n/a

- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
  * If a user switches the login shell respect the already set
    PATH environment (bsc#1235481)

- add patch aaa_base-rc.status.patch (bsc#1236033)
  (no git, file is gone in factory/tumbleweed)
  update detection for systemd in rc.status, mountpoint for
  cgroup changed with cgroup2, so just check if pid 1 is systemd

- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
  file even if it has 000 permissions. This is needed after the CVE-2024-10041
  fix in PAM.
  * unix-chkpwd-add-read-capability.path, bsc#1241678

- Allow pam_unix to execute unix_chkpwd with abi/3.0
  - remove dovecot-unix_chkpwd.diff
  - Add allow-pam_unix-to-execute-unix_chkpwd.patch
  - Add revert-abi-change-for-unix_chkpwd.patch
  (bsc#1234452, bsc#1232234)

- Add patch, fix for bsc#1239909 / CVE-2025-2588:
  * CVE-2025-2588.patch

- revert the distrusted certs for now. originally these only
  distrust "new issued" certs starting after a certain date,
  while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed

- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
  namespace in containerized environments while trying to get Kerberos
  credentials (bsc#1239680)
  * add New-mount-option-for-cifs.upcall-namespace-reso.patch

- Update to version 1.15
  + Add support for creating IPv6 default route in GCE (bsc#1240869)
  + Minor fix when looking up IPv6 default route

- Update version to 10.4.0
  + Remove repositories when the package is being removed
    We do not want to leave repositories behind refering to the plugin that
    is being removed when the package gets removed (bsc#1240310, bsc#1240311)
  + Turn docker into an optional setup (jsc#PCT-560)
    Change the Requires into a Recommends and adapt the code accordingly
  + Support flexible licenses in GCE (jsc#PCT-531)
  + Drop the azure-addon package it is geting replaced by the
    license-watcher package which has a generic implementation of the
    same functionality.
  + Handle cache inconsistencies (bsc#1218345)
  + Properly handle the zypper root target argument (bsc#1240997)

- Update
  patches.suse/can-etas_es58x-es58x_rx_err_msg-fix-memory-leak-in-e.patch
  (git-fixes stable-5.14.19 CVE-2021-47671 bsc#1241421).
- commit 855e2af

- Update
  patches.suse/net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
  (bsc#1240195 CVE-2024-46784 bsc#1230771).
- commit b86bfe4

- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
  This reverts commit b68bd5953c15c3c2b21e60fbd6d8a52b0bbb030c.
  This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit d9d19c1

- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
  bsc#1241378).
- commit b68bd59

- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
  (CVE-2025-22045 bsc#1241433).
- commit c4ca325

- memstick: rtsx_usb_ms: Fix slab-use-after-free in
  rtsx_usb_ms_drv_remove (bsc#1241280 CVE-2025-22020).
- commit 0f74fae

- drm/vkms: Fix use after free and double free on init error
  (CVE-2025-22097 bsc#1241541).
- commit 02fe040

- net: fix geneve_opt length integer overflow (CVE-2025-22055
  bsc#1241371).
- commit 15ff527

- net: atm: fix use after free in lec_send() (CVE-2025-22004
  bsc#1240835).
- commit 889e26f

- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
  bsc#1238471).
- commit 1d6ea68

- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch.
- commit 88b5c8e

- Update
  patches.suse/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_pro.patch
  (git-fixes CVE-2022-49741 bsc#1240747).
- commit 0c9a431

- Update
  patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
  (git-fixes CVE-2025-21886 bsc#1240188).
- commit 6a0c1b0

- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785 bsc#1238747)
- commit 2c96a9a

- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
  bsc#1238512).
- commit 50bbf71

- Delete
  patches.suse/btrfs-defrag-don-t-use-merged-extent-map-for-their-generat.patch.
- Delete
  patches.suse/btrfs-fix-defrag-not-merging-contiguous-extents-due-to-mer.patch.
- Delete
  patches.suse/btrfs-fix-extent-map-merging-not-happening-for-adjacent-ex.patch.
  Reverting ineffective changes for bsc#1239968 and closing it as WONTFIX.
- commit a1bc1ab

- padata: avoid UAF for reorder_work (CVE-2025-21726 bsc#1238865).
- commit bfab8c2

- Update to containerd v1.7.27. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.27>
  bsc#1239749 CVE-2024-40635
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.26. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.25. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.25>
  <https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- version update to 2.7.1
    Bug fixes:
    [#980] #989  Restore event pointer behavior from Expat 2.6.4
    (that the fix to CVE-2024-8176 changed in 2.7.0);
    affected API functions are:
  - XML_GetCurrentByteCount
  - XML_GetCurrentByteIndex
  - XML_GetCurrentColumnNumber
  - XML_GetCurrentLineNumber
  - XML_GetInputContext
    Other changes:
    [#976] #977  Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
    with Automake that were missing from 2.7.0 release tarballs
    [#983] #984  Fix printf format specifiers for 32bit Emscripten
    [#992]  docs: Promote OpenSSF Best Practices self-certification
    [#978]  tests/benchmark: Resolve mistaken double close
    [#986]  Address compiler warnings
    [#990] #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
    for what these numbers do
    Infrastructure:
    [#982]  CI: Start running Perl XML::Parser integration tests
    [#987]  CI: Enforce Clang Static Analyzer clean code
    [#991]  CI: Re-enable warning clang-analyzer-valist.Uninitialized
    for clang-tidy
    [#981]  CI: Cover compilation with musl
    [#983] #984  CI: Cover compilation with 32bit Emscripten
    [#976] #977  CI: Protect against fuzzer files missing from future
    release archives

- version update to 2.7.0 for SLE-15-SP4
- deleted patches
  - expat-CVE-2022-25235.patch (upstreamed)
  - expat-CVE-2022-25236-relax-fix.patch (upstreamed)
  - expat-CVE-2022-25236.patch (upstreamed)
  - expat-CVE-2022-25313-fix-regression.patch (upstreamed)
  - expat-CVE-2022-25313.patch (upstreamed)
  - expat-CVE-2022-25314.patch (upstreamed)
  - expat-CVE-2022-25315.patch (upstreamed)
  - expat-CVE-2022-40674.patch (upstreamed)
  - expat-CVE-2022-43680.patch (upstreamed)
  - expat-CVE-2023-52425-1.patch (upstreamed)
  - expat-CVE-2023-52425-2.patch (upstreamed)
  - expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
  - expat-CVE-2023-52425-fix-tests.patch (upstreamed)
  - expat-CVE-2024-28757.patch (upstreamed)
  - expat-CVE-2024-45490.patch (upstreamed)
  - expat-CVE-2024-45491.patch (upstreamed)
  - expat-CVE-2024-45492.patch (upstreamed)
  - expat-CVE-2024-50602.patch (upstreamed)

- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
  * Security fixes:
    [#893] #973  CVE-2024-8176 -- Fix crash from chaining a large number
    of entities caused by stack overflow by resolving use of
    recursion, for all three uses of entities:
  - general entities in character data ("<e>&g1;</e>")
  - general entities in attribute values ("<e k1='&g1;'/>")
  - parameter entities ("%p1;")
    Known impact is (reliable and easy) denial of service:
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
    (Base Score: 7.5, Temporal Score: 7.2)
    Please note that a layer of compression around XML can
    significantly reduce the minimum attack payload size.
  * Other changes:
    [#935] #937  Autotools: Make generated CMake files look for
    libexpat.@SO_MAJOR@.dylib on macOS
    [#925]  Autotools: Sync CMake templates with CMake 3.29
  [#945] #962 #966  CMake: Drop support for CMake <3.13
    [#942]  CMake: Small fuzzing related improvements
    [#921]  docs: Add missing documentation of error code
    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
    [#941]  docs: Document need for C++11 compiler for use from C++
    [#959]  tests/benchmark: Fix a (harmless) TOCTTOU
    [#944]  Windows: Fix installer target location of file xmlwf.xml
    for CMake
    [#953]  Windows: Address warning -Wunknown-warning-option
    about -Wno-pedantic-ms-format from LLVM MinGW
    [#971]  Address Cppcheck warnings
    [#969] #970  Mass-migrate links from http:// to https://
    [#947] #958 ..
    [#974] #975  Document changes since the previous release
    [#974] #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
    for what these numbers do

- no source changes, just adding jira reference: jsc#SLE-21253

- Add glib2-CVE-2025-3360.patch:
  Backport 8d60d7dc from upstream, Fix integer overflow when
  parsing very long ISO8601 inputs. This will only happen with
  invalid (or maliciously invalid) potential ISO8601 strings,
  but `g_date_time_new_from_iso8601()` needs to be robust against
  that.
  (CVE-2025-3360, bsc#1240897)

- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
  debug env var for setuid for static (CVE-2025-4802, bsc#1243317)

- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
  [#25847])

- Update to version v3.7: (bsc#1238831, bsc#1238833)
  * No public description
  * Moving CG disk validation to CheckPreConditions
  * Fix issue with filling in ha_hosts in HANA systems
  * Use updated UAP method for Guest Actions
  * Fix grep command used for landscape ID discovery
  * Correct arguments used by HANA disk discovery.
  * Add tagged disks to discovery data sent to Data Warehouse
  * Identify disks by mount point in SAP System data.
  * Auto updated compiled protocol buffers
  * Add collection for WLM Pacemaker alias IP setting.
  * Add the Maintenance Events Sample Dashboard
  * Auto updated compiled protocol buffers
  * Remove obsolete events proto from sapagent
  * Auto updated compiled protocol buffers
  * Add collection for WLM Pacemaker health check and internal load balancer metrics.
  * Auto updated compiled protocol buffers
  * Add collection for WLM Pacemaker SAPInstance automatic recover and monitor settings.
  * Remove restart logic used in configure OTE. Rely on config poller.
  * fixing TypedValue
  * migrating from the platform integration/common/shared to sharedlibraries
  * Default topology to SCALE_UP for non-HANA DBs.
  * Remove restarting from guestactions

- Update to version 20250506.01 (bsc#1243254, bsc#1243505)
  * Make sure agent added connections are activated by NM (#534)
- from version 20250506.00
  * wrap NSS cache refresh in a goroutine (#533)
- from version 20250502.01
  * Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- from version 20250502.00
  * Add AuthorizedKeysCompat to windows packaging (#530)
  * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
  * Update guest-logging-go dependency (#526)
  * Add 'created-by' metadata, and pass it as option to logging library (#508)
  * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
  * Re-enable disabled services if the core plugin was enabled (#522)
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert "Revert bundling new binaries in the package (#509)" (#511)
- from version 20250418.00
  * Re-enable disabled services if the core plugin was enabled (#521)
- from version 20250414.00
  * Add AuthorizedKeysCompat to windows packaging (#530)
  * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
  * Update guest-logging-go dependency (#526)
  * Add 'created-by' metadata, and pass it as option to logging library (#508)
  * Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
  * Re-enable disabled services if the core plugin was enabled (#522)
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert "Revert bundling new binaries in the package (#509)" (#511)

- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88

- Add icewm-translation-update.patch: Update the latest translation
  from https://l10n.opensuse.org/projects/icewm/icewm-1-4-branch/.

- avoid spurious cgroup warning (bsc#1234383):
  - ss-Tone-down-cgroup-path-resolution.patch

- Fix bsc#1243284 - ping on s390x prints invalid ttl
  * Add iputils-invalid-ttl-s390x.patch
  * Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems

- Security fix [bsc#1242300, CVE-2025-47268]
  * integer overflow in RTT calculation can lead to undefined behavior
  * Add iputils-CVE-2025-47268.patch

- Don't search for resources in the current directory. It can cause
  unwanted side effects or even infinite loop (bsc#1237230,
  kbd-ignore-working-directory-1.patch,
  kbd-ignore-working-directory-2.patch,
  kbd-ignore-working-directory-3.patch).

- L3: fuser returning unexpected list of PIDs to Filesystem RA
  (bsc#1241867) Apply upstream patch:
  0001-Filesystem-fix-getting-the-wrong-block-device-when-d.patch

- L3: DB2 resource agent forcefully shuts down database, risking data loss — ref:_00D1igLOd._500TrYJM7l:ref
  (bsc#1241692)
  Add patch:
    bsc-1241692.patch

- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
  file even if it has 000 permissions. This is needed after the CVE-2024-10041
  fix in PAM.
  * unix-chkpwd-add-read-capability.path, bsc#1241678

- Allow pam_unix to execute unix_chkpwd with abi/3.0
  - remove dovecot-unix_chkpwd.diff
  - Add allow-pam_unix-to-execute-unix_chkpwd.patch
  - Add revert-abi-change-for-unix_chkpwd.patch
  (bsc#1234452, bsc#1232234)

- enable brotli support (jsc#PED-12258)

- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
  huffdec.c (bsc#1234837 CVE-2024-56431).
- Explicitly require libicu-devel, rather than using pkgconfig, to
  avoid unintentionally building against icu 73.

- Modify patch ncurses-5.9-ibm327x.dif
  * Backport sclp terminfo description entry if for s390 sclp terminal lines
  * Add a further sclp entry for qemu s390 based systems
  * Make use of dumb

- pacemaker-attrd: use %PRIu32 format specifier instead of %u for node id (bsc#1239629, gh#ClusterLabs/pacemaker#3860)
  * bsc#1239629-0004-Log-pacemaker-attrd-use-PRIu32-format-specifier-inst.patch
- libcrmcluster: correctly log node id (bsc#1239629, gh#ClusterLabs/pacemaker#3860)
  * bsc#1239629-0003-Log-libcrmcluster-correctly-log-node-id.patch
- pacemaker-attrd: log the cluster layer id of the changed peer (bsc#1239629, gh#ClusterLabs/pacemaker#3860)
  * bsc#1239629-0002-Log-pacemaker-attrd-log-the-cluster-layer-id-of-the-.patch
- pacemaker-attrd: prevent segfault if a peer leaves when its name is unknown yet (bsc#1239629, gh#ClusterLabs/pacemaker#3860)
  * bsc#1239629-0001-Fix-pacemaker-attrd-prevent-segfault-if-a-peer-leave.patch

- spec: create a temporary file in /run directory (bsc#1239770)

- libcrmservices: Unref the dbus connection... (gh#ClusterLabs/pacemaker#3841)
  * pacemaker#3841-0002-Refactor-libcrmservices-Unref-the-dbus-connection.patch
- libcrmservices: Don't leak msg if systemd_proxy is NULL. (gh#ClusterLabs/pacemaker#3841)
  * pacemaker#3841-0001-Low-libcrmservices-Don-t-leak-msg-if-systemd_proxy-i.patch

- cts-scheduler: update tests for considering parents of an unmanaged resource active on the node (gh#ClusterLabs/pacemaker#3842, bsc#1238519)
  * bsc#1238519-0002-Test-cts-scheduler-update-tests-for-considering-pare.patch
- libpe_status: consider parents of an unmanaged resource active on the node (gh#ClusterLabs/pacemaker#3842, bsc#1238519)
  * bsc#1238519-0001-Fix-libpe_status-consider-parents-of-an-unmanaged-re.patch

- various: address format-overflow warnings (gh#ClusterLabs/pacemaker#3795)
  * pacemaker#3795-0001-Low-various-address-format-overflow-warnings.patch

- libpacemaker: set fail-count to INFINITY for fatal failures (gh#ClusterLabs/pacemaker#3772)
  * pacemaker#3772-0002-Fix-libpacemaker-set-fail-count-to-INFINITY-for-fata.patch
- libpacemaker: add PCMK__XA_FAILED_START_OFFSET and PCMK__XA_FAILED_STOP_OFFSET (gh#ClusterLabs/pacemaker#3772)
  * pacemaker#3772-0001-Refactor-libpacemaker-add-PCMK__XA_FAILED_START_OFFS.patch

- 0001-Fix-timespec-conversion-to-avoid-infinite-loop-2108-.patch:
  avoid endless loops (bsc#1242842)

- update suse.patch to 736ea75f25d52fdebb88ed6583468bd7c21190f6
  - fix ReDoS in CGI::Util#escapeElement
    bsc#1237806 CVE-2025-27220
  - fix denial of service in CGI::Cookie.parse
    bsc#1237804 CVE-2025-27219

- update suse.patch to 6bf78da1fc4048a11a8612741216ebc47d9ebb41
  - move the request smuggling patch to the correct place
    actually fixes bsc#1230930 CVE-2024-47220 and now boo#1235773

- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32

- Provide a symbol specific for the ruby-version
  so yast does not break across updates (boo#1235598)

- Sync version 3.49.1 from Factory (jsc#SLE-16032):
  * CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
    function, introduced in version 3.44.0, that could lead to a
    memory error if the separator string is very large (hundreds
    of megabytes).
  * CVE-2025-29088, bsc#1241078: Enhanced the
    SQLITE_DBCONFIG_LOOKASIDE interface to make it  more robust
    against misuse.
  * Obsoletes sqlite3-rtree-i686.patch

- security update
- added patches
  CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
  + libxml2-CVE-2025-32414.patch
  CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
  + libxml2-CVE-2025-32415.patch

- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
  libxml2 2.14 potentially reads the complete stream, so it may
  have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
  service may set.
  Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
  keeppackages, gpgkey, mirrorlist, and metalink with the same
  semantic as in a .repo file.
- version 17.36.7 (35)

- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires:  %{libsolv_devel_package} >= 0.7.32.
  Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
  unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
  default (false).
  The default was true in Code12 (libzypp-16.x) and changed to
  false with Code15 (libzypp-17.x). Unfortunately this was done by
  shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)

- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
  (bsc#1238315)
  Ftp actually differs between absolute and relative URL paths.
  Absolute path names begin with a double slash encoded as '/%2F'.
  This must be preserved when manipulating the path.
- version 17.36.5 (35)

- Add a transaction package preloader (fixes openSUSE/zypper#104)
  This patch adds a preloader that concurrently downloads files
  during a transaction commit. It's not yet enabled per default.
  To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
  in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
  (fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)

- Added openssh-bsc1241045-kexalgo-gt-256bits.patch (bsc#1241045)
  from upstream, which allows KEX hashes greater than 256 bits.
  Thanks to Ali Abdallah <ali.abdallah@suse.com>.

- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
  This fixes an upstream logic error handling the DisableForwarding
  option.

- Update openssh-7.6p1-audit_race_condition.patch (bsc#1232533),
  fixing failures with very large MOTDs. Thanks to Ali Abdallah
  <ali.abdallah@suse.com>.

- Updated openssh-8.1p1-audit.patch (bsc#1228634) with modification
  from Jaroslav Jindrak (jjindrak@suse.com) to fix the hostname
  being left out of the audit output.

- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
  PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
  entry.
  [passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
  CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
  [pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]

- add bpftool to patterns enhanced base. jsc#PED-8375

- Add patch CVE-2025-47273.patch to fix A path traversal
  vulnerability.
  (bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)

- also includes
  VUL-0: CVE-2020-36327: Bundler chooses a dependency source based
  on the highest gem version number, which means that a rogue gem
  found at a public source may be chosen (bsc#1185842)

- updated to version 2.2.34
  VUL-0: CVE-2021-43809: rubygem-bundler: remote execution via Gemfile argument injection (bsc#1193578)
- removed 7416.patch and CVE-2021-43809.patch which are included
  in suse.patch now
- removed series as it is unused

- security update
- added patches
  fix CVE-2025-32441 [bsc#1242899], Rack Session Reuse Vulnerability
  + rubygem-rack-CVE-2025-32441.patch

- security update
- added patches
  fix CVE-2025-46727 [bsc#1242894], Unbounded-Parameter DoS in Rack:QueryParser
  + rubygem-rack-CVE-2025-46727.patch

- creation of a new request

- removed tables reference related to almalinux9 builds

- fix a bug in redhad package description for almalinux9 builds

- updates redhat package to include almalinux9 builds

- added build support for almalinux9

- removed ssg-reproducable.patch: upstream

- updated to 0.1.76 (jsc#ECO-3319)
  - Add new product for Ubuntu 24.04 and draft CIS profiles
  - Add pyproject.toml for the ssg package
  - AlmaLinux OS 9 as a new product
  - Documentation for ssg library
  - Extend SSG library to more easily collect profile selections
  - Extend SSG with functions to manage variables

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

- Remove cron dependency (bsc#1239297).
- Introduce systemd timers.
- Delete sysstat.cron.suse.

- Update to 2025b:
  * New zone for Aysén Region in Chile (America/Coyhaique) which
    moves from -04/-03 to -03
- Refresh patches
  * revert-philippines-historical-data.patch
  * tzdata-china.diff

- Updated translations (bsc#1230267)
- version 1.14.89

- Do not double encode URL strings passed on the commandline
  (bsc#1237587)
  URLs passed on the commandline must have their special chars
  encoded already. We just want to check and encode forgotten
  unsafe chars like a blank. A '%' however must not be encoded
  again.
- version 1.14.88

- Package preloader that concurrently downloads files. It's not yet
  enabled per default. To enable the preview set ZYPP_CURL2=1 and
  ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires:  libzypp-devel >= 17.36.4.
- version 1.14.87

- refresh: add --include-all-archs (fixes #598)
  Future multi-arch repos may allow to download only those metadata
  which refer to packages actually compatible with the systems
  architecture. Some tools however want zypp to provide the full
  metadata of a repository without filtering incompatible
  architectures.
- info,search: add option to search and list Enhances
  (bsc#1237949)
- version 1.14.86