- Fix unbounded NSEC3 iterations when validating referrals to
  unsigned delegations.
  (CVE-2026-1519)
  [bsc#1260805, bind-9.16-CVE-2026-1519.patch]

- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  * grub2-btrfs-09-get-default-subvolume.patch

- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- commit 4d23627

- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes bsc#1215492).
- commit b85a9eb

- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in
  pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
  (git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- commit 2b4e030

- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
  (CVE-2026-23274 bsc#1260005).
- commit 523e0c7

- netfilter: nf_tables: unconditionally bump set->nelems before
  insertion (CVE-2026-23272 bsc#1260009).
- commit 9195450

- Refresh
  patches.suse/iommu-disable-SVA-when-CONFIG_X86-is-set.patch.
  Move the condition check before iommu_group_get() to prevent
  reference count leak.
- commit 46c4966

- drm/vmwgfx: Return the correct value in vmw_translate_ptr
  functions (CVE-2026-23317 bsc#1260562).
- commit 3e86a3e

- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit 707a5c5

- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit 58ab8fc

- Delete
  patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
  Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
  completion in abort path'), locally contained in patch
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
  has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
  Intead of committing a revert patch, just remove this patch.
- commit 05a58b7

- Delete
  patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
  patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
  Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
  completion in abort path'), locally contained in patch
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
  has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
  Intead of committing a revert patch, just remove this patch.
  This also requires removing our local patch
  scsi-qla2xxx-Complete-command-early-within-lock.patch,
  since this modified the code that was previously added in
  scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 9a39993

- kABI fix for ipvlan: Make the addrs_lock be per port
  (CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
  bsc#1257773).
- commit d6cd4ec

- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 3cdc4b6

- Use unified maintainers' email address
- commit 8028c58

- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
  0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:

- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
  * Backport from ncurses-6.5-20251213.patch

- added patches
  https://github.com/nghttp2/nghttp2/commit/61caf66f1b002105e5603fba030de57d445330a8
  * nghttp2-TZ-fix-test-failure.patch

- added patches
  CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
  * nghttp2-CVE-2026-27135.patch

- Security fix:
  * CVE-2026-28390: NULL pointer dereference during processing of a crafted
    CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
  * Add openssl-CVE-2026-28390.patch

- Security fixes:
  * CVE-2026-28387: Potential use-after-free in DANE client code
    (bsc#1260441)
  * CVE-2026-28388: NULL Pointer Dereference When Processing a
    Delta (bsc#1260442)
  * CVE-2026-28389: Possible NULL dereference when processing CMS
    KeyAgreeRecipientInfo (bsc#1260443)
  * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
    (bsc#1260444)
  * NULL pointer dereference when processing an
    OCSP response (bsc#1260446)
  * Add	patches:
    openssl-CVE-2026-28387.patch
    openssl-CVE-2026-28388.patch
    openssl-CVE-2026-28389.patch
    openssl-CVE-2026-31789.patch
    openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch

- added patches
  CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
  * libpng16-CVE-2026-33416-1.patch
  * libpng16-CVE-2026-33416-2.patch
  * libpng16-CVE-2026-33416-3.patch
  * libpng16-CVE-2026-33416-4.patch

- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
  0001-CVE-2026-4897-getline-string-overflow.patch

- Add Channel Binding support for GSSAPI/GSS-SPNEGO; (bsc#1229655);
  (jsc#PED-12097); Add patch
  0008-Add-Channel-Binding-support-for-GSSAPI-GSS-SPNEGO.patch
- Add support for setting max ssf 0 to GSS-SPNEGO; (bsc#1229655);
  (jsc#PED-12097); Add patch
  0009-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch

- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler  (bsc#1259377)
  Added libssh-CVE-2026-3731.patch

- Security fixes:
  * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
  * CVE-2026-0965: Possible Denial of Service when parsing unexpected
    configuration files (bsc#1258045)
  * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
  * CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
  * CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
  * Add patches:
  - libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
  - libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
  - libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
  - libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
  - libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
  - libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
  - libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch

- Add CVE-2026-32597_crit-header.patch to reject the crit
  (Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
  CVE-2026-32597).

- CVE-2026-35535: potential privilege escalation when running
  the mailer (bsc#1261420)
  * fix-CVE-2026-35535.patch

- Update version to 1.21.1:
  - Fix nil token handling (bsc#1261155)
  - Switch to using go1.24-openssl as the default Go version to
    install to support building the package (jsc#SCC-585).

- Update version to 1.21:
  - Add expanded metric collection for kernel modules and hardware
    detection (jsc#TEL-226).
  - Support new profile based metric collection
  - Fix ignored --root parameter hanbling when reading and
    writing configuration (bsc#1257667)
  - Add expanded metric collection for system vendor/manfacturer
    (jsc#TEL-260).
  - Removed backport patch: fix-libsuseconnect-and-pci.patch
  - Add missing product id to allow yast2-registration to not break (bsc#1257825)
  - Fix libsuseconnect APIError detection logic (bsc#1257825)

- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
  * patch 9.2.0280: [security]: path traversal issue in zip.vim
  * patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
  * patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
  * patch 9.2.0277: tests: test_modeline.vim fails
  * patch 9.2.0276: [security]: modeline security bypass
  * patch 9.2.0275: tests: test_options.vim fails
  * patch 9.2.0274: BSU/ESU are output directly to the terminal
  * patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
  * patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
  * patch 9.2.0271: buffer underflow in vim_fgets()
  * patch 9.2.0270: test: trailing spaces used in tests
  * patch 9.2.0269: configure: Link error on Solaris
  * patch 9.2.0268: memory leak in call_oc_method()
  * patch 9.2.0267: 'autowrite' not triggered for :term
  * patch 9.2.0266: typeahead buffer overflow during mouse drag event
  * patch 9.2.0265: unnecessary restrictions for defining dictionary function names
  * patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
  * patch 9.2.0263: hlset() cannot handle attributes with spaces
  * patch 9.2.0262: invalid lnum when pasting text copied blockwise
  * patch 9.2.0261: terminal: redraws are slow
  * patch 9.2.0260: statusline not redrawn after closing a popup window
  * patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
  * patch 9.2.0258: memory leak in add_mark()
  * patch 9.2.0257: unnecessary memory allocation in set_callback()
  * patch 9.2.0256: visual selection size not shown in showcmd during test
  * patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
  * patch 9.2.0254: w_locked can be bypassed when setting recursively
  * patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
  * patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
  * patch 9.2.0251: Link error when building without channel feature
  * patch 9.2.0250: system() does not support bypassing the shell
  * patch 9.2.0249: clipboard: provider reacts to autoselect feature
  * patch 9.2.0248: json_decode() is not strict enough
  * patch 9.2.0247: popup: popups may not wrap as expected
  * patch 9.2.0246: memory leak in globpath()
  * patch 9.2.0245: xxd: color output detection is broken
  * patch 9.2.0244: memory leak in eval8()
  * patch 9.2.0243: memory leak in change_indent()
  * patch 9.2.0242: memory leak in check_for_cryptkey()
  * patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
  * patch 9.2.0240: syn_name2id() is slow due to linear search
  * patch 9.2.0239: signcolumn may cause flicker
  * patch 9.2.0238: showmode message may not be displayed
  * patch 9.2.0237: filetype: ObjectScript routines are not recognized
  * patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
  * patch 9.2.0235: filetype: wks files are not recognized.
  * patch 9.2.0234: test: Test_close_handle() is flaky
  * patch 9.2.0233: Compiler warning in strings.c
  * patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
  * patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
  * patch 9.2.0230: popup: opacity not working accross vert splits
  * patch 9.2.0229: keypad keys may overwrite keycode for another key
  * patch 9.2.0228: still possible flicker
  * patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
  * patch 9.2.0226: No 'incsearch' highlighting support for :uniq
  * patch 9.2.0225: runtime(compiler): No compiler plugin for just
  * patch 9.2.0224: channel: 2 issues with out/err callbacks
  * patch 9.2.0223: Option handling for key:value suboptions is limited
  * patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
  * patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
  * patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
  * patch 9.2.0219: call stack can be corrupted
  * patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
  * patch 9.2.0217: filetype: cto files are not recognized
  * patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
  * patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
  * patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
  * patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
  * patch 9.2.0212: MS-Windows: version packing may overflow
  * patch 9.2.0211: possible crash when setting 'winhighlight'
  * patch 9.2.0210: tests: Test_xxd tests are failing
  * patch 9.2.0209: freeze during wildmenu completion
  * patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
  * patch 9.2.0207: MS-Windows: freeze on second :hardcopy
  * patch 9.2.0206: MS-Window: stripping all CSI sequences
  * patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
  * patch 9.2.0204: filetype: cps files are not recognized
  * patch 9.2.0203: Patch v9.2.0185 was wrong
  * patch 9.2.0202: [security]: command injection via newline in glob()
  * patch 9.2.0201: filetype: Wireguard config files not recognized
  * patch 9.2.0200: term: DECRQM codes are sent too early
  * patch 9.2.0199: tests: test_startup.vim fails
  * patch 9.2.0198: cscope: can escape from restricted mode
  * patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
  * patch 9.2.0196: textprop: negative IDs and can cause a crash
  * patch 9.2.0195: CI: test-suite gets killed for taking too long
  * patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
  * patch 9.2.0193: using copy_option_part() can be improved
  * patch 9.2.0192: not correctly recognizing raw key codes
  * patch 9.2.0191: Not possible to know if Vim was compiled with Android support
  * patch 9.2.0190: Status line height mismatch in vertical splits
  * patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
  * patch 9.2.0188: Can set environment variables in restricted mode
  * patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
  * patch 9.2.0186: heap buffer overflow with long generic function name
  * patch 9.2.0185: buffer overflow when redrawing custom tabline
  * patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
  * patch 9.2.0183: channel: using deprecated networking APIs
  * patch 9.2.0182: autocmds may leave windows with w_locked set
  * patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
  * patch 9.2.0180: possible crash with winminheight=0
  * patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
  * patch 9.2.0178: DEC mode requests are sent even when not in raw mode
  * patch 9.2.0177: Vim9: Can set environment variables in restricted mode
  * patch 9.2.0176: external diff is allowed in restricted mode
  * patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
  * patch 9.2.0174: diff: inline word-diffs can be fragmented
  * patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
  * patch 9.2.0172: Missing semicolon in os_mac_conv.c
  * patch 9.2.0171: MS-Windows: version detection is deprecated
  * patch 9.2.0170: channel: some issues in ch_listen()
  * patch 9.2.0169: assertion failure in syn_id2attr()
  * patch 9.2.0168: invalid pointer casting in string_convert() arguments
  * patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
  * patch 9.2.0166: Coverity warning for potential NULL dereference
  * patch 9.2.0165: tests: perleval fails in the sandbox
  * patch 9.2.0164: build error when XCLIPBOARD is not defined
  * patch 9.2.0163: MS-Windows: Compile warning for unused variable
  * patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
  * patch 9.2.0161: intro message disappears on startup in some terminals
  * patch 9.2.0160: terminal DEC mode handling is overly complex
  * patch 9.2.0159: Crash when reading quickfix line
  * patch 9.2.0158: Visual highlighting might be incorrect
  * patch 9.2.0157: Vim9: concatenation can be improved
  * patch 9.2.0156: perleval() and rubyeval() ignore security settings
  * patch 9.2.0155: filetype: ObjectScript are not recognized
  * patch 9.2.0154: if_lua: runtime error with lua 5.5
  * patch 9.2.0153: No support to act as a channel server
  * patch 9.2.0152: concatenating strings is slow
  * patch 9.2.0151: blob_from_string() is slow for long strings
  * patch 9.2.0150: synchronized terminal update may cause display artifacts
  * patch 9.2.0149: Vim9: segfault when unletting an imported variable
  * patch 9.2.0148: Compile error when FEAT_DIFF is not defined
  * patch 9.2.0147: blob: concatenation can be improved
  * patch 9.2.0146: dictionary lookups can be improved
  * patch 9.2.0145: UTF-8 decoding and length calculation can be improved
  * patch 9.2.0144: 'statuslineopt' is a global only option
  * patch 9.2.0143: termdebug: no support for thread and condition in :Break
  * patch 9.2.0142: Coverity: Dead code warning
  * patch 9.2.0141: :perl ex commands allowed in restricted mode
  * patch 9.2.0140: file reading performance can be improved
  * patch 9.2.0139: Cannot configure terminal resize event
  * patch 9.2.0138: winhighlight option handling can be improved
  * patch 9.2.0137: [security]: crash with composing char in collection range
  * patch 9.2.0136: memory leak in add_interface_from_super_class()
  * patch 9.2.0135: memory leak in eval_tuple()
  * patch 9.2.0134: memory leak in socket_server_send_reply()
  * patch 9.2.0133: memory leak in netbeans_file_activated()
  * patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
  * patch 9.2.0131: potential buffer overflow in regdump()
  * patch 9.2.0130: missing range flags for the :tab command
  * patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
  * patch 9.2.0128: Wayland: using _Boolean instead of bool type
  * patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
  * patch 9.2.0126: String handling can be improved
  * patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
  * patch 9.2.0124: auto-format may swallow white space
  * patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
  * patch 9.2.0122: Vim still supports compiling on NeXTSTEP
  * patch 9.2.0120: tests: test_normal fails
  * patch 9.2.0119: incorrect highlight initialization in win_init()
  * patch 9.2.0118: memory leak in w_hl when reusing a popup window
  * patch 9.2.0117: tests: test_wayland.vim fails
  * patch 9.2.0116: terminal: synchronized output sequences are buffered
  * patch 9.2.0115: popup: screen flickering possible during async callbacks
  * patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
  * patch 9.2.0113: winhighlight pointer may be used uninitialized
  * patch 9.2.0112: popup: windows flicker when updating text
  * patch 9.2.0111: 'winhighlight' option not always applied