error handling in xhci_map_urb_for_dma
     - [powerpc*] fsl: Fix mfpmr build errors with newer binutils
     - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
     - USB: serial: add device ID for VeriFone adapter
     - USB: serial: cp210x: add ID for MGP Instruments PDS100
     - USB: serial: option: add MeiG Smart SLM320 product
     - [x86] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
     - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
     - PM: sleep: wakeirq: fix wake irq warning in system suspend
     - mmc: tmio: avoid concurrent runs of mmc_request_done()
     - fuse: fix root lookup with nonzero generation
     - fuse: don't unhash root
     - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
     - serial: Lock console when calling into driver before registration
     - btrfs: qgroup: always free reserved space for extent records
     - btrfs: fix off-by-one chunk length calculation at
       contains_pending_extent()
     - PCI/PM: Drain runtime-idle callbacks before driver removal
     - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
     - dm-raid: fix lockdep waring in "pers->hot_add_disk"
     - [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
     - mac802154: fix llsec key resources release in mac802154_llsec_key_del
     - swap: comments get_swap_device() with usage rule
     - mm: swap: fix race between free_swap_and_cache() and swapoff()
     - mmc: core: Fix switch on gp3 partition
     - [arm64,armhf] drm/etnaviv: Restore some id values
     - landlock: Warn once if a Landlock action is requested while disabled
     - hwmon: (amc6821) add of_match table
     - ext4: fix corruption during on-line resize
     - nvmem: meson-efuse: fix function pointer type mismatch
     - slimbus: core: Remove usage of the deprecated ida_simple_xx() API
     - phy: tegra: xusb: Add API to retrieve the port number of phy
     - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
     - speakup: Fix 8bit characters from direct synth
     - PCI/AER: Block runtime suspend when handling errors
     - io_uring/net: correctly handle multishot recvmsg retry setup
     - nfs: fix UAF in direct writes
     - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
     - [arm64] PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP
       version
     - [arm64] PCI: qcom: Enable BDF to SID translation properly
     - [amd64,arm64] PCI: hv: Fix ring buffer size calculation
     - vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations
     - vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable
     - vfio/pci: Remove negative check on unsigned vector
     - vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
     - vfio/platform: Disable virqfds on cleanup
     - ksmbd: retrieve number of blocks using vfs_getattr in
       set_file_allocation_info
     - ring-buffer: Fix waking up ring buffer readers
     - ring-buffer: Do not set shortest_full when full target is hit
     - ring-buffer: Fix resetting of shortest_full
     - ring-buffer: Fix full_waiters_pending in poll
     - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
     - [s390x] zcrypt: fix reference counting on zcrypt card objects
     - drm/probe-helper: warn about negative .get_modes()
     - drm/panel: do not return negative error codes from drm_panel_get_modes()
     - [armhf] drm/exynos: do not return negative values from .get_modes()
     - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
     - [arm64,armhf] drm/vc4: hdmi: do not return negative values from
       .get_modes()
     - memtest: use {READ,WRITE}_ONCE in memory scanning
     - Revert "block/mq-deadline: use correct way to throttling write requests"
     - f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
     - f2fs: truncate page cache before clearing flags when aborting atomic write
     - nilfs2: fix failure to detect DAT corruption in btree and direct mappings
     - nilfs2: prevent kernel bug at submit_bh_wbc()
     - cifs: open_cached_dir(): add FILE_READ_EA to desired access
     - cpufreq: dt: always allocate zeroed cpumask
     - [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
     - NFSD: Fix nfsd_clid_class use of __string_len() macro
     - net: hns3: tracing: fix hclgevf trace event strings
     - wireguard: netlink: check for dangling peer via is_dead instead of empty
       list
     - wireguard: netlink: access device through ctx instead of peer
     - ahci: asm1064: correct count of reported ports
     - ahci: asm1064: asm1166: don't limit reported ports
     - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
     - drm/amd/display: Return the correct HDCP error code
     - drm/amd/display: Fix noise issue on HDMI AV mute
     - dm snapshot: fix lockup in dm_exception_table_exit
     - [x86] pm: Work around false positive kmemleak report in
       msr_build_context()
     - cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
       return value"
     - [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
       (Closes: #1065320)
     - tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout (CVE-2024-26643)
     - netfilter: nf_tables: disallow anonymous set with timeout flag
       (CVE-2024-26642)
     - netfilter: nf_tables: reject constant set with timeout
     - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
       memory
     - init/Kconfig: lower GCC version check for -Warray-bounds
     - [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
     - [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
       svm_register_enc_region()
     - tracing: Use .flush() call to wake up readers
     - drm/amdgpu/pm: Fix the error of pwm1_enable setting
     - [x86] drm/i915: Check before removing mm notifier
     - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
       ALC897 platform
     - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
     - usb: gadget: ncm: Fix handling of zero block length packets
     - usb: port: Don't try to peer unused USB ports based on location
     - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
     - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
       suspend/resume
     - mei: me: add arrow lake point S DID
     - mei: me: add arrow lake point H DID
     - vt: fix unicode buffer corruption when deleting characters
     - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
     - ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
     - tee: optee: Fix kernel panic caused by incorrect error handling
     - mm, vmscan: prevent infinite loop for costly GFP_NOIO |
       __GFP_RETRY_MAYFAIL allocations
     - iio: accel: adxl367: fix DEVID read after reset
     - iio: accel: adxl367: fix I2C FIFO data register
     - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
     - drm/amd/display: handle range offsets in VRR ranges
     - [x86] efistub: Call mixed mode boot services on the firmware's stack
     - net: tls: handle backlogging of crypto requests (CVE-2024-26584)
     - [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
     - iommu: Avoid races around default domain allocations
     - clocksource/drivers/arm_global_timer: Fix maximum prescaler value
     - entry: Respect changes to system call number by trace_sys_enter()
     - minmax: add umin(a, b) and umax(a, b)
     - swiotlb: Fix alignment checks when both allocation and DMA masks are
       present
     - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
     - printk: Update @console_may_schedule in console_trylock_spinning()
     - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
     - irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
     - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
       on register's index
     - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
     - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
     - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
       type
     - [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
       address
     - [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
     - pwm: img: fix pwm clock lookup
     - tty: serial: imx: Fix broken RS485
     - block: Fix page refcounts for unaligned buffers in __bio_release_pages()
     - blk-mq: release scheduler resource when request completes
     - vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
     - vfio: Introduce interface to flush virqfd inject workqueue
     - vfio/pci: Create persistent INTx handler (CVE-2024-26812)
     - vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
     - vfio/fsl-mc: Block calling interrupt handler without trigger
       (CVE-2024-26814)
     - [x86] coco: Export cc_vendor
     - [x86] coco: Get rid of accessor functions
     - [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
     - [x86] sev: Fix position dependent variable references in startup code
     - mm/migrate: set swap entry values of THP tail pages properly.
     - init: open /initrd.image with O_LARGEFILE
     - [x86] efistub: Add missing boot_params for mixed mode compat entry
     - btrfs: zoned: don't skip block groups with 100% zone unusable
     - btrfs: zoned: use zone aware sb location for scrub
     - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
     - wifi: iwlwifi: fw: don't always use FW dump trig
     - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
     - hexagon: vmlinux.lds.S: handle attributes section
     - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
       HS200 mode
     - mmc: core: Initialize mmc_blk_ioc_data
     - mmc: core: Avoid negative index with array access
     - block: Do not force full zone append completion in req_bio_endio()
     - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
     - nouveau/dmem: handle kcalloc() allocation failure
     - net: ll_temac: platform_get_resource replaced by wrong function
     - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
     - [x86] drm/i915/bios: Tolerate devdata==NULL in
       intel_bios_encoder_supports_dp_dual_mode()
     - [x86] drm/i915/gt: Reset queue_priority_hint on parking
     - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
     - Revert "usb: phy: generic: Get the vbus supply"
     - usb: cdc-wdm: close race between read and workqueue
     - USB: UAS: return ENODEV when submit urbs fail with device not attached
     - usb: dwc3-am62: Rename private data
     - usb: dwc3-am62: fix module unload/reload behavior
     - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
       (CVE-2024-26654)
     - scsi: core: Fix unremoved procfs host directory regression
     - staging: vc04_services: changen strncpy() to strscpy_pad()
     - staging: vc04_services: fix information leak in create_component()
     - USB: core: Add hub_get() and hub_put() routines
     - USB: core: Fix deadlock in port "disable" sysfs attribute
     - scsi: sd: Fix TCG OPAL unlock on system resume
     - usb: dwc2: host: Fix remote wakeup from hibernation
     - usb: dwc2: host: Fix hibernation flow
     - usb: dwc2: host: Fix ISOC flow in DDMA mode
     - usb: dwc2: gadget: Fix exiting from clock gating
     - usb: dwc2: gadget: LPM flow fix
     - usb: udc: remove warning when queue disabled ep
     - usb: typec: Return size of buffer if pd_set operation succeeds
     - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
     - usb: typec: ucsi: Ack unsupported commands
     - usb: typec: ucsi_acpi: Refactor and fix DELL quirk
     - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
     - scsi: qla2xxx: Prevent command send on chip reset
     - scsi: qla2xxx: Fix N2N stuck connection
     - scsi: qla2xxx: Split FCE|EFT trace control
     - scsi: qla2xxx: Update manufacturer detail
     - scsi: qla2xxx: NVME|FCP prefer flag not being honored
     - scsi: qla2xxx: Fix command flush on cable pull
     - scsi: qla2xxx: Fix double free of fcport
     - scsi: qla2xxx: Change debug message during driver unload
     - scsi: qla2xxx: Delay I/O Abort on PCI error
     - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
     - tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
     - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
     - scsi: lpfc: Correct size for wqe for memset()
     - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
     - scsi: libsas: Fix disk not being scanned in after being removed
     - [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
     - USB: core: Fix deadlock in usb_deauthorize_interface()
     - tools/resolve_btfids: fix build with musl libc
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
     - scripts/bpf_doc: Use silent mode when exec make cmd
     - dma-buf: Fix NULL pointer dereference in sanitycheck()
     - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
     - mlxbf_gige: stop PHY during open() error paths
     - wifi: iwlwifi: mvm: rfi: fix potential response leaks
     - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
     - [s390x] qeth: handle deferred cc1
     - tcp: properly terminate timers for kernel sockets
     - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
     - [arm64] net: hns3: fix index limit to support all queue stats
     - [arm64] net: hns3: fix kernel crash when devlink reload during pf
       initialization
     - [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
     - tls: recv: process_rx_list shouldn't use an offset with kvec
     - tls: adjust recv return with async crypto and failed copy to userspace
     - tls: get psock ref after taking rxlock to avoid leak
     - mlxbf_gige: call request_irq() after NAPI initialized
     - bpf: Protect against int overflow for stack access size
     - cifs: Fix duplicate fscache cookie warnings
     - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
     - inet: inet_defrag: prevent sk release while still in use
     - dm integrity: fix out-of-range warning
     - [x86] cpufeatures: Add new word for scattered features
     - [x86] perf/x86/amd/lbr: Use freeze based on availability
     - [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
     - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
     - [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
       word
     - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
     - [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
     - Bluetooth: qca: fix device-address endianness
     - Bluetooth: add quirk for broken address properties
     - Bluetooth: hci_event: set the conn encrypted before conn establishes
     - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
       CVE-2024-24858)
     - xen-netfront: Add missing skb_mark_for_recycle
     - net/rds: fix possible cp null dereference
     - net: usb: ax88179_178a: avoid the interface always configured as random
       address
     - vsock/virtio: fix packet delivery to tap device
     - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
       mapped."
     - netfilter: nf_tables: reject new basechain after table flag update
     - netfilter: nf_tables: flush pending destroy work before exit_net release
     - netfilter: nf_tables: Fix potential data-race in
       __nft_flowtable_type_get()
     - netfilter: validate user input for expected length
     - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
     - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
     - net/sched: act_skbmod: prevent kernel-infoleak
     - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
     - net: stmmac: fix rx queue priority assignment
     - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
     - net: phy: micrel: Fix potential null pointer dereference
     - gro: fix ownership transfer
     - [x86] bugs: Fix the SRSO mitigation on Zen3/4
     - [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
       for !SRSO
     - i40e: Fix VF MAC filter removal
     - erspan: make sure erspan_base_hdr is present in skb->head
     - ipv6: Fix infinite recursion in fib6_dump_done().
     - mlxbf_gige: stop interface during shutdown
     - r8169: skip DASH fw status checks when DASH is disabled
     - udp: do not accept non-tunnel GSO skbs landing in a tunnel
     - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
     - udp: prevent local UDP tunnel packets from being GROed
     - i40e: fix i40e_count_filters() to count only active/new filters
     - i40e: fix vf may be used uninitialized in this function warning
     - drm/amd: Evict resources during PM ops prepare() callback
     - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
     - drm/amd: Flush GFXOFF requests in prepare stage
     - i40e: Store the irq number in i40e_q_vector
     - i40e: Remove _t suffix from enum type names
     - i40e: Enforce software interrupt during busy-poll exit
     - r8169: use spinlock to protect mac ocp register access
     - r8169: use spinlock to protect access to registers Config2 and Config5
     - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
     - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
       non-wildcard addresses.
     - drivers: net: convert to boolean for the mac_managed_pm flag
     - net: fec: Set mac_managed_pm during probe
     - [x86] KVM: SVM: enhance info printk's in SEV init
     - [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
     - [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
     - [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
     - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
     - 9p: Fix read/write debug statements to report server reply
     - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
     - drm/panfrost: fix power transition timeout warnings
     - ASoC: rt5682-sdw: fix locking sequence
     - [x86] ASoC: rt711-sdca: fix locking sequence
     - ASoC: rt711-sdw: fix locking sequence
     - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
     - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
     - scsi: mylex: Fix sysfs buffer lengths
     - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
     - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
     - ata: sata_mv: Fix PCI device ID table declaration compilation warning
     - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
     - [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
     - ksmbd: don't send oplock break if rename fails
     - ksmbd: validate payload size in ipc response (CVE-2024-26811)
     - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
     - ALSA: hda/realtek - Fix inactive headset mic jack
     - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
       microphone
     - driver core: Introduce device_link_wait_removal()
     - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
     - [x86] mm/pat: fix VM_PAT handling in COW mappings
     - [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
     - [x86] coco: Require seeding RNG with RDRAND on CoCo systems
     - [s390x] entry: align system call table on 8 bytes
     - smb3: retrying on failed server close
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - smb: client: fix potential UAF in cifs_stats_proc_write()
     - smb: client: fix potential UAF in cifs_stats_proc_show()
     - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_valid_lease_break()
     - smb: client: fix potential UAF in is_valid_oplock_break()
     - smb: client: fix potential UAF in smb2_is_network_name_deleted()
     - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
     - mptcp: don't account accept() of non-MPC client as fallback to TCP
     - mm/secretmem: fix GUP-fast succeeding on secretmem folios
     - nvme: fix miss command type check
     - [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - [x86] syscall: Don't force use of indirect calls for system calls
     - [x86] Mitigate Native Branch History Injection vulnerability
       (CVE-2024-2201):
       + [x86] bhi: Add support for clearing branch history at syscall entry
       + [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
       + [x86] bhi: Enumerate Branch History Injection (BHI) bug
       + [x86] bhi: Add BHI mitigation knob
       + [x86] bhi: Mitigate KVM by default
       + [x86] KVM: x86: Add BHI_NO
       + [x86] set SPECTRE_BHI_ON as default
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 20
   * Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
     changes in 6.1.84)
   * [rt] Refresh "serial: 8250: implement write_atomic"
   * Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
   * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
     (Closes: #1068770)
   * Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
     properties" (Closes: #1068675)
   * Revert "scsi: core: Add struct for args to execution functions"
   * scsi: sd: usb_storage: uas: Access media prior to querying device properties
linux-signed-i386 (6.1.82+1) bookworm; urgency=medium
 .
   * Sign kernel from linux 6.1.82-1
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
     - [arm64] irq: set the correct node for VMAP stack
     - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - [powerpc*] Fix build error due to is_valid_bugaddr()
     - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
     - [x86] boot: Ignore NMIs during very early boot
     - [powerpc*] pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - [powerpc*] lib: Validate size for vector operations
     - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
       kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - UBSAN: array-index-out-of-bounds in dtSplitRoot
     - jfs: fix slab-out-of-bounds Read in dtSearch
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - jfs: fix uaf in jfs_evict_inode
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - erofs: fix ztailpacking for subpage compressed blocks
     - [armhf] crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
     - [s390x] ptrace: handle setting of fpc register correctly
     - [s390x] KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
       (CVE-2023-52622)
     - wifi: rt2x00: restart beacon queue when hardware reset
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - [arm64] soc: xilinx: Fix for call trace due to the usage of
       smp_processor_id()
     - [arm64] soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
       early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
       (CVE-2023-52621)
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
       path
     - block: prevent an integer overflow in bvec_try_merge_hw_page
     - md: Whenassemble the array, consult the superblock of the freshest device
     - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
     - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
     - ice: fix pre-shifted bit usage
     - [arm64] dts: amlogic: fix format for s4 uart node
     - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
     - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
     - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
     - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
     - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
     - Bluetooth: hci_sync: fix BR/EDR wakeup bug
     - Bluetooth: L2CAP: Fix possible multiple reject send
     - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
     - i40e: Fix VF disable behavior to block all traffic
     - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
     - f2fs: fix to check return value of f2fs_reserve_new_block()
     - ALSA: hda: Refer to correct stream index at loops
     - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
     - fast_dput(): handle underflows gracefully
     - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
     - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
     - drm/amd/display: Fix tiled display misalignment
     - f2fs: fix write pointers on zoned device after roll forward
     - [x86] ASoC: amd: Add new dmi entries for acp5x platform
     - drm/drm_file: fix use of uninitialized variable
     - drm/framebuffer: Fix use of uninitialized variable
     - drm/mipi-dsi: Fix detach call without attach
     - media: stk1160: Fixed high volume of stk1160_dbg messages
     - [arm64,armhf]  media: rockchip: rga: fix swizzling for RGB formats
     - PCI: add INTEL_HDA_ARL to pci_ids.h
     - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
     - [arm64] media: rkisp1: Drop IRQF_SHARED
     - [arm64] media: rkisp1: Fix IRQ handler return values
     - [arm64] media: rkisp1: Store IRQ lines
     - [arm64] media: rkisp1: Fix IRQ disable race issue
     - hwmon: (nct6775) Fix fan speed set failure in automatic mode
     - f2fs: fix to tag gcing flag on page during block migration
     - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
       time
     - IB/ipoib: Fix mcast list locking
     - media: ddbridge: fix an error code problem in ddb_probe
     - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
     - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
     - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
     - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
     - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
     - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
     - drm/amdgpu: Fix ecc irq enable/disable unpaired
     - drm/amdgpu: Let KFD sync with VM fences
     - drm/amdgpu: Fix '*fw' from request_firmware() not released in
       'amdgpu_ucode_request()'
     - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
     - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
     - leds: trigger: panic: Don't register panic notifier if creating the
       trigger failed
     - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
     - PCI: Only override AMD USB controller if required
     - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
     - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
     - usb: hub: Replace hardcoded quirk value with BIT() macro
     - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
       hub
     - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
     - fs/kernfs/dir: obey S_ISGID
     - PCI: Fix 64GT/s effective data rate calculation
     - PCI/AER: Decode Requester ID when no error info found
     - 9p: Fix initialisation of netfs_inode for 9p
     - libsubcmd: Fix memory leak in uniq()
     - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
       region of size 10" warnings
     - blk-mq: fix IO hang from sbitmap wakeup race
     - ceph: reinitialize mds feature bit even when session in open
     - ceph: fix deadlock or deadcode of misusing dget()
     - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
     - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
       'get_platform_power_management_table()'
     - drm/amdgpu: Fix with right return code '-EIO' in
       'amdgpu_gmc_vram_checking()'
     - drm/amdgpu: Release 'adev->pm.fw' before return in
       'amdgpu_device_need_post()'
     - perf: Fix the nr_addr_filters fix
     - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
     - drm: using mul_u32_u32() requires linux/math64.h
     - scsi: isci: Fix an error code problem in isci_io_request_build()
     - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
       for shared interrupt register
     - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
       handler
     - HID: hidraw: fix a problem of memory leak in hidraw_release()
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
     - ipv4: raw: add drop reasons
     - ipmr: fix kernel panic when forwarding mcast packets
     - tcp: add sanity checks to rx zerocopy
     - ixgbe: Refactor returning internal error codes
     - ixgbe: Refactor overtemp event handling
     - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
     - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
     - llc: call sock_orphan() at release time
     - bridge: mcast: fix disabled snooping after long uptime
     - netfilter: conntrack: correct window scaling with retransmitted SYN
     - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
     - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
     - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
       expectations
     - net: ipv4: fix a memleak in ip_setup_cork
     - af_unix: fix lockdep positive in sk_diag_dump_icons()
     - net: sysfs: Fix /sys/class/net/<iface> path
     - [arm64] irq: set the correct node for shadow call stack
     - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
     - [arm64] drm/msm/dsi: Enable runtime PM
     - gve: Fix use-after-free vulnerability
     - bonding: remove print in bond_verify_device_path
     - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
     - ext4: regenerate buddy after block freeing failed if under fc replay
     - [arm64] dmaengine: ti: k3-udma: Report short packet errors
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
       DMA
     - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
       command DMA
     - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
     - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
     - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
     - cifs: failure to add channel on iface should bump up weight
     - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
       unknown case
     - [arm64] drm/msm/dp: return correct Colorimetry for
       DP_TEST_DYNAMIC_RANGE_CEA case
     - [arm64] drm/msm/dpu: check for valid hw_pp in
       dpu_encoder_helper_phys_cleanup
     - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
     - wifi: mac80211: fix waiting for beacons logic
     - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
     - net: atlantic: Fix DMA mapping for PTP hwts ring
     - tunnels: fix out of bounds access when building IPv6 PMTU error
     - atm: idt77252: fix a memleak in open_card_ubr0
     - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
     - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
     - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
     - inet: read sk->sk_family once in inet_recv_error()
     - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
     - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
     - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
     - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
     - ppp_async: limit MRU to 64K
     - selftests: cmsg_ipv6: repeat the exact packet
     - netfilter: nft_compat: narrow down revision to unsigned 8-bits
     - netfilter: nft_compat: reject unused compat flag
     - netfilter: nft_compat: restrict match/target protocol to u16
     - drm/amd/display: Implement bounds check for stream encoder creation in
       DCN301
     - netfilter: nft_ct: reject direction for ct id
     - netfilter: nft_set_pipapo: store index in scratch maps
     - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
     - netfilter: nft_set_pipapo: remove scratch_aligned pointer
     - fs/ntfs3: Fix an NULL dereference bug
     - scsi: core: Move scsi_host_busy() out of host lock if it is for
       per-command
     - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
     - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
     - mtd: parsers: ofpart: add workaround for #size-cells 0
     - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
     - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
     - ALSA: usb-audio: add quirk for RODE NT-USB+
     - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
     - USB: serial: option: add Fibocom FM101-GL variant
     - USB: serial: cp210x: add ID for IMST iM871A-USB
     - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - [arm64,armhf] usb: host: xhci-plat: Add support for
       XHCI_SG_TRB_CACHE_SIZE_QUIRK
     - hrtimer: Report offline hrtimer enqueue
     - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
     - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
       (Closes: #1061521)
     - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
     - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
       (CVE-2024-0340)
     - RDMA/irdma: Fix support for 64k pages
     - f2fs: add helper to check compression level (Closes: #1063422)
     - block: treat poll queue enter similarly to timeouts
     - clocksource: Skip watchdog check for large watchdog intervals
     - net: stmmac: xgmac: use #define for string constants
     - ALSA: usb-audio: Sort quirk table entries
     - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
     - netfilter: nft_set_rbtree: skip end interval element from gc
       (CVE-2024-26581)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
     - work around gcc bugs with 'asm goto' with outputs
     - update workarounds for gcc "asm goto" issue
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: do not ASSERT() if the newly created subvolume already got read
       (CVE-2024-23850)
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
       (CVE-2024-1151)
     - lan966x: Fix crash when adding interface under a lag
     - tls/sw: Use splice_eof() to flush
     - tls: extract context alloc/initialization out of tls_set_sw_offload
     - net: tls: factor out tls_*crypt_async_wait()
     - tls: fix race between async notify and socket close (CVE-2024-26583)
     - net: tls: fix use-after-free with partial reads and async decrypt
       (CVE-2024-26582)
     - net: tls: fix returned read length with async decrypt
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/<iface> path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
       Swift 1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct struct type in
       eiointc_domain_alloc()
     - i2c: pasemi: split driver into two separate modules
     - i2c: i801: Fix block process call transactions (CVE-2024-26593)
     - modpost: trim leading spaces when processing source files list
     - mptcp: get rid of msk->subflow
     - mptcp: fix data re-injection from stale subflow
     - mptcp: drop the push_pending field
     - mptcp: check addrs list in userspace_pm_get_local_id
     - media: Revert "media: rkisp1: Drop IRQF_SHARED"
     - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
     - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
     - drm/virtio: Set segment size for virtio_gpu device
     - lsm: fix the logic in security_inode_getsecctx()
     - firewire: core: correct documentation of fw_csr_string() kernel API
     - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
     - kbuild: Fix changing ELF file type for output of gen_btf for big endian
     - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
     - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
     - net: stmmac: do not clear TBS enable bit on link up/down
     - xen-netback: properly sync TX responses
     - modpost: propagate W=1 build option to modpost
     - modpost: Don't let "driver"s reference .exit.*
     - linux/init: remove __memexit* annotations
     - modpost: Include '.text.*' in TEXT_SECTIONS
     - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
     - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
     - ASoC: codecs: wcd938x: handle deferred probe
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
     - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
     - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
     - misc: fastrpc: Mark all sessions as invalid in cb_remove
     - ext4: fix double-free of blocks due to wrong extents moved_len
     - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
     - tracing: Fix wasted memory in saved_cmdlines logic
     - staging: iio: ad5933: fix type mismatch regression
     - iio: magnetometer: rm3100: add boundary check for the value read from
       RM3100_REG_TMRC
     - iio: core: fix memleak in iio_device_register_sysfs
     - iio: commom: st_sensors: ensure proper DMA alignment
     - iio: accel: bma400: Fix a compilation problem
     - iio: adc: ad_sigma_delta: ensure proper DMA alignment
     - iio: imu: adis: ensure proper DMA alignment
     - iio: imu: bno055: serdev requires REGMAP
     - media: rc: bpf attach/detach requires write permission
     - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
     - xfrm: Remove inner/outer modes from output path
     - xfrm: Remove inner/outer modes from input path
     - [arm64] drm/msm: Wire up tlb ops
     - drm/prime: Support page array >= 4GB
     - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
     - drm/amd/display: Preserve original aspect ratio in create stream
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - ring-buffer: Clean ring_buffer_poll_wait() error return
     - nfp: flower: fix hardware offload for the transfer layer port
     - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
     - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
     - [powerpc*] pseries: fix accuracy of stolen time
     - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
       (CVE-2024-26603)
     - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
     - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
     - io_uring/net: fix multishot accept overflow handling
     - mmc: slot-gpio: Allow non-sleeping GPIO ro
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
     - ALSA: hda/conexant: Add quirk for SWS JS201D
     - nilfs2: fix data corruption in dsync block recovery for small block sizes
     - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
     - crypto: ccp - Fix null pointer dereference in
       __sev_platform_shutdown_locked
     - nfp: use correct macro for LengthSelect in BAR config
     - nfp: flower: prevent re-adding mac index for bonded port
     - wifi: cfg80211: fix wiphy delayed work queueing
     - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
     - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
     - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
     - zonefs: Improve error handling
     - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
       detected by BIOS (Closes: #1056056)
     - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
     - fs: relax mount_setattr() permission checks
     - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
     - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
     - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
     - ceph: prevent use-after-free in encode_cap_msg()
     - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
       (CVE-2024-0841)
     - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
     - of: property: fix typo in io-channels
     - can: netlink: Fix TDCO calculation using the old data bittiming
     - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
     - can: j1939: Fix UAF in j1939_sk_match_filter during
       setsockopt(SO_J1939_FILTER)
     - pmdomain: core: Move the unused cleanup to a _sync initcall
     - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - tracing: Inform kmemleak of saved_cmdlines allocation
     - xfrm: Use xfrm_state selector for BEET input
     - xfrm: Silence warnings triggerable by bad packets
     - tls: fix NULL deref on tls_sw_splice_eof() with empty record
     - md: bypass block throttle for superblock update
     - wifi: mwifiex: Support SD8978 chipset
     - wifi: mwifiex: add extra delay for firmware ready
     - bus: moxtet: Add spi device table
     - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
     - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
     - [arm64] dts: qcom: sdm845: fix USB SS wakeup
     - [arm64] dts: qcom: sm8150: fix USB SS wakeup
     - wifi: mwifiex: fix uninitialized firmware_stat
     - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
     - block: fix partial zone append completion handling in req_bio_endio()
     - netfilter: ipset: fix performance regression in swap operation
     - netfilter: ipset: Missing gc cancellations fixed
     - nfsd: fix RELEASE_LOCKOWNER
     - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
     - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
     - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
     - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
     - smb: client: fix parsing of SMB3.1.1 POSIX create context
     - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
     - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
     - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
     - bpf: Remove trace_printk_lock
     - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
     - dmaengine: ioat: Free up __cleanup() name
     - apparmor: Free up __cleanup() name
     - locking: Introduce __cleanup() based infrastructure
     - kbuild: Drop -Wdeclaration-after-statement
     - sched/membarrier: reduce the ability to hammer on sys_membarrier
       (CVE-2024-26602)
     - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
     - nilfs2: fix potential bug in end_buffer_async_write
     - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
     - dm: limit the number of targets and parameter size area (CVE-2024-23851,
       CVE-2023-52429)
     - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
     - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
     - net/sched: Retire CBQ qdisc
     - net/sched: Retire ATM qdisc
     - net/sched: Retire dsmark qdisc
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - scsi: target: core: Add TMF to tmr_list handling
     - cifs: open_cached_dir should not rely on primary channel
     - wifi: cfg80211: fix missing interfaces when dumping
     - wifi: mac80211: fix race condition on enabling fast-xmit
     - fbdev: savage: Error out if pixclock equals zero
     - fbdev: sis: Error out if pixclock equals zero
     - block: Fix WARNING in _copy_from_iter
     - smb: Work around Clang __bdos() type confusion
     - cifs: translate network errors on send to -ECONNABORTED
     - ahci: asm1166: correct count of reported ports
     - aoe: avoid potential deadlock at set_capacity
     - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
     - [mips*] reserve exception vector space ONLY ONCE
     - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
       tablet
     - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
       bitmap corrupt
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_try_best_found()
     - ext4: avoid allocating blocks from corrupted group in
       ext4_mb_find_by_goal()
     - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
       == 0
     - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
       edma_probe
     - [arm64] regulator: pwm-regulator: Add validity checks in continuous
       .get_voltage
     - nvmet-tcp: fix nvme tcp ida memory leak
     - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
     - ALSA: usb-audio: Check presence of valid altsetting control
     - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
     - Input: xpad - add Lenovo Legion Go controllers
     - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
       sctp_new
     - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
     - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
     - ALSA: usb-audio: Ignore clock selector errors for single connection
     - nvme-fc: do not wait in vain when unloading module
     - nvmet-fcloop: swap the list_add_tail arguments
     - nvmet-fc: release reference on target port
     - nvmet-fc: defer cleanup using RCU properly
     - nvmet-fc: hold reference on hostport match
     - nvmet-fc: abort command when there is no binding
     - nvmet-fc: avoid deadlock on delete association path
     - nvmet-fc: take ref count on tgtport before delete assoc
     - smb: client: increase number of PDUs allowed in a compound request
     - ext4: correct the hole length returned by ext4_map_blocks()
     - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
     - wifi: mac80211: set station RX-NSS on reconfig
     - wifi: mac80211: adding missing drv_mgd_complete_tx() call
     - efi: runtime: Fix potential overflow of soft-reserved region size
     - efi: Don't add memblocks for soft-reserved memory
     - [x86] hwmon: (coretemp) Enlarge per package core count limit
     - scsi: lpfc: Use unsigned type for num_sge
     - scsi: ufs: core: Remove the ufshcd_release() in
       ufshcd_err_handling_prepare()
     - firewire: core: send bus reset promptly on gap count error
     - drm/amdgpu: skip to program GFXDEC registers for suspend abort
     - drm/amdgpu: reset gpu for s3 suspend abort case
     - smb: client: set correct d_type for reparse points under DFS mounts
     - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
     - smb3: clarify mount warning
     - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
     - drm/ttm: Fix an invalid freeing on already freed page in error path
     - [s390x] cio: fix invalid -EBUSY on ccw_device_start
     - ata: libata-core: Do not try to set sleeping devices to standby
     - dm-crypt: recheck the integrity tag after a failure
     - dm-integrity: recheck the integrity tag after a failure
     - dm-crypt: don't modify the data when using authenticated encryption
     - dm-verity: recheck the hash after a failure
     - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
       window
     - scsi: target: pscsi: Fix bio_put() for error case
     - scsi: core: Consult supported VPD page list prior to fetching page
     - mm/swap: fix race when skipping swapcache
     - mm: memcontrol: clarify swapaccount=0 deprecation warning
     - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
     - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
       ACPI names
     - cachefiles: fix memory leak in cachefiles_add_cache()
     - md: Fix missing release of 'active_io' for flush
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
     - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
       its_sync_lpi_pending_table()
     - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
     - crypto: virtio/akcipher - Fix stack overflow on memcpy
     - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
     - irqchip/sifive-plic: Enable interrupt if needed before EOI
     - PCI/MSI: Prevent MSI hardware interrupt number truncation
     - l2tp: pass correct message length to ip6_append_data
     - [x86] returnthunk: Allow different return thunks
     - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
     - [x86] alternative: Make custom return thunk unconditional
     - dm-integrity, dm-verity: reduce stack usage for recheck
     - erofs: fix refcount on the metabuf used for inode lookup
     - serial: amba-pl011: Fix DMA transmission in RS485 mode
     - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
     - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
     - usb: roles: fix NULL pointer issue when put module's reference
     - usb: roles: don't get/set_role() when usb_role_switch is unregistered
     - mptcp: make userspace_pm_append_new_local_addr static
     - mptcp: add needs_id for userspace appending addr
     - mptcp: fix lockless access in subflow ULP diag
     - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
     - [amd64] IB/hfi1: Fix a memleak in init_credit_return
     - RDMA/bnxt_re: Return error for SRQ resize
     - RDMA/irdma: Fix KASAN issue with tasklet
     - RDMA/irdma: Validate max_send_wr and max_recv_wr
     - RDMA/irdma: Set the CQ read threshold for GEN 1
     - RDMA/irdma: Add AE for too many RNRS
     - RDMA/srpt: Support specifying the srpt_service_guid parameter
     - iommufd/iova_bitmap: Bounds check mapped::pages access
     - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
     - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
     - RDMA/qedr: Fix qedr_create_user_qp error flow
     - [arm64] dts: rockchip: set num-cs property for spi on px30
     - RDMA/srpt: fix function pointer cast warnings
     - bpf, scripts: Correct GPL license name
     - scsi: smartpqi: Fix disable_managed_interrupts
     - net: bridge: switchdev: Skip MDB replays of deferred events on offload
     - net: bridge: switchdev: Ensure deferred event delivery on unoffload
     - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
       check_estalblished().
     - nouveau: fix function cast warnings
     - [x86] numa: Fix the address overlap check in numa_fill_memblks()
     - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
     - net: stmmac: Fix incorrect dereference in interrupt handlers
     - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
     - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
     - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
     - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
     - afs: Increase buffer size in afs_update_volume_status()
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
     - net: dev: Convert sa_data to flexible array in struct sockaddr
     - [arm64] sme: Restore SME registers on exit from suspend
     - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
       converted
     - [s390x] use the correct count for __iowrite64_copy()
     - bpf, sockmap: Fix NULL pointer dereference in
       sk_psock_verdict_data_ready()
     - tls: break out of main loop when PEEK gets a non-data record
     - tls: stop recv() if initial process_rx_list gave us non-DATA
     - tls: don't skip over different type records from the rx_list
     - netfilter: nf_tables: set dormant flag on hook register failure
     - netfilter: flowtable: simplify route logic
     - netfilter: nft_flow_offload: reset dst in route object after setting up
       flow
     - netfilter: nft_flow_offload: release dst in case direct xmit path is used
     - netfilter: nf_tables: rename function to destroy hook list
     - netfilter: nf_tables: register hooks last when adding new chain/flowtable
     - netfilter: nf_tables: use kzalloc for hook allocation
     - net: mctp: put sock on tag allocation failure
     - Fix write to cloned skb in ipv6_hop_ioam()
     - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
     - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
       set
     - drm/amd/display: Fix memory leak in dm_sw_fini()
     - [arm64,armhf] i2c: imx: when being a target, mark the last read as
       processed
     - erofs: simplify compression configuration parser
     - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
     - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
     - mm: zswap: fix missing folio cleanup in writeback race path
     - mptcp: userspace pm send RM_ADDR for ID 0
     - mptcp: add needs_id for netlink appending addr
     - ata: ahci: add identifiers for ASM2116 series adapters
     - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
     - arp: Prevent overflow in arp_req_get().
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
     - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
     - [arm64] drm/meson: fix unbind path if HDMI fails to bind
     - [arm64] drm/meson: Don't remove bridges which are created by other drivers
     - scsi: core: Add struct for args to execution functions
     - scsi: sd: usb_storage: uas: Access media prior to querying device
       properties
     - af_unix: Fix task hung while purging oob_skb in GC.
     - of: overlay: Reorder struct fragment fields kerneldoc
     - usb: gadget: Properly configure the device for remote wakeup
     - Input: xpad - add constants for GIP interface numbers
     - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
     - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
     - RDMA/core: Fix multiple -Warray-bounds warnings
     - mm: huge_memory: don't force huge page alignment on 32 bit
       (CVE-2024-26621) (Closes: #1024149)
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
     - netlink: add nla be16/32 types to minlen array
     - net: ip_tunnel: prevent perpetual headroom growth
     - net: mctp: take ownership of skb in mctp_local_output
     - tun: Fix xdp_rxq_info's queue_index when detaching
     - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
       back
     - net: veth: clear GRO when clearing XDP even when down
     - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
     - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
       detected
     - veth: try harder when allocating queue memory
     - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
     - net: lan78xx: fix "softirq work is pending" error
     - uapi: in6: replace temporary label with rfc9486
     - stmmac: Clear variable when destroying workqueue
     - Bluetooth: hci_sync: Check the correct flag before starting a scan
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
     - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
     - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
     - Bluetooth: Enforce validation on max value of connection interval
     - Bluetooth: qca: Fix wrong event type for patch config command
     - Bluetooth: hci_qca: mark OF related data as maybe unused
     - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
     - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
     - Bluetooth: btqca: Add WCN3988 support
     - Bluetooth: qca: use switch case for soc type behavior
     - Bluetooth: qca: add support for WCN7850
     - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
     - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
     - netfilter: let reset rules clean out conntrack entries
     - netfilter: bridge: confirm multicast packets before passing them up the
       stack
     - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
     - igb: extend PTP timestamp adjustments to i211
     - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
     - tls: decrement decrypt_pending if no async completion will be called
     - tls: fix peeking with sync+async decryption
     - efi/capsule-loader: fix incorrect allocation size
     - ALSA: Drop leftover snd-rtctimer stuff from Makefile
     - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
       display
     - fbcon: always restore the old font data in fbcon_do_set_font()
     - afs: Fix endless loop in directory parsing
     - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
     - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
     - ALSA: firewire-lib: fix to check cycle continuity
     - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
     - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
     - landlock: Fix asymmetric private inodes referring
     - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
     - wifi: nl80211: reject iftype change with mesh ID change
     - btrfs: fix double free of anonymous device after snapshot creation failure
     - btrfs: dev-replace: properly validate device names
     - btrfs: send: don't issue unnecessary zero writes for trailing hole
     - Revert "drm/amd/pm: resolve reboot exception for si oland"
     - drm/buddy: fix range bias
     - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
     - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
     - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
     - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
     - mmc: core: Fix eMMC initialization with 1-bit bus connection
     - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
     - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
     - efivarfs: Request at most 512 bytes for variable names
     - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
     - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
     - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
     - mptcp: fix data races on local_id
     - mptcp: fix data races on remote_id
     - mptcp: fix duplicate subflow creation
     - mptcp: continue marking the first subflow as UNCONNECTED
     - mptcp: map v4 address to v6 when destroying subflow
     - mptcp: push at DSS boundaries
     - mptcp: fix snd_wnd initialization for passive socket
     - mptcp: fix double-free on socket dismantle
     - mptcp: fix possible deadlock in subflow diag
     - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
     - RDMA/core: Update CMA destination address on rdma_resolve_addr
     - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
     - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
     - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
     - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
     - [x86] boot/compressed: Move efi32_pe_entry into .text section
     - [x86] boot/compressed: Move efi32_entry out of head_64.S
     - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
     - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
       into one
     - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
     - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
     - [x86] boot/compressed: Pull global variable reference into
       startup32_load_idt()
     - [x86] boot/compressed: Move startup32_load_idt() into .text section
     - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
     - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
     - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
     - [x86] boot/compressed: Adhere to calling convention in
       get_sev_encryption_bit()
     - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
     - efi: verify that variable services are supported
     - [x86] efi: Make the deprecated EFI handover protocol optional
     - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
     - [x86] efistub: Branch straight to kernel entry point from C code
     - [x86] decompressor: Store boot_params pointer in callee save register
     - [x86] decompressor: Assign paging related global variables earlier
     - [x86] decompressor: Call trampoline as a normal function
     - [x86] decompressor: Use standard calling convention for trampoline
     - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
     - [x86] decompressor: Call trampoline directly from C code
     - [x86] decompressor: Only call the trampoline when changing paging levels
     - [x86] decompressor: Pass pgtable address to trampoline directly
     - [x86] decompressor: Merge trampoline cleanup with switching code
     - [x86] decompressor: Move global symbol references to C code
     - decompress: Use 8 byte alignment
     - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
     - NFS: Fix data corruption caused by congestion.
     - NFSD: Simplify READ_PLUS
     - NFSD: Remove redundant assignment to variable host_err
     - nfsd: ignore requests to disable unsupported versions
     - nfsd: move nfserrno() to vfs.c
     - nfsd: allow disabling NFSv2 at compile time
     - exportfs: use pr_debug for unreachable debug statements
     - NFSD: Flesh out a documenting comment for filecache.c
     - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
     - NFSD: Trace stateids returned via DELEGRETURN
     - NFSD: Trace delegation revocations
     - NFSD: Use const pointers as parameters to fh_ helpers
     - NFSD: Update file_hashtbl() helpers
     - NFSD: Clean up nfsd4_init_file()
     - NFSD: Add a nfsd4_file_hash_remove() helper
     - NFSD: Clean up find_or_add_file()
     - NFSD: Refactor find_file()
     - NFSD: Use rhashtable for managing nfs4_file objects
     - NFSD: Fix licensing header in filecache.c
     - filelock: add a new locks_inode_context accessor function
     - lockd: use locks_inode_context helper
     - nfsd: use locks_inode_context helper
     - nfsd: fix up the filecache laundrette scheduling
     - NFSD: Use struct_size() helper in alloc_session()
     - lockd: set missing fl_flags field when retrieving args
     - lockd: ensure we use the correct file descriptor when unlocking
     - lockd: fix file selection in nlmsvc_cancel_blocked
     - trace: Relocate event helper files
     - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
     - NFSD: add support for sending CB_RECALL_ANY
     - NFSD: add delegation reaper to react to low memory condition
     - NFSD: add CB_RECALL_ANY tracepoints
     - NFSD: Use only RQ_DROPME to signal the need to drop a reply
     - NFSD: Avoid clashing function prototypes
     - NFSD: Use set_bit(RQ_DROPME)
     - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
       time
     - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
     - nfsd: don't destroy global nfs4_file table in per-net shutdown
     - [arm64] efi: Limit allocations to 48-bit addressable physical region
     - efi: efivars: prevent double registration
     - [x86] efistub: Simplify and clean up handover entry code
     - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
     - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
     - efi/libstub: Add memory attribute protocol definitions
     - efi/libstub: Add limit argument to efi_random_alloc()
     - [x86] efistub: Perform 4/5 level paging switch from the stub
     - [x86] decompressor: Factor out kernel decompression and relocation
     - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
     - [x86] efistub: Perform SNP feature test while running in the firmware
     - [x86] efistub: Avoid legacy decompressor when doing EFI boot
     - [x86] efi/x86: Avoid physical KASLR on older Dell systems
     - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
     - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
     - [x86] boot: efistub: Assign global boot_params variable
     - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
       boot_params->hdr.loadflags
     - af_unix: Drop oob_skb ref before purging queue in GC.
     - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
       dashes
     - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
       SR-IOV
     - gpio: 74x164: Enable output pins after registers are reset
     - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
     - gpio: fix resource unwinding order in error path
     - block: define bvec_iter as __packed __aligned(4)
     - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
     - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
     - [x86] bugs: Add asm helpers for executing VERW
     - [x86] entry_64: Add VERW just before userspace transition
     - [x86] entry_32: Add VERW just before userspace transition
     - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
     - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
     - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
     - bpf: Add table ID to bpf_fib_lookup BPF helper
     - bpf: Derive source IP addr via bpf_*_fib_lookup()
     - [x86] efistub: Give up if memory attribute protocol returns an error
     - xen/events: close evtchn after mapping cleanup
     https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
     - ceph: switch to corrected encoding of max_xattr_size in mdsmap
     - net: lan78xx: fix runtime PM count underflow on link stop
     - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
     - i40e: disable NAPI right after disabling irqs when handling xsk_pool
     - ice: reorder disabling IRQ and NAPI in ice_qp_dis
     - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
     - geneve: make sure to pull inner header in geneve_rx()
     - ice: virtchnl: stop pretending to support RSS over AQ or registers
     - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
     - igc: avoid returning frame twice in XDP_REDIRECT
     - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
     - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
     - net: dsa: microchip: fix register write order in ksz8_ind_write8()
     - net/rds: fix WARNING in rds_conn_connect_if_down
     - netfilter: nft_ct: fix l3num expectations with inet pseudo family
     - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
     - erofs: apply proper VMA alignment for memory mapped files on THP
     - netrom: Fix a data-race around sysctl_netrom_default_path_quality
     - netrom: Fix a data-race around
       sysctl_netrom_obsolescence_count_initialiser
     - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
     - netrom: Fix a data-race around sysctl_netrom_transport_timeout
     - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
     - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
     - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
     - netrom: Fix a data-race around
       sysctl_netrom_transport_requested_window_size
     - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
     - netrom: Fix a data-race around sysctl_netrom_routing_control
     - netrom: Fix a data-race around sysctl_netrom_link_fails_count
     - netrom: Fix data-races around sysctl_net_busy_read
     - [s390x] KVM: s390: add stat counter for shadow gmap events
     - [s390x] KVM: s390: vsie: fix race during shadow creation
     - drm/amd/display: Fix uninitialized variable usage in core_link_
       'read_dpcd() & write_dpcd()' functions
     - nfp: flower: add goto_chain_index for ct entry
     - nfp: flower: add hardware offload check for post ct entry
     - readahead: avoid multiple marked readahead pages
     - xhci: process isoc TD properly when there was a transaction error mid TD.
     - xhci: handle isoc Babble and Buffer Overrun events properly
     - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
     - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
       (CVE-2023-28746):
       + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
       + Documentation/hw-vuln: Add documentation for RFDS
       + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
       + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
     - drm/amd/display: Wrong colorimetry workaround
     - drm/amd/display: Fix MST Null Ptr for RV
     - getrusage: add the "signal_struct *sig" local variable
     - getrusage: move thread_group_cputime_adjusted() outside of
       lock_task_sighand()
     - getrusage: use __for_each_thread()
     - getrusage: use sig->stats_lock rather than lock_task_sighand()
     - fs/proc: do_task_stat: use __for_each_thread()
     - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
       stats
 .
   [ Salvatore Bonaccorso ]
   * Bump ABI to 19
   * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
   * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
   * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
   * [x86] efistub: Don't clear BSS twice in mixed mode
   * efi: fix panic in kdump kernel
   * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
     higher address
   * efi/libstub: Cast away type warning in use of max()
   * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     (CVE-2023-6270)
   * wifi: ath10k: fix NULL pointer dereference in
     ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
   * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     (CVE-2024-22099)
   * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
   * [rt] Update to 6.1.82-rt27

lua5.4 (5.4.4-3+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * debian/version-script: Export additional missing symbols for lua 5.4.4.
     (Closes: #1034800)

lxc-templates (3.0.4.48.g4765da8-1+deb12u1) bookworm; urgency=medium
 .
   * d/p/0004-Fix-debian-mirror-issues-in-lxc-debian.in.patch:
     Fixes two issues with the mirror argument in lxc-debian
     (Closes: #1073130, #1073131)

mailman3 (3.3.8-2~deb12u2) bookworm; urgency=medium
 .
   * bookworm-pu of two fixes
     - s/postgres/postgresql/ in config files
     - Add replacement dependency on cron to cron-daemon

mediawiki (1:1.39.7-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 1.39.7, fixing CVE-2023-51704, T355538 (XSS
     in edit summary parser, CVE pending) and T357760 (DoS in
     Special:MovePage, CVE pending).
mediawiki (1:1.39.6-1) unstable; urgency=medium
 .
   * New upstream version 1.39.6, fixing CVE-2023-51704.
mediawiki (1:1.39.5-1) unstable; urgency=medium
 .
   * New upstream version 1.39.5, fixing CVE-2023-3550,
     CVE-2023-45359, CVE-2023-45360, CVE-2023-45361, CVE-2023-45362,
     CVE-2023-45363, CVE-2023-45364.

mksh (59c-28+deb12u1) bookworm; urgency=low
 .
   * d/p/typeset-p-fix.diff, d/p/dot-args-fix.diff,
     d/p/crash-nest-bashism.diff: cherry-pick upstream bugfixes
   * d/p/metadata-update.diff: cherry-pick relevant documentation
     changes and adjust user-visible version to indicate the
     above fixes were applied
   * fix paths missing wildcards in lintian overrides, postinst, prerm
   * cherry-pick usrmerge /etc/shells change (Closes: #1063905)

mobian-keyring (20230202.0+deb12u1) bookworm; urgency=medium
 .
   [ Arnaud Ferraris ]
   * Update Mobian archive key (Closes: #1073853)

ms-gsl (4.0.0-2+deb12u1) bookworm; urgency=medium
 .
   * New Mark-gsl-not_null-constructors-as-noexcept.patch (Closes: #1051289)

nano (7.2-1+deb12u1) bookworm; urgency=medium
 .
   * The "Premio Nacional de Tauromaquia" release.
   * Fix a partial sync of debian/nanorc in the previous upload.
     This updates some example bindings to the new syntax, avoiding
     having control characters in the configuration file (closes: #1032422).
   * Add 4 post-7.2 upstream patches to fix two minor security issues and
     a potential data-loss situation. Thanks, Benno Schulenberg!
   * Set debian-branch to bookworm.

netcfg (1.187+deb12u1) bookworm; urgency=medium
 .
   * Handle routing for single-address netmasks (closes: #1064005).

ngircd (26.1-1+deb12u1) bookworm; urgency=high
 .
   * Cherry-pick "Respect "SSLConnect" option for incoming
     connections". Closes: #1067237
   * Cherry-pick "Support for server certificate validation on server
     links [S2S-TLS]"
   * Cherry-pick "METADATA: Fix unsetting "cloakhost""
ngircd (26.1-1+deb11u1) bullseye; urgency=high
 .
   * Cherry-pick "Respect "SSLConnect" option for incoming
     connections". Closes: #1067237
   * Cherry-pick "Support for server certificate validation on server
     links [S2S-TLS]"
   * Cherry-pick "METADATA: Fix unsetting "cloakhost""

node-babel7 (7.20.15+ds1+~cs214.269.168-3+deb12u2) bookworm; urgency=medium
 .
   * Team upload
   * Improve tsc-workaround patch, fixing compilation against
     nodejs 18.19.0+dfsg-6~deb12u1. Closes: #1068933.
 .
   [ Andreas Beckmann ]
   * Backport Breaks+Replaces fixes from 7.20.15+ds1+~cs214.269.168-4.
 .
   [ Yadd ]
   * Add missing Breaks+Replaces against all node-babel-* that were in Debian 10
     (Closes: #1037234)

node-undici (5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4) bookworm; urgency=medium
 .
   * Team upload.
   * Upload to bookworm.
 .
   [ Ryan Gonzalez ]
   * Import upstream patch that moves index.d.ts to types/ (closes #1063530)
   * Force @types/node to use local copy of undici-types
   * Fix build failures on lld 15+

node-v8-compile-cache (2.3.0-3+deb12u1) bookworm; urgency=medium
 .
   * Upload to bookworm-p-u
   * patch: NativeCompileCache-test for Node 18.13 and 18.19
     and fix test mock. Closes: #1068921

node-zx (7.1.1+~cs6.7.23-2+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * patch: fix flaky test (upstream). Closes: #1068918

nodejs (18.19.0+dfsg-6~deb12u2) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Skip failing tests on MIPS.
nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
 .
   * Upstream update.
   * CVE-2023-23918: Permissions policies can be bypassed via
     process.mainModule. Closes #1031834.
   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
     library. Closes: #1031834.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
     environment variable. Closes: #1031834.
   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
     private key. Closes: #1039990.
   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
     Closes: #1039990.
   * CVE-2023-30588: Process interuption due to invalid Public Key information
     in x509 certificates. Closes: #1039990.
   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
     Closes: #1050739.
   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
     Closes: #1039990.
   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
     Closes: #1050739.
   * CVE-2023-32006: Permissions policies can impersonate other modules in
     using module.constructor.createRequire(). Closes: #1050739.
   * CVE-2023-38552: Integrity checks according to policies can be
     circumvented. Closes: #1054892.
   * CVE-2023-39333: Code injection via WebAssembly export names.
     Closes: #1054892.
nodejs (18.19.0+dfsg-5) unstable; urgency=medium
 .
   * patch: disable openssl test that depends on error message format
nodejs (18.19.0+dfsg-4) unstable; urgency=medium
 .
   * patch:
     + remove a failed attempt for test dns-resolveany-bad-ancount
       skip it, it uselessly hangs.
     + disable some icu test to allow transition to 74
     + fix test-crypto-dh.js to pass with openssl 3.0.11, 3.1.4
     + riscv64: some tests have been fixed, but new ones fail
nodejs (18.19.0+dfsg-3) unstable; urgency=medium
 .
   * patch: drop fixed openssl test patch
   * patch: allow bad-ancount test to fail
nodejs (18.19.0+dfsg-2) unstable; urgency=medium
 .
   * patch: fix test_dns_resolveany_bad_ancount_timeout.patch
nodejs (18.19.0+dfsg-1) experimental; urgency=medium
 .
   [ Jérémy Lal ]
   * New upstream version 18.19.0+dfsg
     + tests pass with openssl 3.1, closes: #1055416
     + tests pass with libc-ares >= 1.23.0, closes: #1054690
   * Harmonize stack size patch for arm64. Closes: 1030284
   * Install dir usr/lib/<tripler>/nodejs. Fix #1035463
   * No longer force gcc 11 for sid
   * Fix Vcs fields to point to the right branch
   * builtins: set correct version in builtins headers
   * dfsg-exclude for non-preferred form for modification:
     + deps/ada
     + deps/minimatch
     + test/fixtures/postject-copy
   * component: ./ada
   * copyright:
     + add missing authors to histogram
     + drop unnecessary snapshot.blob exclusion
     + licenses for ada
     + deps/cares now using Expat
     + document some new files
   * patches:
     + test-process-versions must use system versions
     + drop the test using postject
     + build using ada component instead of deps/ada
     + minimatch is actually not needed for build
     + fix test-runner-output, forwarded
     + mark parallel/test-debugger-preserve-breaks as flaky,
       it is failing in sbuild for now
     + fix test-dns-resolveany-bad-ancount to work with c-ares,
       also to not hang the testsuite in sbuild
 .
   [ Yadd ]
   * Declare compliance with policy 4.6.2
nodejs (18.13.0+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Adapt testsuite failures in test-crypto-dh since OpenSSL 3.0.12/3.1.4
     (Closes: #1055416).
   * Adapt testsuite failures due TLSv < 1.1 available only at seclevel 0
     (Closes: #1052470).
   * CVE-2023-23919 (Node.js OpenSSL error handling issues in nodejs crypto
     library). (Closes: #1031834).
   * CVE-2023-23920 (Node.js insecure loading of ICU data through ICU_DATA
     environment variable) (Closes: #1031834).
   * CVE-2023-30590 (DiffieHellman do not generate keys after setting a private
     key) (Closes: #1039990).
   * CVE-2023-30589 (HTTP Request Smuggling via Empty headers separated by CR)
    (Closes: #1039990).
   * CVE-2023-30588 (Process interuption due to invalid Public Key information
     in x509 certificates) (Closes: #1039990).
   * CVE-2023-32559 (Permissions policies can be bypassed via process.binding)
     (Closes: #1050739).
   * CVE-2023-30581 (mainModule.proto bypass experimental policy mechanism)
     (Closes: #1039990).
   * CVE-2023-32002 (Permissions policies can be bypassed via Module._load)
     (Closes: #1050739).
   * CVE-2023-32006 (Permissions policies can impersonate other modules in
     using module.constructor.createRequire()) (Closes: #1050739).
   * CVE-2023-38552 (Integrity checks according to policies can be
     circumvented) (Closes: #1054892).
   * CVE-2023-39333 (Code injection via WebAssembly export names)
     (Closes: #1054892).

nsis (3.08-3+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick upstream commits to fix CVE-2023-37378 (Closes: #1040880)
   * Use common options for nsis-doc installation
   * Exclude Debian revison suffix from VER_REVISION
   * Backport upstream commit to disable stub relocations (Closes: #1050288)

nvidia-graphics-drivers (535.183.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause additional X screens to claim displays
       that should have been assigned to a prior X screen based on the given X
       configuration.
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
     - Fixed Xid error when playing Alan Wake 2 with ray tracing enabled.
     - Fixed a regression which prevented some Vulkan applications from
       receiving VK_DEVICE_LOST upon a VT switch, which could lead to the
       application hanging or behaving incorrectly.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.161.08-3) unstable; urgency=medium
 .
   * Add systemd drop-in configuration files setting
     - SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false and
     - SYSTEMD_HOME_LOCK_FREEZE_SESSION=false
     needed from systemd 256 onwards.  (Closes: #1072722)
   * libegl-nvidia0: Add manual dependency on libnvidia-egl-wayland1 as
     libnvidia-egl-wayland.so.1 seems to get dlopen()ed now. (Closes: #1072142)
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers (535.183.01-1~deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 nvidia-graphics-drivers (535.183.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause additional X screens to claim displays
       that should have been assigned to a prior X screen based on the given X
       configuration.
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
     - Fixed Xid error when playing Alan Wake 2 with ray tracing enabled.
     - Fixed a regression which prevented some Vulkan applications from
       receiving VK_DEVICE_LOST upon a VT switch, which could lead to the
       application hanging or behaving incorrectly.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.161.08-3) unstable; urgency=medium
 .
   * Add systemd drop-in configuration files setting
     - SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false and
     - SYSTEMD_HOME_LOCK_FREEZE_SESSION=false
     needed from systemd 256 onwards.  (Closes: #1072722)
   * libegl-nvidia0: Add manual dependency on libnvidia-egl-wayland1 as
     libnvidia-egl-wayland.so.1 seems to get dlopen()ed now. (Closes: #1072142)
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers (535.161.08-3) unstable; urgency=medium
 .
   * Add systemd drop-in configuration files setting
     - SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false and
     - SYSTEMD_HOME_LOCK_FREEZE_SESSION=false
     needed from systemd 256 onwards.  (Closes: #1072722)
   * libegl-nvidia0: Add manual dependency on libnvidia-egl-wayland1 as
     libnvidia-egl-wayland.so.1 seems to get dlopen()ed now. (Closes: #1072142)
   * Bump Standards-Version to 4.7.0. No changes needed.
nvidia-graphics-drivers (535.161.08-2) unstable; urgency=medium
 .
   * nvidia-driver-full: libnvidia-fbc1 and libnvidia-rtcore are not available
     on ppc64el.
   * Add autopkgtest testing the installation of the full driver suite.
nvidia-graphics-drivers (535.161.08-2~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.161.08-2) unstable; urgency=medium
 .
   * nvidia-driver-full: libnvidia-fbc1 and libnvidia-rtcore are not available
     on ppc64el.
   * Add autopkgtest testing the installation of the full driver suite.
 .
 nvidia-graphics-drivers (535.161.08-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.161.08 (2024-03-18).
     (Closes: #1061269, #1061597, #1059339)
   * Upload to unstable.
 .
 nvidia-graphics-drivers (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064983)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.154.05-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
     * Improved compatibility with recent Linux kernels.
   * New upstream long term support branch release 535.146.02 (2023-12-07).
     - Fixed a bug that could cause some multi-GPU systems to crash on suspend.
     - Fixed a bug that could cause the system to crash when an application
       is run with __NV_PRIME_RENDER_OFFLOAD=1.
     - Fixed a bug which prevented application profiles from getting applied
       to PRIME Render Offloaded applications running via Wine.
     - Disabled PRIME Display Offload Sink support for virtual displays on
       datacenter GPUs. This prevents unusable desktop layouts from getting
       automatically configured on systems with a mix of physical and virtual
       displays.
     - Fixed a bug that caused high CPU usage during system suspend, which could
       lead to the system not entering s2idle in some cases.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.129.03-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055136)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
     - Fixed a bug that could cause modes to fail validation when
       Option "ModeValidation" "NoExtendedGpuCapabilitiesCheck" is specified in
       xorg.conf.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (535.113.01-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 535.113.01 (2023-09-21).
     - Fixed a bug that intermittently caused the display to freeze when
       resuming from suspend on some Ada GPUs.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update package descriptions.  (Closes: #1013462)
   * Upload to unstable.
 .
 nvidia-graphics-drivers (535.104.12-2) experimental; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
 .
 nvidia-graphics-drivers (535.104.12-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 535.104.12 (2023-09-25).
   * New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
   * New upstream long term support branch release 535.98 (2023-08-08).
     - Fixed an issue which caused the following error message to appear
       spuriously when using SLI with the NVIDIA Open GPU Kernel Modules:
       (EE) NVIDIA: Unable to disable FB size compare
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Merge changes from 525.147.05-9.  (Closes: #1064194)
 .
 nvidia-graphics-drivers (535.86.10-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 535.86.10 (2023-07-31).
 .
   [ Andreas Beckmann ]
   * Update symbols files.
 .
 nvidia-graphics-drivers (535.86.05-1) experimental; urgency=medium
 .
   * New upstream long term support branch release 535.86.05 (2023-07-18).
     - Fixed a bug that caused excessive memory consumption when OpenGL and
       Vulkan applications were running while VT-switched away from X.
     - Fixed a bug that could cause the kernel to panic when video memory
       is full.
     - Fixed a bug that prevented displays from refreshing when using an
       NVIDIA PRIME Display Offload sink.
     - Fixed a bug that could cause some Variable Refresh Rate (VRR)
       monitors to flicker by allowing the refresh rate to drop below
       the monitor's minimum.
     - Fixed a bug that caused corruption when running Vulkan applications.
     - Fixed a regression that could cause a system hang when running windowed
       Vulkan applications with sync-to-vblank enabled.
     - Fixed a video memory leak observed when turning off a connected
       monitor while using certain Wayland compositors.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Merge changes from 525.147.05-7.
   * Add nvidia-driver-full metapackage depending on all driver components and
     libraries.  (Closes: #1063881)
 .
 nvidia-graphics-drivers (535.54.03-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.54.03 (2023-06-14).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     - Fixed a bug that caused modesets to fail in some Wayland configurations.
     - Fixed a bug that caused head-mounted displays (HMDs) to display black
       after a modeset.
     - Fixed a bug that could cause image corruption when unbinding Vulkan
       sparse textures.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update symbols files.
   * Merge changes from 525.147.05-6.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
 .
 nvidia-graphics-drivers (535.43.02-1) experimental; urgency=medium
 .
   * New upstream beta 535.43.02 (2023-05-30).  (Closes: #1053562)
     - Added support for the VK_EXT_memory_priority, and
       VK_EXT_pageable_device_memory extensions for Turing+ GPUs.
     - Improved the performance of Minecraft Java Edition on RTX 3000
       series GPUs.
     - Fixed a memory leak in the NVIDIA GLX driver, as reported at:
       https://forums.developer.nvidia.com/t/222697
     - Added support for driving very high pixel clock mode timings such as 8K @
       60Hz.  Please see the "MaxOneHardwareHead" X11 ModeValidation token in the
       README for details.  (Closes: #1050809)
     - Extended Dynamic Boost support on notebooks to include older Renoir
       and Cezanne chipsets, in addition to Rembrandt and newer AMD chipsets.
     - Fixed a bug that caused Vulkan X11 swapchain creation to fail on GPUs
       without a display engine when the VK_KHR_present_id extension is used.
     - Fixed console restore on legacy VGA consoles when using the NVIDIA
       Open GPU Kernel Modules.
     - Added nvoptix.bin to the driver package.  This data file is used by the
       OptiX ray tracing engine library, libnvoptix.so.1.
     - Removed libnvidia-compiler.so.VERSION from the driver package.  This
       functionality is now provided by other driver libraries.
     - Updated NV_CTRL_GPU_POWER_SOURCE NV-CONTROL API to report undersized
       power source.
     - Add support for version 4 of the linux-dmabuf wayland protocol.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Update d/copyright with new NVIDIA Driver License Agreement.
   * Backport nv_drm_gem_res_obj changes from 535.54.03 to fix kernel module
     build for Linux <= 3.16.
   * Refresh patches.
   * Drop the libnvidia-compiler package.
   * libnvidia-pkcs11-openssl3: New package for the NVIDIA PKCS #11 library
     with OpenSSL 3 backend.
   * libnvoptix1: Ship nvoptix.bin.
   * Update symbols files.
   * libcuda1: Add Provides: libcuda-12.2-1.
   * Restrict watch file to releases from the 535.xx long term support branch.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (530.41.03-4) unstable; urgency=medium
 .
   * Merge changes from 525.147.05-10.
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
     module build for Linux 6.6.
   * Restrict watch file to releases from the 530.xx new feature branch.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (530.41.03-3) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-2.
   * Backport get_user_pages changes from 535.86.05 to fix kernel module build
     for Linux 6.5.  (Closes: #1050935)
 .
 nvidia-graphics-drivers (530.41.03-2) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-1.
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.  (Closes: #1042081, #1041991)
   * libcuda1: Add Provides: libcuda-12.1-1.
 .
 nvidia-graphics-drivers (530.41.03-1) experimental; urgency=medium
 .
   * New upstream new feature branch release 530.41.03 (2023-03-23).
     (Closes: #1033602)
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.  (Closes: #1033774)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
     - Added NV-CONTROL attributes NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_MODE
       and NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_VALUE to allow syncing a
       Quadro Sync II card to different House Sync signal rates. This
       feature requires firmware version 2.18 or later; to download the
       latest firmware version, please visit:
       https://www.nvidia.com/en-us/drivers/firmware/quadro-sync-firmware-driver/
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Updated Turkish (tr) debconf translations by Atila KOÇ.
 .
 nvidia-graphics-drivers (530.30.02-1) experimental; urgency=medium
 .
   * New upstream beta 530.30.02 (2023-02-28).  (Closes: #1032647)
     - Added support for the VK_KHR_video_queue, VK_KHR_video_decode_queue,
       VK_KHR_video_decode_h264 and VK_KHR_video_decode_h265 extensions.
     - Added an application profile to avoid performance problems in Xfce 4
       when the OpenGL compositor backend is enabled along with G-SYNC.
     - Added support for suspend and resume when using GSP firmware.
     - Fixed a bug that prevented PRIME render offload from working for
       Wayland applications when running on a system with an AMD iGPU.
     - Changed the behavior of glXGetRefreshRateSGI() for non-integer
       refresh rates to round to the nearest whole number rather than
       truncating.
     - Changed the compression format of the .run installer package from xz
       to zstd. This results in a smaller compressed package, and faster
       decompression performance. A fallback zstd decompressor is embedded
       into the installer package for systems which do not already have a
       zstd decompression program installed.
 .
   [ Andreas Beckmann ]
   * Add Build-Depends: zstd.
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Update lintian overrides.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (525.147.05-10) unstable; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
 .
 nvidia-graphics-drivers (525.147.05-9) unstable; urgency=medium
 .
   * Packaging sync.
 .
 nvidia-graphics-drivers (525.147.05-8) unstable; urgency=medium
 .
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
nvidia-graphics-drivers (535.161.08-2~deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
   * libnvidia-pkcs11-openssl3: Ship the library built against OpenSSL 1.1
     (instead of OpenSSL 3), but don't change the package name.
 .
 nvidia-graphics-drivers (535.161.08-2~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (535.161.08-2) unstable; urgency=medium
 .
   * nvidia-driver-full: libnvidia-fbc1 and libnvidia-rtcore are not available
     on ppc64el.
   * Add autopkgtest testing the installation of the full driver suite.
 .
 nvidia-graphics-drivers (535.161.08-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.161.08 (2024-03-18).
     (Closes: #1061269, #1061597, #1059339)
   * Upload to unstable.
 .
 nvidia-graphics-drivers (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064983)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.154.05-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
     * Improved compatibility with recent Linux kernels.
   * New upstream long term support branch release 535.146.02 (2023-12-07).
     - Fixed a bug that could cause some multi-GPU systems to crash on suspend.
     - Fixed a bug that could cause the system to crash when an application
       is run with __NV_PRIME_RENDER_OFFLOAD=1.
     - Fixed a bug which prevented application profiles from getting applied
       to PRIME Render Offloaded applications running via Wine.
     - Disabled PRIME Display Offload Sink support for virtual displays on
       datacenter GPUs. This prevents unusable desktop layouts from getting
       automatically configured on systems with a mix of physical and virtual
       displays.
     - Fixed a bug that caused high CPU usage during system suspend, which could
       lead to the system not entering s2idle in some cases.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (535.129.03-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055136)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
     - Fixed a bug that could cause modes to fail validation when
       Option "ModeValidation" "NoExtendedGpuCapabilitiesCheck" is specified in
       xorg.conf.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (535.113.01-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 535.113.01 (2023-09-21).
     - Fixed a bug that intermittently caused the display to freeze when
       resuming from suspend on some Ada GPUs.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update package descriptions.  (Closes: #1013462)
   * Upload to unstable.
 .
 nvidia-graphics-drivers (535.104.12-2) experimental; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
 .
 nvidia-graphics-drivers (535.104.12-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 535.104.12 (2023-09-25).
   * New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
   * New upstream long term support branch release 535.98 (2023-08-08).
     - Fixed an issue which caused the following error message to appear
       spuriously when using SLI with the NVIDIA Open GPU Kernel Modules:
       (EE) NVIDIA: Unable to disable FB size compare
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Merge changes from 525.147.05-9.  (Closes: #1064194)
 .
 nvidia-graphics-drivers (535.86.10-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 535.86.10 (2023-07-31).
 .
   [ Andreas Beckmann ]
   * Update symbols files.
 .
 nvidia-graphics-drivers (535.86.05-1) experimental; urgency=medium
 .
   * New upstream long term support branch release 535.86.05 (2023-07-18).
     - Fixed a bug that caused excessive memory consumption when OpenGL and
       Vulkan applications were running while VT-switched away from X.
     - Fixed a bug that could cause the kernel to panic when video memory
       is full.
     - Fixed a bug that prevented displays from refreshing when using an
       NVIDIA PRIME Display Offload sink.
     - Fixed a bug that could cause some Variable Refresh Rate (VRR)
       monitors to flicker by allowing the refresh rate to drop below
       the monitor's minimum.
     - Fixed a bug that caused corruption when running Vulkan applications.
     - Fixed a regression that could cause a system hang when running windowed
       Vulkan applications with sync-to-vblank enabled.
     - Fixed a video memory leak observed when turning off a connected
       monitor while using certain Wayland compositors.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Merge changes from 525.147.05-7.
   * Add nvidia-driver-full metapackage depending on all driver components and
     libraries.  (Closes: #1063881)
 .
 nvidia-graphics-drivers (535.54.03-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.54.03 (2023-06-14).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     - Fixed a bug that caused modesets to fail in some Wayland configurations.
     - Fixed a bug that caused head-mounted displays (HMDs) to display black
       after a modeset.
     - Fixed a bug that could cause image corruption when unbinding Vulkan
       sparse textures.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update symbols files.
   * Merge changes from 525.147.05-6.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
 .
 nvidia-graphics-drivers (535.43.02-1) experimental; urgency=medium
 .
   * New upstream beta 535.43.02 (2023-05-30).  (Closes: #1053562)
     - Added support for the VK_EXT_memory_priority, and
       VK_EXT_pageable_device_memory extensions for Turing+ GPUs.
     - Improved the performance of Minecraft Java Edition on RTX 3000
       series GPUs.
     - Fixed a memory leak in the NVIDIA GLX driver, as reported at:
       https://forums.developer.nvidia.com/t/222697
     - Added support for driving very high pixel clock mode timings such as 8K @
       60Hz.  Please see the "MaxOneHardwareHead" X11 ModeValidation token in the
       README for details.  (Closes: #1050809)
     - Extended Dynamic Boost support on notebooks to include older Renoir
       and Cezanne chipsets, in addition to Rembrandt and newer AMD chipsets.
     - Fixed a bug that caused Vulkan X11 swapchain creation to fail on GPUs
       without a display engine when the VK_KHR_present_id extension is used.
     - Fixed console restore on legacy VGA consoles when using the NVIDIA
       Open GPU Kernel Modules.
     - Added nvoptix.bin to the driver package.  This data file is used by the
       OptiX ray tracing engine library, libnvoptix.so.1.
     - Removed libnvidia-compiler.so.VERSION from the driver package.  This
       functionality is now provided by other driver libraries.
     - Updated NV_CTRL_GPU_POWER_SOURCE NV-CONTROL API to report undersized
       power source.
     - Add support for version 4 of the linux-dmabuf wayland protocol.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Update d/copyright with new NVIDIA Driver License Agreement.
   * Backport nv_drm_gem_res_obj changes from 535.54.03 to fix kernel module
     build for Linux <= 3.16.
   * Refresh patches.
   * Drop the libnvidia-compiler package.
   * libnvidia-pkcs11-openssl3: New package for the NVIDIA PKCS #11 library
     with OpenSSL 3 backend.
   * libnvoptix1: Ship nvoptix.bin.
   * Update symbols files.
   * libcuda1: Add Provides: libcuda-12.2-1.
   * Restrict watch file to releases from the 535.xx long term support branch.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (530.41.03-4) unstable; urgency=medium
 .
   * Merge changes from 525.147.05-10.
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
     module build for Linux 6.6.
   * Restrict watch file to releases from the 530.xx new feature branch.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (530.41.03-3) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-2.
   * Backport get_user_pages changes from 535.86.05 to fix kernel module build
     for Linux 6.5.  (Closes: #1050935)
 .
 nvidia-graphics-drivers (530.41.03-2) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-1.
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.  (Closes: #1042081, #1041991)
   * libcuda1: Add Provides: libcuda-12.1-1.
 .
 nvidia-graphics-drivers (530.41.03-1) experimental; urgency=medium
 .
   * New upstream new feature branch release 530.41.03 (2023-03-23).
     (Closes: #1033602)
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.  (Closes: #1033774)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
     - Added NV-CONTROL attributes NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_MODE
       and NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_VALUE to allow syncing a
       Quadro Sync II card to different House Sync signal rates. This
       feature requires firmware version 2.18 or later; to download the
       latest firmware version, please visit:
       https://www.nvidia.com/en-us/drivers/firmware/quadro-sync-firmware-driver/
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Updated Turkish (tr) debconf translations by Atila KOÇ.
 .
 nvidia-graphics-drivers (530.30.02-1) experimental; urgency=medium
 .
   * New upstream beta 530.30.02 (2023-02-28).  (Closes: #1032647)
     - Added support for the VK_KHR_video_queue, VK_KHR_video_decode_queue,
       VK_KHR_video_decode_h264 and VK_KHR_video_decode_h265 extensions.
     - Added an application profile to avoid performance problems in Xfce 4
       when the OpenGL compositor backend is enabled along with G-SYNC.
     - Added support for suspend and resume when using GSP firmware.
     - Fixed a bug that prevented PRIME render offload from working for
       Wayland applications when running on a system with an AMD iGPU.
     - Changed the behavior of glXGetRefreshRateSGI() for non-integer
       refresh rates to round to the nearest whole number rather than
       truncating.
     - Changed the compression format of the .run installer package from xz
       to zstd. This results in a smaller compressed package, and faster
       decompression performance. A fallback zstd decompressor is embedded
       into the installer package for systems which do not already have a
       zstd decompression program installed.
 .
   [ Andreas Beckmann ]
   * Add Build-Depends: zstd.
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Update lintian overrides.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (525.147.05-10) unstable; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
 .
 nvidia-graphics-drivers (525.147.05-9) unstable; urgency=medium
 .
   * Packaging sync.
 .
 nvidia-graphics-drivers (525.147.05-8) unstable; urgency=medium
 .
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
nvidia-graphics-drivers (535.161.08-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.161.08 (2024-03-18).
     (Closes: #1061269, #1061597, #1059339)
   * Upload to unstable.
nvidia-graphics-drivers (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064983)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
nvidia-graphics-drivers (535.154.05-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
     * Improved compatibility with recent Linux kernels.
   * New upstream long term support branch release 535.146.02 (2023-12-07).
     - Fixed a bug that could cause some multi-GPU systems to crash on suspend.
     - Fixed a bug that could cause the system to crash when an application
       is run with __NV_PRIME_RENDER_OFFLOAD=1.
     - Fixed a bug which prevented application profiles from getting applied
       to PRIME Render Offloaded applications running via Wine.
     - Disabled PRIME Display Offload Sink support for virtual displays on
       datacenter GPUs. This prevents unusable desktop layouts from getting
       automatically configured on systems with a mix of physical and virtual
       displays.
     - Fixed a bug that caused high CPU usage during system suspend, which could
       lead to the system not entering s2idle in some cases.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
nvidia-graphics-drivers (535.129.03-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055136)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
     - Fixed a bug that could cause modes to fail validation when
       Option "ModeValidation" "NoExtendedGpuCapabilitiesCheck" is specified in
       xorg.conf.
   * New upstream long term support branch release 535.113.01 (2023-09-21).
     * Fixed a bug that intermittently caused the display to freeze when
       resuming from suspend on some Ada GPUs.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
nvidia-graphics-drivers (535.113.01-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 535.113.01 (2023-09-21).
     - Fixed a bug that intermittently caused the display to freeze when
       resuming from suspend on some Ada GPUs.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update package descriptions.  (Closes: #1013462)
   * Upload to unstable.
nvidia-graphics-drivers (535.104.12-2) experimental; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
nvidia-graphics-drivers (535.104.12-1) experimental; urgency=medium
 .
   * New upstream Tesla branch release 535.104.12 (2023-09-25).
   * New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
   * New upstream long term support branch release 535.98 (2023-08-08).
     - Fixed an issue which caused the following error message to appear
       spuriously when using SLI with the NVIDIA Open GPU Kernel Modules:
       (EE) NVIDIA: Unable to disable FB size compare
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Merge changes from 525.147.05-9.  (Closes: #1064194)
nvidia-graphics-drivers (535.86.10-1) experimental; urgency=medium
 .
   * New upstream Tesla release 535.86.10 (2023-07-31).
 .
   [ Andreas Beckmann ]
   * Update symbols files.
nvidia-graphics-drivers (535.86.05-1) experimental; urgency=medium
 .
   * New upstream long term support branch release 535.86.05 (2023-07-18).
     - Fixed a bug that caused excessive memory consumption when OpenGL and
       Vulkan applications were running while VT-switched away from X.
     - Fixed a bug that could cause the kernel to panic when video memory
       is full.
     - Fixed a bug that prevented displays from refreshing when using an
       NVIDIA PRIME Display Offload sink.
     - Fixed a bug that could cause some Variable Refresh Rate (VRR)
       monitors to flicker by allowing the refresh rate to drop below
       the monitor's minimum.
     - Fixed a bug that caused corruption when running Vulkan applications.
     - Fixed a regression that could cause a system hang when running windowed
       Vulkan applications with sync-to-vblank enabled.
     - Fixed a video memory leak observed when turning off a connected
       monitor while using certain Wayland compositors.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Merge changes from 525.147.05-7.
   * Add nvidia-driver-full metapackage depending on all driver components and
     libraries.  (Closes: #1063881)
nvidia-graphics-drivers (535.54.03-1) experimental; urgency=medium
 .
   * New upstream long term support branch release 535.54.03 (2023-06-14).
     - Fixed a bug that caused modesets to fail in some Wayland configurations.
     - Fixed a bug that caused head-mounted displays (HMDs) to display black
       after a modeset.
     - Fixed a bug that could cause image corruption when unbinding Vulkan
       sparse textures.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Merge changes from 525.147.05-6.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * Update symbols files.
nvidia-graphics-drivers (535.43.02-1) experimental; urgency=medium
 .
   * New upstream beta 535.43.02 (2023-05-30).  (Closes: #1053562)
     - Added support for the VK_EXT_memory_priority, and
       VK_EXT_pageable_device_memory extensions for Turing+ GPUs.
     - Improved the performance of Minecraft Java Edition on RTX 3000
       series GPUs.
     - Fixed a memory leak in the NVIDIA GLX driver, as reported at:
       https://forums.developer.nvidia.com/t/222697
     - Added support for driving very high pixel clock mode timings such as 8K @
       60Hz.  Please see the "MaxOneHardwareHead" X11 ModeValidation token in the
       README for details.  (Closes: #1050809)
     - Extended Dynamic Boost support on notebooks to include older Renoir
       and Cezanne chipsets, in addition to Rembrandt and newer AMD chipsets.
     - Fixed a bug that caused Vulkan X11 swapchain creation to fail on GPUs
       without a display engine when the VK_KHR_present_id extension is used.
     - Fixed console restore on legacy VGA consoles when using the NVIDIA
       Open GPU Kernel Modules.
     - Added nvoptix.bin to the driver package.  This data file is used by the
       OptiX ray tracing engine library, libnvoptix.so.1.
     - Removed libnvidia-compiler.so.VERSION from the driver package.  This
       functionality is now provided by other driver libraries.
     - Updated NV_CTRL_GPU_POWER_SOURCE NV-CONTROL API to report undersized
       power source.
     - Add support for version 4 of the linux-dmabuf wayland protocol.
 .
   [ Andreas Beckmann ]
   * Update d/copyright with new NVIDIA Driver License Agreement.
   * Backport nv_drm_gem_res_obj changes from 535.54.03 to fix kernel module
     build for Linux <= 3.16.
   * Refresh patches.
   * Drop the libnvidia-compiler package.
   * libnvidia-pkcs11-openssl3: New package for the NVIDIA PKCS #11 library
     with OpenSSL 3 backend.
   * libnvoptix1: Ship nvoptix.bin.
   * Update symbols files.
   * libcuda1: Add Provides: libcuda-12.2-1.
   * Restrict watch file to releases from the 535.xx long term support branch.
   * Upload to experimental.
nvidia-graphics-drivers (530.41.03-4) unstable; urgency=medium
 .
   * Merge changes from 525.147.05-10.
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
     module build for Linux 6.6.
   * Restrict watch file to releases from the 530.xx new feature branch.
   * Upload to unstable.
nvidia-graphics-drivers (530.41.03-3) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-2.
   * Backport get_user_pages changes from 535.86.05 to fix kernel module build
     for Linux 6.5.  (Closes: #1050935)
nvidia-graphics-drivers (530.41.03-2) experimental; urgency=medium
 .
   * Merge changes from 525.125.06-1.
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.  (Closes: #1042081, #1041991)
   * libcuda1: Add Provides: libcuda-12.1-1.
   * nvidia-suspend-common: New package for the systemd power management
     integration scripts.  (Closes: #1038006)
nvidia-graphics-drivers (530.41.03-1) experimental; urgency=medium
 .
   * New upstream release 530.41.03 (2023-03-23).  (Closes: #1033602)
     - Added NV-CONTROL attributes NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_MODE
       and NV_CTRL_FRAMELOCK_MULTIPLY_DIVIDE_VALUE to allow syncing a
       Quadro Sync II card to different House Sync signal rates. This
       feature requires firmware version 2.18 or later; to download the
       latest firmware version, please visit:
       https://www.nvidia.com/en-us/drivers/firmware/quadro-sync-firmware-driver/
   * New upstream release 525 series.
     - Fixed a bug that could cause the nvidia-settings control panel to
       crash when resetting the display layout.
     - Fixed a bug that could cause excessive GPU power consumption at idle
       when driving multiple displays with a high refresh rate.
     - Fixed a bug in nvidia-powerd which could cause excessive CPU usage.
     - Fixed an issue which could cause applications to run at 1 FPS when
       using an NVIDIA PRIME Display Offload sink as the only active display.
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
   * Updated Turkish (tr) debconf translations by Atila KOÇ.
nvidia-graphics-drivers (530.30.02-1) experimental; urgency=medium
 .
   * New upstream beta 530.30.02 (2023-02-28).  (Closes: #1032647)
     - Added an application profile to avoid performance problems in Xfce 4
       when the OpenGL compositor backend is enabled along with G-SYNC.
     - Added support for suspend and resume when using GSP firmware.
     - Fixed a bug that prevented PRIME render offload from working for
       Wayland applications when running on a system with an AMD iGPU.
     - Changed the behavior of glXGetRefreshRateSGI() for non-integer
       refresh rates to round to the nearest whole number rather than
       truncating.
     - Changed the compression format of the .run installer package from xz
       to zstd. This results in a smaller compressed package, and faster
       decompression performance. A fallback zstd decompressor is embedded
       into the installer package for systems which do not already have a
       zstd decompression program installed.
   * New upstream release 525 series.
     - Added compatibility for Linux kernels with Indirect Branch Tracking
       IBT).
 .
   [ Andreas Beckmann ]
   * Add Build-Depends: zstd.
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * Update lintian overrides.
   * Upload to experimental.
nvidia-graphics-drivers (525.147.05-10) unstable; urgency=medium
 .
   * Backport drm_unlocked_ioctl_flag_present changes from 470.239.06 to fix
     kernel module build for Linux 6.8.
   * Backport screen_info changes from 470.182.03 and 470.239.06 to fix kernel
     module build for Linux 6.7 on arm64.
nvidia-graphics-drivers (525.147.05-9) unstable; urgency=medium
 .
   * Packaging sync.
nvidia-graphics-drivers (525.147.05-8) unstable; urgency=medium
 .
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
nvidia-graphics-drivers (525.147.05-7) unstable; urgency=medium
 .
   * nvidia-detect: Fix mismerge breaking Tesla 470 detection.
     (Closes: #1063910)
   * Relax dh-dkms build-dependency, satisfied in stable.
nvidia-graphics-drivers (525.147.05-7~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-7) unstable; urgency=medium
 .
   * nvidia-detect: Fix mismerge breaking Tesla 470 detection.
     (Closes: #1063910)
   * Relax dh-dkms build-dependency, satisfied in stable.
nvidia-graphics-drivers (525.147.05-7~deb12u1~bpo11+2) bullseye-backports; urgency=medium
 .
   * Move firmware-nvidia-gsp back to non-free.
nvidia-graphics-drivers (525.147.05-7~deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 nvidia-graphics-drivers (525.147.05-7~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-7) unstable; urgency=medium
 .
   * nvidia-detect: Fix mismerge breaking Tesla 470 detection.
     (Closes: #1063910)
   * Relax dh-dkms build-dependency, satisfied in stable.
 .
 nvidia-graphics-drivers (525.147.05-6~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-6) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * nvidia-detect: Tesla and regular driver packages have been merged.
   * nvidia-detect: Add superficial autopkgtest for checking codename support.
   * Update lintian overrides.
 .
 nvidia-graphics-drivers (525.147.05-5) unstable; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * Enable nvidia-suspend-common.  (Closes: #1059581, #1056557, #1062281)
   * nvidia-suspend-common: Depend on kbd for chvt.  (Closes: #1058081)
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
     (Closes: #1059590)
 .
 nvidia-graphics-drivers (525.147.05-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-4) unstable; urgency=medium
 .
   * Build libnvidia-fbc1 for arm64, too.  (Closes: #1057078)
   * bug-control: Report information about more driver components.
   * Do not yet recommend nvidia-suspend-common.
 .
 nvidia-graphics-drivers (525.147.05-3) UNRELEASED; urgency=medium
 .
   * nvidia-suspend-common: Do not start services on installation/upgrade.
     (Closes: #1056384)
 .
 nvidia-graphics-drivers (525.147.05-2) UNRELEASED; urgency=medium
 .
   * nvidia-suspend-common: Do not stop/restart services on upgrade.
 .
 nvidia-graphics-drivers (525.147.05-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.147.05 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055136)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
     - Fixed a bug which could cause some DisplayPort monitors to flicker.
     - Fixed a bug that could cause monitors to flicker when the performance
       state changes on Turing GPUs.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.125.06-3) UNRELEASED; urgency=medium
 .
   * nvidia-suspend-common: New package for the systemd power management
     integration scripts.  (Closes: #1038006)
 .
 nvidia-graphics-drivers (525.125.06-3) unstable; urgency=medium
 .
   * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
     module build for Linux 6.6.
   * Switch suggestion from obsolete vulkan-utils to vulkan-tools.
     (Closes: #1055503)
 .
 nvidia-graphics-drivers (525.125.06-2) unstable; urgency=medium
 .
   * Backport get_user_pages and pin_user_pages changes from
     535.86.05 to fix kernel module build for Linux 6.5.
 .
 nvidia-graphics-drivers (525.125.06-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.125.06-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.125.06 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     - Fixed a bug which prevented running a Wayland compositor in headless
       mode on GPUs without display hardware.
     * Fixed undisclosed bugs.  (Closes: #1037468)
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.116.04-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.116.04 (2023-05-09).
   * New upstream production branch release 525.116.03 (2023-04-25).
     - Fixed a regression in Luxmark performance between 525.89.02 and
       525.105.17.
     - Fixed a bug that could cause an unexpected
       VK_ERROR_NATIVE_WINDOW_IN_USE_KHR error in certain circumstances when
       recreating Vulkan surfaces.
     - Fixed a regression that caused brightness control to not vary
       smoothly across the range of values.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.105.17-2) unstable; urgency=medium
 .
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
 .
 nvidia-graphics-drivers (525.105.17-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.105.17 (2023-03-30).
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.  (Closes: #1033774)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
     - Fixed a bug that could cause excessive GPU power consumption at idle
       when driving multiple displays with a high refresh rate.
     - Fixed a bug in nvidia-powerd which could cause excessive CPU usage.
     - Fixed an issue which could cause applications to run at 1 FPS when
       using an NVIDIA PRIME Display Offload sink as the only active display.
     - Added compatibility for Linux kernels with Indirect Branch Tracking
       (IBT).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Updated Turkish (tr) debconf translations by Atila KOÇ.
 .
 nvidia-graphics-drivers (525.89.02-2) unstable; urgency=medium
 .
   * Add libnvidia-nvvm.so.#VERSION# alternative, needed by nvidia-opencl-icd.
     (Closes: #1030336)
   * Prevent co-installation with EoL drivers.
   * Restrict watch file to releases from the 525.xx production branch.
 .
 nvidia-graphics-drivers (525.89.02-1) unstable; urgency=medium
 .
   * The firmware-nvidia-gsp package has been moved to the newly created
     'non-free-firmware' archive area. This area needs to be enabled in
     /etc/apt/sources.list (/etc/apt/sources.list.d/*.list) in addition to
     'non-free' in order to upgrade to the 525 driver series.
     https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#non-free-split
     (Closes: #1030981)
 .
   * New upstream production branch release 525.89.02 (2023-02-08).
     - Fixed a bug that could cause banding or flickering of color
       gradients on DisplayPort monitors.
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
   * Fix nvngx.dll install location.  (Closes: #1031185)
   * nvidia-opencl-icd: Add dependency on libnvidia-nvvm4.  (Closes: #1031080)
 .
 nvidia-graphics-drivers (525.85.12-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.85.12 (2023-01-30).
   * New upstream production branch release 525.85.05 (2023-01-19).
     - Improved the reliability of suspend and resume on UEFI systems
       when using certain display panels.
     - Fixed a bug that could cause VK_ERROR_DEVICE_LOST when using
       VK_MEMORY_ALLOCATE_DEVICE_ADDRESS_CAPTURE_REPLAY_BIT to allocate
       memory.
   * New upstream production branch release 525.78.01 (2023-01-05).
     - Fixed a regression that prevented the G-SYNC/G-SYNC Compatible Visual
       Indicator from being displayed when running Vulkan X11 applications.
     - Fixed a bug where usage of VK_KHR_present_id could cause applications to
       crash with Xid 32 errors.
     - Fixed excess CPU usage in hybrid graphics configurations where an
       external display is connected to an NVIDIA discrete GPU and configured
       as a PRIME Display Offload sink (also known as "Reverse Prime").
     * Improved compatibility with recent Linux kernels.  (Closes: #1027790)
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.  (Closes: #1028496)
   * libcuda1: Add Provides: libcuda-12.0-1.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (525.60.13-1) experimental; urgency=medium
 .
   * New upstream production branch release 525.60.13 (2022-12-05).
   * New upstream production branch release 525.60.11 (2022-11-28).
     (Closes: #1025883)
     * Fixed CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
       CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
       CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
       CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
       CVE-2022-42264, CVE-2022-42265.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Improved the performance of PRIME render-offloaded applications.
     - Fixed a bug which caused suspend to fail on systems running GNOME 3
       as a Wayland compositor with NVreg_PreserveVideoMemoryAllocations
       enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
 .
 nvidia-graphics-drivers (525.53-1) experimental; urgency=medium
 .
   * New upstream beta 525.53 (2022-11-10).
     - Fixed a bug which caused Dynamic Boost to not engage on certain Ampere
       GPU based notebooks.
     - Added support for Dynamic Boost on notebooks with AMD CPUs.
     - Fixed a regression that prevented Warp & Blend from working correctly.
     - Fixed a bug that resulted in stutter when moving windows in GNOME.
     - Added support for the EGL_MESA_platform_surfaceless extension.
     - Updated the open kernel modules to support Quadro Sync, Stereo,
       rotation in X11, and YUV 4:2:0 on Turing.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update symbols files.
   * libnvidia-api1: New package for the NVIDIA API runtime library.
   * firmware-nvidia-gsp: Move non-free-firmware archive area.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (520.56.06-2) unstable; urgency=medium
 .
   * libcuda1: Add Provides: libcuda-11.8-1.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (520.56.06-1) experimental; urgency=medium
 .
   * New upstream new feature branch release 520.56.06 (2022-10-12).
     - Implemented support for over-the-air updates in the Proton and Wine
       NVIDIA NGX build. This feature is disabled by default and can be enabled
       by setting the "PROTON_ENABLE_NGX_UPDATER" environment variable to a
       value of "1".
     - Updated the Vulkan driver so that the following extensions no longer
       depend on nvidia-uvm.ko being loaded at runtime:
       VK_KHR_acceleration_structure, VK_KHR_deferred_host_operations,
       VK_KHR_ray_query, VK_KHR_ray_tracing_pipeline, VK_NV_cuda_kernel_launch,
       VK_NV_ray_tracing, VK_NV_ray_tracing_motion_blur, VK_NVX_binary_import,
       VK_NVX_image_view_handle.
     - Fixed a bug in the Vulkan driver which could lead to corruption in
       geometry and tessellation control shaders.
     - Added a new CUDA Debugger implementation for Pascal and newer
       architectures as a part of the driver package: libcudadebugger.so
       (previously released separately as "CUDA GDB Developer Preview").
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * libcudadebugger1: New package for the CUDA Debugger library.
   * Update lintian overrides.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (515.105.01-1) UNRELEASED; urgency=medium
 .
   * New upstream Tesla release 515.105.01 (2023-03-30).
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.
 .
 nvidia-graphics-drivers (515.86.01-1) unstable; urgency=medium
 .
   * New upstream production branch release 515.86.01 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
       CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
       CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
       CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
       CVE-2022-42264, CVE-2022-42265.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Fixed a regression in 515.76 that caused blank screens and hangs when
       starting an X server on RTX 30 series GPUs in some configurations where
       the boot display is connected via HDMI.
     - Fixed a bug where Marvel's Spider-Man Remastered would sometimes crash
       with Xid 13 errors on Turing and later.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update symbols files.
   * Upload to unstable.
 .
 nvidia-graphics-drivers (515.76-1) experimental; urgency=medium
 .
   * New upstream production branch release 515.76 (2022-09-20).
     (Closes: #1022165)
     - Turing and later: fixed possible excessive GPU power draw on an idle
       X11 or Wayland desktop when driving high resolutions or refresh rates.
     * Improved compatibility with recent Linux kernels.
   * New upstream Tesla release (amd64 only) 515.65.07 (2022-10-19).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (515.65.01-1) experimental; urgency=medium
 .
   * New upstream production branch release 515.65.01 (2022-08-02).
     - Fixed a bug that caused the X server to hang when VT-switching with
       stereo enabled.
     - Fixed an issue that caused OpenGL applications to be unresponsive in SLI
       Mosaic mode with no monitors enabled on the primary GPU.
     * Improved compatibility with recent Linux kernels.
   * New upstream production branch release 515.57 (2022-06-28).
     - Fixed a bug that could cause some graphics applications to crash when
       they are started while nvidia-drm.ko is not loaded.
     - Fixed an issue where NvFBC could return an incorrect frame if a capture
       request timed out.
     - Fixed an issue where NvFBC direct capture would wait for multiple queued
       frames to finish rendering, instead of returning the next rendered
       frame.
     - Added support for NvFBC direct capture to composite the mouse cursor
       onto frames.
     - Fixed an issue where Vulkan direct to display could not drive more than
       4 displays from a single VkInstance.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Apply kernel module patches at package build time.
   * Add versioned Provides: nvidia-kernel-dkms-any.
 .
 nvidia-graphics-drivers (515.48.07-3) experimental; urgency=medium
 .
   * Merge changes from 510.108.03-3.
   * Extract nv-readme-open.ids from README.
   * nvidia-detect: Report GPUs that can be used with the open kernel module.
   * Allow nvidia-open-kernel-dkms as alternative to nvidia-kernel-dkms.
   * nvidia-alternative: Register another alternative if
     nvidia-open-kernel-dkms is available.
 .
 nvidia-graphics-drivers (515.48.07-2) experimental; urgency=medium
 .
   * Merge changes from 510.108.03-1.
   * Backport find_vma_intersection from 515.57 and num_registered_fb changes
     from 515.76 to fix kernel module build for Linux 6.1.
   * libcuda1: Add Provides: libcuda-11.7-1{,-i386}.
   * Put the kernel module patches under Expat license.
 .
 nvidia-graphics-drivers (515.48.07-1) experimental; urgency=medium
 .
   * New upstream production branch release 515.48.07 (2022-05-31).
     (Closes: #1012815)
     - Improved performance of GLX and Vulkan applications running in
       gamescope.
     - Added a "kernelopen" feature tag to the supported-gpus.json file,
       to indicate which GPUs are compatible with open-gpu-kernel-modules.
     - Improved Vulkan swapchain creation failure reporting. Applications can
       use the VK_EXT_debug_utils extension to receive additional information
       when an error was encountered in vkCreateSwapchainKHR().
   * New upstream beta 515.43.04 (2022-05-11).
     - Published the source code to a variant of the NVIDIA Linux kernel
       modules dual-licensed as MIT/GPLv2. The source is available here:
           https://github.com/NVIDIA/open-gpu-kernel-modules
       and will be updated each driver release. Please see the "Open
       Linux Kernel Modules" chapter in the README for details.
     - Added support for the VK_EXT_external_memory_dma_buf and
       VK_EXT_image_drm_format_modifier Vulkan extensions. To use this
       functionality, the nvidia-drm kernel module must be loaded with DRM KMS
       mode setting enabled. See the DRM KMS section of the README for guidance
       on enabling mode setting.
     - Changed nvidia-suspend.service, nvidia-resume.service, and
       nvidia-hibernate.service to use WantedBy= rather than RequiredBy=
       dependencies for systemd-suspend.service and systemd-hibernate.service.
       This avoids a problem where suspend or hibernate fails if the NVIDIA
       driver is uninstalled without disabling these services first.
       See https://github.com/systemd/systemd/issues/21991
       If these services were manually enabled, it may be necessary to update
       their dependencies by running
         sudo systemctl reenable nvidia-suspend.service \
           nvidia-resume.service nvidia-hibernate.service
     - Interlaced modes are now disabled when active stereo is enabled.
     - Removed the warning message about mismatches between the compiler
       used to build the Linux kernel and the compiler used to build the
       NVIDIA kernel modules from nvidia-installer. Modern compilers are less
       likely to cause problems when this type of mismatch occurs, and it has
       become common in many distributions to build the Linux kernel with a
       different compiler than the default system compiler.
     - Updated the RTD3 Video Memory Utilization Threshold
       (NVreg_DynamicPowerManagementVideoMemoryThreshold) maximum value from
       200 MB to 1024 MB.
 .
   [ Andreas Beckmann ]
   * Bump minimum supported kernel version to 3.10.
   * Backport get_task_ioprio changes from 510.85.02, acpi changes from
     515.65.01, drm_frambuffer.h changes from 515.76 to fix kernel module build
     for Linux 6.0.
   * Refresh patches.
   * Update symbols files.
   * Update lintian overrides.
   * Restrict watch file to releases from the 515.xx production branch.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (510.108.03-4) UNRELEASED; urgency=medium
 .
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.
 .
 nvidia-graphics-drivers (510.108.03-3) UNRELEASED; urgency=medium
 .
   * Add versioned Provides: nvidia-kernel-dkms-any (515.65.01-1).
   * Fix nvngx.dll install location (525.89.02-1).  (Closes: #1031185)
   * Updated Turkish (tr) debconf translations by Atila KOÇ. (Closes: #1033418)
 .
 nvidia-graphics-drivers (510.108.03-3) unstable; urgency=medium
 .
   * Backport drm_connector_has_override_edid changes from 525.78.01 to fix
     kernel module build for Linux 6.2.  (Closes: #1027790)
   * Drop support for building modules for non-native kernel architectures.
   * nvidia-alternative: Access kmod config files over a versioned symlink.
   * New Brazilian Portuguese (pt_BR) debconf translations by Paulo Henrique de
     Lima Santana.  (Closes: #1028259)
 .
 nvidia-graphics-drivers (510.108.03-2) unstable; urgency=medium
 .
   * nvidia-detect: Drop support for stretch(-lts) (EoL).
   * nvidia-detect: Add support for Tesla drivers.
   * nvidia-detect: Restrict support to driver series in bookworm.
   * Stop building the nvidia-nonglvnd-vulkan-common package, will be built
     from src:nvidia-graphics-drivers-tesla-418.
   * Bump Standards-Version to 4.6.2. No changes needed.
 .
 nvidia-graphics-drivers (510.108.03-1) unstable; urgency=medium
 .
   * New upstream production branch release 510.108.03 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
       CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
       CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
       CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
       CVE-2022-42262, CVE-2022-42263, CVE-2022-42264.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Add missing #includes to fix kernel module build for ppc64el.
   * Rename the internally used ARCH variable which might clash on externally
     set values.
   * Use substitutions for ${nvidia-kernel} and friends.
   * Try to compile a kernel module at package build time.
 .
 nvidia-graphics-drivers (510.85.02-6) unstable; urgency=medium
 .
   * Split firmware-nvidia-gsp from nvidia-kernel-support.
 .
 nvidia-graphics-drivers (510.85.02-5) unstable; urgency=medium
 .
   * Restrict nvidia-legacy-check dependency to driver architectures.
   * Backport nv-acpi.c changes from 515.65.01 and drm_frambuffer.h changes
     from 515.76 to fix kernel module build for Linux 6.0.  (Closes: #1021958)
 .
 nvidia-graphics-drivers (510.85.02-4) unstable; urgency=medium
 .
   * Set BUILD_EXCLUSIVE_CONFIG="!CONFIG_PREEMPT_RT" for
     module-assistant-autopkgtest, too.
 .
 nvidia-graphics-drivers (510.85.02-3) unstable; urgency=medium
 .
   * Upload to unstable.  (Closes: #1020761)
 .
 nvidia-graphics-drivers (510.85.02-2) experimental; urgency=medium
 .
   * Merge changes from 470.141.03-2.
   * Switch to module-assistant-autopkgtest.
 .
 nvidia-graphics-drivers (510.85.02-1) UNRELEASED; urgency=medium
 .
   * Build the nvidia-powerd package, but ship the insecure nvidia-dbus.conf as
     an example only.  (Closes: #1014283)
 .
 nvidia-graphics-drivers (510.85.02-1) UNRELEASED; urgency=medium
 .
   * New upstream Tesla release 510.85.02 (2022-08-02).
     * Fixed CVE-2022-31607, CVE-2022-31608, CVE-2022-31615. (Closes: #1016621)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5383
     * Improved compatibility with recent Linux kernels.
 .
 nvidia-graphics-drivers (510.85.02-1) experimental; urgency=medium
 .
   * New upstream production branch release 510.85.02 (2022-08-02).
     (Closes: #1012713, #1016614)
     * Fixed CVE-2022-31607, CVE-2022-31608, CVE-2022-31615.
       https://nvidia.custhelp.com/app/answers/detail/a_id/5383
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Merge changes from 470.141.03-1.
   * Refresh patches.
   * Update nv-readme.ids.
   * Restrict watch file to releases from the 510.xx production branch.
 .
 nvidia-graphics-drivers (510.73.08-3) experimental; urgency=medium
 .
   * Merge changes from 470.129.06-5.
   * Try new dkms feature BUILD_EXCLUSIVE_CONFIG.
 .
 nvidia-graphics-drivers (510.73.08-2) experimental; urgency=medium
 .
   * Add nvidia-drm_gbm.so symlink.  (Closes: #1012514)
   * nvidia-driver-libs: Recommend libnvidia-allocator1.
   * libnvidia-allocator1: Recommend libnvidia-egl-gbm1.
 .
 nvidia-graphics-drivers (510.73.08-1) experimental; urgency=medium
 .
   * New upstream Tesla release 510.73.08 (2022-05-23).
   * New upstream production branch release 510.73.05 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011140)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added a new configuration option for NVIDIA NGX to allow disabling the
       DSO signature check. See the "NGX" chapter of the README for more
       information.
   * New upstream production branch release 510.68.02 (2022-04-26).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
 .
 nvidia-graphics-drivers (510.60.02-1) experimental; urgency=medium
 .
   * New upstream production branch release 510.60.02 (2022-03-22).
     - Added support for the following GPUs: NVIDIA RTX A4000H,
       NVIDIA RTX A5500.
     - Fixed a bug that could cause displays with HDMI or DisplayPort audio
       to be deselected as the default audio output device after resuming
       from suspend.
     - Fixed a regression that could cause OpenGL applications to hang or
       render incorrectly after suspend/resume cycles or VT-switches
     - Fixed a bug, introduced in 495.29.05, that caused GPU "Model:" in
       /proc/driver/nvidia/gpus/<Bus:Device.Function>/information to be
       "Unknown" for some GPUs.
 .
   [ Luca Boccassi ]
   * Update nv-readme.ids.
   * Refresh use-kbuild-flags.patch.
 .
 nvidia-graphics-drivers (510.54-1) experimental; urgency=medium
 .
   * New upstream production branch release 510.54 (2022-02-14).
     - Fixed a bug that could cause GPU exceptions when minimizing a fullscreen
       Vulkan application on certain desktops, such as Plasma.
 .
   [ Andreas Beckmann ]
   * Update nv-readme.ids.
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream.
   * Declare Testsuite: autopkgtest-pkg-dkms.
   * Disable building nvidia-cuda-mps, will be built from
     src:nvidia-graphics-drivers-tesla-470.
 .
 nvidia-graphics-drivers (510.47.03-1) experimental; urgency=medium
 .
   * New upstream production branch release 510.47.03 (2022-02-01).
     * Fixed CVE-2022-21813, CVE-2022-21814.  (Closes: #1004847)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5312
     - Added support for Vulkan 1.3.
   * New upstream beta 510.39.01 (2022-01-11).
     - Added a new daemon, nvidia-powerd, to provide support for the Dynamic
       Boost feature on supported systems. Dynamic Boost balances power between
       the CPU and the GPU for improved performance. For more details, see the
       "Dynamic Boost on Linux" chapter in the README.
     - Updated nvidia-bug-report.sh to search the systemd journal for
       nvidia-powerd logs.
     - Fixed several issues which caused the supported-gpus.json file to
       contain incorrect product information.
     - Added a new module parameter, "peerdirect_support", to the
       nvidia-peermem.ko kernel module, to correctly support GPUDirect RDMA on
       MOFED 5.0 and older releases.
     - Fixed a bug which caused Vulkan applications to hang when the
       __GL_THREADED_OPTIMIZATIONS environment variable was set to enable
       threaded optimizations in the NVIDIA driver.
     - Fixed a bug where calls to vkWaitForPresentKHR would fail with
       VK_TIMEOUT on Maxwell and Pascal GPUs.
     - Added support for the VK_EXT_depth_clip_control extension.
     - Added support for the VK_EXT_border_color_swizzle extension.
     - Added support for the VK_EXT_image_view_min_lod extension.
     - Fixed a bug in the Vulkan compiler where 64-bit atomics were partially
       broken.
     - Fixed a bug in the Vulkan driver where VK_NULL_HANDLE was not properly
       handled as input to
       VkRenderingFragmentShadingRateAttachmentInfoKHR.imageView.
     - Added support for the VK_KHR_dynamic_rendering extension.
     - Added support for the bufferDeviceAddressCaptureReplay Vulkan feature.
     - Optimized the Vulkan fullscreen presentation path for X11 and
       direct-to-display swapchains.
     - Added AV1 decode support to the NVIDIA VDPAU driver. See the
       VDPAU Support appendix in the README for supported AV1 decoder
       profiles.
     - Added support for the VK_KHR_format_feature_flags2 extension.
     - Added support for the VK_KHR_maintenance4 extension.
     - Fixed a bug in the Vulkan driver where the SPIR-V Centroid interpolation
       decoration was not ignored when used in conjunction with FragCoord.
     - Fixed a bug in the Vulkan driver where unreferenced descriptor bindings
       were sometimes not ignored properly.
     - Fixed a bug in the Vulkan driver where vkCmdBindDescriptorSets would not
       properly handle pDynamicOffsets for compute pipelines.
     - Added support for the VK_KHR_shader_integer_dot_product extension.
     - Added support for the VK_EXT_primitive_topology_list_restart extension.
     - Added support for the VK_EXT_load_store_op_none extension.
     - Fixed a bug which caused OpenGL and Vulkan applications to generate
       excessive traffic over dbus while attempting to communicate with
       nvidia-powerd, even though nvidia-powerd was not running.
     - Enabled GSP Firmware by default on NVIDIA T4, A100, A30, A40, A16, A2,
       and several other Tesla products.  Please see the "GSP Firmware"
       chapter in the README for details.
   * New upstream release 495 series.
     - Fixed a bug in the Vulkan driver where some Ray Tracing shaders would
       timeout, resulting in device loss.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Update symbols files.
   * libcuda1: Add Provides: libcuda-11.6-1{,-i386}.
   * nvidia-detect: Add support for Tesla 510 drivers.
   * Prepare nvidia-powerd: New package for the NVIDIA Dynamic Boost daemon.
   * Do not ship libnvidia-compiler-next.so.*.
 .
 nvidia-graphics-drivers (495.46-1) experimental; urgency=medium
 .
   * New upstream new feature branch release 495.46 (2021-12-13).
 .
 nvidia-graphics-drivers (495.44-1) experimental; urgency=medium
 .
   * New upstream new feature branch release 495.44 (2021-10-26).
     - Fixed a bug in the Vulkan driver where unused input attributes to a
       vertex shader would corrupt the interpolation qualifiers for the shader.
     - Fixed a bug in the Vulkan driver where individual components of
       barycentric inputs could not be read.
     - Added support for the VK_KHR_present_id extension.
     - Added support for the VK_KHR_present_wait extension.
     - Added support for the VK_KHR_shader_subgroup_uniform_control_flow
       extension.
     - Fixed a bug where VK_NVX_binary_import was advertised as supported on
       unsupported platforms. This caused calls to vkCreateDevice to fail if
       applications attempted to enable VK_NVX_binary_import on such platforms.
   * New upstream beta 495.29.05 (2021-10-14).
     - Added support for the GBM API. This adds the new symlink
       nvidia-drm_gbm.so pointing to the file libnvidia-allocator.so.VERSION to
       implement a GBM backend driver usable with the GBM loader from the Mesa
       project version 21.2 and above, as well as the files
       libnvidia-egl-gbm.so.1.1.0 and 15_nvidia_gbm.json, which implement EGL
       support for the GBM platform (EGL_KHR_platform_gbm).
     - Add indicator for Resizable BAR support on compatible systems.
     - Fixed a bug that could cause the X server to crash when starting a
       new server generation on PRIME configurations.
     - Removed support for NvIFROpenGL. This functionality was deprecated
       in the 470.xx driver release.
     - Removed libnvidia-cbl.so from the driver package.  This
       functionality is now provided by other driver libraries.
     - Changed the minimum required Linux kernel version from 2.6.32 to 3.10.
     - Updated nvidia.ko to load even if no supported NVIDIA GPUs are present
       when an NVIDIA NVSwitch device is detected in the system. Previously,
       nvidia.ko would fail to load into the kernel if no supported GPUs were
       present.
     * Removed support for cards based on the Kepler architecture.
 .
   [ Luca Boccassi ]
   * Update nv-readme.ids.
   * Drop libnvidia-ifr1 package, removed upstream.
   * Drop libnvidia-cbl package, removed upstream.
   * Update symbols files.
 .
   [ Andreas Beckmann ]
   * libcuda1: Add Provides: libcuda-11.5-1{,-i386}.
   * Ship the gsp.bin firmware blob on arm64.
   * Add NEWS entry and update nvidia-legacy-check to suggest using
     nvidia-tesla-470-driver for Kepler cards.
   * Upload to experimental.
 .
 nvidia-graphics-drivers (470.223.02-2) UNRELEASED; urgency=medium
 .
   * Build libnvidia-fbc1 for arm64, too.  (Closes: #1057078)
   * bug-control: Report information about more driver components.
   * nvidia-detect: Drop support for Tesla 450 drivers (EoL).
 .
 nvidia-graphics-drivers (470.223.02-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.223.02 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055136)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
     - Fixed a bug which caused incorrect reporting of presentation
       times when using the VK_NV_present_barrier Vulkan extension.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.199.02-4) UNRELEASED; urgency=medium
 .
   * Refuse to load module if IBT is enabled.  (Closes: #1052069)
   * Switch suggestion from obsolete vulkan-utils to vulkan-tools
     (525.125.06-3).  (Closes: #1055503)
 .
 nvidia-graphics-drivers (470.199.02-3) UNRELEASED; urgency=medium
 .
   * Revert backport of pin_user_pages changes.
   * Backport drm_gem_prime_handle_to_fd changes from 470.223.02 to fix kernel
     module build for Linux 6.6.
 .
 nvidia-graphics-drivers (470.199.02-2) UNRELEASED; urgency=medium
 .
   * Backport get_user_pages and pin_user_pages changes from 520.56.06,
     525.53 and 535.86.05 to fix kernel module build for Linux 6.5.
 .
 nvidia-graphics-drivers (470.199.02-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.199.02 (2023-06-26).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.182.03-2) UNRELEASED; urgency=medium
 .
   * Backport drm_driver_has_dumb_destroy changes from 525.116.03 to fix kernel
     module build for Linux 6.4.
   * Backport vm_area_struct_has_const_vm_flags changes from 470.199.02 to fix
     kernel module build for Linux 6.3.  (Closes: #1038004)
 .
 nvidia-graphics-drivers (470.182.03-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.182.03 (2023-03-30).
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0185,
       CVE-2023-0187, CVE-2023-0198, CVE-2023-0199, CVE-2023-0188,
       CVE-2023-0190, CVE-2023-0194, CVE-2023-0195, CVE-2023-0191.
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
       (Closes: #1033774)
     - Fixed a bug that could cause fullscreen PRIME Render Offload
       applications and/or X to crash when an NVIDIA GPU is driving
       multiple displays with Reverse PRIME.
     - Added support for console restoration when using simpledrm.
     - Disabled Fixed Rate Link (FRL) when using passive DisplayPort
       to HDMI dongles, which are incompatible with FRL.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * nvidia-detect: Drop support for stretch(-lts) (EoL).
   * Drop support for building modules for non-native kernel architectures.
   * nvidia-alternative: Access kmod config files over a versioned
     symlink (510.108.03-3).
   * Add versioned Provides: nvidia-kernel-dkms-any (515.65.01-1).
   * Fix nvngx.dll install location (525.89.02-1).  (Closes: #1031185)
   * New Brazilian Portuguese (pt_BR) debconf translations by Paulo Henrique de
     Lima Santana.
   * Updated Turkish (tr) debconf translations by Atila KOÇ.
   * Bump Standards-Version to 4.6.2. No changes needed.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.161.03-2) UNRELEASED; urgency=medium
 .
   * Backport acpi_op_remove changes from 470.182.03 to fix kernel module build
     for Linux 6.2.
   * Backport drm_connector_has_override_edid changes from 525.78.01 to fix
     kernel module build for Linux 6.2.
   * Drop support for building modules for non-native kernel architectures.
   * nvidia-alternative: Access kmod config files over a versioned
     symlink (510.108.03-3).
   * Add versioned Provides: nvidia-kernel-dkms-any (515.65.01-1).
   * Fix nvngx.dll install location (525.89.02-1).  (Closes: #1031185)
   * Bump Standards-Version to 4.6.2. No changes needed.
 .
 nvidia-graphics-drivers (470.161.03-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.161.03 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
       CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
       CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
       CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
       CVE-2022-42263, CVE-2022-42264.  (Closes: #1025279)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
     - Fixed a bug that caused the Xorg server to crash if an NvFBC capture
       session is started while video memory is full.
     * Improved compatibility with recent Linux kernels.  (Closes: #1024852)
   * New upstream Tesla release (amd64 only) 470.141.10 (2022-10-19).
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Add missing #includes to fix kernel module build for ppc64el.
   * Rename the internally used ARCH variable which might clash on externally
     set values.
   * Use substitutions for ${nvidia-kernel} and friends (510.108.03-1).
   * Try to compile a kernel module at package build time (510.108.03-1).
   * Upload to bullseye.
 .
 nvidia-graphics-drivers (470.141.03-3) UNRELEASED; urgency=medium
 .
   * Backport get_task_ioprio changes from 510.85.02, acpi changes from
     510.85.02 and 515.65.01, drm_frambuffer.h changes from 515.76 to fix
     kernel module build for Linux 6.0.  (Closes: #1021974, #1022738)
 .
 nvidia-graphics-drivers (470.141.03-2) unstable; urgency=medium
 .
   * Add support for unversioned Tesla packages (tesla 510.85.02-1).
     (Closes: #1020697)
   * Switch *-source to a modern module-assistant based template.
   * Drop support for kernel-package and make-kpkg, gone since stretch.
 .
 nvidia-graphics-drivers (470.141.03-1~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers (470.141.03-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 470.141.03 (2022-08-02).
     * Fixed CVE-2022-31607, CVE-2022-31608, CVE-2022-31615. (Closes: #1016614)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5383
     - Added support for the following GPU: GeForce RTX 3050 OEM.
     - Fixed an issue where HDMI audio output was not working in some cases,
       especially with high display refresh rates (120Hz, 100Hz, etc.) using
       Fixed Rate Link (FRL) transmission mode.
     * Improved compatibility with recent Linux kernels.  (Closes: #1016736)
 .
   [ Andreas Beckmann ]
   * Replace obsolete pci_*() functions with their dma_*() counterparts in
     ppc64el specific code paths to fix kernel module build for ppc64el.
   * Refresh patches.
   * Update nv-readme.ids.
   * More generic handling of architectures with gsp firmware.
   * Drop references to kernel-package and make-kpkg, gone since stretch.
   * Overhaul build-module-packages.sh.
   * Add module-assistant based autopkgtest for the *-source package.
   * Simplify changelog management for the *-source package.
   * Copy the Source stanza from d/control to the module control file.
 .
 nvidia-graphics-drivers (470.129.06-6~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers (470.129.06-6) unstable; urgency=medium
 .
   * Minor packaging sync and cleanup.
   * Disable building nvidia-cuda-mps, will be built from
     src:nvidia-graphics-drivers-tesla-470.
 .
 nvidia-graphics-drivers (470.129.06-5) unstable; urgency=medium
 .
   * Update lintian overrides.
 .
 nvidia-graphics-drivers (470.129.06-4) unstable; urgency=medium
 .
   * Use different virtual packages for firmware file Conflicts and Depends.
 .
 nvidia-graphics-drivers (470.129.06-3) unstable; urgency=medium
 .
   * Do not create backups when patching README.txt.
 .
 nvidia-graphics-drivers (470.129.06-2) unstable; urgency=medium
 .
   * Fix discrepancy between amd64 and i386 README.txt.  (Closes: #1011527)
 .
 nvidia-graphics-drivers (470.129.06-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 470.129.06 (2022-05-16).
     * Fixed CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185,
       CVE-2022-28191, CVE-2022-28192.  (Closes: #1011140)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5353
     - Added support for the following GPUs: GeForce RTX 3050,
       GeForce RTX 3070 Ti Laptop GPU, GeForce RTX 3080 Ti Laptop GPU,
       GeForce RTX 3090 Ti, RTX A500 Laptop GPU, RTX A1000 Embedded GPU,
       RTX A2000 Embedded GPU, RTX A1000 Laptop GPU, RTX A2000 8GB Laptop GPU,
       RTX A3000 12GB Laptop GPU, RTX A4500 Embedded GPU, RTX A4500 Laptop GPU,
       RTX A5500 Laptop GPU, T550 Laptop GPU.  (Closes: #1011183)
     - Fixed an issue where NvFBC was requesting Vulkan 1.0 while using
       Vulkan 1.1 core features. This caused NvFBC to fail to initialize with
       Vulkan loader versions 1.3.204 or newer.
     * Improved compatibility with recent Linux kernels.  (Closes: #1013359)
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Update nv-readme.ids.
   * Import missing legacy IDs from the 510.* README.txt.
     The Kepler notebook GPUs seem still supported by the 470.* driver.
     (Closes: #1011245, #939447, #939067)
   * Bump Standards-Version to 4.6.1. No changes needed.
 .
 nvidia-graphics-drivers (470.103.01-4) unstable; urgency=medium
 .
   * Update 0003-fix-conftest-includes.patch to fix kernel module build for
     ppc64el.
   * Backport mt_device_gre changes from 510.39.01 to fix kernel module build
     for arm64.
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.103.01-3~deb11u2) bullseye; urgency=medium
 .
   * Re-enable building libnvidia-nvvm4.
 .
 nvidia-graphics-drivers (470.103.01-3~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
   * Temporarily disable building libnvidia-nvvm4 to avoid NEW.
 .
 nvidia-graphics-drivers (470.103.01-3) unstable; urgency=medium
 .
   * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt
     kernels, not supported upstream (510.54-1).
   * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1).
   * nvidia-detect: Drop support for Tesla 460 drivers (EoL).
 .
 nvidia-graphics-drivers (470.103.01-2) unstable; urgency=medium
 .
   * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency.
     (Closes: #1005311)
   * nvidia-detect: Add support for (Tesla) 470 drivers in bullseye.
nvidia-graphics-drivers (525.147.05-6) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * nvidia-detect: Tesla and regular driver packages have been merged.
   * Update lintian overrides.
nvidia-graphics-drivers (525.147.05-6~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-6) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * nvidia-detect: Tesla and regular driver packages have been merged.
   * nvidia-detect: Add superficial autopkgtest for checking codename support.
   * Update lintian overrides.
 .
 nvidia-graphics-drivers (525.147.05-5) unstable; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * Enable nvidia-suspend-common.  (Closes: #1059581, #1056557, #1062281)
   * nvidia-suspend-common: Depend on kbd for chvt.  (Closes: #1058081)
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
     (Closes: #1059590)
nvidia-graphics-drivers (525.147.05-5) unstable; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * Enable nvidia-suspend-common.  (Closes: #1059581)
   * nvidia-suspend-common: Depend on kbd for chvt.  (Closes: #1058081)
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
     (Closes: #1059590)
nvidia-graphics-drivers (525.147.05-4) unstable; urgency=medium
 .
   * Build libnvidia-fbc1 for arm64, too.  (Closes: #1057078)
   * bug-control: Report information about more driver components.
   * Do not yet recommend nvidia-suspend-common.

nvidia-graphics-drivers-tesla (525.147.05-7~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla (525.147.05-7) unstable; urgency=medium
 .
   * Relax the dependencies on libnvidia*-glcore/libnvidia*-eglcore for the
     transitional packages.
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063362)
 .
 nvidia-graphics-drivers (525.147.05-7~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-7) unstable; urgency=medium
 .
   * nvidia-detect: Fix mismerge breaking Tesla 470 detection.
     (Closes: #1063910)
   * Relax dh-dkms build-dependency, satisfied in stable.
 .
 nvidia-graphics-drivers (525.147.05-6~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-6) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063363, #1062932)
   * nvidia-detect: Tesla and regular driver packages have been merged.
   * nvidia-detect: Add superficial autopkgtest for checking codename support.
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla (525.147.05-6) unstable; urgency=medium
 .
   * Turn metapackages into transitional packages to aid switching to
     nvidia-graphics-drivers.
   * Provide less virtual packages.
   * Remove the Tesla driver from the nvidia alternative.
 .
 nvidia-graphics-drivers-tesla (525.147.05-5) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
 .
 nvidia-graphics-drivers (525.147.05-5) unstable; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * Enable nvidia-suspend-common.  (Closes: #1059581, #1056557, #1062281)
   * nvidia-suspend-common: Depend on kbd for chvt.  (Closes: #1058081)
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
     (Closes: #1059590)
nvidia-graphics-drivers-tesla (525.147.05-6) unstable; urgency=medium
 .
   * Turn metapackages into transitional packages to aid switching to
     nvidia-graphics-drivers.
   * Provide less virtual packages.
   * Remove the Tesla driver from the nvidia alternative.
nvidia-graphics-drivers-tesla (525.147.05-5) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
 .
 nvidia-graphics-drivers (525.147.05-5) unstable; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * Enable nvidia-suspend-common.  (Closes: #1059581)
   * nvidia-suspend-common: Depend on kbd for chvt.  (Closes: #1058081)
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
     (Closes: #1059590)
nvidia-graphics-drivers-tesla (525.147.05-4) unstable; urgency=medium
 .
   * Rebuild as Tesla driver.
 .
 nvidia-graphics-drivers (525.147.05-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers (525.147.05-4) unstable; urgency=medium
 .
   * Build libnvidia-fbc1 for arm64, too.  (Closes: #1057078)
   * bug-control: Report information about more driver components.
   * Do not yet recommend nvidia-suspend-common.

nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.256.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072798)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.256.02-1) bullseye; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
   * Bump Standards-Version to 4.7.0. No changes needed.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb11u2) bullseye; urgency=medium
 .
   * Rebuild as Tesla 470 driver for bullseye.
 .
 nvidia-graphics-drivers (470.256.02-2) bullseye; urgency=medium
 .
   * ppc64el: Use pfn_valid() variant with rcu_read_{,un}lock_sched() for
     Linux 5.10 from 5.10.210 onwards to avoid using GPL symbols.
   * Upload to bullseye.
nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.256.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072798)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.256.02-1) bullseye; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
   * Bump Standards-Version to 4.7.0. No changes needed.
   * Upload to bullseye.
nvidia-graphics-drivers-tesla-470 (470.239.06-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 470.239.06 (2024-02-22).
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.239.06-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 470.239.06 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265.  (Closes: #1064989)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.239.06-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.239.06 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265.  (Closes: #1064983)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.239.06-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 470.239.06 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265.  (Closes: #1064989)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.239.06-1) bullseye; urgency=medium
 .
   * New upstream long term support branch release 470.239.06 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265.  (Closes: #1064983)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Upload to bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-4) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063361)
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-3) unstable; urgency=medium
 .
   * nvidia-cuda-mps is again built from src:nvidia-graphics-drivers.
 .
 nvidia-graphics-drivers (470.223.02-3) UNRELEASED; urgency=medium
 .
   * Switch src:nvidia-graphics-drivers to the Tesla 470 driver series.
   * Build for ppc64el.
   * Build all unversioned packages from src:nvidia-graphics-drivers.
   * New Romanian (ro) debconf translations by Remus-Gabriel Chelu.
nvidia-graphics-drivers-tesla-470 (470.223.02-4) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063361)
   * Update lintian overrides.
nvidia-graphics-drivers-tesla-470 (470.223.02-4~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-4) unstable; urgency=medium
 .
   * Apply pfn_valid patch from gentoo to fix kernel module build for
     Linux 6.1.76, 6.6.15, 6.7.3, 6.8.  (Closes: #1063361)
   * Update lintian overrides.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-3) unstable; urgency=medium
 .
   * nvidia-cuda-mps is again built from src:nvidia-graphics-drivers.
 .
 nvidia-graphics-drivers-tesla-470 (470.223.02-2~deb11u1) bullseye; urgency=medium
 .
   * Rebuild for bullseye.
nvidia-graphics-drivers-tesla-470 (470.223.02-3) unstable; urgency=medium
 .
   * nvidia-cuda-mps is again built from from src:nvidia-graphics-drivers.
nvidia-graphics-drivers-tesla-470 (470.223.02-2) unstable; urgency=medium
 .
   * Build libnvidia-tesla-470-fbc1 for arm64, too.  (Closes: #1057078)
   * bug-control: Report information about more driver components.

nvidia-modprobe (535.161.07-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-modprobe (535.161.07-1) unstable; urgency=medium
 .
   * New upstream release.
nvidia-modprobe (535.161.07-1~deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 nvidia-modprobe (535.161.07-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-modprobe (535.161.07-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 nvidia-modprobe (535.54.03-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-modprobe (535.54.03-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 nvidia-modprobe (530.30.02-2) unstable; urgency=medium
 .
   * Updated nvidia-modprobe to create symbolic links in /dev/char when
     creating the /dev/nvidia* device nodes. This resolves an issue that
     prevented the device nodes from working with newer versions of runc:
     https://github.com/opencontainers/runc/issues/3708
     (Cherry-picked from 525.105.17)
 .
 nvidia-modprobe (530.30.02-1) unstable; urgency=medium
 .
   * New upstream release.
nvidia-modprobe (535.54.03-1) unstable; urgency=medium
 .
   * New upstream release.

nvidia-open-gpu-kernel-modules (535.183.01-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.183.01-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.183.01 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072800)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
   * New upstream long term support branch release 535.179 (2024-05-09).
   * New upstream long term support branch release 535.171.04 (2024-03-21).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
nvidia-open-gpu-kernel-modules (535.161.08-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.161.08 (2024-03-18).
   * Upload to unstable.
nvidia-open-gpu-kernel-modules (535.161.08-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.161.08-1) unstable; urgency=medium
 .
   * New upstream Tesla branch release 535.161.08 (2024-03-18).
   * Upload to unstable.
 .
 nvidia-open-gpu-kernel-modules (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064991)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
   * Upload to experimental.
 .
 nvidia-open-gpu-kernel-modules (535.154.05-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
   * New upstream long term support branch release 535.146.02 (2023-12-07).
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.129.03-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055144)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.113.01-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 535.113.01 (2023-09-21).
   * New upstream Tesla branch release 535.104.12 (2023-09-25).
   * New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
   * New upstream long term support branch release 535.98 (2023-08-08).
   * New upstream Tesla branch release 535.86.10 (2023-07-31).
   * New upstream long term support branch release 535.86.05 (2023-07-18).
   * Sync with src:nvidia-graphics-drivers.
   * Refresh patches.
 .
 nvidia-open-gpu-kernel-modules (535.54.03-1) UNRELEASED; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.54.03 (2023-06-14).
     * Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039686)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5468
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (535.43.02-1) UNRELEASED; urgency=medium
 .
   * New upstream beta 535.43.02 (2023-05-30).
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (530.41.03-1) unstable; urgency=medium
 .
   * New upstream new feature branch release 530.41.03 (2023-03-23).
     * Fixed CVE-2023-0184, CVE-2023-0189, CVE-2023-0180, CVE-2023-0183,
       CVE-2023-0185, CVE-2023-0187, CVE-2023-0198, CVE-2023-0199,
       CVE-2023-0188, CVE-2023-0190, CVE-2023-0194, CVE-2023-0195,
       CVE-2023-0191.  (Closes: #1033783)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5452
   * Sync with src:nvidia-graphics-drivers.
   * Fix package build reproducibility.
 .
 nvidia-open-gpu-kernel-modules (530.30.02-1) UNRELEASED; urgency=medium
 .
   * New upstream beta 530.30.02 (2023-02-28).
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (525.147.05-3) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
 .
 nvidia-open-gpu-kernel-modules (525.147.05-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (535.161.07-1) experimental; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.161.07 (2024-02-22).
     * Fixed CVE-2024-0074, CVE-2024-0075, CVE-2024-0078.  (Closes: #1064991)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5520
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
   * New upstream long term support branch release 535.146.02 (2023-12-07).
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055144)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
   * Upload to experimental.
nvidia-open-gpu-kernel-modules (535.154.05-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.154.05 (2024-01-16).
   * New upstream long term support branch release 535.146.02 (2023-12-07).
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (535.129.03-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.129.03 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055144)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (535.113.01-1) unstable; urgency=medium
 .
   * New upstream long term support branch release 535.113.01 (2023-09-21).
   * New upstream Tesla branch release 535.104.12 (2023-09-25).
   * New upstream LTS and Tesla branch release 535.104.05 (2023-08-22).
   * New upstream long term support branch release 535.98 (2023-08-08).
   * New upstream Tesla branch release 535.86.10 (2023-07-31).
   * New upstream long term support branch release 535.86.05 (2023-07-18).
   * New upstream LTS and Tesla branch release 535.54.03 (2023-06-14).
   * New upstream beta 535.43.02 (2023-05-30).
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (530.41.03-1) unstable; urgency=medium
 .
   * New upstream new feature branch release 530.41.03 (2023-03-23).
   * New upstream beta 530.30.02 (2023-02-28).
   * Refresh patches.
   * Sync with src:nvidia-graphics-drivers.
   * Fix package build reproducibility.
nvidia-open-gpu-kernel-modules (525.147.05-3) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (525.147.05-2) unstable; urgency=medium
 .
   * Sync with src:nvidia-graphics-drivers.
nvidia-open-gpu-kernel-modules (525.147.05-1) unstable; urgency=medium
 .
   * New upstream production branch release 525.147.05 (2023-10-31).
     * Fixed CVE-2023-31022.  (Closes: #1055144)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5491
   * Refresh patches.
   * Fix FTBFS with quilt 0.67.

nvidia-persistenced (535.171.04-1~deb12u1) bookworm; urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-persistenced (535.171.04-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 nvidia-persistenced (530.41.03-1) unstable; urgency=medium
 .
   * New upstream release.
   * Switch