Pull request for optional update for authselect

PR: products/PackageHub!260

.gitmodules

@@ -1150,6 +1150,10 @@
 	path = autocutsel
 	url = ../../pool/autocutsel
 	branch = leap-16.0
+[submodule "authselect"]
+	path = authselect
+	url = ../../pool/authselect
+	branch = leap-16.0
 [submodule "autojump"]
 	path = autojump
 	url = ../../pool/autojump

0Backports/Backports.productcompose

@@ -149,6 +149,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-rt
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_6-rt
+  - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_7-rt
   - kernel-rt-livepatch
   - kernel-rt-livepatch-devel
   - krb5-mini
@@ -1922,6 +1924,27 @@ packagesets:
   - java-21-openjdk-javadoc
   - java-21-openjdk-jmods
   - java-21-openjdk-src
+  - java-22-openjdk
+  - java-22-openjdk-demo
+  - java-22-openjdk-devel
+  - java-22-openjdk-headless
+  - java-22-openjdk-javadoc
+  - java-22-openjdk-jmods
+  - java-22-openjdk-src
+  - java-23-openjdk
+  - java-23-openjdk-demo
+  - java-23-openjdk-devel
+  - java-23-openjdk-headless
+  - java-23-openjdk-javadoc
+  - java-23-openjdk-jmods
+  - java-23-openjdk-src
+  - java-24-openjdk
+  - java-24-openjdk-demo
+  - java-24-openjdk-devel
+  - java-24-openjdk-headless
+  - java-24-openjdk-javadoc
+  - java-24-openjdk-jmods
+  - java-24-openjdk-src
   - java-cup
   - java-cup-manual
   - javacc
@@ -7932,6 +7955,8 @@ packagesets:
   - kernel-kvmsmall
   - kernel-kvmsmall-devel
   - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - libLLVMSPIRVLib19
   - libatopology2
   - libdpdk-25
@@ -8043,6 +8068,8 @@ packagesets:
   - grub2-s390x-emu
   - kernel-default-livepatch
   - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - kernel-zfcpdump
   - kiwi-settings
   - libHBAAPI2
@@ -8182,6 +8209,8 @@ packagesets:
   - kernel-kvmsmall-devel
   - kernel-kvmsmall-vdso
   - kernel-livepatch-6_12_0-160000_5-default
+  - kernel-livepatch-6_12_0-160000_6-default
+  - kernel-livepatch-6_12_0-160000_7-default
   - kiwi-pxeboot
   - kubevirt-virtctl
   - libFLAC++10-x86-64-v3

patchinfo.20251201094854511762.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-41">
+  <issue tracker="bnc" id="1253608">VUL-0: CVE-2025-47913: act: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request</issue>
+  <issue tracker="cve" id="2025-47913">cve#2025-47913 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-47913</issue>
+  <packager>elimat</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for act</summary>
+  <description>This update for act fixes the following issues:
+
+- CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent client when
+  receiving unexpected message types for key listing or signing requests (boo#1253608)
+</description>
+  <package>act</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251201095419906173.93181000773252/_patchinfo

@@ -0,0 +1,56 @@
+<patchinfo incident="packagehub-42">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1764349525.ffb59486:
+  * Also use TIMEOUT_SCALE for priority malus calculation
+  * docs: Fix wrapping and typo
+  * Document multi machine ovs flow setup and IPv6 usage
+  * Avoid computing time constraint for scheduled product cleanup in Perl
+  * rpm: Move `…-enqueue-needle-ref-cleanup` to other `…-enqueue-…` scripts
+  * Add task to limit scheduled products similar to audit events
+  * Extract generic parts from audit event cleanup task into generic task
+  * parser: ktap: Show full output by default if no line was parsed
+  * Ignore npm scripts also via `.npmrc` to make bare npm calls more secure
+  * Avoid repeating `MAIN_SETTINGS` in various places
+  * Fix possibly excessive memory use when computer test result overview
+  * Fix typo in `_prepare_complex_query_search_args`
+  * Fix indentation in `overview.html.ep`
+  * Prevent logging AMQP credentials in debug output
+  * Make restart_openqa_job emit proper event payload
+  * Enable gru tasks to emit AMQP messages
+  * Remove explicit loading AMQP plugin in Gru plugin
+  * Emit restart events when job restarted automatically
+  * Add debug message about priority malus
+  * Fix ordering of job groups after 2ad929ceca43d
+
+Changes in os-autoinst:
+
+- Update to version 5.1764330105.c5cfd48:
+  * Add port forwarding example for NICTYPE_USER_OPTIONS
+  * Fix regression from abcaa66b by disabling virtio-keyboard by default
+  * Add IPv6 support for multi machine tests
+  * distribution: Add "disable_key_repeat"
+  * Use 'virtio-keyboard' by default to allow fixing key repetition errors
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1764349525.ffb594867:
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090122170457.187004354831441/_patchinfo

@@ -0,0 +1,43 @@
+<patchinfo incident="packagehub-43">
+  <issue tracker="bnc" id="1254429">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13632">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13636">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13720">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13721">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13637">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13639">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13640">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13635">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13633">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13638">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13630">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13634">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <issue tracker="cve" id="2025-13631">VUL-0: chromium: release 143.0.7499.40):</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+Chromium 143.0.7499.40 (boo#1254429):
+
+  * CVE-2025-13630: Type Confusion in V8
+  * CVE-2025-13631: Inappropriate implementation in Google Updater
+  * CVE-2025-13632: Inappropriate implementation in DevTools
+  * CVE-2025-13633: Use after free in Digital Credentials
+  * CVE-2025-13634: Inappropriate implementation in Downloads
+  * CVE-2025-13720: Bad cast in Loader
+  * CVE-2025-13721: Race in v8
+  * CVE-2025-13635: Inappropriate implementation in Downloads
+  * CVE-2025-13636: Inappropriate implementation in Split View
+  * CVE-2025-13637: Inappropriate implementation in Downloads
+  * CVE-2025-13638: Use after free in Media Stream
+  * CVE-2025-13639: Inappropriate implementation in WebRTC
+  * CVE-2025-13640: Inappropriate implementation in Passwords
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090149653113.187004354831441/_patchinfo

@@ -0,0 +1,43 @@
+<patchinfo incident="packagehub-44">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for virtme</summary>
+  <description>This update for virtme fixes the following issues:
+
+Changes in virtme:
+
+Update to 1.39:
+
+  * The most noticeable change in this release is the new Model Context
+    Protocol (MCP) server. This feature lets you connect with AI
+    assistants such as Claude, Cursor, etc., and use natural human
+    language to automate kernel development tasks.
+    In this way, AI agents can automatically configure kernels, apply
+    patches from lore.kernel.org, and run commands within recompiled
+    kernels. You can even have the AI agent perform bug bisection for
+    you and run specific commands/scripts inside each recompiled
+    version to determine whether the kernel is good or bad.
+  * An additional feature is vCPU pinning (using the --pin CPU_LIST option),
+    which enables binding virtual CPUs to particular physical host CPUs.
+    This ensures more consistent performance testing within the vng guest
+    environment.
+  * The release also adds support for memoryless NUMA nodes,
+    enablingusers to specify size=0 with the --numa argument to create
+    NUMA nodes without memory. This capability can be useful for simulating
+    heterogeneous architectures, where devices like GPUs are represented
+    as memoryless NUMA nodes to model their CPU locality relationships.
+  * Last, but not least, there's a new --shell BINARY option which lets
+    users choose a different shell to use within the vng session, rather
+    than using their system's default shell and a new --empty-password
+    option that creates empty passwords in the vng guest, instead of
+    blocking login for other users, enabling easier debugging and SSH
+    access during testing.
+  * Updated Python versions in CI (dropped EOL 3.8 and 3.9)
+  * Various bug fixes in virtme-init
+  * Enhanced documentation and README updates
+  * Improved error handling and validation
+</description>
+  <package>virtme</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090209179395.187004354831441/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-45">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gitea-tea</summary>
+  <description>This update for gitea-tea fixes the following issues:
+
+Changes in gitea-tea:
+
+- Do not make config file group-readable.
+</description>
+  <package>gitea-tea</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090227587250.187004354831441/_patchinfo

@@ -0,0 +1,106 @@
+<patchinfo incident="packagehub-46">
+  <issue tracker="bnc" id="1253506">VUL-0: CVE-2025-47913: TRACKERBUG: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or</issue>
+  <issue tracker="cve" id="2025-47913">VUL-0: CVE-2025-47913: TRACKERBUG: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or</issue>
+  <issue tracker="bnc" id="1251463">VUL-0: CVE-2025-47911: git-bug: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="bnc" id="1254084">VUL-0: CVE-2025-47914: git-bug: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="cve" id="2025-58190"/>
+  <issue tracker="cve" id="2025-22869">VUL-0: CVE-2025-22869: TRACKERBUG: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
+  <issue tracker="bnc" id="1234565">VUL-0: CVE-2024-45337: git-bug: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
+  <issue tracker="cve" id="2025-47914">VUL-0: CVE-2025-47914: TRACKERBUG: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
+  <issue tracker="bnc" id="1251664">VUL-0: CVE-2025-58190: git-bug: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input</issue>
+  <issue tracker="bnc" id="1239494">VUL-0: CVE-2025-22869: git-bug: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
+  <issue tracker="cve" id="2024-45337">VUL-0: CVE-2024-45337: TRACKERBUG: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
+  <issue tracker="cve" id="2025-47911">VUL-0: CVE-2025-47911: TRACKERBUG: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents</issue>
+  <issue tracker="cve" id="2025-58181">VUL-0: CVE-2025-58181: TRACKERBUG: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <issue tracker="bnc" id="1253930">VUL-0: CVE-2025-58181: git-bug: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
+  <packager>mcepl</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for git-bug</summary>
+  <description>This update for git-bug fixes the following issues:
+
+Changes in git-bug:
+
+- Revendor to include fixed version of depending libraries:
+  - GO-2025-4116 (CVE-2025-47913, bsc#1253506) upgrade
+    golang.org/x/crypto to v0.43.0
+  - GO-2025-3900 (GHSA-2464-8j7c-4cjm) upgrade
+    github.com/go-viper/mapstructure/v2 to v2.4.0
+  - GO-2025-3787 (GHSA-fv92-fjc5-jj9h) included in the previous
+  - GO-2025-3754 (GHSA-2x5j-vhc8-9cwm) upgrade
+    github.com/cloudflare/circl to v1.6.1
+  - GO-2025-4134 (CVE-2025-58181, bsc#1253930) upgrade
+    golang.org/x/crypto/ssh to v0.45.0
+  - GO-2025-4135 (CVE-2025-47914, bsc#1254084) upgrade
+    golang.org/x/crypto/ssh/agent to v0.45.0
+
+- Revendor to include golang.org/x/net/html v 0.45.0 to prevent
+  possible DoS by various algorithms with quadratic complexity
+  when parsing HTML documents (bsc#1251463, CVE-2025-47911 and
+  bsc#1251664, CVE-2025-58190).
+
+Update to version 0.10.1:
+
+  - cli: ignore missing sections when removing configuration (ddb22a2f)
+
+Update to version 0.10.0:
+
+  - bridge: correct command used to create a new bridge (9942337b)
+  - web: simplify header navigation (7e95b169)
+  - webui: remark upgrade + gfm + syntax highlighting (6ee47b96)
+  - BREAKING CHANGE: dev-infra: remove gokart (89b880bd)
+
+Update to version 0.10.0:
+
+  - bridge: correct command used to create a new bridge (9942337b)
+  - web: simplify header navigation (7e95b169)
+  - web: remark upgrade + gfm + syntax highlighting (6ee47b96)
+
+Update to version 0.9.0:
+
+  - completion: remove errata from string literal (aa102c91)
+  - tui: improve readability of the help bar (23be684a)
+
+Update to version 0.8.1+git.1746484874.96c7a111:
+
+  * docs: update install, contrib, and usage documentation (#1222)
+  * fix: resolve the remote URI using url.*.insteadOf (#1394)
+  * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)
+  * chore: gofmt simplify gitlab/export_test.go (#1392)
+  * fix: checkout repo before setting up go environment (#1390)
+  * feat: bump to go v1.24.2 (#1389)
+  * chore: update golang.org/x/net (#1379)
+  * fix: use -0700 when formatting time (#1388)
+  * fix: use correct url for gitlab PATs (#1384)
+  * refactor: remove depdendency on pnpm for auto-label action (#1383)
+  * feat: add action: auto-label (#1380)
+  * feat: remove lifecycle/frozen (#1377)
+  * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)
+  * feat: support new exclusion label: lifecycle/pinned (#1375)
+  * fix: refactor how gitlab title changes are detected (#1370)
+  * revert: "Create Dependabot config file" (#1374)
+  * refactor: rename //:git-bug.go to //:main.go (#1373)
+  * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)
+  * fix: set GitLastTag to an empty string when git-describe errors (#1355)
+  * chore: update go-git to v5@masterupdate_mods (#1284)
+  * refactor: Directly swap two variables to optimize code (#1272)
+  * Update README.md Matrix link to new room (#1275)
+
+- Update to version 0.8.0+git.1742269202.0ab94c9:
+  * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
+
+- Update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
+  CVE-2025-22869).
+
+- Add missing Requires to completion subpackages.
+
+Update to version 0.8.0+git.1733745604.d499b6e:
+
+  * fix typos in docs (#1266)
+  * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289)
+
+- bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565).
+</description>
+  <package>git-bug</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090353000871.187004354831441/_patchinfo

@@ -0,0 +1,23 @@
+<patchinfo incident="packagehub-47">
+  <packager>regularhunter</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for weechat</summary>
+  <description>This update for weechat fixes the following issues:
+
+Changes in weechat:
+
+Update to 4.7.2:
+
+  Fixed:
+
+  * api: fix file descriptor leak in hook_url when a timeout occurs
+    or if the hook is removed during the transfer (#2284)
+  * irc: fix colors in messages 367 (ban mask), 728 (quiet mask) and
+    MODE (#2286)
+  * irc: fix reset of color when multiple modes are set with
+    command /mode
+</description>
+  <package>weechat</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251203090415508822.187004354831441/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-48">
+  <packager>rrahl0</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnome-browser-connector</summary>
+  <description>This update for gnome-browser-connector fixes the following issues:
+
+Changes in gnome-browser-connector:
+
+- add unzip as a requires, otherwise the extensions can't get
+  extracted
+</description>
+  <package>gnome-browser-connector</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251208090415508822.187004354831441/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo>
+  <packager>dcermak</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Optional update for authselect</summary>
+  <description>This update for authselect fixes the following issues:
+
+Adds authselect to PackageHub
+</description>
+  <package>authselect</package>
+</patchinfo>
+