- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
  (gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)

- Stop adding pam_env in AUTH stack, and be sure to put this module at the
  really end of the SESSION stack.
  [bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]

- Drop support for shorthand URLs
  * Breaking change to fix CVE-2024-10524.
  [+ drop-support-for-shorthand-URLs.patch, bsc#1233773]

- do not change the current directory when cloning an open
  directory handle [bnc#1244079] [CVE-2025-40909]
  new patch: perl-dirdup.diff

- pam_namespace: convert functions that may operate on a user-controlled path
  to operate on file descriptors instead of absolute path. And keep the
  bind-mount protection from protect_mount() as a defense in depthmeasure.
  [bsc#1244509
  pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
  pam_namespace-fix-potential-privilege-escalation.patch,
  pam_namespace-add-flags-to-indicate-path-safety.patch,
  pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
  changes from upstream commits: ds6242a, bc856cd.
  * pam_namespace fix logic in return value handling
  * pam_namespace move functions around

- pam_env: Change the default to not read the user .pam_environment file
  [bsc#1243226, CVE-2025-6018,
  pam_env-change-the-default-to-not-read-the-user-env.patch]

n/a