diff --git a/_service b/_service
index 870f6f3..3ed56db 100644
--- a/_service
+++ b/_service
@@ -14,5 +14,7 @@
gz
+ github.com/ulikunitz/xz=github.com/ulikunitz/xz@v0.5.14
+ golang.org/x/net=golang.org/x/net@v0.46.0
diff --git a/sbctl-0.15.3.tar.gz b/sbctl-0.15.3.tar.gz
deleted file mode 100644
index 9266e18..0000000
--- a/sbctl-0.15.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:af78a78997f903aaa9d275d026e094cc4cbd668254ca320d463232728f91ad5f
-size 17951470
diff --git a/sbctl-0.18.tar.gz b/sbctl-0.18.tar.gz
new file mode 100644
index 0000000..9e5bba1
--- /dev/null
+++ b/sbctl-0.18.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f244890d1676bc9e7761ebbbdc7e94e516b47642ef37efd0b7b60e5223fcaaa5
+size 17960022
diff --git a/sbctl.changes b/sbctl.changes
index add4212..895b188 100644
--- a/sbctl.changes
+++ b/sbctl.changes
@@ -1,3 +1,74 @@
+-------------------------------------------------------------------
+Wed Nov 12 07:29:18 UTC 2025 - Fridrich Strba
+
+- Upgrade the embedded golang.org/x/net to 0.46.0
+ * Fixes: bsc#1251399, CVE-2025-47911: various algorithms with
+ quadratic complexity when parsing HTML documents
+ * Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption
+ by 'html.ParseFragment' when processing specially crafted input
+
+-------------------------------------------------------------------
+Mon Oct 13 09:06:05 UTC 2025 - Jan Loeser
+
+- Update to version 0.18:
+ * logging: fixup new go vet warning
+ * workflows: add cc for cross compile
+ * workflow: add sudo to apt
+ * workflow: add pcsclite to ci
+ * workflow: try enable cgo
+ * go.mod: update golang.org/x/ dependencies
+ * fix: avoid adding bogus Country attribute to subject DNs
+ * sbctl: only store file if we did actually sign the file
+ * installkernel: add post install hook for Debian's traditional installkernel
+ * CI: missing libpcsclite pkg
+ * workflows: add missing depends and new pattern keyword
+ * Add yubikey example for create keys to the README
+ * Initial yubikey backend keytype support
+ * verify: ensure we pass args in correct order
+
+-------------------------------------------------------------------
+Mon Sep 1 09:34:54 UTC 2025 - Michael Vetter
+
+- bsc#1248949 (CVE-2025-58058):
+ Bump xz to 0.5.14
+
+-------------------------------------------------------------------
+Mon May 5 11:24:29 UTC 2025 - Jan Loeser
+
+- Update to version 0.17:
+ * Ensure we don't wrongly compare input/output files when signing
+ * Added --json supprt to sbctl verify
+ * Ensure sbctl setup with no arguments returns a helpful output
+ * Import latest Microsoft keys for KEK and db databases
+ * Ensure we print the path of the file when encountering an invalid PE file
+ * Misc fixups in tests
+ * Misc typo fixes in prints
+
+-------------------------------------------------------------------
+Tue Oct 22 03:56:54 UTC 2024 - Joshua Smith
+
+- Disable tests that fail due to gh/foxboron/sbctl#343
+- Update to version 0.16:
+ * Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is
+ present
+ * Fixed a bug where sbctl would abort if the TPM eventlog
+ contains the same byte multiple times
+ * Fixed a landlock bug where enroll-keys --export did not work
+ * Fixed a bug where an ESP mounted to multiple paths would not be
+ detected
+ * Exporting keys without efivars present work again
+ * sbctl sign will now use the saved output path if the signed
+ file is enrolled
+ * enroll-keys --append will now work without --force.
+- Updates from version 0.15.4:
+ * Fixed an issue where sign-all did not report a non-zero exit
+ code when something failed
+ * Fixed and issue where we couldn't write to a file with landlock
+ * Fixed an issue where --json would print the human readable
+ output and the json
+ * Fixes landlock for UKI/bundles by disabling the sandbox feature
+ * Some doc fixups that mentioned /usr/share/
+
-------------------------------------------------------------------
Wed Jul 31 23:55:22 UTC 2024 - Joshua Smith
diff --git a/sbctl.spec b/sbctl.spec
index 78f6616..de79b3c 100644
--- a/sbctl.spec
+++ b/sbctl.spec
@@ -1,7 +1,7 @@
#
# spec file for package sbctl
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,12 @@
Name: sbctl
-Version: 0.15.3
+Version: 0.18
Release: 0
Summary: Secure Boot key manager
License: MIT
Group: System/Boot
URL: https://github.com/Foxboron/sbctl
-%if "%{_vendor}" == "debbuild"
-# Needed to set Maintainer in output debs
-Packager: Jan Loeser
-%endif
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Source2: %{name}-rpmlintrc
@@ -42,10 +38,12 @@ BuildRequires: binutils
%if 0%{?suse_version}
BuildRequires: go >= 1.22.0
BuildRequires: golang-packaging
+BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig(openssl) > 3.0.0
%endif
%if 0%{?ubuntu}
BuildRequires: golang >= 1.22.0
+BuildRequires: libpcsclite-dev
BuildRequires: libssl-dev > 3.0.0
%endif
@@ -74,21 +72,20 @@ VERSION="%{version}" %make_build all
# Fix potential-bashisms rpmlint error by using bash shebang
sed -i 's|bin/sh|bin/bash|' %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl.install
-%check
-%make_build test
-
%files
%doc README.md
%license LICENSE
%dir %{_prefix}/lib/kernel/
%dir %{_prefix}/lib/kernel/install.d/
+%dir %{_prefix}/lib/kernel/postinst.d/
%dir %{_datadir}/fish/
%dir %{_datadir}/fish/vendor_completions.d/
%dir %{_datadir}/zsh/
%dir %{_datadir}/zsh/site-functions/
%{_prefix}/lib/kernel/install.d/91-sbctl.install
+%{_prefix}/lib/kernel/postinst.d/91-sbctl.install
%{_mandir}/man8/sbctl.8*
%{_mandir}/man5/sbctl.conf.5*
%{_datadir}/bash-completion/completions/sbctl
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 33d47b6..f70c919 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:b66951060caf84826b0f64aa2dacc23fc8bfcbee06c7b633ac90f846d723a293
-size 5705126
+oid sha256:d2fc644ddb2b233faec1f29dd1199748667ff2a50640a8b5107920fef6ca1fa2
+size 5068731