diff --git a/Pkgfile b/Pkgfile
index 6cd34fb1..5aa363bd 100644
--- a/Pkgfile
+++ b/Pkgfile
@@ -68,9 +68,9 @@ vars:
   ipxe_sha512: 3f9fce7d9c78fcaff7663502cf797e4045c2593d1d23a4abf6db688e443173ca43cc5f960b69ecd9364591062dfde088f99aa3625cd87cbfffcab1fad1166a59
 
   # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
-  linux_version: 6.6.58
-  linux_sha256: e7df81e588d70fab5ec3ec3bb04ac53d51f0860fc3b1ec45e0a4167a026899db
-  linux_sha512: 695203f9f4486a928ab50bbfb761feeebd59b82f0e090fb126a8584dd676bcc5a6c6a5feb8c5d576891d7ae3ae31cca3a35c2655f06e8410818c24a1edfe0136
+  linux_version: 6.6.59
+  linux_sha256: 23616808d8c08f12815ff898f4edb4c11397a2b2843d029ee62452d21833a76d
+  linux_sha512: f3de2ecb8cfd297d8a0123dc34d5fd1446ffc12f6a0c574f089e13e222b45dd6a4cf232588cd36c9c6818b32e3408c66c75c9ad9f4acd0a297e96e87668e63ba
 
   # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
   kmod_version: 33
diff --git a/drbd/patches/genlmsg_multicast_allns.patch b/drbd/patches/genlmsg_multicast_allns.patch
new file mode 100644
index 00000000..afce0681
--- /dev/null
+++ b/drbd/patches/genlmsg_multicast_allns.patch
@@ -0,0 +1,13 @@
+diff --git a/drbd/drbd-headers/linux/genl_magic_func-genl_register_family_with_ops_groups.h b/drbd/drbd-headers/linux/genl_magic_func-genl_register_family_with_ops_groups.h
+index b7adc48..5c930bf 100644
+--- a/drbd/drbd-headers/linux/genl_magic_func-genl_register_family_with_ops_groups.h
++++ b/drbd/drbd-headers/linux/genl_magic_func-genl_register_family_with_ops_groups.h
+@@ -19,7 +19,7 @@ static int CONCAT_(GENL_MAGIC_FAMILY, _genl_multicast_ ## group)(	\
+ 	unsigned int group_id =						\
+ 		CONCAT_(GENL_MAGIC_FAMILY, _group_ ## group);		\
+ 	return genlmsg_multicast_allns(&ZZZ_genl_family, skb, 0,	\
+-				 group_id, flags);			\
++				 group_id);			\
+ }
+ 
+ #include GENL_MAGIC_INCLUDE_FILE
diff --git a/drbd/pkg.yaml b/drbd/pkg.yaml
index 7c1d94af..a2ecd2e9 100644
--- a/drbd/pkg.yaml
+++ b/drbd/pkg.yaml
@@ -14,6 +14,8 @@ steps:
     prepare:
       - |
         tar -xzf drbd.tar.gz --strip-components=1
+
+        patch -p1 < /pkg/patches/genlmsg_multicast_allns.patch
     build:
       - |
         make -j $(nproc) -C drbd KERNEL_SOURCES=/src MODVERSIONS=detect KDIR=/src
diff --git a/kernel/build/config-amd64 b/kernel/build/config-amd64
index 15b6f335..1878710b 100644
--- a/kernel/build/config-amd64
+++ b/kernel/build/config-amd64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.6.58 Kernel Configuration
+# Linux/x86 6.6.59 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.3.0"
 CONFIG_CC_IS_GCC=y
@@ -494,8 +494,7 @@ CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x200000
 CONFIG_DYNAMIC_MEMORY_LAYOUT=y
 CONFIG_RANDOMIZE_MEMORY=y
-CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
-CONFIG_ADDRESS_MASKING=y
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x1
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_COMPAT_VDSO is not set
 # CONFIG_LEGACY_VSYSCALL_XONLY is not set
diff --git a/kernel/build/config-arm64 b/kernel/build/config-arm64
index 918e0e1d..00349454 100644
--- a/kernel/build/config-arm64
+++ b/kernel/build/config-arm64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 6.6.58 Kernel Configuration
+# Linux/arm64 6.6.59 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.3.0"
 CONFIG_CC_IS_GCC=y
diff --git a/kernel/build/patches/README.md b/kernel/build/patches/README.md
index 9ee01aca..3d0212dd 100644
--- a/kernel/build/patches/README.md
+++ b/kernel/build/patches/README.md
@@ -1,4 +1,3 @@
 | Patch file                                                                 | Description                                | Upstream status | Link                                                                                                                                                                                                         |
 |----------------------------------------------------------------------------|--------------------------------------------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | mpt3sas-ubsan.patch | Backport fixes for UBSAN reporting | in 6.8 | Commit fd7090e384725edb1910a4b0a9c51007858f2c81 |
-| netfilter.patch | Fix netfilter with ipv6 | in main | should be backported to the next stable release |
diff --git a/kernel/build/patches/netfilter.patch b/kernel/build/patches/netfilter.patch
deleted file mode 100644
index af5b4a9c..00000000
--- a/kernel/build/patches/netfilter.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: https://github.com/torvalds/linux/commit/306ed1728e8438caed30332e1ab46b28c25fe3d8
-See also: https://github.com/tailscale/tailscale/issues/13863
-
-
-From 306ed1728e8438caed30332e1ab46b28c25fe3d8 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Sun, 20 Oct 2024 14:49:51 +0200
-Subject: [PATCH] netfilter: xtables: fix typo causing some targets not to load
- on IPv6
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-- There is no NFPROTO_IPV6 family for mark and NFLOG.
-- TRACE is also missing module autoload with NFPROTO_IPV6.
-
-This results in ip6tables failing to restore a ruleset. This issue has been
-reported by several users providing incomplete patches.
-
-Very similar to Ilya Katsnelson's patch including a missing chunk in the
-TRACE extension.
-
-Fixes: 0bfcb7b71e73 ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed")
-Reported-by: Ignat Korchagin <ignat@cloudflare.com>
-Reported-by: Ilya Katsnelson <me@0upti.me>
-Reported-by: Krzysztof Olędzki <ole@ans.pl>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- net/netfilter/xt_NFLOG.c | 2 +-
- net/netfilter/xt_TRACE.c | 1 +
- net/netfilter/xt_mark.c  | 2 +-
- 3 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
-index d80abd6ccaf8f7..6dcf4bc7e30b2a 100644
---- a/net/netfilter/xt_NFLOG.c
-+++ b/net/netfilter/xt_NFLOG.c
-@@ -79,7 +79,7 @@ static struct xt_target nflog_tg_reg[] __read_mostly = {
- 	{
- 		.name       = "NFLOG",
- 		.revision   = 0,
--		.family     = NFPROTO_IPV4,
-+		.family     = NFPROTO_IPV6,
- 		.checkentry = nflog_tg_check,
- 		.destroy    = nflog_tg_destroy,
- 		.target     = nflog_tg,
-diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c
-index f3fa4f11348cd8..a642ff09fc8e8c 100644
---- a/net/netfilter/xt_TRACE.c
-+++ b/net/netfilter/xt_TRACE.c
-@@ -49,6 +49,7 @@ static struct xt_target trace_tg_reg[] __read_mostly = {
- 		.target		= trace_tg,
- 		.checkentry	= trace_tg_check,
- 		.destroy	= trace_tg_destroy,
-+		.me		= THIS_MODULE,
- 	},
- #endif
- };
-diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
-index f76fe04fc9a4e1..65b965ca40ea7e 100644
---- a/net/netfilter/xt_mark.c
-+++ b/net/netfilter/xt_mark.c
-@@ -62,7 +62,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = {
- 	{
- 		.name           = "MARK",
- 		.revision       = 2,
--		.family         = NFPROTO_IPV4,
-+		.family         = NFPROTO_IPV6,
- 		.target         = mark_tg,
- 		.targetsize     = sizeof(struct xt_mark_tginfo2),
- 		.me             = THIS_MODULE,