- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
  in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
  glgo#GNOME/glib#3851).

- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
  * gpg: Fix possible memory corruption in the armor parser [T7906]
  * Add gnupg-CVE-2025-68973.patch

- Security fix: [bsc#1256246] (gpg.fail/sha1)
  * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
  * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch

- Security fix: [bsc#1256244] (gpg.fail/detached)
  * gpg: Error out on unverified output for non-detached signatures [T7903]
  * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch

- Security fix: [bsc#1256243]
  * gpg2 agent: Fix a memory leak
  * Add patch gnupg-agent-memleak.patch

- Security fix: [bsc#1256390] (gpg.fail/notdash)
  * gpg2: Cleartext Signature Forgery in the NotDashEscaped header
    implementation in GnuPG
  * Add patch gnupg-notdash-escape.patch

- Add avahi-CVE-2025-68276.patch:
  Backport 0c013e2 from upstream, refuse to create wide-area record
  browsers when wide-area is off.
  (CVE-2025-68276, bsc#1256498)

- Add avahi-CVE-2025-68471.patch:
  Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
  return.
  (CVE-2025-68471, bsc#1256500)

- Add avahi-CVE-2025-68468.patch:
  Backport f66be13 from upstream, fix DoS bug by removing incorrect
  assertion.
  (CVE-2025-68468, bsc#1256499)

- Fix heap buffer overread in setpwnam() when processing 256-byte
  usernames (bsc#1254666, CVE-2025-14104,
  util-linux-CVE-2025-14104-1.patch,
  util-linux-CVE-2025-14104-2.patch).

- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
  util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).

- Security fixes:
  * Missing ASN1_TYPE validation in PKCS#12 parsing
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
  - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
  - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
  - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
  - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
  - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
  - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]

- Security fixes:
  * Missing ASN1_TYPE validation in PKCS#12 parsing
  - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
  - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
  - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
  - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
  - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
  - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
  - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * Stack buffer overflow in CMS AuthEnvelopedData parsing
  - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
  - openssl-CVE-2025-15467-comments.patch
  - openssl-CVE-2025-15467-test.patch

- security update
- added patches
  CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
  CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
  * libpng16-CVE-2025-28162,28164.patch

- security update
- added patches
  CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read
  * libpng16-CVE-2026-22695.patch
  CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_*
  * libpng16-CVE-2026-22801.patch

- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
  CVE-2025-13836) to prevent reading an HTTP response from
  a server, if no read amount is specified, with using
  Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
  behavior in node ID cache clearing (CVE-2025-12084,
  bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
  against OOM when loading malicious content (CVE-2025-13837,
  bsc#1254401).

- Security fix: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277]
  * check Y==Z in addition to X==0
  * Add patch libsodium-CVE-2025-15444.patch

- Security fix: [bsc#1256341, CVE-2025-13151]
  * Stack-based buffer overflow. The function asn1_expend_octet_string()
    fails to validate the size of input data resulting in a buffer overflow.
  * Add libtasn1-CVE-2025-13151.patch

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-pytz provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

- Add CVE-2025-68480.patch to fix CVE-2025-68480 (bsc#1255473)

- Add patch pep-0639.patch to implement basic PEP 639 support,
  jsc#PED-14457, bsc#1254255
- Skip failing test test_debugging_tips

- Changes to version 3.2.12
  + Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
  + Run in containers without errors (bsc#1245667, PR#272)
  + Removed pmap PID from memory.txt (bsc#1246011, PR#263)
  + Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
  + Improved database perforce with kGraft patching (bsc#1249657, PR#273)
  + Using last boot for journalctl for optimization (bsc#1250224, PR#287)
  + Fixed extraction failures (bsc#1252318, PR#275)
  + Update supportconfig.conf path in docs (bsc#1254425, PR#281)
  + drm_sub_info: Catch error when dir doesn't exist (PR#265)
  + Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
  + Add process affinity to slert logs (PR#269)
  + Reintroduce cgroup statistics (and v2) (PR#270)
  + Minor changes to basic-health-check: improve information level (PR#271)
  + Collect important machine health counters (PR#276)
  + powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
  + podman: collect podman disk usage (PR#279)
  + Exclude binary files in crondir (PR#282)
  + kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
  + Use short-iso for journalctl (PR#288)

- Changes to version 3.2.11
  + Collect rsyslog frule files (bsc#1244003, pr#257)
  + Remove proxy passwords (bsc#1244011, pr#257)
  + Missing NetworkManager information (bsc#1241284, pr#257)
  + Include agama logs bsc#1244937, pr#256)
  + Additional NFS conf files (pr#253)
  + New fadump sysfs files (pr#252)
  + Fixed change log dates

- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
  with shadow paging + tracing (XSA-477)
  xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
  for vCPU isolation (XSA-479)
  xsa479.patch