- bsc1261998-CVE-2026-40393-nir-Use-STACK_ARRAY-instead-of-NIR_VLA.patch
  bsc1261998-CVE-2026-40393-spirv-Use-STACK_ARRAY-instead-of-NIR_VLA.patch
  * Mesa: out-of-bounds memory access can occur in WebGPU because
    the amount of to-be-allocated data depends on an untrusted
    party (bsc#1261998, CVE-2026-40393)

- Update to version 1.19
  + Make sure IPADDR variable is stripped of netmask

- Update to version 1.18
  +  Fix issue with link-local address routing (bsc#1258730)

- Update to version 1.17
  + Do not set broadcast address explicitly (bsc#1258406)

- Update to version 1.16
  + Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223
  + Fix variable names in the README

- kabi assert ptrace: slightly saner 'get_dumpable()' logic
  (bsc#1265308).
- kabi ptrace: slightly saner 'get_dumpable()' logic
  (bsc#1265308).
- commit 51e3e5d

- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit a7685e1

- io-wq: check that the predecessor is hashed in
  io_wq_remove_pending() (git-fixes).
- commit 447a089

- net: skbuff: propagate shared-frag marker through pskb_copy()
  (CVE-2026-46300 bsc#1265209).
- commit 4c684ee

- xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449 bsc#1264450).
- commit f187bc6

- supported.conf: drop rxrpc and afs_fs (bsc#1264450)
- commit c00b898

- x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's  op cache (bsc#1264013 CVE-2025-54518).
- commit 5f11806

- (bsc#1263816) 42817:azure-cli - Stonith failing to start -
  "raise ValueError("API version {} does not have operation group 'virtual_machines'".format(api_version))"
  Remove patch: 0001-fence_azure_arm-fix-get-virtual-machines-call.patch
  Update to fence-azure-arm. Apply update patches:
    0001-fence_azure_arm-use-azure-identity-instead-of-msrest.patch
    0001-lib-all-agents-use-r-for-all-regular-expressions-to-.patch
    try-to-start-python-3.11.patch
    0001-azure_fence.py-fix-managed-identity-authentication-6.patch

- Add CVE-2026-34986.patch to fix crafted JWE input with a missing encrypted
  key can lead to a denial of service (bsc#1262936, CVE-2026-34986)

- bsc#1260414 - CVE-2026-33554:
  freeipmi: improper memory handling and data validation can lead
  A ipmi-oem-fix-several-memory-out-of-bounds-errors.patch

- version update to 1.2.59 [jsc#PED-16191]
  Added png_check_chunk_length() function, and check all chunks except
    IDAT against the default 8MB limit; check IDAT against the maximum
    size computed from IHDR parameters (Fixes CVE-2017-12652).
  Initialize memory allocated by png_inflate to zero, using memset, to
    stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
    due to truncated iTXt or zTXt chunk.
  Added png_check_chunk_length() function, and check all chunks except
    IDAT against the default 8MB limit; check IDAT against the maximum
    size computed from IHDR parameters (Fixes CVE-2017-12652).
- deleted patches
  * libpng12-CVE-2026-25646.patch  (upstreamed)
- fixes CVE-2017-12652 [bsc#1141493]

- added patches
  CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution [bsc#1260754]
  * libpng12-CVE-2026-33416.patch
  CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
  * libpng12-CVE-2026-34757.patch

- Add CVE-2026-6019-Morsel-js_output.patch protects against HTML
  injection by Base64-encoding cookie values embedded in JS
  (bsc#1262654, CVE-2026-6019, gh#python/cpython#90309).

- Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects
  CR/LF in HTTP tunnel request headers (bsc#1261969,
  CVE-2026-1502, gh#python/cpython#146211).

- Add CVE-2026-4786-webbrowser-open-action.patch, which fixes
  webbrowser %action substitution bypass of dash-prefix check
  (bsc#1262319, CVE-2026-4786, gh#python/cpython#148169).

- Add CVE-2026-6100-use-after-free-decompression.patch preventing
  dangling pointer which can end in the use-after-free error
  (CVE-2026-6100, bsc#1262098, gh#python/cpython#148395).

- Fix calling of sphinx build with non-standard Python
  interpreter (including new patch sphinx-set-PYTHON.patch).

- Add CVE-2026-3446-base64-padding.patch preventing ignoring
  excess Base64 data after the first padded quad (bsc#1261970,
  CVE-2026-3446, gh#python/cpython#145264).

- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
  the same security model as open(). The documented limitations
  ensure compatibility with non-filesystem loaders; Python
  doesn't check that. (bsc#1259989, CVE-2026-3479,
  gh#python/cpython#146121).

- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
  leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
  gh#python/cpython#143930).

- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
  TarInfo DIRTYPE normalization during GNU long name handling
  (bsc#1259611, CVE-2025-13462).

- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
  unbound C recursion in conv_content_model in pyexpat.c
  (bsc#1259735, CVE-2026-4224).

- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
  control characters in http.cookies.Morsel.update() and
  http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).

- qemu: Use numa-preplace instead of numad for numa placement advice
  bsc#1242979, jsc#PED-15886

- Added openssh-cve-2026-35385-scp-setuid-modes.patch (bsc#1261427),
  ensuring setuid bits default to being masked out by scp.
- Added openssh-cve-2026-35414-mishandled-ca-commas.patch
  (bsc#1261430), fixing mishandling of comma characters in CA in
  certain situations.

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- fix regression in CVE-2025-66471.patch when downloading large files
  (bsc#1259829)

- Add CVE-2026-5958.patch
  * Fix CVE-2026-5958 (bsc#1262144):
    A TOCTOU race can allow to read attacker-controlled content and write
    it to an unintended file

- import all keys if they are not yet in the RPM db.

- Added post quantum cryptographic keys for SLES 15 and SLES 16.
  - build-pqc-15.pem
  - build-pqc-16.pem

- Fix bsc#1261833 / CVE-2026-39881.
- Update to 9.2.0398.
- Changes:
  * 9.2.0398: MS-Windows: missing strptime() support
  * 9.2.0397: tabpanel: double-click opens a new tab
  * 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS
  * 9.2.0395: tests: Test_backupskip() may read from $HOME
  * 9.2.0394: xxd: offsets greater than LONG_MAX print as negative
  * 9.2.0393: MS-Windows: link error with XPM support on UCRT64
  * 9.2.0392: tests: Some tests are flaky
  * 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting
  * 9.2.0390: filetype: some Beancount files are not recognized
  * 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app
  * 9.2.0388: strange indent in update_topline()
  * 9.2.0387: DECRQM request may leave stray chars in terminal
  * 9.2.0386: No scroll/scrollbar support in the tabpanel
  * 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff'
  * 9.2.0384: stale Insstart after <Cmd> cursor move breaks undo
  * 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs
  * 9.2.0382: Wayland: focus-stealing is non-working
  * 9.2.0381: Vim9: Missing check_secure() in exec_instructions()
  * 9.2.0380: completion: a few issues in completion code
  * 9.2.0379: gui.color_approx is never used
  * 9.2.0378: Using int as bool type in win_T struct
  * 9.2.0377: Using int as bool type in gui_T struct
  * 9.2.0376: Vim9: elseif condition compiled in dead branch
  * 9.2.0375: prop_find() does not find a virt text in starting line
  * 9.2.0374: c_CTRL-{G,T} does not handle offset
  * 9.2.0373: Ctrl-R mapping not triggered during completion
  * 9.2.0372: pum: rendering issues with multibyte text and opacity
  * 9.2.0371: filetype: ghostty config files are not recognized
  * 9.2.0370: duplicate code with literal string_T assignment
  * 9.2.0369: multiple definitions of STRING_INIT macro
  * 9.2.0368: too many strlen() calls when adding strings to dicts
  * 9.2.0367: runtime(netrw): ~ note expanded on MS Windows
  * 9.2.0366: pum: flicker when updating pum in place
  * 9.2.0365: using int as bool
  * 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails
  * 9.2.0363: Vim9: variable shadowed by script-local function
  * 9.2.0362: division by zero with smoothscroll and small windows
  * 9.2.0361: tests: no tests for ch_listen() with IPs
  * 9.2.0360: Cannot handle mouse-clicks in the tabpanel
  * 9.2.0359: wrong VertSplitNC highlighting on winbar
  * 9.2.0358: runtime(vimball): still path traversal attacks possible
  * 9.2.0357: [security]: command injection via backticks in tag files
  * 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
  * 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
  * 9.2.0354: filetype: not all Bitbake include files are recognized
  * 9.2.0353: Missing out-of-memory check in register.c
  * 9.2.0352: 'winhighlight' of left window blends into right window
  * 9.2.0351: repeat_string() can be improved
  * 9.2.0350: Enabling modelines poses a risk
  * 9.2.0349: cannot style non-current window separator
  * 9.2.0348: potential buffer underrun when setting statusline like option
  * 9.2.0347: Vim9: script-local variable not found
  * 9.2.0346: Wrong cursor position when entering command line window
  * 9.2.0345: Wrong autoformatting with 'autocomplete'
  * 9.2.0344: channel: ch_listen() can bind to network interface
  * 9.2.0343: tests: test_clientserver may fail on slower systems
  * 9.2.0342: tests: test_excmd.vim leaves swapfiles behind
  * 9.2.0341: some functions can be run from the sandbox
  * 9.2.0340: pum_redraw() may cause flicker
  * 9.2.0339: regexp: nfa_regmatch() allocates and frees too often
  * 9.2.0338: Cannot handle mouseclicks in the tabline
  * 9.2.0337: list indexing broken on big-endian 32-bit platforms
  * 9.2.0336: libvterm: no terminal reflow support
  * 9.2.0335: json_encode() uses recursive algorithm
  * 9.2.0334: GTK: window geometry shrinks with with client-side decorations
  * 9.2.0333: filetype: PklProject files are not recognized
  * 9.2.0332: popup: still opacity rendering issues
  * 9.2.0331: spellfile: stack buffer overflows in spell file generation
  * 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough
  * 9.2.0329: tests: test_indent.vim leaves swapfiles behind
  * 9.2.0328: Cannot handle mouseclicks in the statusline
  * 9.2.0327: filetype: uv scripts are not detected
  * 9.2.0326: runtime(tar): but with dotted path
  * 9.2.0325: runtime(tar): bug in zstd handling
  * 9.2.0324: 0x9b byte not unescaped in <Cmd> mapping
  * 9.2.0323: filetype: buf.lock files are not recognized
  * 9.2.0322: tests: test_popupwin fails
  * 9.2.0321: MS-Windows: No OpenType font support
  * 9.2.0320: several bugs with text properties
  * 9.2.0319: popup: rendering issues with partially transparent popups
  * 9.2.0318: cannot configure opacity for popup menu
  * 9.2.0317: listener functions do not check secure flag
  * 9.2.0316: [security]: command injection in netbeans interface via defineAnnoType
  * 9.2.0315: missing bound-checks
  * 9.2.0314: channel: can bind to all network interfaces
  * 9.2.0313: Callback channel not registered in GUI
  * 9.2.0312: C-type names are marked as translatable
  * 9.2.0311: redrawing logic with text properties can be improved
  * 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys()
  * 9.2.0309: Missing out-of-memory check to may_get_cmd_block()
  * 9.2.0308: Error message E1547 is wrong
  * 9.2.0307: more mismatches between return types and documentation
  * 9.2.0306: runtime(tar): some issues with lz4 support
  * 9.2.0305: mismatch between return types and documentation
  * 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix
  * 9.2.0303: tests: zip plugin tests don't check for warning message properly
  * 9.2.0302: runtime(netrw): RFC2396 decoding double escaping spaces
  * 9.2.0301: Vim9: void function return value inconsistent
  * 9.2.0300: The vimball plugin needs some love
  * 9.2.0299: runtime(zip): may write using absolute paths
  * 9.2.0298: Some internal variables are not modified
  * 9.2.0297: libvterm: can improve CSI overflow code
  * 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c
  * 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak'
  * 9.2.0294: if_lua: lua interface does not work with lua 5.5
  * 9.2.0293: :packadd may lead to heap-buffer-overflow
  * 9.2.0292: E340 internal error when using method call on void value
  * 9.2.0291: too many strlen() calls
  * 9.2.0290: Amiga: no support for AmigaOS 3.x
  * 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting
  * 9.2.0288: libvterm: signed integer overflow parsing long CSI args
  * 9.2.0287: filetype: not all ObjectScript routines are recognized
  * 9.2.0286: still some unnecessary (int) casts in alloc()
  * 9.2.0285: :syn sync grouphere may go beyond end of line
  * 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count
  * 9.2.0283: unnecessary (int) casts before alloc() calls
  * 9.2.0282: tests: Test_viminfo_len_overflow() fails
  * 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows

- bsc#1264066 - VUL-0: CVE-2025-54518: xen: AMD-SN-7052: CPU OP
  Cache Corruption
  6a034fca-x86-mitigate-AMD-SN-7052.patch
- Upstream security patches
  69f0ab8b-gnttab-split-gnttab_map_frame.patch (bsc#1262180)
  69f0ab8b-xenstored-make-conn_delete_all_transactions-idempotent.patch (bsc#1262178)
- Drop old security patches in favor of upstream versions.
  xsa484.patch
  xsa486.patch

- Upstream bug fixes (bsc#1027519)
  69d4ab43-EFI-avoid-OOB-config-file-reads.patch
  69d8ed8e-x86-time-dont-kill-calibration-timer-on-S3.patch
  69e0e400-x86-use-native-TSC-scaling-factors-when-.patch
  69e0e401-CPU-round-cpu_khz-calculations.patch
  69e26ac9-x86-mkelf32-actually-pad-segment-to-2Mb.patch
- bsc#1262428 - VUL-0: CVE-2025-54505: xen: Floating Point Divider
  State Sampling on AMD CPUs AMD-SN-7053 (XSA-488)
  69e26aca-x86-mitigate-AMD-SN-7053-FP-DSS.patch

- bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via
  XS_RESET_WATCHES command (XSA-484)
  xsa484.patch
- bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in
  status page mapping (XSA-486)
  xsa486.patch

- Update to Xen 4.20.3 bug fix release (bsc#1027519) (jsc#PED-8907)
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  691b3550-x86-ucode-add-rows-to-entrysign-table.patch
  69247713-x86-ucode-error-handling-parallel.patch
  6926be59-x86-vMSI-X-refcount.patch
  6926e01d-x86-vHPET-IRQ-route-sanitization.patch
  692896dc-x86-AMD-Zenbleed-mitigation-static.patch
  692dc059-x86-AMD-DE_CFG-editing.patch
  693a85c2-x86-PoD-decrease_reservation-clearing-M2P.patch
  693a85d6-x86-update-log-dirty-bitmap-when-.patch
  695f816a-x86-HVM-more-strict-XENMAPSPACE_gmfn-source-types.patch
  6964e408-x86-retval-of-has_if_pschange_mc.patch
  6978b5a5-x86-shadow-dont-overrun-trace_emul_write_val.patch
  6978b5bf-x86-spec-ctrl-incomplete-IBPB-at-cswitch.patch
  6978c4b0-x86-AMD-fold-another-DE_CFG-edit.patch
  xsa480.patch
  xsa481.patch