Update submodules from pool/chromium#12 and create patchinfo.20251015125625066283.90520734224245/_patchinfo

PR: products/PackageHub!175

.gitea/workflows/patchinfo_numberator.yaml

@@ -14,19 +14,21 @@ jobs:
           zypper in -y go
       # Generic action from GitHub to clone the product git repo
       - name: Checkout product
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/github-actions-checkout@v4
+        uses: https://src.opensuse.org/actions/github-actions-checkout@v4
         with:
           token: ${{ secrets.REPO_WRITE }}
           repo-sha256: true
 
       - name: Update all new _patchinfo files
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/patchinfo-numbering-action@v0
+        uses: https://src.opensuse.org/actions/patchinfo-numbering-action@v0
+        with:
+          prefix: packagehub-
       - name: Get last commit author
         id: last-commit
         run: |
           echo "author=$(git log -1 --pretty='%an <%ae>')" >> $GITHUB_OUTPUT
       - name: Commit changes back
-        uses: https://gitea-actions-autobuild:${{ secrets.REPO_READ }}@src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
+        uses: https://src.opensuse.org/actions/stefanzweifel-git-auto-commit-action@v5
         with:
           commit_user_name: gitea-actions-autobuild
           commit_user_email: autobuild+gitea@opensuse.org

0Backports/Backports.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, not needed 
+    micro patterns that are coming from SLES
+      patterns-micro-alt_onlyDVD                               
+      patterns-micro-cloud                                     
+      patterns-micro-defaults                                  
+      patterns-micro-fips                                      
+      patterns-micro-hardware                                  
+      patterns-micro-ima-evm                                   
+      patterns-micro-kvm_host                                  
+      patterns-micro-onlyDVD                                   
+      patterns-micro-ra-agent                                  
+      patterns-micro-ra-verifier                               
+      patterns-micro-salt_minion                               
+      patterns-micro-sssd-ldap            
+
 -------------------------------------------------------------------
 Mon Oct  6 14:49:27 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
 

0Backports/Backports.productcompose

@@ -14,7 +14,7 @@ scc:
 
 build_options:
 ### For maintenance, otherwise only "the best" version of each package is picked:
-# - take_all_available_versions
+- take_all_available_versions
 - hide_flavor_in_product_directory_name
 
 ### Since the Backports product build is not self-contained in a single repository,
@@ -32,8 +32,8 @@ debug: split
 repodata: all
 
 # has only an effect during maintenance:
-set_updateinfo_from: maint-coord@suse.de
-# set_updateinfo_id_prefix: openSUSE-Leap-16.0-
+set_updateinfo_from: maintenance@opensuse.org
+set_updateinfo_id_prefix: SUSE-PackageHub-16.0-
 
 flavors:
   backports_aarch64:
@@ -204,7 +204,20 @@ packagesets:
   - pam-extra-32bit
   - patterns-base-kernel_livepatching
   - patterns-base-transactional_base
+  - patterns-micro-alt_onlyDVD
+  - patterns-micro-cloud
+  - patterns-micro-defaults
   - patterns-micro-elemental_client
+  - patterns-micro-defaults
+  - patterns-micro-fips
+  - patterns-micro-hardware
+  - patterns-micro-ima-evm
+  - patterns-micro-kvm_host
+  - patterns-micro-onlyDVD
+  - patterns-micro-ra-agent
+  - patterns-micro-ra-verifier
+  - patterns-micro-salt_minion
+  - patterns-micro-sssd-ldap
   - patterns-sap-bone
   - patterns-base-update_test
   - plymouth-branding-upstream

_config

@@ -143,7 +143,7 @@ Substitute: wallpaper-branding-openSUSE wallpaper-branding-SLE
 %define is_opensuse  1
 %define is_backports 1
 
-%if "%_project" == "openSUSE:Backports:SLE-16.0" || "%_project" == "openSUSE:Backports:SLE-16.0:git"
+%if 0%{?_is_in_project}
 Macros:
 %vendor openSUSE
 %distribution SUSE Linux Enterprise 16
@@ -164,7 +164,7 @@ Macros:
 
 # Leap specific package list, the same list with excludebuild must add to Backports project
 # Most of package should be built in Backports
-%if "%_project" == "openSUSE:Backports:SLE-16.0" || "%_project" == "openSUSE:Backports:SLE-16.0:git"
+%if "%_project" == "openSUSE:Backports:SLE-16.0"
 # we build ffado:ffado-mixer for openSUSE, the main one is built in SLFO
 BuildFlags: excludebuild:ffado
 # build gpgme:qt flavor for qt5 support

patchinfo.20251010110535882810.90520734224245/_patchinfo

@@ -0,0 +1,66 @@
+<patchinfo>
+  <issue tracker="bnc" id="1251334">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11213">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11216">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11207">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11211">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11212">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11210">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250780">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11208">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10890">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11206">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11460">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11219">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250472">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11205">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10891">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11458"/>
+  <issue tracker="cve" id="2025-11215">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11209">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10892">VUL-0: chromium: release 140.0.7339.207</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.76:
+
+  * Do not send URLs as AIM input. This is to resolve a privacy
+    concern, around passing urls to AI Mode.
+
+Chromium 141.0.7390.65 (boo#1251334):
+
+  * CVE-2025-11458: Heap buffer overflow in Sync
+  * CVE-2025-11460: Use after free in Storage
+  * CVE-2025-11211: Out of bounds read in WebCodecs
+
+Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
+
+  * CVE-2025-11205: Heap buffer overflow in WebGPU
+  * CVE-2025-11206: Heap buffer overflow in Video
+  * CVE-2025-11207: Side-channel information leakage in Storage
+  * CVE-2025-11208: Inappropriate implementation in Media
+  * CVE-2025-11209: Inappropriate implementation in Omnibox
+  * CVE-2025-11210: Side-channel information leakage in Tab
+  * CVE-2025-11211: Out of bounds read in Media
+  * CVE-2025-11212: Inappropriate implementation in Media
+  * CVE-2025-11213: Inappropriate implementation in Omnibox
+  * CVE-2025-11215: Off by one error in V8
+  * CVE-2025-11216: Inappropriate implementation in Storage
+  * CVE-2025-11219: Use after free in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
+Chromium 141.0.7390.37 (beta released 2025-09-24)
+
+Chromium 140.0.7339.207 (boo#1250472)
+
+  * CVE-2025-10890: Side-channel information leakage in V8
+  * CVE-2025-10891: Integer overflow in V8
+  * CVE-2025-10892: Integer overflow in V8
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251015125625066283.90520734224245/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo>
+  <issue tracker="bnc" id="1252013">VUL-0: CVE-2025-11756: chromium: Use after free in Safe Browsing</issue>
+  <issue tracker="cve" id="2025-11756"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.107:
+
+* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

workflow.config

@@ -7,7 +7,7 @@
   "NoProjectGitPR": true,
   "Reviewers": [
     "*maintenance-release-review",
-    "+opensuse-review",
+    "*opensuse-review",
     "+legaldb",
     "-autogits_obs_staging_bot",
     "-qam-openqa-review"
@@ -64,7 +64,8 @@
         "mimi_vx",
         "mschnitzer",
         "msmeissn",
-        "openqa-maintenance"
+        "openqa-maintenance",
+        "szarate"
         ],
       "Silent": true
     }