- Add ac_tighten-file-permissions.patch to fix cli_history database
  not restricting file permissions on Unix systems (bsc#1261007)

- Fix unbounded NSEC3 iterations when validating referrals to
  unsigned delegations.
  (CVE-2026-1519)
  [bsc#1260805, bind-9.16-CVE-2026-1519.patch]

- Security fixes:
  * CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
  * CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
  * CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
  * CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
  * Add patches:
  - curl-CVE-2026-1965.patch
  - curl-CVE-2026-3783.patch
  - curl-CVE-2026-3784.patch
  - curl-CVE-2026-3805.patch

- Add Channel Binding support for GSSAPI/GSS-SPNEGO; (bsc#1229655);
  (jsc#PED-12097); Add patch
  0008-Add-Channel-Binding-support-for-GSSAPI-GSS-SPNEGO.patch
- Add support for setting max ssf 0 to GSS-SPNEGO; (bsc#1229655);
  (jsc#PED-12097); Add patch
  0009-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch

- use %license tag [bsc#1252142]

- memalign-overflow-check.patch: memalign: reinstate alignment overflow
  check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
  (CVE-2026-0915, bsc#1256822, BZ #33802)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
  (CVE-2025-15281, bsc#1257005, BZ #33814)

- regcomp-double-free.patch: posix: Fix double-free after allocation
  failure in regcomp (CVE-2025-8058, bsc#1246965, BZ #33185)

- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  * grub2-btrfs-09-get-default-subvolume.patch

- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
  * 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch

- crypto: authencesn - Fix src offset when decrypting in-place
  (bsc#1262573 CVE-2026-31431).
- commit 86cbba3

- crypto: authencesn - Do not place hiseq at end of dst for
  out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit d00ea08

- crypto: authenc - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- Refresh
  patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 8439d6a

- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
  CVE-2026-31431).
- commit 3c6e00a

- crypto: algif_aead - Revert to operating out-of-place
  (bsc#1262573 CVE-2026-31431).
- commit 402e84d

- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- commit f620cf3

- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  (bsc#1262573 CVE-2026-31431).
- commit 8814cb0

- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
  CVE-2026-31431).
- commit e081d55

- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- commit 4d23627

- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes bsc#1215492).
- commit b85a9eb

- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in
  pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
  (git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- commit 2b4e030

- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
  (CVE-2026-23274 bsc#1260005).
- commit 523e0c7

- netfilter: nf_tables: unconditionally bump set->nelems before
  insertion (CVE-2026-23272 bsc#1260009).
- commit 9195450

- Refresh
  patches.suse/iommu-disable-SVA-when-CONFIG_X86-is-set.patch.
  Move the condition check before iommu_group_get() to prevent
  reference count leak.
- commit 46c4966

- drm/vmwgfx: Return the correct value in vmw_translate_ptr
  functions (CVE-2026-23317 bsc#1260562).
- commit 3e86a3e

- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit 707a5c5

- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit 58ab8fc

- Delete
  patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
  Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
  completion in abort path'), locally contained in patch
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
  has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
  Intead of committing a revert patch, just remove this patch.
- commit 05a58b7

- Delete
  patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
  patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
  Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
  completion in abort path'), locally contained in patch
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
  has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
  Intead of committing a revert patch, just remove this patch.
  This also requires removing our local patch
  scsi-qla2xxx-Complete-command-early-within-lock.patch,
  since this modified the code that was previously added in
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 9a39993

- kABI fix for ipvlan: Make the addrs_lock be per port
  (CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
  bsc#1257773).
- commit d6cd4ec

- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 3cdc4b6

- Use unified maintainers' email address
- commit 8028c58

- apparmor: fix race between freeing data and fs accessing it
  (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
  management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
  (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
  verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
  (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
  (bsc#1258849).
- apparmor: replace recursive profile removal with iterative
  approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
  (bsc#1258849).
- commit a3c8154

- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836)
  Disable sch_atm module, it doesn't seem to be used and security issues
  led to its removal from upstream.
- commit 9c7c77d

- Refresh
  patches.suse/dst-fix-races-in-rt6_uncached_list_del-and-rt_del_un.patch.
- commit e435fe4

- net/sched: ets: Always remove class from active list before
  deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit 37ff710

- net/sched: cls_u32: use skb_header_pointer_careful()
  (CVE-2026-23204 bsc#1258340).
- net: add skb_header_pointer_careful() helper (CVE-2026-23204
  bsc#1258340).
- commit 448562c

- ata: libata-sff: Ensure that we cannot write outside the
  allocated buffer (bsc#1238917 CVE-2025-21738).
- commit cfd3e32

- Update
  patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
  (bsc#1257473 CVE-2026-23054 bsc#1257732).
- commit 2638d0a

- dst: fix races in rt6_uncached_list_del() and
  rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 38c7653

- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
  bsc#1255075).
- commit e0980d4

- macvlan: observe an RCU grace period in macvlan_common_newlink()
  error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
  (CVE-2026-23209 bsc#1258518).
- commit fd9b2a8

- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
  bsc#1258395).
- commit 6136032

- crypto: authencesn - reject too-short AAD (assoclen<8) to
  match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit e80292a

- net/sched: Enforce that teql can only be used as root qdisc
  (CVE-2026-23074 bsc#1257749).
- commit faf6ae4

- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
  (CVE-2026-23089 bsc#1257790).
- commit f5d553b

- Recognize fuse "portal" as a virtual file system (boo#1234736,
  util-linux-libmount-fuse-portal.patch).

- fdisk: Fix possible partition overlay and data corruption if EBR
  gap is missing (boo#1222465,
  util-linux-libfdisk-ebr-missing-gap-1.patch,
  util-linux-tests-fdisk-ebr-missing-gap-1.patch,
  util-linux-tests-fdisk-ebr-missing-gap-2.patch,
  util-linux-libfdisk-ebr-missing-gap-2.patch,
  util-linux-tests-fdisk-ebr-missing-gap-3.patch).

- Use full hostname for PAM to ensure correct access control for
  "login -h" (bsc#1258859, CVE-2026-3184,
  util-linux-CVE-2026-3184.patch).

- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
  0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:

- security update:
  * CVE-2026-32776: expat: libexpat: NULL pointer dereference when
    processing empty external parameter entities inside an entity
    declaration value (bsc#1259726)
  - Added patch expat-CVE-2026-32776.patch
  * CVE-2026-32777: expat: libexpat: denial of service due to
    infinite loop in DTD content parsing (bsc#1259711)
  - Added patch expat-CVE-2026-32777.patch
  * CVE-2026-32778: expat: libexpat: NULL pointer dereference in
    `setContext` on retry after an out-of-memory condition (bsc#1259729)
  - Added patch expat-CVE-2026-32778.patch

- security update
- added patches
  CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
  * expat-CVE-2026-24515.patch
  CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
  * expat-CVE-2026-25210.patch

- Add gcc14-bsc1257463.patch to fix bogus expression simplification
  [bsc#1257463]

- Security fix:
  * CVE-2025-14831: DoS via excessive resource consumption during
    certificate verification (bsc#1257960)
  * Add gnutls-CVE-2025-14831.patch

- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
  * Backport from ncurses-6.5-20251213.patch

- added patches
  https://github.com/nghttp2/nghttp2/commit/61caf66f1b002105e5603fba030de57d445330a8
  * nghttp2-TZ-fix-test-failure.patch

- added patches
  CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
  * nghttp2-CVE-2026-27135.patch

- Security fix:
  * CVE-2026-28390: NULL pointer dereference during processing of a crafted
    CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
  * Add openssl-CVE-2026-28390.patch

- Security fixes:
  * CVE-2026-28387: Potential use-after-free in DANE client code
    (bsc#1260441)
  * CVE-2026-28388: NULL Pointer Dereference When Processing a
    Delta (bsc#1260442)
  * CVE-2026-28389: Possible NULL dereference when processing CMS
    KeyAgreeRecipientInfo (bsc#1260443)
  * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
    (bsc#1260444)
  * NULL pointer dereference when processing an
    OCSP response (bsc#1260446)
  * Add	patches:
    openssl-CVE-2026-28387.patch
    openssl-CVE-2026-28388.patch
    openssl-CVE-2026-28389.patch
    openssl-CVE-2026-31789.patch
    openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch

- added patches
  CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
  * libpng16-CVE-2026-33416-1.patch
  * libpng16-CVE-2026-33416-2.patch
  * libpng16-CVE-2026-33416-3.patch
  * libpng16-CVE-2026-33416-4.patch

- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
  0001-CVE-2026-4897-getline-string-overflow.patch

- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
  the same security model as open(). The documented limitations
  ensure compatibility with non-filesystem loaders; Python
  doesn't check that. (bsc#1259989, CVE-2026-3479,
  gh#python/cpython#146121).

- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
  leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
  gh#python/cpython#143930).

- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
  TarInfo DIRTYPE normalization during GNU long name handling
  (bsc#1259611, CVE-2025-13462).

- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
  unbound C recursion in conv_content_model in pyexpat.c
  (bsc#1259735, CVE-2026-4224).

- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
  control characters in http.cookies.Morsel.update() and
  http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).

- Fix changelog

- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
  ensuring that `SourcelessFileLoader` uses `io.open_code` when
  opening `.pyc` files (bsc#1259240, CVE-2026-2297).

- Update to 3.11.15:
  - Security
  - gh-144125: BytesGenerator will now refuse to serialize
    (write) headers that are unsafely folded or delimited; see
    verify_generated_headers. (Contributed by Bas Bloemsaat and
    Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
  - gh-143935: Fixed a bug in the folding of comments when
    flattening an email message using a modern email policy.
    Comments consisting of a very long sequence of non-foldable
    characters could trigger a forced line wrap that omitted
    the required leading space on the continuation line,
    causing the remainder of the comment to be interpreted as
    a new header field. This enabled header injection with
    carefully crafted inputs (bsc#1257029 CVE-2025-11468).
  - gh-143925: Reject control characters in data: URL media
    types (bsc#1257046, CVE-2025-15282).
  - gh-143919: Reject control characters in http.cookies.Morsel
    fields and values (bsc#1257031, CVE-2026-0672).
  - gh-143916: Reject C0 control characters within
    wsgiref.headers.Headers fields, values, and parameters
    (bsc#1257042, CVE-2026-0865).
  - gh-142145: Remove quadratic behavior in xml.minidom node ID
    cache clearing. In order to do this without breaking
    existing users, we also add the ownerDocument attribute to
    xml.dom.minidom elements and attributes created by directly
    instantiating the Element or Attr class. Note that this way
    of creating nodes is not supported; creator functions like
    xml.dom.Document.documentElement() should be used instead
    (bsc#1254997, CVE-2025-12084).
  - gh-137836: Add support of the “plaintext” element, RAWTEXT
    elements “xmp”, “iframe”, “noembed” and “noframes”, and
    optionally RAWTEXT element “noscript” in
    html.parser.HTMLParser.
  - gh-136063: email.message: ensure linear complexity for
    legacy HTTP parameters parsing. Patch by Bénédikt Tran.
  - gh-136065: Fix quadratic complexity in
    os.path.expandvars() (bsc#1252974, CVE-2025-6075).
  - gh-119451: Fix a potential memory denial of service in the
    http.client module. When connecting to a malicious server,
    it could cause an arbitrary amount of memory to be
    allocated. This could have led to symptoms including
    a MemoryError, swapping, out of memory (OOM) killed
    processes or containers, or even system crashes
    (CVE-2025-13836, bsc#1254400).
  - gh-119452: Fix a potential memory denial of service in the
    http.server module. When a malicious user is connected to
    the CGI server on Windows, it could cause an arbitrary
    amount of memory to be allocated. This could have led to
    symptoms including a MemoryError, swapping, out of memory
    (OOM) killed processes or containers, or even system
    crashes.
  - gh-119342: Fix a potential memory denial of service in the
    plistlib module. When reading a Plist file received from
    untrusted source, it could cause an arbitrary amount of
    memory to be allocated. This could have led to symptoms
    including a MemoryError, swapping, out of memory (OOM)
    killed processes or containers, or even system crashes
    (bsc#1254401, CVE-2025-13837).
  - Library
  - gh-144833: Fixed a use-after-free in ssl when SSL_new()
    returns NULL in newPySSLSocket(). The error was reported
    via a dangling pointer after the object had already been
    freed.
  - gh-144363: Update bundled libexpat to 2.7.4
  - gh-90949: Add SetAllocTrackerActivationThreshold() and
    SetAllocTrackerMaximumAmplification() to xmlparser objects
    to prevent use of disproportional amounts of dynamic memory
    from within an Expat parser. Patch by Bénédikt Tran.
  - Core and Builtins
  - gh-120384: Fix an array out of bounds crash in
    list_ass_subscript, which could be invoked via some
    specificly tailored input: including concurrent
    modification of a list object, where one thread assigns
    a slice and another clears it.
  - gh-120298: Fix use-after free in list_richcompare_impl
    which can be invoked via some specificly tailored evil
    input.
  Remove upstreamed patches:
  - CVE-2025-11468-email-hdr-fold-comment.patch
  - CVE-2025-12084-minidom-quad-search.patch
  - CVE-2025-13836-http-resp-cont-len.patch
  - CVE-2025-13837-plistlib-mailicious-length.patch
  - CVE-2025-6075-expandvars-perf-degrad.patch
  - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
  - CVE-2026-0865-wsgiref-ctrl-chars.patch
  - CVE-2025-15282-urllib-ctrl-chars.patch

- Sync version 3.51.3 from Factory:
  * Fix the WAL-reset database corruption bug:
    https://sqlite.org/wal.html#walresetbug

- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler  (bsc#1259377)
  Added libssh-CVE-2026-3731.patch

- Security fixes:
  * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
  * CVE-2026-0965: Possible Denial of Service when parsing unexpected
    configuration files (bsc#1258045)
  * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
  * CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
  * CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
  * Add patches:
  - libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
  - libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
  - libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
  - libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
  - libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
  - libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
  - libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch

- Update version to 1.21.1:
  - Fix nil token handling (bsc#1261155)
  - Switch to using go1.24-openssl as the default Go version to
    install to support building the package (jsc#SCC-585).

- Update version to 1.21:
  - Add expanded metric collection for kernel modules and hardware
    detection (jsc#TEL-226).
  - Support new profile based metric collection
  - Fix ignored --root parameter hanbling when reading and
    writing configuration (bsc#1257667)
  - Add expanded metric collection for system vendor/manfacturer
    (jsc#TEL-260).
  - Removed backport patch: fix-libsuseconnect-and-pci.patch
  - Add missing product id to allow yast2-registration to not break (bsc#1257825)
  - Fix libsuseconnect APIError detection logic (bsc#1257825)

- Regressions found during QA test runs:
  - Ignore product in announce call (bsc#1257490)
  - Registration to SMT server with failed (bsc#1257625)
  - Backported by PATCH: fix-libsuseconnect-and-pci.patch

- Update version to 1.20:
  - Update error message for Public Cloud instances with registercloudguest
    installed. SUSEConnect -d is disabled on PYAG and BYOS when the
    registercloudguest command is available. (bsc#1230861)
  - Enhanced SAP detected. Take TREX into account and remove empty values when
    only /usr/sap but no installation exists (bsc#1241002)
  - Fixed modules and extension link to point to version less documentation. (bsc#1239439)
  - Fixed SAP instance detection (bsc#1244550)
  - Remove link to extensions documentation (bsc#1239439)
  - Migrate to the public library

- Version 1.14 public library release
  This version is only available on Github as a tag to release the
  new golang public library which can be consumed without the need
  to interface with SUSEConnect directly.

- Import commit 8b6ed60a0c43c2c59be030fa58c6da1d3b9d43ad
  6a38d88a42 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
  8c9a592e5a udev: fix review mixup
  b57007a917 udev-builtin-net-id: print cescaped bad attributes
  ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
  0f63e799e6 udev: ensure tag parsing stays within bounds
  046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
  5be21460ce udev: check for invalid chars in various fields received from the kernel (bsc#1259697)

- Import commit 6099da9424208d31f293bed34be0298192e5e41d
  9559607b16 core/cgroup: avoid one unnecessary strjoina()
  fcae348ca4 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
  a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
  08125d6b06 units: add dep on systemd-logind.service by user@.service

- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
  * libxslt-CVE-2025-10911.patch

- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
  crc32_combine_gen64 functions due to missing checks for negative
  lengths (bsc#1258392)
  * CVE-2026-27171.patch

- update to NSS 3.112.4
  * bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
  * bmo#2029462 - store email on subject cache_entry in NSS trust domain.
  * bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  * bmo#2029323 - Improve size calculations in CMS content buffering.
  * bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
  * bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
  * bmo#2027345 - Improve input validation in DSAU signature decoding.
  * bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
  * bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
  * bmo#2026156 - Add a maximum cert uncompressed len and tests.
  * bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
  * bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  * bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * bmo#2019224 - Remove invalid PORT_Free().
  * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.

- update to NSS 3.112.3
  * bmo#2009552 - avoid integer overflow in platform-independent ghash

- Add CVE-2026-32597_crit-header.patch to reject the crit
  (Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
  CVE-2026-32597).

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-ply provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
  Add patch CVE-2026-30922.patch

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
  Add patch CVE-2026-25645.patch

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Make syntax in httputil_test compatible with Python 3.6
- Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Speed up wheel key.finger call (bsc#1240532)
- Backport security patches for Salt vendored tornado:
  * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
  * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
  * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
- Simplify and speed up utils.find_json function (bsc#1246130)
- Extend warn_until period to 2027
- Added:
  * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch
  * backport-add-maintain-m-privilege-to-postgres-module.patch
  * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch
  * speedup-wheel-key.finger-call-bsc-1240532-713.patch
  * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch
  * simplify-utils.json.find_json-function.patch
  * extend-fails-to-warnings-until-2027-742.patch

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- fix regression in CVE-2025-66471.patch when downloading large files
  (bsc#1259829)

- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808)
  Add patch CVE-2026-27459.patch

- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
  Add patch CVE-2026-27448.patch

- 15.5.20260227 (tracked in bsc#933411)
- Added note about libmfx being removed (jsc#PED-10574)
- Updated note to say that AArch64 supports both 4K and 64K block
  sizes (bsc#1212186)
- Updated image filenames (jsc#DOCTEAM-1068)

- Add CVE-2026-5958.patch
  * Fix CVE-2026-5958 (bsc#1262144):
    A TOCTOU race can allow to read attacker-controlled content and write
    it to an unintended file

n/a

n/a

n/a

n/a

n/a

n/a

- CVE-2026-35535: potential privilege escalation when running
  the mailer (bsc#1261420)
  * fix-CVE-2026-35535.patch

- Drop last sysvinit Requirement/Provide (PED-13698)

- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
  * CVE-2025-45582.patch

- Recognize fuse "portal" as a virtual file system (boo#1234736,
  util-linux-libmount-fuse-portal.patch).

- fdisk: Fix possible partition overlay and data corruption if EBR
  gap is missing (boo#1222465,
  util-linux-libfdisk-ebr-missing-gap-1.patch,
  util-linux-tests-fdisk-ebr-missing-gap-1.patch,
  util-linux-tests-fdisk-ebr-missing-gap-2.patch,
  util-linux-libfdisk-ebr-missing-gap-2.patch,
  util-linux-tests-fdisk-ebr-missing-gap-3.patch).

- Use full hostname for PAM to ensure correct access control for
  "login -h" (bsc#1258859, CVE-2026-3184,
  util-linux-CVE-2026-3184.patch).

- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
  * patch 9.2.0280: [security]: path traversal issue in zip.vim
  * patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
  * patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
  * patch 9.2.0277: tests: test_modeline.vim fails
  * patch 9.2.0276: [security]: modeline security bypass
  * patch 9.2.0275: tests: test_options.vim fails
  * patch 9.2.0274: BSU/ESU are output directly to the terminal
  * patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
  * patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
  * patch 9.2.0271: buffer underflow in vim_fgets()
  * patch 9.2.0270: test: trailing spaces used in tests
  * patch 9.2.0269: configure: Link error on Solaris
  * patch 9.2.0268: memory leak in call_oc_method()
  * patch 9.2.0267: 'autowrite' not triggered for :term
  * patch 9.2.0266: typeahead buffer overflow during mouse drag event
  * patch 9.2.0265: unnecessary restrictions for defining dictionary function names
  * patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
  * patch 9.2.0263: hlset() cannot handle attributes with spaces
  * patch 9.2.0262: invalid lnum when pasting text copied blockwise
  * patch 9.2.0261: terminal: redraws are slow
  * patch 9.2.0260: statusline not redrawn after closing a popup window
  * patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
  * patch 9.2.0258: memory leak in add_mark()
  * patch 9.2.0257: unnecessary memory allocation in set_callback()
  * patch 9.2.0256: visual selection size not shown in showcmd during test
  * patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
  * patch 9.2.0254: w_locked can be bypassed when setting recursively
  * patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
  * patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
  * patch 9.2.0251: Link error when building without channel feature
  * patch 9.2.0250: system() does not support bypassing the shell
  * patch 9.2.0249: clipboard: provider reacts to autoselect feature
  * patch 9.2.0248: json_decode() is not strict enough
  * patch 9.2.0247: popup: popups may not wrap as expected
  * patch 9.2.0246: memory leak in globpath()
  * patch 9.2.0245: xxd: color output detection is broken
  * patch 9.2.0244: memory leak in eval8()
  * patch 9.2.0243: memory leak in change_indent()
  * patch 9.2.0242: memory leak in check_for_cryptkey()
  * patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
  * patch 9.2.0240: syn_name2id() is slow due to linear search
  * patch 9.2.0239: signcolumn may cause flicker
  * patch 9.2.0238: showmode message may not be displayed
  * patch 9.2.0237: filetype: ObjectScript routines are not recognized
  * patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
  * patch 9.2.0235: filetype: wks files are not recognized.
  * patch 9.2.0234: test: Test_close_handle() is flaky
  * patch 9.2.0233: Compiler warning in strings.c
  * patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
  * patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
  * patch 9.2.0230: popup: opacity not working accross vert splits
  * patch 9.2.0229: keypad keys may overwrite keycode for another key
  * patch 9.2.0228: still possible flicker
  * patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
  * patch 9.2.0226: No 'incsearch' highlighting support for :uniq
  * patch 9.2.0225: runtime(compiler): No compiler plugin for just
  * patch 9.2.0224: channel: 2 issues with out/err callbacks
  * patch 9.2.0223: Option handling for key:value suboptions is limited
  * patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
  * patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
  * patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
  * patch 9.2.0219: call stack can be corrupted
  * patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
  * patch 9.2.0217: filetype: cto files are not recognized
  * patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
  * patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
  * patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
  * patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
  * patch 9.2.0212: MS-Windows: version packing may overflow
  * patch 9.2.0211: possible crash when setting 'winhighlight'
  * patch 9.2.0210: tests: Test_xxd tests are failing
  * patch 9.2.0209: freeze during wildmenu completion
  * patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
  * patch 9.2.0207: MS-Windows: freeze on second :hardcopy
  * patch 9.2.0206: MS-Window: stripping all CSI sequences
  * patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
  * patch 9.2.0204: filetype: cps files are not recognized
  * patch 9.2.0203: Patch v9.2.0185 was wrong
  * patch 9.2.0202: [security]: command injection via newline in glob()
  * patch 9.2.0201: filetype: Wireguard config files not recognized
  * patch 9.2.0200: term: DECRQM codes are sent too early
  * patch 9.2.0199: tests: test_startup.vim fails
  * patch 9.2.0198: cscope: can escape from restricted mode
  * patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
  * patch 9.2.0196: textprop: negative IDs and can cause a crash
  * patch 9.2.0195: CI: test-suite gets killed for taking too long
  * patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
  * patch 9.2.0193: using copy_option_part() can be improved
  * patch 9.2.0192: not correctly recognizing raw key codes
  * patch 9.2.0191: Not possible to know if Vim was compiled with Android support
  * patch 9.2.0190: Status line height mismatch in vertical splits
  * patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
  * patch 9.2.0188: Can set environment variables in restricted mode
  * patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
  * patch 9.2.0186: heap buffer overflow with long generic function name
  * patch 9.2.0185: buffer overflow when redrawing custom tabline
  * patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
  * patch 9.2.0183: channel: using deprecated networking APIs
  * patch 9.2.0182: autocmds may leave windows with w_locked set
  * patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
  * patch 9.2.0180: possible crash with winminheight=0
  * patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
  * patch 9.2.0178: DEC mode requests are sent even when not in raw mode
  * patch 9.2.0177: Vim9: Can set environment variables in restricted mode
  * patch 9.2.0176: external diff is allowed in restricted mode
  * patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
  * patch 9.2.0174: diff: inline word-diffs can be fragmented
  * patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
  * patch 9.2.0172: Missing semicolon in os_mac_conv.c
  * patch 9.2.0171: MS-Windows: version detection is deprecated
  * patch 9.2.0170: channel: some issues in ch_listen()
  * patch 9.2.0169: assertion failure in syn_id2attr()
  * patch 9.2.0168: invalid pointer casting in string_convert() arguments
  * patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
  * patch 9.2.0166: Coverity warning for potential NULL dereference
  * patch 9.2.0165: tests: perleval fails in the sandbox
  * patch 9.2.0164: build error when XCLIPBOARD is not defined
  * patch 9.2.0163: MS-Windows: Compile warning for unused variable
  * patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
  * patch 9.2.0161: intro message disappears on startup in some terminals
  * patch 9.2.0160: terminal DEC mode handling is overly complex
  * patch 9.2.0159: Crash when reading quickfix line
  * patch 9.2.0158: Visual highlighting might be incorrect
  * patch 9.2.0157: Vim9: concatenation can be improved
  * patch 9.2.0156: perleval() and rubyeval() ignore security settings
  * patch 9.2.0155: filetype: ObjectScript are not recognized
  * patch 9.2.0154: if_lua: runtime error with lua 5.5
  * patch 9.2.0153: No support to act as a channel server
  * patch 9.2.0152: concatenating strings is slow
  * patch 9.2.0151: blob_from_string() is slow for long strings
  * patch 9.2.0150: synchronized terminal update may cause display artifacts
  * patch 9.2.0149: Vim9: segfault when unletting an imported variable
  * patch 9.2.0148: Compile error when FEAT_DIFF is not defined
  * patch 9.2.0147: blob: concatenation can be improved
  * patch 9.2.0146: dictionary lookups can be improved
  * patch 9.2.0145: UTF-8 decoding and length calculation can be improved
  * patch 9.2.0144: 'statuslineopt' is a global only option
  * patch 9.2.0143: termdebug: no support for thread and condition in :Break
  * patch 9.2.0142: Coverity: Dead code warning
  * patch 9.2.0141: :perl ex commands allowed in restricted mode
  * patch 9.2.0140: file reading performance can be improved
  * patch 9.2.0139: Cannot configure terminal resize event
  * patch 9.2.0138: winhighlight option handling can be improved
  * patch 9.2.0137: [security]: crash with composing char in collection range
  * patch 9.2.0136: memory leak in add_interface_from_super_class()
  * patch 9.2.0135: memory leak in eval_tuple()
  * patch 9.2.0134: memory leak in socket_server_send_reply()
  * patch 9.2.0133: memory leak in netbeans_file_activated()
  * patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
  * patch 9.2.0131: potential buffer overflow in regdump()
  * patch 9.2.0130: missing range flags for the :tab command
  * patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
  * patch 9.2.0128: Wayland: using _Boolean instead of bool type
  * patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
  * patch 9.2.0126: String handling can be improved
  * patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
  * patch 9.2.0124: auto-format may swallow white space
  * patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
  * patch 9.2.0122: Vim still supports compiling on NeXTSTEP
  * patch 9.2.0120: tests: test_normal fails
  * patch 9.2.0119: incorrect highlight initialization in win_init()
  * patch 9.2.0118: memory leak in w_hl when reusing a popup window
  * patch 9.2.0117: tests: test_wayland.vim fails
  * patch 9.2.0116: terminal: synchronized output sequences are buffered
  * patch 9.2.0115: popup: screen flickering possible during async callbacks
  * patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
  * patch 9.2.0113: winhighlight pointer may be used uninitialized
  * patch 9.2.0112: popup: windows flicker when updating text
  * patch 9.2.0111: 'winhighlight' option not always applied

* Update Vim to version 9.2.0110 (from 9.2.0045).
  * Specifically, this fixes bsc#1259051 / CVE-2026-28417.

* Update Vim to version 9.2.0045 (from 9.1.1629).
  * Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
  upstream).
  * Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
  upstream).
  * Drop obsolete or upstreamed patches:
  - vim-7.3-filetype_spec.patch
  - vim-7.4-filetype_apparmor.patch
  - vim-8.2.2411-globalvimrc.patch
  - vim-9.1.1683-avoid-null-dereference.patch
  * Refresh the following patches:
  - vim-7.3-filetype_changes.patch
  - vim-7.3-filetype_ftl.patch
  - vim-7.3-sh_is_bash.patch
  - vim-9.1.1134-revert-putty-terminal-colors.patch
  * Remove autoconf BuildRequires and drop the autoconf call in %build.
  * Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
  * Package new Swedish (sv) man pages and clean up duplicate encodings
  (sv.ISO8859-1 and sv.UTF-8) during %install.

- bsc#1262428 - VUL-0: CVE-2025-54505: xen: Floating Point Divider
  State Sampling on AMD CPUs AMD-SN-7053 (XSA-488)
  xsa488.patch

- bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via
  XS_RESET_WATCHES command (XSA-484)
  xsa484.patch
- bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in
  status page mapping (XSA-486)
  xsa486.patch

- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
  paging structures in EPT (XSA-480)
  xsa480.patch