suse-sle-micro-5-5-v20260126-x86_64-llc Package Source Changes

gpg2

- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
  * gpg: Fix possible memory corruption in the armor parser [T7906]
  * Add gnupg-CVE-2025-68973.patch

- Security fix: [bsc#1256246] (gpg.fail/sha1)
  * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
  * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch

- Security fix: [bsc#1256244] (gpg.fail/detached)
  * gpg: Error out on unverified output for non-detached signatures [T7903]
  * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch

- Security fix: [bsc#1256390] (gpg.fail/notdash)
  * gpg2: Cleartext Signature Forgery in the NotDashEscaped header
    implementation in GnuPG
  * Add patch gnupg-notdash-escape.patch
  * Add patch compat_flags_base.patch
  * Add patch parse_compat_flags.patch

util-linux

- Fix heap buffer overread in setpwnam() when processing 256-byte
  usernames (bsc#1254666, CVE-2025-14104,
  util-linux-CVE-2025-14104-1.patch,
  util-linux-CVE-2025-14104-2.patch).

- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
  util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).

libsodium

- Security fix: [bsc#1256070, CVE-2025-15444]
  * check Y==Z in addition to X==0
  * Add patch libsodium-CVE-2025-15444.patch

libtasn1

- Security fix: [bsc#1256341, CVE-2025-13151]
  * Stack-based buffer overflow. The function asn1_expend_octet_string()
    fails to validate the size of input data resulting in a buffer overflow.
  * Add libtasn1-CVE-2025-13151.patch

podman

- Add patch for CVE-2025-47914 (bsc#1253993):
  * 0012-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
  * 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
  * 0006-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
  * 0007-Fix-Remove-appending-rw-as-the-default-mount-option.patch
  * 0008-CVE-2025-6032-machine-init-fix-tls-check.patch
  * 0009-CVE-2025-9566-kube-play-don-t-follow-volume-symlinks.patch
  * 0010-vendor-buildah-Don-t-set-ambient-capabilities.patch
  * 0011-CVE-2025-52881-backport-subset-of-patch-from-runc.patch
- Removed patch (merged into the added patch):
  * 0012-CVE-2025-47913-ssh-agent-return-an-error-for-unexpec.patch

util-linux-systemd

- Fix heap buffer overread in setpwnam() when processing 256-byte
  usernames (bsc#1254666, CVE-2025-14104,
  util-linux-CVE-2025-14104-1.patch,
  util-linux-CVE-2025-14104-2.patch).

- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
  util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).