suse-sles-sap-15-sp7-v20251002-x86_64-ltd Package Source Changes

azure-cli

- Add azure-storage-azcopy to Recommends (bsc#1245160, jsc#PED-13198)

bind

- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
  * bind-ensure-file-descriptors-0-2-are-in-use-before-using-.patch

iproute2

- add post-6.4 follow-up fixes (bsc#1243005)
  * patches/bond-fix-stack-smash-in-xstats.patch
  * patches/tc-gred-fix-debug-print.patch

- sync UAPI header copies with SLE15-SP6 kernel
  * sync-UAPI-header-copies-with-SLE15-SP6.patch
- drop Update-kernel-headers.patch
  (no longer needed with full UAPI sync)

- devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660)
  * add Update-kernel-headers.patch
  * add devlink-Support-setting-port-function-ipsec_crypto-c.patch
  * add devlink-Support-setting-port-function-ipsec_packet-c.patch
  * refresh ss-Tone-down-cgroup-path-resolution.patch

- add post-6.4 follow-up fix (bsc#1243005)
  * ss-show-extra-info-when-processes-is-not-used.patch

- add post-6.4 follow-up fixes (bsc#1243005):
  * bpf-fix-warning-from-basename.patch
  * bridge-fdb-add-an-error-print-for-unknown-command.patch
  * bridge-vni-Accept-del-command.patch
  * bridge-vni-Fix-duplicate-group-and-remote-error-mess.patch
  * bridge-vni-Fix-vni-filter-help-strings.patch
  * bridge-vni-Remove-dead-code-in-group-argument-parsin.patch
  * bridge-vni-Report-duplicate-vni-argument-using-dupar.patch
  * f_flower-Treat-port-0-as-valid.patch
  * genl-ctrl.c-spelling-fix-in-error-message.patch
  * ip-Add-missing-echo-option-to-usage.patch
  * ip-Add-missing-stats-command-to-usage.patch
  * ip-ipmroute-use-preferred_family-to-get-prefix.patch
  * ip-remove-non-existent-amt-subcommand-from-usage.patch
  * iplink-fix-fd-leak-when-playing-with-netns.patch
  * iplink_bridge-fix-incorrect-root-id-dump.patch
  * iplink_xstats-spelling-fix-in-error-message.patch
  * iproute2-fix-type-incompatibility-in-ifstat.c.patch
  * iproute2-prevent-memory-leak.patch
  * libnetlink-validate-nlmsg-header-length-first.patch
  * man-devlink-resource-add-missing-words-in-the-exampl.patch
  * mnl_utils-sanitize-incoming-netlink-payload-size-in-.patch
  * rdma-Fix-help-information-of-rdma-resource.patch
  * rdma-Fix-the-error-of-accessing-string-variable-outs.patch
  * rdma-use-print_XXX-instead-of-COLOR_NONE.patch
  * ss-Fix-socket-type-check-in-packet_show_line.patch
  * ss-fix-directory-leak-when-T-option-is-used.patch
  * ss-mptcp-display-info-counters-as-unsigned.patch
  * ss-prevent-Process-column-from-being-printed-unless-.patch
  * tc-taprio-don-t-print-netlink-attributes-which-weren.patch
  * tc-taprio-fix-JSON-output-when-TCA_TAPRIO_ATTR_ADMIN.patch
  * tc-taprio-fix-parsing-of-fp-option-when-it-doesn-t-a.patch
  * vdpa-consume-device_features-parameter.patch
- add to blacklist:
  * af0ea2cd0b9e (duplicate of 92eac7e4bf14)
- refresh:
  * ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch
  * add-explicit-typecast-to-avoid-gcc-warning.patch
  * use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch

cairo

- Add b5752618.patch:
  Backport from William Bader's request 621, Fix NULL access
  in active_edges_to_traps().
  https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621/diffs
  https://gitlab.freedesktop.org/williamb/cairo/-/commit/b5752618
  (CVE-2025-50422, bsc#1247589)

- Switch back to using source service.

- Update to version 1.18.4:
  + The dependency on LZO has been made optional through a build
    time configuration toggle.
  + You can build Cairo against a Freetype installation that does
    not have the FT_Color type.
  + Cairo tests now build on Solaris 11.4 with GCC 14.
  + The DirectWrite backend now builds on MINGW 11.
  + The DirectWrite backend now supports font variations and proper
    glyph coverage.
  + Support for Windows 98 has been removed. The minimum
    requirement for Windows is now Vista.
- Use tarball in lieu of source service due to freedesktop gitlab
  migration, will switch back at next release at the latest.
- Drop b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: Fixed
  upstream.
- Add pkgconfig(lzo2) BuildRequires: New optional dependency, build
  lzo2 support feature.

- Convert to source service: allows for easier upgrades by the
  GNOME team.

- Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't
  fail if no local subs. Fix regression when writing PDFs with
  fonts.

- Update to version 1.18.2:
  + The malloc-stats code has been removed from the tests directory
    the canonical location for it is:
    https://github.com/behdad/malloc-stats
  + Cairo now requires a version of pixman equal to, or newer than,
    0.40.
  + There have been multiple build fixes for newer versions of GCC
    for MSVC; for Solaris; and on macOS 10.7.
  + PNG errors caused by loading malformed data are correctly
    propagated to callers, so they can handle the case.
  + Both stroke and fill colors are now set when showing glyphs on
    a PDF surface.
  + All the font options are copied when creating a fallback font
    object.
  + When drawing text on macOS, Cairo now tries harder to select
    the appropriate font name.
  + Cairo now prefers the COLRv1 table inside a font, if one is
    available.
  + Cairo requires a C11 toolchain when building.

libssh

- Security fix: [CVE-2025-8277, bsc#1249375]
  * Memory Exhaustion via Repeated Key Exchange
  * Add patches:
  - libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
  - libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
  - libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch

- Security fix: [CVE-2025-8114, bsc#1246974]
  * NULL pointer dereference when calculating session ID during KEX
  * Add libssh-CVE-2025-8114.patch

python-certifi

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-decorator

- Add python36-decorator provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-idna

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-importlib-metadata

- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-packaging

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pyasn1

- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pycparser

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-python-dateutil

- Add python36-python-dateutil provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pytz

- Add python36-pytz provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-py

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-requests

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-six

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

sysconfig

- version 0.85.10
  * codespell run for all repository files and changes file
  * spec: define permissions for ghost file attrs to avoid
    rpm --restore resets them to 0 (bsc#1237595).
  * spec: fix name-repeated-in-summary rpmlint warning

sysstat

- Still related to bsc#1244553, removal of broken symlinks
  during the post-install phase.