The percentage heuristic has failed for me on 40% of the machines
I run, so it is clear it is going to fail for many more people when
the next release comes out. It is wrong, back it out.
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.7/031_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.8/025_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
OK tb@
this is errata/7.7/030_expat.patch.sig
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
this is errata/7.8/024_expat.patch.sig
switch iwx(4) MA devices to -89 firmware images
Also fix the firmware filename for MA HR devices, and do not try to
load a non-existent .pnvm file for these devices.
tested by + ok kettenis@
drm/amd: Fix a few more NULL pointer dereference in device cleanup
From Mario Limonciello
38f1640db7f8bf57b9e09c5b0b8b205a598f1b3e in linux-6.18.y/6.18.19
72ecb1dae72775fa9fea0159d8445d620a0a2295 in mainline linux
drm/i915/psr: Repeat Selective Update area alignment
From Jouni Hogander
0189bf176dbe6e07cde08a6121108eda3bd18b06 in linux-6.18.y/6.18.19
1be2fca84f520105413d0d89ed04bb0ff742ab16 in mainline linux
drm/i915: Fix potential overflow of shmem scatterlist length
From Janusz Krzysztofik
eae4bf4107571283031db96ce132e951615e2ae4 in linux-6.18.y/6.18.19
029ae067431ab9d0fca479bdabe780fa436706ea in mainline linux
drm/amd: Fix NULL pointer dereference in device cleanup
From Mario Limonciello
43025c941aced9a9009f9ff20eea4eb78c61deb8 in linux-6.18.y/6.18.19
062ea905fff7756b2e87143ffccaece5cdb44267 in mainline linux
drm/amd: Set num IP blocks to 0 if discovery fails
From Mario Limonciello
57579312e0e87dffa2aeca9acd4ba2ec25da999d in linux-6.18.y/6.18.19
3646ff28780b4c52c5b5081443199e7a430110e5 in mainline linux
drm/amdgpu: Fix use-after-free race in VM acquire
From Alysa Liu
7885eb335d8f9e9942925d57e300a85e3f82ded4 in linux-6.18.y/6.18.19
2c1030f2e84885cc58bffef6af67d5b9d2e7098f in mainline linux
drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x
From Yang Wang
33c3a4db31719d414f0622659ca086b708270c9f in linux-6.18.y/6.18.19
68785c5e79e0fc1eacf63026fbba32be3867f410 in mainline linux
drm/amd/display: Fallback to boot snapshot for dispclk
From Dillon Varone
1a34999922ba6c95df6e3ba5c82624f61323f82b in linux-6.18.y/6.18.19
30d937f63bd19bbcaafa4b892eb251f8bbbf04ef in mainline linux
drm/i915/alpm: ALPM disable fixes
From Jouni Hogander
32cca65189823f93ba89677a96b106e902b2dc9b in linux-6.18.y/6.18.19
eb4a7139e97374f42b7242cc754e77f1623fbcd5 in mainline linux
drm/amd: Disable MES LR compute W/A
From Mario Limonciello
06ef2ba582c68daa6bdaaef82827734d9f07b8fd in linux-6.18.y/6.18.19
6b0d812971370c64b837a2db4275410f478272fe in mainline linux
drm/amdgpu: add upper bound check on user inputs in wait ioctl
From Sunil Khatri
b1d10508da559da2e0ca9cca6505094a7df948e1 in linux-6.18.y/6.18.19
64ac7c09fc44985ec9bb6a9db740899fa40ca613 in mainline linux
drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl
From Tvrtko Ursulin
762f47e2b824383d5be65eee2c40a1269b7d50c8 in linux-6.18.y/6.18.19
49abfa812617a7f2d0132c70d23ac98b389c6ec1 in mainline linux
drm/amdgpu: add upper bound check on user inputs in signal ioctl
From Sunil Khatri
6fff5204d8aa26b1be50b6427f833bd3e8899c4f in linux-6.18.y/6.18.19
ea78f8c68f4f6211c557df49174c54d167821962 in mainline linux
drm/amdgpu: ensure no_hw_access is visible before MMIO
From Perry Yuan
1051eb2f53886ec7e36896dfa356884d7212443a in linux-6.18.y/6.18.19
31b153315b8702d0249aa44d83d9fbf42c5c7a79 in mainline linux
drm/amdkfd: Unreserve bo if queue update failed
From Philip Yang
529c985da1b277b36dc99aad660f96dc70f3c467 in linux-6.18.y/6.18.19
2ce75a0b7e1bfddbcb9bc8aeb2e5e7fa99971acf in mainline linux
drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14
From Yang Wang
2ee3645e0f3f4343ccdec769d584c85359537c12 in linux-6.18.y/6.18.19
9d4837a26149355ffe3a1f80de80531eafdd3353 in mainline linux
drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v13
From Yang Wang
4c32155265b67a876a5ab0e36819f17659e7b8a5 in linux-6.18.y/6.18.19
cb47c882c31334aadc13ace80781728ed22a05ee in mainline linux
drm/amdgpu/vcn5: Add SMU dpm interface type
From sguttula
31e6595fd1a0517cdcdc74740ac96e76f25ad312 in linux-6.18.y/6.18.19
a5fe1a54513196e4bc8f9170006057dc31e7155e in mainline linux
Call freeze and restore functions for hibernate. These call the
equivalent suspend and resume functions so no functional change.
Closer matches the amdgpu activate function.
ok kettenis@
