hide livepatches, and new postgresql18 packages

PR: products/PackageHub!300

0Backports/Backports.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan  5 10:38:32 UTC 2026 - Wolfgang Engel <wolfgang.engel@suse.com>
+
+- Backports.productcompose:
+  + add to backports_unneeded, remove xen related packages (bsc#1253226)
+      xen-tools-xendomains-wait-disk
+
 -------------------------------------------------------------------
 Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
 

0Backports/Backports.productcompose

@@ -140,6 +140,7 @@ packagesets:
   - geoipupdate-legacy
   - geolite2legacy
   - gio-branding-upstream
+  - glibc-livepatches
   - grpc-source
   - kernel-azure-livepatch-devel
   - kernel-default-livepatch-devel
@@ -151,6 +152,10 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_6-rt
   - kernel-livepatch-6_12_0-160000_7-default
   - kernel-livepatch-6_12_0-160000_7-rt
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_8-rt
+  - kernel-livepatch-6_12_0-160000_9-default
+  - kernel-livepatch-6_12_0-160000_9-rt
   - kernel-rt-livepatch
   - kernel-rt-livepatch-devel
   - krb5-mini
@@ -205,6 +210,7 @@ packagesets:
   - ocfs2-kmp-default
   - ocfs2-kmp-rt
   - openssl_tpm2
+  - openssl-3-livepatches
   - pam-extra-32bit
   - patterns-base-kernel_livepatching
   - patterns-base-transactional_base
@@ -226,6 +232,7 @@ packagesets:
   - patterns-base-update_test
   - plymouth-branding-upstream
   - postgresql17-devel-mini
+  - postgresql18-devel-mini
   - protobuf21-source
   - reproducible-faketools
   - reproducible-faketools-ant
@@ -281,6 +288,7 @@ packagesets:
   - xen-doc-html
   - xen-tools
   - xen-tools-domU
+  - xen-tools-xendomains-wait-disk
   - yum-utils
 
 # TODO: unneeded Leap package per architecture
@@ -5515,6 +5523,17 @@ packagesets:
   - postgresql17-pltcl
   - postgresql17-server
   - postgresql17-server-devel
+  - postgresql18
+  - postgresql18-contrib
+  - postgresql18-devel
+  - postgresql18-docs
+  - postgresql18-pgaudit
+  - postgresql18-pgvector
+  - postgresql18-plperl
+  - postgresql18-plpython
+  - postgresql18-pltcl
+  - postgresql18-server
+  - postgresql18-server-devel
   - powerman
   - powerman-devel
   - powertop

patchinfo.20251218142204589141.93181000773252/_patchinfo

@@ -0,0 +1,123 @@
+<patchinfo incident="packagehub-62">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+Thu Dec 18 03:54:10 UTC 2025 - okurz@suse.com
+
+- Update to version 5.1766014013.377e64fe:
+  * feat(Needle::Save): Adapt to new error handling
+  * feat(OpenQA::Git): Make error handling more flexible with exceptions
+
+- Update to version 5.1765887110.8fc02990:
+  * Avoid partial deletion of a screenshot if Minion job is aborted
+  * Add `SignalBlocker` to delay signal handling during critical sections
+
+- Update to version 5.1765805960.2112d43d:
+  * fix(codecov): Fix wrong casing for 'fully_covered' entries
+
+- Update to version 5.1765535865.b566a24c:
+  * fix(codecov): Be strict about coverage thresholds
+  * Show jobs that have been cloned when `t` parameter is used on overview
+
+- Update to version 5.1765469360.5c0525b5:
+  * worker: Add coverage for OVS DBus checks
+  * Fix overview when filtering by test and module result at the same time
+  * Return signal as part of run_cmd result
+  * Add scanner for untracked screenshots
+  * KTAP: Properly hide details of a skipped subtest
+  * docs: Restory logic of the sentence about NFT vs firewalld
+  * docs: Clarify DHCP/RA availability on MM networks
+  * feat: Allow to configure key+secret with env variables
+
+- Update to version 5.1765286149.3debb8ea:
+  * KTAP: Don't increment parsed_lines_count in "SKIP" lines
+  * KTAP: Define unparsed_lines and parsed_lines_count
+
+- Update to version 5.1765217707.d6e697fd:
+  * Test commenting on overview page together with TODO filter
+  * Fix job IDs that are considered for mass-commenting on overview page
+
+- Update to version 5.1765009312.be30f6e0:
+  * README: Remove left-over empty badge reference
+
+Changes in os-autoinst:
+
+- Update to version 5.1767623406.688dd0e:
+  * os-autoinst-generate-needle-preview: Embed PNG
+  * Tweak curl call not to hang
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+
+- Update to version 5.1766037062.44c7d2a:
+  * Tweak curl call not to hang
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+
+- Update to version 5.1765976654.0026f92:
+  * Fix opencv dependency due to upstream changes
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Improve documentation strings for get/check_var
+
+- Update to version 5.1765808557.b89e9b4:
+  * Restore package  builds on older openSUSE versions
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+
+- Update to version 5.1765804109.1e7c99a:
+  * Remove `ShellCheck` from devel dependencies on s390x
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+
+- Update to version 5.1765533145.a82864c:
+  * Remove obsolete 'bin/' folder
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+
+- Update to version 5.1765450253.f16e6ac:
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Improve documentation strings for get/check_var
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+  * Fix regression from abcaa66b by disabling virtio-keyboard by default
+  * distribution: Add "disable_key_repeat"
+  * Use 'virtio-keyboard' by default to allow fixing key repetition errors
+
+- Update to version 5.1765311639.7e3a762:
+  * Simplify the code to increment the counter
+  * audio: Allow for multiple audio recordings per test
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+  * Fix regression from abcaa66b by disabling virtio-keyboard by default
+  * Add IPv6 support for multi machine tests
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1766014013.377e64fe9:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>

patchinfo.20251227105549305039.187004354831441/_patchinfo

@@ -1,31 +0,0 @@
-<patchinfo>
-  <packager>DocB</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for gnuhealth, trytond, tryton</summary>
-  <description>This update for gnuhealth, trytond, tryton fixes the following issues:
-
-Changes in gnuhealth:
-
-version 5.0.2
-
-  * inconsistent naming of package and directories, switch to local copy
-  * gnuhealth.keyring removed due to local copy
-  * Remove unused dependencies from health module
-  * Wrong cursor field teeth (dentistry module)
-  * remove pillow dependency from lab and dentistry
-
-Changes in trytond:
-
-- Version 7.0.42 - Bugfix Release
-- Version 7.0.36 - Security Release for issue #14220
-
-Changes in tryton:
-
-- Version 7.0.31 - Bugfix Release
-</description>
-  <package>gnuhealth</package>
-  <package>trytond</package>
-  <package>tryton</package>
-  <seperate_build_arch/>
-</patchinfo>

patchinfo.20260106100749431638.93181000773252/_patchinfo

@@ -0,0 +1,24 @@
+<patchinfo incident="packagehub-63">
+  <issue tracker="cve" id="2025-58181"/>
+  <issue tracker="cve" id="2025-47913"/>
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="cve" id="2025-47914"/>
+  <issue tracker="cve" id="2025-47911"/>
+  <issue tracker="bnc" id="1253512">VUL-0: CVE-2025-47913: trivy: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="bnc" id="1253977">VUL-0: CVE-2025-47914: trivy: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1251547">VUL-0: CVE-2025-58190: trivy: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1251363">VUL-0: CVE-2025-47911: trivy: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1253786">VUL-0: CVE-2025-58181: trivy: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <packager>dirkmueller</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+- Update to version 0.68.2:
+  * release: v0.68.2 [release/v0.68] (#9950)
+  * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949)
+  * ci: enable `check-latest` for `setup-go` [backport: release/v0.68] (#9946)
+</description>
+  <package>trivy</package>
+</patchinfo>

patchinfo.20260106101959221503.93181000773252/_patchinfo

@@ -0,0 +1,33 @@
+<patchinfo>
+  <issue tracker="bnc" id="1239678">VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c</issue>
+  <issue tracker="cve" id="2025-2337">VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c</issue>
+  <issue tracker="cve" id="2025-2338">VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c</issue>
+  <issue tracker="bnc" id="1239677">VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for matio</summary>
+  <description>This update for matio fixes the following issues:
+
+- update to version 1.5.29:
+  * Fix printing rank-1-variable in Mat_VarPrint
+  * Fix array index out of bounds in Mat_VarPrint when printing
+    UTF-8 character data (boo#1239678, CVE-2025-2337)
+  * Fix heap-based buffer overflow in strdup_vprintf
+    (boo#1239677, CVE-2025-2338)
+  * Changed Mat_VarPrint to print all values of rank-2-variable
+  * Several other fixes, for example for access violations in
+    Mat_VarPrint
+
+- Update to version 1.5.28:
+  * Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character
+    array to compressed v5 MAT file (regression of v1.5.12).
+  * Fixed bug reading all-zero sparse array of v4 MAT file
+    (regression of v1.5.18).
+  * Updated C99 snprintf.c.
+  * CMake: Enabled testing.
+  * Several other fixes, for example for access violations in
+    Mat_VarPrint.
+</description>
+  <package>matio</package>
+</patchinfo>

patchinfo.20260107170113751929.93181000773252/_patchinfo

@@ -0,0 +1,76 @@
+<patchinfo incident="packagehub-65">
+  <packager>sbradnick</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for ranger</summary>
+  <description>This update for ranger fixes the following issues:
+
+- Update to version 1.9.4+git20250910.3f7a3546:
+  * img_display: Avoid unicode escape sequences for Ueberzug input
+  * man: fix documentation of which license ranger uses exactly
+  * rifle: fixed+clarified usage string
+
+- Update to version 1.9.4+git20250604.7e38143:
+  * fixed bug with command info staying
+  * Revert "fixed open_with bugginess"
+  * fixed open_with bugginess
+  * commands: Reword comment for brevity and accuracy
+  * GHActions: Pass config_files rather than boolean to flake8
+  * commands: Disable invalid-name and too-many-lines pylints
+  * Pylint: Disable invalid-name and too-many-lines for commands.py
+  * add :unnarrow to disable :narrow mode
+  * rifle: Update version
+
+- Update to version 1.9.4+git20250305.7ad50fa:
+  * 7-zip now has an official Linux version (7zz)
+  * add: support for tilde in bookmarks
+  * img_display: address PR feedback
+  * docs: kitty image previews are supported in other terminals now
+  * img_display: auto-detect support for kitty image previews
+  * rifle(terminals): support auto-detecting ghostty terminal emulator
+  * Modified order of expantions in peview_script
+  * Add GNOME papers to document viewers
+  * Added ability to use environmental variables in preview_script option
+  * doc: Regenerate man pages to have the proper version
+  * Makefile: Update version Grep since adding logo to README
+  * ranger/__init__: Caught another unbumped version
+  * mime.types: Add .nim extension for text/plain
+  * Fixed mistooks of nim scripts as a video aNIMations in rifle.conf
+  * GHActions: Pypy don't run old Flake8/Pylint
+  * GHActions: Use Pypy 3.10
+  * actions: Use keywords for rifle.execute
+  * runner: Allow action as positional argument
+  * ui: Refresh window in initialize
+  * ui: endwin already sets cursor to normal visibility
+  * requirements: Add setuptools
+  * img_display: Silence no-member false positive
+  * core/main: Drop unused variable prefix_length
+  * core,ext: Avoid return in finally shadowing return value
+  * test_py2_compat: Prevent use of yield from
+  * core,ext: Reduce positional arguments where possible
+  * pager,history: Replace branch with min/max builtins
+  * Pylint: Update custom checker for compatibility with 3.3.1
+  * GHActions: Bump action versions
+  * README: Use forge-agnostic URL
+  * README: Capitalize ranger
+  * README: Bump version
+  * README: Replace Travis with GHActions badge
+  * README: Center header
+  * make logo in readme wider
+  * move the ranger logo to the very top
+  * Add option confirm_on_trash
+  * Fix typos
+  * Add IINA to rifle.conf
+  * browsercolumn: ANSI escape codes support
+  * #1182: Fix signals for OS X
+
+- Update to version 1.9.3+git20240801.bd9b37f:
+  * properly decode file:// urls given to ranger as argument (fixes #2900)
+  * fix #2873 WM_NAME now shows "not accessible" in non-existent directories
+  * Fixed inconsistency in ranger documentation where it was stated that commanding 'linemode humanreadablesizemtime' changed the linemode to display human readable modification time and file size, but the correct command for this is 'linemode sizehumanreadablemtime'
+  * README: fix link formatting on github's markdown renderer
+  * README: add liberapay badge
+  * Mention viewmode key binding in man
+</description>
+  <package>ranger</package>
+</patchinfo>

patchinfo.20260108114750488113.93181000773252/_patchinfo

@@ -0,0 +1,19 @@
+<patchinfo incident="packagehub-64">
+  <issue tracker="cve" id="2026-0628">VUL-0: CVE-2026-0628: chromium: Insufficient policy enforcement in WebView tag fixed in 143.0.7499.192</issue>
+  <issue tracker="bnc" id="1256067">VUL-0: CVE-2026-0628: chromium: Insufficient policy enforcement in WebView tag fixed in 143.0.7499.192</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 143.0.7499.192 (boo#1256067):
+  * CVE-2026-0628: Insufficient policy enforcement in WebView tag
+
+- Chromium 143.0.7499.169 (stable released 2025-12-18)
+  * no cve listed yet
+</description>
+  <package>chromium</package>
+</patchinfo>