Update submodules from pool/openqa#9 , pool/os-autoinst#4 and create patchinfo.20251022082540835298.93181000773252/_patchinfo

2025-10-22 10:26:56 +02:00
58 changed files with 32591 additions and 6637 deletions
--- a/.gitmodules
+++ b/.gitmodules
--- a/0Backports/Backports.changes
+++ b/0Backports/Backports.changes
@@ -1,49 +1,3 @@
-------------------------------------------------------------------
-Wed Feb  4 08:02:50 UTC 2026 - Yuchen Lin <mlin+factory@suse.de>
-
- Backports.productcompose:
-  + disabled some settings for maintenance, will re-enabling it once
-    maintenance mode
-  + add no_product_provides to build options
-
-------------------------------------------------------------------
-Tue Feb  3 08:08:54 UTC 2026 - Yuchen Lin <mlin+factory@suse.de>
-
- Backports.productcompose:
-  + add to backports_unneeded, cleanup more unneeded 32bit packages
-    libluajit-5_1-2-32bit
-    libmariadb3-32bit
-    libtss2-esys0-32bit
-    libtss2-mu0-32bit
-    libtss2-policy0-32bit
-    libtss2-rc0-32bit
-    libtss2-sys1-32bit
-    libtss2-tcti-cmd0-32bit
-    libtss2-tcti-device0-32bit
-    libtss2-tcti-mssim0-32bit
-    libtss2-tcti-spi-helper0-32bit
-    libtss2-tcti-swtpm0-32bit
-    libtss2-tctildr0-32bit
-
-------------------------------------------------------------------
-Fri Jan 16 15:51:12 UTC 2026 - Wolfgang Engel <wolfgang.engel@suse.com>
-
- Backports.productcompose:
-  + add to backports_unneeded, remove xen related packages (bsc#1253226)
-      xen
-      xen-devel
-      xen-libs
-      xen-doc-html
-      xen-tools
-      xen-tools-domU
-      xen-tools-xendomains-wait-disk
-
-------------------------------------------------------------------
-Tue Nov 11 08:48:51 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
-
- Backports.productcompose:
-  - switch to version 16.1
-
 -------------------------------------------------------------------
 Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>

--- a/0Backports/Backports.productcompose
+++ b/0Backports/Backports.productcompose
@@ -3,20 +3,19 @@ product_compose_schema: 0.2
 vendor: openSUSE
 name: Backports
 version: 16
-# update: "16.1"
+update: "16.0"
 product-type: module
 summary: openSUSE Backports

 scc:
  description: >
-    PackageHub ftp tree, also known as POOL.
+    Leap ftp tree, also known as POOL.
    Used for GA and maintenance update afterwards.

 build_options:
 ### For maintenance, otherwise only "the best" version of each package is picked:
-# - take_all_available_versions
+- take_all_available_versions
 - hide_flavor_in_product_directory_name
- no_product_provides

 ### Since the Backports product build is not self-contained in a single repository,
 ### the installcheck results at build-time are not useful. (As currently implemented,
@@ -34,7 +33,7 @@ repodata: all

 # has only an effect during maintenance:
 set_updateinfo_from: maintenance@opensuse.org
-# set_updateinfo_id_prefix: SUSE-PackageHub-16.1-
+set_updateinfo_id_prefix: SUSE-PackageHub-16.0-

 flavors:
  backports_aarch64:
@@ -174,9 +173,7 @@ packagesets:
  - libgusb2-32bit
  - libinput10-32bit
  - liblirc_driver0-32bit
-  - libluajit-5_1-2-32bit
  - libmanette-0_2-0-32bit
-  - libmariadb3-32bit
  - libpcap1-32bit
  - libpcap-devel-32bit
  - libpolkit-agent-1-0-32bit
@@ -190,18 +187,7 @@ packagesets:
 #  - libsybdb5-32bit
  - libsystemd0-mini
 #  - libtdsodbc0-32bit
-  - libtss2-esys0-32bit
  - libtss2-fapi1-32bit
-  - libtss2-mu0-32bit
-  - libtss2-policy0-32bit
-  - libtss2-rc0-32bit
-  - libtss2-sys1-32bit
-  - libtss2-tcti-cmd0-32bit
-  - libtss2-tcti-device0-32bit
-  - libtss2-tcti-mssim0-32bit
-  - libtss2-tcti-spi-helper0-32bit
-  - libtss2-tcti-swtpm0-32bit
-  - libtss2-tctildr0-32bit
  - libudev-mini1
  - libunbound-devel-mini
  - libusb-1_0-0-32bit
@@ -285,13 +271,6 @@ packagesets:
  - update-test-retracted
  - update-test-security
  - update-test-trivial
-  - xen
-  - xen-devel
-  - xen-libs
-  - xen-doc-html
-  - xen-tools
-  - xen-tools-domU
-  - xen-tools-xendomains-wait-disk
  - yum-utils

 # TODO: unneeded Leap package per architecture
--- a/1
+++ b/1
--- a/17
+++ b/17
@@ -1,8 +1,4 @@
-%if 0%{?is_stage_project}
-Release: <CI_CNT>.<B_CNT> spec:bp161.999999.<CI_CNT>.<B_CNT>
-%else
-Release: <CI_CNT>.<B_CNT> spec:bp161.<CI_CNT>.<B_CNT>
-%endif
+Release: <CI_CNT>.<B_CNT> spec:bp160.<CI_CNT>.<B_CNT>

 # 000productcompose experiment
 %if "%_repository" == "product"
@@ -129,6 +125,15 @@ Macros:
 %ffmpeg_pref ffmpeg-7
 :Macros

+# BEGIN GIMP STUFF - remove this section when gimp3 is ready
+# %if "%_project" == "openSUSE:Backports:SLE-16.0"
+# Macros:
+# Do not build python plugin in gimp2
+# %_without_python_plugin 1
+# :Macros
+# %endif
+# END GIMP STUFF
+
 # openSUSE -> SLE magic BuildRequires can work then
 Substitute: desktop-data-openSUSE-extra desktop-data-SLE-extra
 Substitute: desktop-data-openSUSE desktop-data-SLE
@@ -159,7 +164,7 @@ Macros:

 # Leap specific package list, the same list with excludebuild must add to Backports project
 # Most of package should be built in Backports
-%if "%_project" == "openSUSE:Backports:SLE-16.1"
+%if "%_project" == "openSUSE:Backports:SLE-16.0"
 # we build ffado:ffado-mixer for openSUSE, the main one is built in SLFO
 BuildFlags: excludebuild:ffado
 # build gpgme:qt flavor for qt5 support
--- a/_maintainership.json
+++ b/_maintainership.json
@@ -1,3 +1,3 @@
 {
-    "": ["packagehub-review"]
+    "": ["maintenance-release-review"]
 }
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/patchinfo.20251010110535882810.90520734224245/_patchinfo
+++ b/patchinfo.20251010110535882810.90520734224245/_patchinfo
@@ -0,0 +1,66 @@
+<patchinfo incident="packagehub-1">
+  <issue tracker="bnc" id="1251334">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11213">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11216">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11207">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11211">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11212">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11210">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250780">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11208">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10890">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11206">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11460">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11219">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250472">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11205">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10891">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11458"/>
+  <issue tracker="cve" id="2025-11215">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11209">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10892">VUL-0: chromium: release 140.0.7339.207</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.76:
+
+  * Do not send URLs as AIM input. This is to resolve a privacy
+    concern, around passing urls to AI Mode.
+
+Chromium 141.0.7390.65 (boo#1251334):
+
+  * CVE-2025-11458: Heap buffer overflow in Sync
+  * CVE-2025-11460: Use after free in Storage
+  * CVE-2025-11211: Out of bounds read in WebCodecs
+
+Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
+
+  * CVE-2025-11205: Heap buffer overflow in WebGPU
+  * CVE-2025-11206: Heap buffer overflow in Video
+  * CVE-2025-11207: Side-channel information leakage in Storage
+  * CVE-2025-11208: Inappropriate implementation in Media
+  * CVE-2025-11209: Inappropriate implementation in Omnibox
+  * CVE-2025-11210: Side-channel information leakage in Tab
+  * CVE-2025-11211: Out of bounds read in Media
+  * CVE-2025-11212: Inappropriate implementation in Media
+  * CVE-2025-11213: Inappropriate implementation in Omnibox
+  * CVE-2025-11215: Off by one error in V8
+  * CVE-2025-11216: Inappropriate implementation in Storage
+  * CVE-2025-11219: Use after free in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
+Chromium 141.0.7390.37 (beta released 2025-09-24)
+
+Chromium 140.0.7339.207 (boo#1250472)
+
+  * CVE-2025-10890: Side-channel information leakage in V8
+  * CVE-2025-10891: Integer overflow in V8
+  * CVE-2025-10892: Integer overflow in V8
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251015125625066283.90520734224245/_patchinfo
+++ b/patchinfo.20251015125625066283.90520734224245/_patchinfo
@@ -0,0 +1,17 @@
+<patchinfo>
+  <issue tracker="bnc" id="1252013">VUL-0: CVE-2025-11756: chromium: Use after free in Safe Browsing</issue>
+  <issue tracker="cve" id="2025-11756"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.107:
+
+* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.20251022082540835298.93181000773252/_patchinfo
+++ b/patchinfo.20251022082540835298.93181000773252/_patchinfo
@@ -0,0 +1,119 @@
+<patchinfo>
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1761037330.ad78558e:
+  * Avoid needless check for number of clones
+  * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
+
+- Update to version 5.1760515610.a802d1dd:
+  * Lower the prio of archiving jobs to avoid piling up finalize jobs
+  * Add signatures in Schema::Result::ApiKeys
+
+- Update to version 5.1760245411.e3aeaaec:
+  * Dependency cron 2025-10-12
+
+- Update to version 5.1760108577.fd2f2a48:
+  * Log unavailability due to high load only as warning
+  * Filter job stats of scheduled products also by arch and build
+  * Document how to disable image optimizations
+  * Make image optimization errors stop the job producing an incomplete job
+  * Improve wording in description about job stats API
+  * Run `optipng` for real and handle errors if it fails
+
+- Update to version 5.1759912962.689b31ed:
+  * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
+
+- Update to version 5.1759834744.06a7028a:
+  * parser: ktap: Return earlier if subtest result is SKIP
+  * parser: ktap: Fallback to subtest index if name is not available
+
+- Update to version 5.1759440640.bb989cab:
+  * Don't redirect to asset domain via /needles/ID/(image|json) route
+
+- Update to version 5.1759402042.49e912c3:
+  * Introduce array job settings
+  * Retry `obs_rsync_update_*` tasks if Gru service terminates
+
+- Update to version 5.1759329378.3b8e8685:
+  * Reduce the number of required checks for Mergify again
+  * Ensure a failing cache service is seen as such by the worker/scheduler
+
+- Update to version 5.1759248257.70b23b32:
+  * Increase number of successful checks in Mergify config again
+  * Disable Helm Chart CI checks temporarily
+  * Consider all jobs for cleanup, not just jobs that were executed
+  * Verify job deletion when dependent job present
+
+- Update to version 5.1759149505.49c40b0b:
+  * Use always the latest PostgreSQL image in Compose and documentation
+  * Update the PostgreSQL version in the contributing documentation
+  * Update PostgreSQL data path in Docker Compose file after updating to v18
+  * Specify PostgreSQL version in Docker Compose configuration explicitly
+  * mergify: Allow more time for dependabot update reaction
+  * Remove version property from docker-compose
+  * README: Fix openQA badge after switch to UEFI
+  * build(deps-dev): bump eslint from 9.35.0 to 9.36.0
+
+- Update to version 5.1758910696.7549bb98:
+  * Replace argument assignment with signatures on ObsRsync/Task
+  * Enable automatic dependabot updates again after improvements
+  * docs: Add instructions for a continuous dashboard setup
+  * Replace argument assignment with signatures Folders package
+  * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
+  * script: Also use OPENQA_WEBUI_MODE for related services
+
+- Update to version 5.1758814503.03d923a4:
+  * Use Mojo::File in Worker for is_qemu_running
+  * Use Mojo::File in Worker for meminfo
+  * Document archiving of important jobs
+
+- Update to version 5.1758729450.b88c0b40:
+  * Reject jobs if worker is broken when receiving a new job
+
+- Update to version 5.1758711845.e5c02221:
+  * script: Allow to configure openQA mode
+  * t: run at least once Memorylimit register with max_rss_limit &gt; 0
+  * Replace argument assignation with signatures on MemoryLimit
+
+
+Changes in os-autoinst:
+
+- Update to version 5.1761036042.c43e4ab:
+  * Update perltidy
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759328765.e7438f7:
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759134946.e08d7c7:
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+  * os-autoinst-setup-multi-machine: Only call zypper when necessary
+  * os-autoinst-setup-multi-machine: Improve network interface check
+
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/patchinfo.ga/_patchinfo
+++ b/patchinfo.ga/_patchinfo
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/staging.config
+++ b/staging.config
@@ -1,4 +1,4 @@
 {
-  "ObsProject": "openSUSE:Backports:SLE-16.1",
-  "StagingProject": "openSUSE:Backports:SLE-16.1:PullRequest"
+  "ObsProject": "openSUSE:Backports:SLE-16.0",
+  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest"
 }
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/workflow.config
+++ b/workflow.config
@@ -1,23 +1,74 @@
 {
  "Workflows": ["pr"],
-  "GitProjectName": "products/PackageHub#leap-16.1",
+  "GitProjectName": "products/PackageHub#leap-16.0",
  "Organization": "pool",
-  "Branch": "leap-16.1",
+  "Branch": "leap-16.0",
  "ManualMergeProject": true,
+  "NoProjectGitPR": true,
  "Reviewers": [
-    "*packagehub-review",
+    "-maintenance-release-review",
+    "*opensuse-review",
    "+legaldb",
    "-autogits_obs_staging_bot",
+    "-qam-openqa-review"
  ],
  "ReviewGroups": [
    {
-      "Name": "packagehub-review",
+      "Name": "maintenance-release-review",
      "Reviewers": [
+        "abergmann",
+        "amattiazzo",
+        "bfilho",
+        "cmatos",
+        "crazybyte",
+        "emanuelecappello",
+        "gsonnu",
+        "maintenance-robot",
+        "mauriziogalli",
+        "mbozicevic",
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "pluskalm",
+        "rfrohl",
+        "slemke"
+        ],
+      "Silent": true
+    },
+    {
+      "Name": "opensuse-review",
+      "Reviewers": [
+        "alarrosa",
+        "anag",
+        "atartamo",
        "bigironman",
-        "lkocman-factory",
-        "maxlin_factory",
+        "darix",
+        "dimstar",
+        "dmach",
+        "eroca",
+        "jdsn",
+        "jengelh",
+        "mcalabkova",
+        "mstrigl",
+        "nkrapp",
+        "oertel",
+        "RBrownSUSE",
+        "simotek",
        "smithfarm"
-        ]
+      ],
+      "Silent": true
+    },
+    {
+      "Name": "qam-openqa-review",
+      "Reviewers": [
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "openqa-maintenance",
+        "foursixnine-openqa",
+        "szarate"
+        ],
+      "Silent": true
    }
  ]
 }