Accepting request 1329465 from systemsmanagement:saltstack

OBS-URL: https://build.opensuse.org/request/show/1329465
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=191

_lastrevision

@@ -1 +1 @@
-e4002cf44a559c382f3ff4ff821562b8f281dad5
+b9f7b17d7248f80ac48596f6347fb328bd11c402

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/openSUSE/salt-packaging.git</param>
     <param name="subdir">salt</param>
     <param name="filename">package</param>
-    <param name="revision">MU/5.0.6</param>
+    <param name="revision">release/3006.0</param>
     <param name="scm">git</param>
   </service>
   <service name="extract_file" mode="disabled">

extend-fails-to-warnings-until-2027-742.patch

@@ -0,0 +1,164 @@
+From 85d5cab70fc36994427fb4d4ca483b09f55d28f7 Mon Sep 17 00:00:00 2001
+From: Marek Czernek <marek.czernek@suse.com>
+Date: Thu, 8 Jan 2026 09:17:14 +0100
+Subject: [PATCH] Extend fails to warnings until 2027 (#742)
+
+---
+ salt/_logging/handlers.py          | 6 +++---
+ salt/log/__init__.py               | 2 +-
+ salt/log/handlers/__init__.py      | 2 +-
+ salt/log/mixins.py                 | 2 +-
+ salt/log/setup.py                  | 4 ++--
+ salt/modules/aptpkg.py             | 2 +-
+ salt/modules/cassandra_mod.py      | 2 +-
+ salt/returners/cassandra_return.py | 2 +-
+ salt/returners/django_return.py    | 2 +-
+ 9 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/salt/_logging/handlers.py b/salt/_logging/handlers.py
+index d8bc68a49db..6b1521d7915 100644
+--- a/salt/_logging/handlers.py
++++ b/salt/_logging/handlers.py
+@@ -36,7 +36,7 @@ class TemporaryLoggingHandler(logging.NullHandler):
+ 
+     def __init__(self, level=logging.NOTSET, max_queue_size=10000):
+         warn_until_date(
+-            "20260101",
++            "20270101",
+             "Please stop using '{name}.TemporaryLoggingHandler'. "
+             "'{name}.TemporaryLoggingHandler' will go away after "
+             "{{date}}.".format(name=__name__),
+@@ -229,7 +229,7 @@ if sys.version_info < (3, 7):
+         def __init__(self, queue):  # pylint: disable=useless-super-delegation
+             super().__init__(queue)
+             warn_until_date(
+-                "20260101",
++                "20270101",
+                 "Please stop using '{name}.QueueHandler' and instead "
+                 "use 'logging.handlers.QueueHandler'. "
+                 "'{name}.QueueHandler' will go away after "
+@@ -287,7 +287,7 @@ else:
+         def __init__(self, queue):  # pylint: disable=useless-super-delegation
+             super().__init__(queue)
+             warn_until_date(
+-                "20260101",
++                "20270101",
+                 "Please stop using '{name}.QueueHandler' and instead "
+                 "use 'logging.handlers.QueueHandler'. "
+                 "'{name}.QueueHandler' will go away after "
+diff --git a/salt/log/__init__.py b/salt/log/__init__.py
+index 69bfa8ed15b..392fd1561dd 100644
+--- a/salt/log/__init__.py
++++ b/salt/log/__init__.py
+@@ -24,7 +24,7 @@ from salt.log.setup import (
+ from salt.utils.versions import warn_until_date
+ 
+ warn_until_date(
+-    "20260101",
++    "20270101",
+     "Please stop using '{name}' and instead use 'salt._logging'. "
+     "'{name}' will go away after {{date}}.".format(name=__name__),
+     stacklevel=3,
+diff --git a/salt/log/handlers/__init__.py b/salt/log/handlers/__init__.py
+index 55cf10cdb78..f6f8102fd65 100644
+--- a/salt/log/handlers/__init__.py
++++ b/salt/log/handlers/__init__.py
+@@ -12,7 +12,7 @@ from salt._logging.handlers import (
+ from salt.utils.versions import warn_until_date
+ 
+ warn_until_date(
+-    "20260101",
++    "20270101",
+     "Please stop using '{name}' and instead use 'salt._logging.handlers'. "
+     "'{name}' will go away after {{date}}.".format(name=__name__),
+ )
+diff --git a/salt/log/mixins.py b/salt/log/mixins.py
+index 65f5ed7f78a..4564ac225c3 100644
+--- a/salt/log/mixins.py
++++ b/salt/log/mixins.py
+@@ -11,7 +11,7 @@ from salt.utils.versions import warn_until_date
+ # pylint: enable=unused-import
+ 
+ warn_until_date(
+-    "20260101",
++    "20270101",
+     "Please stop using '{name}' and instead use 'salt._logging.mixins'. "
+     "'{name}' will go away after {{date}}.".format(name=__name__),
+ )
+diff --git a/salt/log/setup.py b/salt/log/setup.py
+index f4c80b0f280..5435d6de88f 100644
+--- a/salt/log/setup.py
++++ b/salt/log/setup.py
+@@ -21,7 +21,7 @@ from salt._logging.impl import set_log_record_factory as setLogRecordFactory
+ from salt.utils.versions import warn_until_date
+ 
+ warn_until_date(
+-    "20260101",
++    "20270101",
+     "Please stop using '{name}' and instead use 'salt._logging'. "
+     "'{name}' will go away after {{date}}. Do note however that "
+     "'salt._logging' is now considered a non public implementation "
+@@ -34,7 +34,7 @@ def _deprecated_warning(func):
+     @wraps(func)
+     def wrapper(*args, **kwargs):
+         warn_until_date(
+-            "20260101",
++            "20270101",
+             "Please stop using 'salt.log.setup.{name}()' as it no longer does anything and "
+             "will go away after {{date}}.".format(name=func.__qualname__),
+             stacklevel=4,
+diff --git a/salt/modules/aptpkg.py b/salt/modules/aptpkg.py
+index 8244c639e85..f7884d9ccde 100644
+--- a/salt/modules/aptpkg.py
++++ b/salt/modules/aptpkg.py
+@@ -3215,7 +3215,7 @@ def expand_repo_def(**kwargs):
+         NOT USABLE IN THE CLI
+     """
+     warn_until_date(
+-        "20260101",
++        "20270101",
+         "The pkg.expand_repo_def function is deprecated and set for removal "
+         "after {date}. This is only unsed internally by the apt pkg state "
+         "module. If that's not the case, please file an new issue requesting "
+diff --git a/salt/modules/cassandra_mod.py b/salt/modules/cassandra_mod.py
+index db9c8821920..660a1ff70dd 100644
+--- a/salt/modules/cassandra_mod.py
++++ b/salt/modules/cassandra_mod.py
+@@ -45,7 +45,7 @@ def __virtual__():
+         )
+ 
+     warn_until_date(
+-        "20260101",
++        "20270101",
+         "The cassandra returner is broken and deprecated, and will be removed"
+         " after {date}. Use the cassandra_cql returner instead",
+     )
+diff --git a/salt/returners/cassandra_return.py b/salt/returners/cassandra_return.py
+index 5fcc00ee8ce..00c6748eaeb 100644
+--- a/salt/returners/cassandra_return.py
++++ b/salt/returners/cassandra_return.py
+@@ -53,7 +53,7 @@ def __virtual__():
+     if not HAS_PYCASSA:
+         return False, "Could not import cassandra returner; pycassa is not installed."
+     warn_until_date(
+-        "20260101",
++        "20270101",
+         "The cassandra returner is broken and deprecated, and will be removed"
+         " after {date}. Use the cassandra_cql returner instead",
+     )
+diff --git a/salt/returners/django_return.py b/salt/returners/django_return.py
+index 474653f3831..46f5c8791e8 100644
+--- a/salt/returners/django_return.py
++++ b/salt/returners/django_return.py
+@@ -57,7 +57,7 @@ __virtualname__ = "django"
+ 
+ def __virtual__():
+     warn_until_date(
+-        "20260101",
++        "20270101",
+         "The django returner is broken and deprecated, and will be removed"
+         " after {date}.",
+     )
+-- 
+2.52.0
+

fix-tornado-s-httputil_test-syntax-for-python-3.6.patch

@@ -0,0 +1,25 @@
+From f5ac4c6f38cf9db39a8fbd31a101f155de40f37c Mon Sep 17 00:00:00 2001
+From: Alexander Graul <agraul@suse.com>
+Date: Fri, 16 Jan 2026 17:34:18 +0100
+Subject: [PATCH] Fix tornado's httputil_test syntax for Python 3.6
+
+---
+ salt/ext/tornado/test/httputil_test.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/salt/ext/tornado/test/httputil_test.py b/salt/ext/tornado/test/httputil_test.py
+index bdbfaa2b6a..cacd31aa05 100644
+--- a/salt/ext/tornado/test/httputil_test.py
++++ b/salt/ext/tornado/test/httputil_test.py
+@@ -266,7 +266,7 @@ Foo
+         d1 = f(1_000)
+         d2 = f(10_000)
+         if d2 / d1 > 20:
+-            self.fail(f"Disposition param parsing is not linear: {d1=} vs {d2=}")
++            self.fail(f"Disposition param parsing is not linear: d1={d1} vs d2={d2}")
+ 
+ 
+ class HTTPHeadersTest(unittest.TestCase):
+-- 
+2.52.0
+

fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch

@@ -0,0 +1,232 @@
+From 324c7740438fd0bbcde1e0b6be70c92007c022ac Mon Sep 17 00:00:00 2001
+From: Victor Zhestkov <vzhestkov@suse.com>
+Date: Wed, 14 Jan 2026 14:08:48 +0100
+Subject: [PATCH] Fixes for security issues (CVE-2025-13836,
+ CVE-2025-67725, CVE-2025-67726) (#744)
+
+* Fixes for security issues (CVE-2025-67725)
+
+httputil: Fix quadratic performance of repeated header lines
+
+Previouisly, when many header lines with the same name were found
+in an HTTP request or response, repeated string concatenation would
+result in quadratic performance. This change does the concatenation
+lazily (with a cache) so that repeated headers can be processed
+efficiently.
+
+Security: The previous behavior allowed a denial of service attack
+via a maliciously crafted HTTP message, but only if the
+max_header_size was increased from its default of 64kB.
+
+* Patch tornado for (BDSA-2025-60811, CVE-2025-67726)
+
+httputil: Fix quadratic behavior in _parseparam
+
+Prior to this change, _parseparam had O(n^2) behavior when parsing
+certain inputs, which could be a DoS vector. This change adapts
+logic from the equivalent function in the python standard library
+in https://github.com/python/cpython/pull/136072/files
+
+* Set a safe limit to http.client response read (CVE-2025-13836)
+
+https://github.com/saltstack/salt/pull/68611
+
+* Remove duplicated test
+
+---------
+
+Co-authored-by: Twangboy <shane.d.lee@gmail.com>
+Co-authored-by: Marek Czernek <marek.czernek@suse.com>
+---
+ salt/ext/tornado/httputil.py           | 56 ++++++++++++++++++--------
+ salt/ext/tornado/test/httputil_test.py | 38 +++++++++++++++++
+ salt/utils/nxos.py                     |  3 +-
+ 3 files changed, 79 insertions(+), 18 deletions(-)
+
+diff --git a/salt/ext/tornado/httputil.py b/salt/ext/tornado/httputil.py
+index 4866b0c991..78953c5f6b 100644
+--- a/salt/ext/tornado/httputil.py
++++ b/salt/ext/tornado/httputil.py
+@@ -139,8 +139,8 @@ class HTTPHeaders(MutableMapping):
+     """
+ 
+     def __init__(self, *args, **kwargs):
+-        self._dict = {}  # type: typing.Dict[str, str]
+         self._as_list = {}  # type: typing.Dict[str, typing.List[str]]
++        self._combined_cache = {} # type: typing.Dict[str, str]
+         self._last_key = None
+         if len(args) == 1 and len(kwargs) == 0 and isinstance(args[0], HTTPHeaders):
+             # Copy constructor
+@@ -158,9 +158,7 @@ class HTTPHeaders(MutableMapping):
+         norm_name = _normalized_headers[name]
+         self._last_key = norm_name
+         if norm_name in self:
+-            self._dict[norm_name] = (
+-                native_str(self[norm_name]) + "," + native_str(value)
+-            )
++            self._combined_cache.pop(norm_name, None)
+             self._as_list[norm_name].append(value)
+         else:
+             self[norm_name] = value
+@@ -193,7 +191,7 @@ class HTTPHeaders(MutableMapping):
+             # continuation of a multi-line header
+             new_part = " " + line.lstrip(HTTP_WHITESPACE)
+             self._as_list[self._last_key][-1] += new_part
+-            self._dict[self._last_key] += new_part
++            self._combined_cache.pop(self._last_key, None)
+         else:
+             name, value = line.split(":", 1)
+             self.add(name, value.strip(HTTP_WHITESPACE))
+@@ -216,23 +214,33 @@ class HTTPHeaders(MutableMapping):
+ 
+     def __setitem__(self, name, value):
+         norm_name = _normalized_headers[name]
+-        self._dict[norm_name] = value
++        self._combined_cache[norm_name] = value
+         self._as_list[norm_name] = [value]
+ 
++    def __contains__(self, name):
++        # This is an important optimization to avoid the expensive concatenation
++        # in __getitem__ when it's not needed.
++        if not isinstance(name, str):
++            return False
++        return name in self._as_list
++
+     def __getitem__(self, name):
+         # type: (str) -> str
+-        return self._dict[_normalized_headers[name]]
++        header = _normalized_headers[name]
++        if header not in self._combined_cache:
++            self._combined_cache[header] = ",".join(self._as_list[header])
++        return self._combined_cache[header]
+ 
+     def __delitem__(self, name):
+         norm_name = _normalized_headers[name]
+-        del self._dict[norm_name]
++        del self._combined_cache[norm_name]
+         del self._as_list[norm_name]
+ 
+     def __len__(self):
+-        return len(self._dict)
++        return len(self._as_list)
+ 
+     def __iter__(self):
+-        return iter(self._dict)
++        return iter(self._as_list)
+ 
+     def copy(self):
+         # defined in dict but not in MutableMapping.
+@@ -894,19 +902,33 @@ def parse_response_start_line(line):
+ # combinations of semicolons and double quotes.
+ # It has also been modified to support valueless parameters as seen in
+ # websocket extension negotiations.
++#
++# _parseparam has been further modified with the logic from
++# https://github.com/python/cpython/pull/136072/files
++# to avoid quadratic behavior when parsing semicolons in quoted strings.
++#
++# TODO: See if we can switch to email.message.Message for this functionality.
++# This is the suggested replacement for the cgi.py module now that cgi has
++# been removed from recent versions of Python.  We need to verify that
++# the email module is consistent with our existing behavior (and all relevant
+ 
+ 
+ def _parseparam(s):
+-    while s[:1] == ";":
+-        s = s[1:]
+-        end = s.find(";")
+-        while end > 0 and (s.count('"', 0, end) - s.count('\\"', 0, end)) % 2:
+-            end = s.find(";", end + 1)
++    start = 0
++    while s.find(";", start) == start:
++        start += 1
++        end = s.find(";", start)
++        ind, diff = start, 0
++        while end > 0:
++            diff += s.count('"', ind, end) - s.count('\\"', ind, end)
++            if diff % 2 == 0:
++                break
++            end, ind = ind, s.find(";", end + 1)
+         if end < 0:
+             end = len(s)
+-        f = s[:end]
++        f = s[start:end]
+         yield f.strip()
+-        s = s[end:]
++        start = end
+ 
+ 
+ def _parse_header(line):
+diff --git a/salt/ext/tornado/test/httputil_test.py b/salt/ext/tornado/test/httputil_test.py
+index c613b4e41a..bdbfaa2b6a 100644
+--- a/salt/ext/tornado/test/httputil_test.py
++++ b/salt/ext/tornado/test/httputil_test.py
+@@ -245,6 +245,30 @@ Foo
+         self.assertEqual(file["body"], b"Foo")
+ 
+ 
++    def test_disposition_param_linear_performance(self):
++        # This is a regression test for performance of parsing parameters
++        # to the content-disposition header, specifically for semicolons within
++        # quoted strings.
++        def f(n):
++            start = time.time()
++            message = (
++                b"--1234\r\nContent-Disposition: form-data; "
++                + b'x="'
++                + b";" * n
++                + b'"; '
++                + b'name="files"; filename="a.txt"\r\n\r\nFoo\r\n--1234--\r\n'
++            )
++            args: dict[str, list[bytes]] = {}
++            files: dict[str, list[HTTPFile]] = {}
++            parse_multipart_form_data(b"1234", message, args, files)
++            return time.time() - start
++
++        d1 = f(1_000)
++        d2 = f(10_000)
++        if d2 / d1 > 20:
++            self.fail(f"Disposition param parsing is not linear: {d1=} vs {d2=}")
++
++
+ class HTTPHeadersTest(unittest.TestCase):
+     def test_multi_line(self):
+         # Lines beginning with whitespace are appended to the previous line
+@@ -367,6 +391,20 @@ Foo: even
+         headers2 = HTTPHeaders.parse(str(headers))
+         self.assertEquals(headers, headers2)
+ 
++    def test_linear_performance(self):
++        def f(n):
++            start = time.time()
++            headers = HTTPHeaders()
++            for i in range(n):
++                headers.add("X-Foo", "bar")
++            return time.time() - start
++
++        # This runs under 50ms on my laptop as of 2025-12-09.
++        d1 = f(10000)
++        d2 = f(100000)
++        if d2 / d1 > 20:
++            # d2 should be about 10x d1 but allow a wide margin for variability.
++            self.fail("HTTPHeaders.add() does not scale linearly: %s vs %s" % (d1, d2))
+ 
+ class FormatTimestampTest(unittest.TestCase):
+     # Make sure that all the input types are supported.
+diff --git a/salt/utils/nxos.py b/salt/utils/nxos.py
+index 2572a76267..654290155e 100644
+--- a/salt/utils/nxos.py
++++ b/salt/utils/nxos.py
+@@ -212,7 +212,8 @@ class NxapiClient:
+             body = response
+ 
+         if self.nxargs["connect_over_uds"]:
+-            body = json.loads(response.read().decode("utf-8"))
++            max_safe_read = 10 * 1024 * 1024
++            body = json.loads(response.read(max_safe_read).decode("utf-8"))
+ 
+         # Proceed with caution.  The JSON may not be complete.
+         # Don't just return body['ins_api']['outputs']['output'] directly.
+-- 
+2.52.0
+

salt.changes

@@ -1,66 +1,148 @@
 -------------------------------------------------------------------
-Wed Nov 26 10:48:08 UTC 2025 - Alexander Graul <alexander.graul@suse.com>
+Mon Jan 19 09:21:31 UTC 2026 - Marek Czernek <marek.czernek@suse.com>
 
-- Add minimum_auth_version to enforce security (CVE-2025-62349)
+- Make syntax in httputil_test compatible with Python 3.6
+- Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
+
+- Added:
+  * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch
+  * backport-add-maintain-m-privilege-to-postgres-module.patch
+
+-------------------------------------------------------------------
+Wed Jan 14 14:19:10 UTC 2026 - Marek Czernek <marek.czernek@suse.com>
+
+- Use internal deb classes instead of external aptsource lib
+- Speed up wheel key.finger call (bsc#1240532)
+- Backport security patches for Salt vendored tornado:
+  * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
+  * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
+  * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
+- Simplify and speed up utils.find_json function (bsc#1246130)
+
+- Added:
+  * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch
+  * speedup-wheel-key.finger-call-bsc-1240532-713.patch
+  * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch
+  * simplify-utils.json.find_json-function.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 08:37:04 UTC 2026 - Marek Czernek <marek.czernek@suse.com>
+
+- Extend warn_until period to 2027
+
+- Added:
+  * extend-fails-to-warnings-until-2027-742.patch
+
+-------------------------------------------------------------------
+Tue Nov 25 16:48:02 UTC 2025 - Alexander Graul <alexander.graul@suse.com>
+
+- CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257)
 - Backport security fixes for vendored tornado
   * BDSA-2024-3438
   * BDSA-2024-3439
   * BDSA-2024-9026
-- Junos module yaml loader fix (CVE-2025-62348)
+- CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)
 
 - Added:
   * backport-3006.17-security-fixes-739.patch
 
 -------------------------------------------------------------------
-Thu Nov 13 14:04:05 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+Thu Nov 13 12:01:49 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
 
 - Require Python dependencies only for used Python version
 
 -------------------------------------------------------------------
-Tue Nov 11 16:14:31 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+Tue Nov 11 08:02:12 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
 
 - Fix TLS and x509 modules for OSes with older cryptography module
 - Require python-legacy-cgi only for Python > 3.12
+
+- Added:
+  * fix-tls-and-x509-modules-for-older-cryptography-modu.patch
+
+-------------------------------------------------------------------
+Mon Nov 10 09:46:28 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+
 - Builds with py >=3.13 require python-legacy-cgi
+
+-------------------------------------------------------------------
+Fri Nov  7 16:36:10 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
   * Use external tornado on Python > 3.11
   * Make tls and x509 to use python-cryptography
   * Remove usage of spwd
 
 - Added:
-  * fix-tls-and-x509-modules-for-older-cryptography-modu.patch
   * fix-salt-for-python-3.11.patch
 
 -------------------------------------------------------------------
-Wed Nov  5 14:54:20 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+Wed Oct 29 10:35:12 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 
 - Fix payload signature verification on Tumbleweed (bsc#1251776)
+
+- Added:
+  * do-not-break-signature-verification-on-latest-m2cryp.patch
+
+-------------------------------------------------------------------
+Fri Oct 10 10:43:37 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix broken symlink on migration to Leap 16.0 (bsc#1250755)
+
+-------------------------------------------------------------------
+Mon Oct  6 14:50:35 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Use versioned python interpreter for salt-ssh
+
+- Added:
+  * use-versioned-python-interpreter-for-salt-ssh.patch
+
+-------------------------------------------------------------------
+Mon Oct  6 08:39:31 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
+
+- Added:
+  * allow-libgit2-to-guess-sysdir-homedir-successfully-b.patch
+
+-------------------------------------------------------------------
+Wed Oct  1 12:32:31 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Add python3.11 as preferable for salt-ssh to avoid tests fails
+
+- Added:
+  * add-python3.11-as-preferable-for-salt-ssh-to-avoid-t.patch
+
+-------------------------------------------------------------------
+Wed Sep 17 08:15:33 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Make test_pillar_timeout test more reliable
 - Modify README and other doc files for openSUSE
-- Set python-CherryPy as required for python-salt-testsuite (#115)
+
+- Added:
+  * even-more-reliable-pillar-timeout-test.patch
+  * modify-readme-for-opensuse-728.patch
+
+-------------------------------------------------------------------
+Fri Sep 12 08:54:38 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Set python-CherryPy as required for python-salt-testsuite
+
+-------------------------------------------------------------------
+Mon Aug 11 13:57:29 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Revert require M2Crypto >= 0.44.0 for SUSE Family distros
-- This reverts commit aa40615dcf7a15325ef71bbc09a5423ce512491d.
 - Improve SL Micro 6.2 detection with grains
 - Fix functional.states.test_user for SLES 16 and Micro systems
 - Fix the tests failing on AlmaLinux 10 and other clones
 
 - Added:
-  * do-not-break-signature-verification-on-latest-m2cryp.patch
-  * use-versioned-python-interpreter-for-salt-ssh.patch
-  * allow-libgit2-to-guess-sysdir-homedir-successfully-b.patch
-  * add-python3.11-as-preferable-for-salt-ssh-to-avoid-t.patch
-  * even-more-reliable-pillar-timeout-test.patch
-  * modify-readme-for-opensuse-728.patch
   * improve-sl-micro-6.2-detection-with-grains.patch
   * fix-functional.states.test_user-for-sles-16-and-micr.patch
   * fix-the-tests-failing-on-almalinux-10-and-other-clon.patch
 
 -------------------------------------------------------------------
-Fri Jul  4 10:58:04 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
+Fri Jul  4 07:55:28 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
 
 - Add `minion_legacy_req_warnings` option to avoid noisy warnings
 - Require M2Crypto >= 0.44.0 for SUSE Family distros
@@ -69,9 +151,16 @@ Fri Jul  4 10:58:04 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
   * add-minion_legacy_req_warnings-option-to-avoid-noisy.patch
 
 -------------------------------------------------------------------
-Tue Jul  1 15:15:52 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+Fri Jun 27 14:42:17 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 
 - Prevent tests failures when pygit2 is not present
+
+- Added:
+  * fix-tests-issues-in-salt-shaker-environments-721.patch
+
+-------------------------------------------------------------------
+Thu Jun 26 09:44:59 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Several fixes for security issues
   (bsc#1244561, CVE-2024-38822)
   (bsc#1244564, CVE-2024-38823)
@@ -84,6 +173,7 @@ Tue Jul  1 15:15:52 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@s
   (bsc#1244572, CVE-2025-22238)
   (bsc#1244574, CVE-2025-22239)
   (bsc#1244575, CVE-2025-22242)
+
   * Request server hardening
   * Prevent traversal in local_cache::save_minions
   * Add test and fix for file_recv cve
@@ -95,43 +185,119 @@ Tue Jul  1 15:15:52 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@s
   * Remove token to prevent decoding errors
   * Fix checking of non-url style git remotes
   * Allow subdirs in GitFS find_file check
+
+- Added:
+  * several-fixes-for-security-issues.patch
+
+-------------------------------------------------------------------
+Wed Jun 11 11:03:32 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Add subsystem filter to udev.exportdb (bsc#1236621)
 - tornado.httputil: raise errors instead of logging in
   multipart/form-data parsing (CVE-2025-47287, bsc#1243268)
-- Fix Ubuntu 24.04 edge-case test failures
-- Fix broken tests for Ubuntu 24.04
-- Fix refresh of osrelease and related grains on Python 3.10+
-- Make "salt" package to obsolete "python3-salt" package on SLE15SP7+
-- Fix issue requiring proper Python flavor for dependencies and recommended package
 
 - Added:
-  * fix-tests-issues-in-salt-shaker-environments-721.patch
-  * several-fixes-for-security-issues.patch
   * add-subsystem-filter-to-udev.exportdb-bsc-1236621-71.patch
   * fix-of-cve-2025-47287-bsc-1243268-718.patch
+
+-------------------------------------------------------------------
+Tue May 27 08:26:18 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+
+- Fix Ubuntu 24.04 edge-case test failures
+
+- Added:
   * fix-ubuntu-24.04-specific-failures-716.patch
+
+-------------------------------------------------------------------
+Mon May 19 08:53:44 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+
+- Fix broken tests for Ubuntu 24.04
+
+- Added:
   * fix-debian-tests-715.patch
+
+-------------------------------------------------------------------
+Wed Apr  2 15:40:46 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Fix refresh of osrelease and related grains on Python 3.10+
+
+- Added:
   * fix-refresh-of-osrelease-and-related-grains-on-pytho.patch
 
 -------------------------------------------------------------------
-Wed Mar 19 12:02:41 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+Thu Mar 27 15:27:34 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Small refactor on the spec file
+
+-------------------------------------------------------------------
+Tue Mar 25 10:17:35 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Make "salt" package to obsolete "python3-salt" package on SLE15SP7+ 
+- Fix issue requiring proper Python flavor for dependencies
+  and recommended package.
+- Do not build "python3-salt" anymore for SLE15SP7+ 
+
+-------------------------------------------------------------------
+Wed Mar 12 13:38:35 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
 
 - Fix aptpkg 'NoneType object has no attribute split' error
+
+- Added:
+  * fix-deb822-nonetype-object-has-no-attribute-split-71.patch
+
+-------------------------------------------------------------------
+Mon Mar 10 13:47:55 UTC 2025 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Detect openEuler as RedHat family OS
 - Ensure the correct crypt module is loaded
 - Implement multiple inventory for ansible.targets
 - Make x509 module compatible with M2Crypto 0.44.0
 - Remove deprecated code from x509.certificate_managed test mode
 - Move logrotate config to /usr/etc/logrotate.d where possible
+
+- Added:
+  * detect-openeuler-as-redhat-family-os.patch
+  * ensure-the-correct-crypt-module-is-loaded.patch
+  * implement-multiple-inventory-for-ansible.targets.patch
+  * make-x509-module-compatible-with-m2crypto-0.44.0.patch
+  * remove-deprecated-code-from-x509.certificate_managed.patch
+
+-------------------------------------------------------------------
+Mon Mar 10 09:34:28 UTC 2025 - Marek Czernek <marek.czernek@suse.com>
+
 - Add DEB822 apt repository format support
 - Make Salt-SSH work with all SSH passwords (bsc#1215484)
-- Fix issue of using update-alternatives with alts (#105)
+
+- Added:
+  * add-deb822-apt-source-format-support-692.patch
+  * remove-password-from-shell-after-functional-text-mat.patch
+
+-------------------------------------------------------------------
+Mon Feb 24 16:17:55 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
+- Fix issue of using update-alternatives with alts
+
+-------------------------------------------------------------------
+Fri Feb 21 12:46:01 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Fix virt_query outputter and add support for block devices
 - Make _auth calls visible with master stats
 - Repair mount.fstab_present always returning pending changes
 - Set virtual grain in Podman systemd container
 - Fix crash due wrong client reference on `SaltMakoTemplateLookup`
 - Enhace batch async and fix some detected issues
+
+- Added:
+  * repair-virt_query-outputter-655.patch
+  * make-_auth-calls-visible-with-master-stats-696.patch
+  * repair-fstab_present-test-mode-702.patch
+  * set-virtual-grain-in-podman-systemd-container-703.patch
+  * fixed-file-client-private-attribute-reference-on-sal.patch
+  * backport-batch-async-fixes-and-improvements-701.patch
+
+-------------------------------------------------------------------
+Wed Feb 19 16:06:43 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Enhacement of Salt packaging
   * Use update-alternatives for all salt scripts
   * Use flexible dependencies for the subpackages
@@ -140,107 +306,243 @@ Wed Mar 19 12:02:41 UTC 2025 - Pablo Suárez Hernández <pablo.suarezhernandez@s
   * Drop unused yumnotify plugin
   * Add dependency to python3-dnf-plugins-core for RHEL based
 - Fix tests failures after "repo.saltproject.io" deprecation
+
+- Added:
+  * fix-tests-failures-after-repo.saltproject.io-depreca.patch
+
+-------------------------------------------------------------------
+Wed Jan 29 10:34:28 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Fix error to stat '/root/.gitconfig' on gitfs
   (bsc#1230944) (bsc#1234881) (bsc#1220905)
+
+- Added:
+  * fix-failed-to-stat-root-.gitconfig-issue-on-gitfs-bs.patch
+
+-------------------------------------------------------------------
+Mon Jan 27 11:04:02 UTC 2025 - Alexander Graul <alexander.graul@suse.com>
+
 - Adapt to removal of hex attribute in pygit2 v1.15.0 (bsc#1230642)
+
+- Added:
+  * update-for-deprecation-of-hex-in-pygit2-1.15.0-and-a.patch
+
+-------------------------------------------------------------------
+Thu Jan 23 16:44:42 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Enhance smart JSON parsing when garbage is present (bsc#1231605)
+
+- Added:
+  * enhance-find_json-garbage-filtering-bsc-1231605-688.patch
+
+-------------------------------------------------------------------
+Wed Jan 22 13:11:21 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Fix virtual grains for VMs running on Nutanix AHV (bsc#1234022)
 - Fix issues running on Python 3.12 and 3.13
+
+- Added:
+  * fix-virtual-grains-for-vms-running-on-nutanix-ahv-bs.patch
+  * fix-issues-that-break-salt-in-python-3.12-and-3.13-6.patch
+
+-------------------------------------------------------------------
+Thu Jan  9 12:57:12 UTC 2025 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Revert setting SELinux context for minion service (bsc#1233667)
 - Remove System V init support
- * Make systemd the only supported init system by removing System V init
-   and insserv references
- * Ensure package builds with no init system dependencies if built
-   without systemd (for example for use in containers)
- * Apply some spec-cleaner suggestions (update copyright year, sort
-   requirements, adjust spacing)
+  * Make systemd the only supported init system by removing System V init
+    and insserv references
+  * Ensure package builds with no init system dependencies if built
+    without systemd (for example for use in containers)
+  * Apply some spec-cleaner suggestions (update copyright year, sort
+    requirements, adjust spacing)
+
+- Added:
+  * revert-setting-selinux-context-for-minion-service-bs.patch
+
+-------------------------------------------------------------------
+Tue Nov 26 14:53:34 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Fix the condition of alternatives for Tumbleweed and Leap 16
 - Use update-alternatives for salt-call and fix builing on EL8
 - Build all python bindings for all flavors
 - Make minion reconnecting on changing master IP (bsc#1228182)
+
+- Added:
+  * make-minion-reconnecting-on-changing-master-ip-bsc-1.patch
+
+-------------------------------------------------------------------
+Thu Oct 17 14:02:57 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Handle logger exception when flushing already closed file
 - Include passlib as a recommended dependency
+
+- Added:
+  * handle-logger-flushing-already-closed-file-686.patch
+
+-------------------------------------------------------------------
+Thu Oct 10 11:19:52 UTC 2024 - Pablo Suárez Hernández <psuarezhernandez@suse.com>
+
 - Make Salt Bundle more tolerant to long running jobs (bsc#1228690)
+
+- Added:
+  * enhance-cleanup-mechanism-after-salt-bundle-upgrade-.patch
+
+-------------------------------------------------------------------
+Thu Oct  3 11:21:30 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Fix additional x509 tests and test_suse tests for SLE12
 
 - Added:
-  * fix-deb822-nonetype-object-has-no-attribute-split-71.patch
-  * detect-openeuler-as-redhat-family-os.patch
-  * ensure-the-correct-crypt-module-is-loaded.patch
-  * implement-multiple-inventory-for-ansible.targets.patch
-  * make-x509-module-compatible-with-m2crypto-0.44.0.patch
-  * remove-deprecated-code-from-x509.certificate_managed.patch
-  * add-deb822-apt-source-format-support-692.patch
-  * remove-password-from-shell-after-functional-text-mat.patch
-  * repair-virt_query-outputter-655.patch
-  * make-_auth-calls-visible-with-master-stats-696.patch
-  * repair-fstab_present-test-mode-702.patch
-  * set-virtual-grain-in-podman-systemd-container-703.patch
-  * fixed-file-client-private-attribute-reference-on-sal.patch
-  * backport-batch-async-fixes-and-improvements-701.patch
-  * fix-tests-failures-after-repo.saltproject.io-depreca.patch
-  * fix-failed-to-stat-root-.gitconfig-issue-on-gitfs-bs.patch
-  * update-for-deprecation-of-hex-in-pygit2-1.15.0-and-a.patch
-  * enhance-find_json-garbage-filtering-bsc-1231605-688.patch
-  * fix-virtual-grains-for-vms-running-on-nutanix-ahv-bs.patch
-  * fix-issues-that-break-salt-in-python-3.12-and-3.13-6.patch
-  * revert-setting-selinux-context-for-minion-service-bs.patch
-  * make-minion-reconnecting-on-changing-master-ip-bsc-1.patch
-  * handle-logger-flushing-already-closed-file-686.patch
-  * enhance-cleanup-mechanism-after-salt-bundle-upgrade-.patch
   * fix-x509-private-key-tests-and-test_suse-on-sle12-68.patch
 
 -------------------------------------------------------------------
-Wed Oct  2 12:09:33 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+Wed Oct  2 07:47:58 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
 
 - Fix failing x509 tests with OpenSSL < 1.1
+
+- Added:
+  * fix-x509-test-fails-on-old-openssl-systems-682.patch
+
+-------------------------------------------------------------------
+Wed Sep 25 11:45:28 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Avoid explicit reading of /etc/salt/minion (bsc#1220357)
 - Allow NamedLoaderContexts to be returned from loader
 - Revert the change making reactor less blocking (bsc#1230322)
 - Use --cachedir for extension_modules in salt-call (bsc#1226141)
 - Prevent using SyncWrapper with no reason
+
+- Added:
+  * avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
+  * allow-namedloadercontexts-to-be-returned-from-loader.patch
+  * revert-the-change-making-reactor-less-blocking-bsc-1.patch
+  * use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
+  * prevent-using-syncwrapper-with-no-reason.patch
+
+-------------------------------------------------------------------
+Tue Sep 10 12:51:43 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix the SELinux context for Salt Minion service (bsc#1219041)
+
+- Added:
+  * fix-the-selinux-context-for-salt-minion-service-bsc-.patch
+
+-------------------------------------------------------------------
+Wed Sep  4 12:23:53 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Set contextvars as a build requirement for package
+
+-------------------------------------------------------------------
+Wed Sep  4 11:38:07 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Increase warn_until_date date for code we still support
 - The test_debian test now uses port 80 for ubuntu keyserver
 - Fix too frequent systemd service restart in test_system test
+
+- Added:
+  * fix-test_debian-to-work-in-our-infrastructure-676.patch
+  * fix-test_system-flaky-setup_teardown-fn.patch
+  * fix-deprecated-code-677.patch
+
+-------------------------------------------------------------------
+Fri Aug 30 14:42:00 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
+
 - Avoid crash on wrong output of systemctl version (bsc#1229539)
 - Improve error handling with different OpenSSL versions
 - Remove redundant run_func from salt.master.MWorker._handle_aes
+
+- Added:
+  * avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
+  * improve-error-handling-with-different-openssl-versio.patch
+  * remove-redundant-run_func-from-salt.master.mworker._.patch
+
+-------------------------------------------------------------------
+Thu Aug 29 11:54:27 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+
 - Fix cloud minion configuration for multiple masters (bsc#1229109)
+
+- Added:
+  * join-masters-if-it-is-a-list-671.patch
+
+-------------------------------------------------------------------
+Wed Aug 21 14:30:48 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Use Pygit2 id instead of deprecated oid in gitfs
+
+- Added:
+  * replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
+
+-------------------------------------------------------------------
+Wed Aug  7 09:45:18 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Fix few failing tests to work with both Salt and Salt bundle
 - Skip testing unsupported OpenSSL crypto algorithms
 
 - Added:
-  * skip-more-tests-related-to-old-openssl-algorithms.patch
-  * fix-the-selinux-context-for-salt-minion-service-bsc-.patch
-  * allow-namedloadercontexts-to-be-returned-from-loader.patch
-  * join-masters-if-it-is-a-list-671.patch
-  * remove-redundant-run_func-from-salt.master.mworker._.patch
-  * prevent-using-syncwrapper-with-no-reason.patch
-  * fix-test_debian-to-work-in-our-infrastructure-676.patch
-  * fix-x509-test-fails-on-old-openssl-systems-682.patch
   * make-tests-compatible-with-venv-bundle.patch
-  * avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
-  * revert-the-change-making-reactor-less-blocking-bsc-1.patch
-  * avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
-  * improve-error-handling-with-different-openssl-versio.patch
-  * replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
-  * fix-test_system-flaky-setup_teardown-fn.patch
-  * use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
-  * fix-deprecated-code-677.patch
+  * skip-more-tests-related-to-old-openssl-algorithms.patch
 
 -------------------------------------------------------------------
-Fri Aug  2 09:00:07 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+Wed Jul 24 10:12:25 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 
 - Fix rich rule comparison in firewalld module (bsc#1222684)
+
+- Added:
+  * firewalld-normalize-new-rich-rules-before-comparing-.patch
+
+-------------------------------------------------------------------
+Tue Jul  9 11:23:20 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
+
+- Added:
+  * test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
+
+-------------------------------------------------------------------
+Mon Jul  8 16:02:47 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Make auth.pam more robust with Salt Bundle and fix tests
+
+- Added:
+  * some-more-small-tests-fixes-enhancements-661.patch
+
+-------------------------------------------------------------------
+Wed Jul  3 11:13:00 UTC 2024 - Flex Liu <fliu@suse.com>
+
 - Fix performance of user.list_groups with many remote groups
+  (bsc#1226964)
+
+- Added:
+  * fix-user.list_groups-omits-remote-groups.patch
+
+-------------------------------------------------------------------
+Tue Jun 18 15:00:44 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix "status.diskusage" function and exclude some tests for Salt Bundle
+
+- Added:
+  * fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
+
+-------------------------------------------------------------------
+Wed Jun 12 08:44:38 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Skip certain tests if necessary for some OSes and set flaky ones
+
+- Added:
+  * skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
+
+-------------------------------------------------------------------
+Thu Jun  6 08:41:14 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Add a timer to delete old env post update for venv-minion
+
+- Added:
+  * provide-systemd-timer-unit.patch
+
+-------------------------------------------------------------------
+Mon May 27 11:07:26 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Several fixes for tests to avoid errors and failures in some OSes
 - Speed up salt.matcher.confirm_top by using __context__
 - Do not call the async wrapper calls with the separate thread
@@ -254,116 +556,265 @@ Fri Aug  2 09:00:07 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.co
 - Improve broken events catching and reporting
 - Make logging calls lighter
 - Remove unused import causing delays on starting salt-master
-- Mark python3-CherryPy as recommended package for the testsuite
-- Make "man" a recommended package instead of required
 
 - Added:
-  * provide-systemd-timer-unit.patch
-  * make-logging-calls-lighter.patch
+  * improve-broken-events-catching-and-reporting.patch
   * add-missing-contextvars-dependency-in-salt.version.patch
   * prevent-oom-with-high-amount-of-batch-async-calls-bs.patch
-  * prevent-possible-exception-in-tornado.concurrent.fut.patch
-  * improve-broken-events-catching-and-reporting.patch
-  * skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
-  * several-fixes-for-tests-to-avoid-errors-and-failures.patch
-  * fix-user.list_groups-omits-remote-groups.patch
-  * some-more-small-tests-fixes-enhancements-661.patch
-  * skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
-  * firewalld-normalize-new-rich-rules-before-comparing-.patch
-  * remove-redundant-_file_find-call-to-the-master.patch
-  * fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
-  * remove-unused-import-causing-delays-on-starting-salt.patch
-  * make-reactor-engine-less-blocking-the-eventpublisher.patch
-  * test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
   * speed-up-salt.matcher.confirm_top-by-using-__context.patch
-  * do-not-call-the-async-wrapper-calls-with-the-separat.patch
+  * remove-redundant-_file_find-call-to-the-master.patch
+  * make-logging-calls-lighter.patch
   * make-salt-master-self-recoverable-on-killing-eventpu.patch
+  * skip-tests-for-unsupported-algorithm-on-old-openssl-.patch
+  * remove-unused-import-causing-delays-on-starting-salt.patch
+  * do-not-call-the-async-wrapper-calls-with-the-separat.patch
+  * prevent-possible-exception-in-tornado.concurrent.fut.patch
+  * several-fixes-for-tests-to-avoid-errors-and-failures.patch
+  * make-reactor-engine-less-blocking-the-eventpublisher.patch
 
 -------------------------------------------------------------------
-Tue Apr 16 15:32:23 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+Mon May 13 15:26:19 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Mark python3-CherryPy as recommended package for the testsuite
+
+-------------------------------------------------------------------
+Tue May  7 15:55:56 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Make "man" a recommended package instead of required
+
+-------------------------------------------------------------------
+Tue Mar 26 08:44:29 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
 
 - Convert oscap output to UTF-8
+
+- Added:
+  * switch-oscap-encoding-to-utf-8-639.patch
+
+-------------------------------------------------------------------
+Thu Mar 21 13:14:03 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Make Salt compatible with Python 3.11
+
+- Added:
+  * fix-salt-warnings-and-testuite-for-python-3.11-635.patch
+
+-------------------------------------------------------------------
+Fri Mar 15 10:00:35 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+
 - Ignore non-ascii chars in oscap output (bsc#1219001)
+
+- Added:
+  * decode-oscap-byte-stream-to-string-bsc-1219001.patch
+
+-------------------------------------------------------------------
+Thu Mar 14 13:11:21 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Fix detected issues in Salt tests when running on VMs
-- Make importing seco.range thread safe (bsc#1211649)
-- Fix problematic tests and allow smooth tests executions on containers
-- Discover Ansible playbook files as "*.yml" or "*.yaml" files (bsc#1211888)
-- Provide user(salt)/group(salt) capabilities for RPM 4.19
-- Extend dependencies for python3-salt-testsuite and python3-salt packages
-- Improve Salt and testsuite packages multibuild
-- Enable multibuilld and create test flavor
 
 - Added:
   * fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
-  * decode-oscap-byte-stream-to-string-bsc-1219001.patch
+
+-------------------------------------------------------------------
+Wed Mar  6 13:38:29 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
+- Make importing seco.range thread safe (bsc#1211649)
+
+- Added:
   * make-importing-seco.range-thread-safe-bsc-1211649.patch
-  * switch-oscap-encoding-to-utf-8-639.patch
-  * fix-salt-warnings-and-testuite-for-python-3.11-635.patch
-  * fix-problematic-tests-and-allow-smooth-tests-executi.patch
+
+-------------------------------------------------------------------
+Mon Feb 26 10:43:37 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Fix problematic tests and allow smooth tests executions on containers
+
+- Added:
+  * fix-problematic-tests-and-allow-smooth-tests-executi.patch 
+
+-------------------------------------------------------------------
+Wed Feb 21 12:21:03 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Discover Ansible playbook files as "*.yml" or "*.yaml" files (bsc#1211888)
+
+- Added:
   * discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
 
 -------------------------------------------------------------------
-Thu Feb  1 14:48:40 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+Tue Feb 20 12:58:58 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Extend dependencies for python3-salt-testsuite and python3-salt packages
+- Improve Salt and testsuite packages multibuild
+
+-------------------------------------------------------------------
+Thu Feb  8 12:17:39 UTC 2024 - Yeray Gutiérrez Cedrés <yeray.gutierrez@suse.com>
+
+- Enable multibuilld and create test flavor
+- Additionally we require python-mock just for older Python versions.
+
+-------------------------------------------------------------------
+Mon Feb  5 09:55:33 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
+- Rename salt-tests to python3-salt-testsuite
+
+-------------------------------------------------------------------
+Thu Feb  1 12:19:06 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 
 - Prevent directory traversal when creating syndic cache directory
   on the master (CVE-2024-22231, bsc#1219430)
 - Prevent directory traversal attacks in the master's serve_file
   method (CVE-2024-22232, bsc#1219431)
+
+- Added:
+  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
+
+-------------------------------------------------------------------
+Mon Jan 29 13:50:44 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Provide user(salt)/group(salt) capabilities for RPM 4.19
+
+-------------------------------------------------------------------
+Tue Jan 23 15:39:14 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Prevent exceptions with fileserver.update when called via state (bsc#1218482)
+
+- Added:
+  * allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
+
+-------------------------------------------------------------------
+Thu Jan 18 16:10:04 UTC 2024 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Improve pip target override condition with VENV_PIP_TARGET
   environment variable (bsc#1216850)
 - Fixed KeyError in logs when running a state that fails
+
+- Added:
+  * improve-pip-target-override-condition-with-venv_pip_.patch
+  * fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
+
+-------------------------------------------------------------------
+Thu Jan 18 13:06:21 UTC 2024 - Marek Czernek <marek.czernek@suse.com>
+
 - Ensure that pillar refresh loads beacons from pillar without restart
 - Fix the aptpkg.py unit test failure
 - Prefer unittest.mock to python-mock in test suite
+
+- Added:
+  * update-__pillar__-during-pillar_refresh.patch
+  * fix-the-aptpkg.py-unit-test-failure.patch
+  * prefer-unittest.mock-for-python-versions-that-are-su.patch
+
+-------------------------------------------------------------------
+Fri Dec  1 11:04:02 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
-- Revert changes to set Salt configured user early in the stack (bsc#1216284)
-- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
-- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
-- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
-- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
-- Allow all primitive grain types for autosign_grains (bsc#1214477)
-- Fix optimization_order opt to prevent testsuite fails
-- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
-- Use salt-call from salt bundle with transactional_update
-- Only call native_str on curl_debug message in tornado when needed
-- Implement the calling for batch async from the salt CLI
-- Fix calculation of SLS context vars when trailing dots
-  on targetted sls/state (bsc#1213518)
-- Rename salt-tests to python3-salt-testsuite
 
 - Added:
   * enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
-  * allow-all-primitive-grain-types-for-autosign_grains-.patch
-  * fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
-  * use-salt-call-from-salt-bundle-with-transactional_up.patch
-  * implement-the-calling-for-batch-async-from-the-salt-.patch
-  * fix-calculation-of-sls-context-vars-when-trailing-do.patch
-  * prefer-unittest.mock-for-python-versions-that-are-su.patch
-  * fix-cve-2023-34049-bsc-1215157.patch
-  * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
-  * allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
-  * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
+
+-------------------------------------------------------------------
+Thu Nov 16 10:33:00 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Revert changes to set Salt configured user early in the stack (bsc#1216284)
+
+- Added:
   * revert-make-sure-configured-user-is-properly-set-by-.patch
-  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
-  * improve-pip-target-override-condition-with-venv_pip_.patch
-  * only-call-native_str-on-curl_debug-message-in-tornad.patch
-  * update-__pillar__-during-pillar_refresh.patch
+
+-------------------------------------------------------------------
+Mon Nov 13 16:02:35 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
+- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
+
+- Added:
+  * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
+  * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
+
+-------------------------------------------------------------------
+Tue Oct 31 11:51:17 UTC 2023 - Alexander Graul <alexander.graul@suse.com>
+
+- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
+
+- Added:
+  * fix-cve-2023-34049-bsc-1215157.patch
+
+-------------------------------------------------------------------
+Tue Oct 17 15:28:22 UTC 2023 - Marek Czernek <marek.czernek@suse.com>
+
+- Allow all primitive grain types for autosign_grains (bsc#1214477)
+
+- Added:
+  * allow-all-primitive-grain-types-for-autosign_grains-.patch
+
+-------------------------------------------------------------------
+Mon Oct  2 12:49:41 UTC 2023 - Victor Zhestkov <vzhestkov@suse.com>
+
+- Fix optimization_order opt to prevent testsuite fails
+- Improve salt.utils.json.find_json to avoid fails
+  with transactional salt salt-ssh managed clients (bsc#1213293)
+- Use salt-call from salt bundle with transactional_update
+- Only call native_str on curl_debug message in tornado when needed
+- Implement the calling for batch async from the salt CLI
+
+- Added:
+  * implement-the-calling-for-batch-async-from-the-salt-.patch
   * improve-salt.utils.json.find_json-bsc-1213293.patch
-  * fix-the-aptpkg.py-unit-test-failure.patch
+  * only-call-native_str-on-curl_debug-message-in-tornad.patch
+  * use-salt-call-from-salt-bundle-with-transactional_up.patch
   * fix-optimization_order-opt-to-prevent-test-fails.patch
 
 -------------------------------------------------------------------
-Wed Sep 20 15:04:34 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+Mon Oct  2 09:50:00 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Fix calculation of SLS context vars when trailing dots
+  on targetted sls/state (bsc#1213518)
+
+- Added:
+  * fix-calculation-of-sls-context-vars-when-trailing-do.patch
+
+-------------------------------------------------------------------
+Wed Sep 20 12:17:44 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
 
 - Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
-- Revert usage of long running REQ channel (bsc#1213960, bsc#1213630, bsc#1213257)
-- Fix gitfs cachedir basename to avoid hash collisions (bsc#1193948, bsc#1214797, CVE-2023-20898)
+
+- Added:
+  * write-salt-version-before-building-when-using-with-s.patch
+
+-------------------------------------------------------------------
+Fri Sep  1 07:33:18 UTC 2023 - Victor Zhestkov <vzhestkov@suse.com>
+
+- Revert usage of long running REQ channel to prevent possible
+  missing responses on requests and dublicated responses
+  (bsc#1213960, bsc#1213630, bsc#1213257)
+
+- Added:
+  * revert-usage-of-long-running-req-channel-bsc-1213960.patch
+
+-------------------------------------------------------------------
+Thu Aug 31 09:51:20 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Fix gitfs cachedir basename to avoid hash collisions
+  (bsc#1193948, bsc#1214797, CVE-2023-20898)
+
+- Added:
+  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
+
+-------------------------------------------------------------------
+Tue Aug 22 12:03:21 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
 - Make sure configured user is properly set by Salt (bsc#1210994)
-- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
+- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897, bsc#1214796)
 - Fix broken tests to make them running in the testsuite
 - Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
+
+- Added:
+  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
+  * fix-tests-to-make-them-running-with-salt-testsuite.patch
+  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
+  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
+
+-------------------------------------------------------------------
+Wed Aug  9 15:13:50 UTC 2023 - Alexander Graul <alexander.graul@suse.com>
+
 - Create minion_id with reproducible mtime
 - Fix detection of Salt codename by "salt_version" execution module
 - Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
@@ -378,24 +829,17 @@ Wed Sep 20 15:04:34 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@s
 - Avoid conflicts with Salt dependencies versions (bsc#1211612)
 
 - Added:
+  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
   * fix-the-regression-of-user.present-state-when-group-.patch
-  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
-  * write-salt-version-before-building-when-using-with-s.patch
   * make-master_tops-compatible-with-salt-3000-and-older.patch
   * avoid-conflicts-with-dependencies-versions-bsc-12116.patch
-  * zypper-pkgrepo-alreadyconfigured-585.patch
-  * revert-usage-of-long-running-req-channel-bsc-1213960.patch
-  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
-  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
-  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
   * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
-  * fix-some-issues-detected-in-salt-support-cli-module-.patch
-  * fix-tests-to-make-them-running-with-salt-testsuite.patch
-  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
-  * define-__virtualname__-for-transactional_update-modu.patch
-  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
-  * mark-salt-3006-as-released-586.patch
   * fix-regression-multiple-values-for-keyword-argument-.patch
+  * zypper-pkgrepo-alreadyconfigured-585.patch
+  * mark-salt-3006-as-released-586.patch
+  * fix-some-issues-detected-in-salt-support-cli-module-.patch
+  * define-__virtualname__-for-transactional_update-modu.patch
+  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
 
 -------------------------------------------------------------------
 Fri May  5 08:29:26 UTC 2023 - Alexander Graul <alexander.graul@suse.com>

salt.spec

@@ -598,6 +598,23 @@ Patch187:       fix-tls-and-x509-modules-for-older-cryptography-modu.patch
 # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/issues/68469
 # PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/739
 Patch188:       backport-3006.17-security-fixes-739.patch
+# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/742
+Patch189:       extend-fails-to-warnings-until-2027-742.patch
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/68253
+Patch190:       simplify-utils.json.find_json-function.patch
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/68595
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/68611
+# PATCH-FIX_UPSTREAM: https://github.com/tornadoweb/tornado/pull/3553
+# PATCH-FIX_UPSTREAM: https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
+Patch191:       fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/68251
+Patch192:       speedup-wheel-key.finger-call-bsc-1240532-713.patch
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/67956
+Patch193:       use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch
+# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/66964
+Patch194:       backport-add-maintain-m-privilege-to-postgres-module.patch
+# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/745
+Patch195:       fix-tornado-s-httputil_test-syntax-for-python-3.6.patch
 
 
 ### IMPORTANT: The line below is used as a snippet marker. Do not touch it.

simplify-utils.json.find_json-function.patch

@@ -0,0 +1,173 @@
+From 7cbb68f36824161743f4cc60d8920e2cea039e5e Mon Sep 17 00:00:00 2001
+From: Marek Czernek <marek.czernek@suse.com>
+Date: Fri, 9 Jan 2026 16:49:19 +0100
+Subject: [PATCH] Simplify utils.json.find_json function
+
+The previous implementation computed all combinations of potential JSON
+documents and tried to `json.loads()`them. That resumted in num({) *
+num(}) tries, which could take hours on large inputs.
+
+The approach implemented with this change simplifies the work we do: we
+only look for opening '{' and '[' characters, and try to parse the rest
+of input string with JSONDecoder.raw_decode. This method ignores
+extraneous data at the end and is faster than doing it ourselves in
+Python.
+
+Co-authored-by: Alexander Graul <agraul@suse.com>
+---
+ changelog/68258.fixed.md              |  1 +
+ salt/utils/json.py                    | 80 ++++++---------------------
+ tests/pytests/unit/utils/test_json.py |  5 --
+ tests/unit/utils/test_json.py         | 12 ++++
+ 4 files changed, 31 insertions(+), 67 deletions(-)
+ create mode 100644 changelog/68258.fixed.md
+
+diff --git a/changelog/68258.fixed.md b/changelog/68258.fixed.md
+new file mode 100644
+index 0000000000..a9afeccef7
+--- /dev/null
++++ b/changelog/68258.fixed.md
+@@ -0,0 +1 @@
++Simplied and sped up `utils.json.find_json` function
+diff --git a/salt/utils/json.py b/salt/utils/json.py
+index 26cb38cdbe..1605e75f9f 100644
+--- a/salt/utils/json.py
++++ b/salt/utils/json.py
+@@ -2,7 +2,7 @@
+ Functions to work with JSON
+ """
+ 
+-
++import contextlib
+ import json
+ import logging
+ 
+@@ -25,69 +25,25 @@ def __split(raw):
+     return raw.splitlines()
+ 
+ 
+-def find_json(raw):
+-    """
+-    Pass in a raw string and load the json when it starts. This allows for a
+-    string to start with garbage and end with json but be cleanly loaded
+-    """
+-    ret = {}
+-    lines = __split(raw)
+-    lengths = list(map(len, lines))
+-    starts = []
+-    ends = []
+-
+-    # Search for possible starts end ends of the json fragments
+-    for ind, _ in enumerate(lines):
+-        line = lines[ind].lstrip()
+-        line = line[0] if line else line
+-        if line == "{" or line == "[":
+-            starts.append((ind, line))
+-        if line == "}" or line == "]":
+-            ends.append((ind, line))
+-
+-    # List all the possible pairs of starts and ends,
+-    # and fill the length of each block to sort by size after
+-    starts_ends = []
+-    for start, start_br in starts:
+-        for end, end_br in reversed(ends):
+-            if end > start and (
+-                (start_br == "{" and end_br == "}")
+-                or (start_br == "[" and end_br == "]")
+-            ):
+-                starts_ends.append((start, end, sum(lengths[start : end + 1])))
+-
+-    # Iterate through all the possible pairs starting from the largest
+-    starts_ends.sort(key=lambda x: (x[2], x[1] - x[0], x[0]), reverse=True)
+-    for start, end, _ in starts_ends:
+-        working = "\n".join(lines[start : end + 1])
+-        try:
+-            ret = json.loads(working)
+-            return ret
+-        except ValueError:
+-            pass
+-        # Try filtering non-JSON text right after the last closing curly brace
+-        end_str = lines[end].lstrip()[0]
+-        working = "\n".join(lines[start : end]) + end_str
+-        try:
+-            ret = json.loads(working)
+-            return ret
+-        except ValueError:
+-            continue
++def find_json(s: str):
++    """Pass in a string and load JSON within it.
+ 
+-    # Fall back to old implementation for backward compatibility
+-    # excpecting json after the text
+-    for ind, _ in enumerate(lines):
+-        working = "\n".join(lines[ind:])
+-        try:
+-            ret = json.loads(working)
+-        except ValueError:
+-            continue
+-        if ret:
+-            return ret
++    The string may contain non-JSON text before and after the JSON document.
+ 
+-    if not ret:
+-        # Not json, raise an error
+-        raise ValueError
++    Raises ValueError if no valid JSON was found.
++    """
++    decoder = json.JSONDecoder()
++
++    # We look for the beginning of JSON objects / arrays and let raw_decode() handle
++    # extraneous data at the end.
++    for idx, char in enumerate(s):
++        if char == "{" or char == "[":
++            # JSONDecodeErrors are expected on stray '{'/'[' in the non-JSON part
++            with contextlib.suppress(json.JSONDecodeError):
++                data, _ = decoder.raw_decode(s[idx:])
++                return data
++
++    raise ValueError
+ 
+ 
+ def import_json():
+diff --git a/tests/pytests/unit/utils/test_json.py b/tests/pytests/unit/utils/test_json.py
+index 72b1023003..f7aed28b42 100644
+--- a/tests/pytests/unit/utils/test_json.py
++++ b/tests/pytests/unit/utils/test_json.py
+@@ -107,11 +107,6 @@ def test_find_json():
+     ret = salt.utils.json.find_json(garbage_around_json)
+     assert ret == expected_ret
+ 
+-    # Now pre-pend small json and re-test
+-    small_json_pre_json = f"{test_small_json}{test_sample_json}"
+-    ret = salt.utils.json.find_json(small_json_pre_json)
+-    assert ret == expected_ret
+-
+     # Now post-pend small json and re-test
+     small_json_post_json = f"{test_sample_json}{test_small_json}"
+     ret = salt.utils.json.find_json(small_json_post_json)
+diff --git a/tests/unit/utils/test_json.py b/tests/unit/utils/test_json.py
+index 5ea409a705..f5dcc1f72d 100644
+--- a/tests/unit/utils/test_json.py
++++ b/tests/unit/utils/test_json.py
+@@ -49,6 +49,18 @@ class JSONTestCase(TestCase):
+         )
+     )
+ 
++    def test_find_json_unbalanced_brace_in_string(self):
++        test_sample_json = '{"title": "I like curly braces like this one:{"}'
++        expected_ret = {"title": "I like curly braces like this one:{"}
++        ret = salt.utils.json.find_json(test_sample_json)
++        self.assertDictEqual(ret, expected_ret)
++
++    def test_find_json_unbalanced_square_bracket_in_string(self):
++        test_sample_json = '{"title": "I like square brackets like this one:["}'
++        expected_ret = {"title": "I like square brackets like this one:["}
++        ret = salt.utils.json.find_json(test_sample_json)
++        self.assertDictEqual(ret, expected_ret)
++
+     def test_find_json(self):
+         test_sample_json = """
+                             {
+-- 
+2.52.0
+

speedup-wheel-key.finger-call-bsc-1240532-713.patch

@@ -0,0 +1,91 @@
+From c4542e59844bce3a65726564fa364170c1fe7b8c Mon Sep 17 00:00:00 2001
+From: Victor Zhestkov <vzhestkov@suse.com>
+Date: Wed, 14 Jan 2026 14:12:44 +0100
+Subject: [PATCH] Speedup wheel key.finger call (bsc#1240532) (#713)
+
+* Reduce the number of os.path.basename calls with key.finger
+
+* Simplify and speedup salt.key.Key.name_match
+
+* Avoid not needed printing while calling wheel from master
+
+* Populate missing parts for clear_load
+
+* Remove redundant events to be fired
+---
+ salt/key.py    | 20 ++++++++++----------
+ salt/master.py | 11 ++++++++---
+ 2 files changed, 18 insertions(+), 13 deletions(-)
+
+diff --git a/salt/key.py b/salt/key.py
+index b15b80eca3..8cd248bb8c 100644
+--- a/salt/key.py
++++ b/salt/key.py
+@@ -491,16 +491,15 @@ class Key:
+         ret = {}
+         if "," in match and isinstance(match, str):
+             match = match.split(",")
++        if not isinstance(match, list):
++            match = [match]
+         for status, keys in matches.items():
++            if match == ["*"] and keys:
++                ret[status] = keys
++                continue
+             for key in salt.utils.data.sorted_ignorecase(keys):
+-                if isinstance(match, list):
+-                    for match_item in match:
+-                        if fnmatch.fnmatch(key, match_item):
+-                            if status not in ret:
+-                                ret[status] = []
+-                            ret[status].append(key)
+-                else:
+-                    if fnmatch.fnmatch(key, match):
++                for match_item in match:
++                    if fnmatch.fnmatch(key, match_item):
+                         if status not in ret:
+                             ret[status] = []
+                         ret[status].append(key)
+@@ -543,12 +542,13 @@ class Key:
+         for dir_ in key_dirs:
+             if dir_ is None:
+                 continue
+-            ret[os.path.basename(dir_)] = []
++            base_dir = os.path.basename(dir_)
++            ret[base_dir] = []
+             try:
+                 for fn_ in salt.utils.data.sorted_ignorecase(os.listdir(dir_)):
+                     if not fn_.startswith("."):
+                         if os.path.isfile(os.path.join(dir_, fn_)):
+-                            ret[os.path.basename(dir_)].append(
++                            ret[base_dir].append(
+                                 salt.utils.stringutils.to_unicode(fn_)
+                             )
+             except OSError:
+diff --git a/salt/master.py b/salt/master.py
+index 09ce7d36a7..b9f009a028 100644
+--- a/salt/master.py
++++ b/salt/master.py
+@@ -2093,12 +2093,17 @@ class ClearFuncs(TransportMethods):
+                 "tag": tag,
+                 "user": username,
+             }
+-
+-            self.event.fire_event(data, tagify([jid, "new"], "wheel"))
++            clear_load.update(
++                {
++                    "__jid__": jid,
++                    "__tag__": tag,
++                    "__user__": username,
++                    "print_event": clear_load.get("print_event", False),
++                }
++            )
+             ret = self.wheel_.call_func(fun, full_return=True, **clear_load)
+             data["return"] = ret["return"]
+             data["success"] = ret["success"]
+-            self.event.fire_event(data, tagify([jid, "ret"], "wheel"))
+             return {"tag": tag, "data": data}
+         except Exception as exc:  # pylint: disable=broad-except
+             log.error("Exception occurred while introspecting %s: %s", fun, exc)
+-- 
+2.52.0
+