- Update to version 1.19
  + Make sure IPADDR variable is stripped of netmask

- Update to version 1.18
  +  Fix issue with link-local address routing (bsc#1258730)

- Update to version 1.17
  + Do not set broadcast address explicitly (bsc#1258406)

- Update to version 1.16
  + Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223
  + Fix variable names in the README

- Security fixes:
  * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631)
  * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632)
  * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635)
  * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636)
  * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638)
  * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362)
  * Add patches:
  - curl-CVE-2026-4873.patch
  - curl-CVE-2026-5545.patch
  - curl-CVE-2026-6253.patch
  - curl-CVE-2026-6276.patch
  - curl-CVE-2026-6429.patch
  - curl-CVE-2026-1965-disable-ntlm-fix.patch

- crypto: authencesn - Fix src offset when decrypting in-place
  (bsc#1262573 CVE-2026-31431).
- commit 86cbba3

- crypto: authencesn - Do not place hiseq at end of dst for
  out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit d00ea08

- crypto: authenc - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- Refresh
  patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 8439d6a

- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
  CVE-2026-31431).
- commit 3c6e00a

- crypto: algif_aead - Revert to operating out-of-place
  (bsc#1262573 CVE-2026-31431).
- commit 402e84d

- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- commit f620cf3

- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  (bsc#1262573 CVE-2026-31431).
- commit 8814cb0

- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
  CVE-2026-31431).
- commit e081d55

- Add CVE-2026-6019-Morsel-js_output.patch protects against HTML
  injection by Base64-encoding cookie values embedded in JS
  (bsc#1262654, CVE-2026-6019, gh#python/cpython#90309).

- Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects
  CR/LF in HTTP tunnel request headers (bsc#1261969,
  CVE-2026-1502, gh#python/cpython#146211).

- Add CVE-2026-4786-webbrowser-open-action.patch, which fixes
  webbrowser %action substitution bypass of dash-prefix check
  (bsc#1262319, CVE-2026-4786, gh#python/cpython#148169).

- Add CVE-2026-6100-use-after-free-decompression.patch preventing
  dangling pointer which can end in the use-after-free error
  (CVE-2026-6100, bsc#1262098, gh#python/cpython#148395).

- Fix calling of sphinx build with non-standard Python
  interpreter (including new patch sphinx-set-PYTHON.patch).

- Add CVE-2026-3446-base64-padding.patch preventing ignoring
  excess Base64 data after the first padded quad (bsc#1261970,
  CVE-2026-3446, gh#python/cpython#145264).

- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
  the same security model as open(). The documented limitations
  ensure compatibility with non-filesystem loaders; Python
  doesn't check that. (bsc#1259989, CVE-2026-3479,
  gh#python/cpython#146121).

- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
  leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
  gh#python/cpython#143930).

- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
  TarInfo DIRTYPE normalization during GNU long name handling
  (bsc#1259611, CVE-2025-13462).

- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
  unbound C recursion in conv_content_model in pyexpat.c
  (bsc#1259735, CVE-2026-4224).

- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
  control characters in http.cookies.Morsel.update() and
  http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-ply provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
  Add patch CVE-2026-25645.patch

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- fix regression in CVE-2025-66471.patch when downloading large files
  (bsc#1259829)

- Add CVE-2026-5958.patch
  * Fix CVE-2026-5958 (bsc#1262144):
    A TOCTOU race can allow to read attacker-controlled content and write
    it to an unintended file

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

- bsc#1262428 - VUL-0: CVE-2025-54505: xen: Floating Point Divider
  State Sampling on AMD CPUs AMD-SN-7053 (XSA-488)
  xsa488.patch

- bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via
  XS_RESET_WATCHES command (XSA-484)
  xsa484.patch
- bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in
  status page mapping (XSA-486)
  xsa486.patch