Update submodules from pool/openqa#9, pool/os-autoinst#4 and create patchinfo.20251024113708178377.93181000773252/_patchinfo

0Backports/Backports.changes

@@ -1,9 +1,3 @@
--------------------------------------------------------------------
-Tue Nov 11 08:48:51 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
-
-- Backports.productcompose:
-  - switch to version 16.1
-
 -------------------------------------------------------------------
 Fri Oct 10 07:19:41 UTC 2025 - Wolfgang Engel <wolfgang.engel@suse.com>
 

0Backports/Backports.productcompose

@@ -3,7 +3,7 @@ product_compose_schema: 0.2
 vendor: openSUSE
 name: Backports
 version: 16
-update: "16.1"
+update: "16.0"
 product-type: module
 summary: openSUSE Backports
 

_config

@@ -1,7 +1,7 @@
 %if 0%{?is_stage_project}
-Release: <CI_CNT>.<B_CNT> spec:bp161.999999.<CI_CNT>.<B_CNT>
+Release: <CI_CNT>.<B_CNT> spec:bp160.999999.<CI_CNT>.<B_CNT>
 %else
-Release: <CI_CNT>.<B_CNT> spec:bp161.<CI_CNT>.<B_CNT>
+Release: <CI_CNT>.<B_CNT> spec:bp160.<CI_CNT>.<B_CNT>
 %endif
 
 # 000productcompose experiment
@@ -129,6 +129,15 @@ Macros:
 %ffmpeg_pref ffmpeg-7
 :Macros
 
+# BEGIN GIMP STUFF - remove this section when gimp3 is ready
+# %if "%_project" == "openSUSE:Backports:SLE-16.0"
+# Macros:
+# Do not build python plugin in gimp2
+# %_without_python_plugin 1
+# :Macros
+# %endif
+# END GIMP STUFF
+
 # openSUSE -> SLE magic BuildRequires can work then
 Substitute: desktop-data-openSUSE-extra desktop-data-SLE-extra
 Substitute: desktop-data-openSUSE desktop-data-SLE
@@ -159,7 +168,7 @@ Macros:
 
 # Leap specific package list, the same list with excludebuild must add to Backports project
 # Most of package should be built in Backports
-%if "%_project" == "openSUSE:Backports:SLE-16.1"
+%if "%_project" == "openSUSE:Backports:SLE-16.0"
 # we build ffado:ffado-mixer for openSUSE, the main one is built in SLFO
 BuildFlags: excludebuild:ffado
 # build gpgme:qt flavor for qt5 support

_maintainership.json

@@ -1,3 +1,3 @@
 {
-    "": ["packagehub-review"]
+    "": ["maintenance-release-review"]
 }

patchinfo.20251010110535882810.90520734224245/_patchinfo

@@ -0,0 +1,66 @@
+<patchinfo incident="packagehub-1">
+  <issue tracker="bnc" id="1251334">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11213">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11216">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11207">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11211">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11212">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11210">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250780">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11208">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10890">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11206">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11460">VUL-0: chromium: release 141.0.7390.65</issue>
+  <issue tracker="cve" id="2025-11219">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="bnc" id="1250472">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11205">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10891">VUL-0: chromium: release 140.0.7339.207</issue>
+  <issue tracker="cve" id="2025-11458"/>
+  <issue tracker="cve" id="2025-11215">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-11209">VUL-0: chromium: release 141.0.7390.54</issue>
+  <issue tracker="cve" id="2025-10892">VUL-0: chromium: release 140.0.7339.207</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.76:
+
+  * Do not send URLs as AIM input. This is to resolve a privacy
+    concern, around passing urls to AI Mode.
+
+Chromium 141.0.7390.65 (boo#1251334):
+
+  * CVE-2025-11458: Heap buffer overflow in Sync
+  * CVE-2025-11460: Use after free in Storage
+  * CVE-2025-11211: Out of bounds read in WebCodecs
+
+Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780)
+
+  * CVE-2025-11205: Heap buffer overflow in WebGPU
+  * CVE-2025-11206: Heap buffer overflow in Video
+  * CVE-2025-11207: Side-channel information leakage in Storage
+  * CVE-2025-11208: Inappropriate implementation in Media
+  * CVE-2025-11209: Inappropriate implementation in Omnibox
+  * CVE-2025-11210: Side-channel information leakage in Tab
+  * CVE-2025-11211: Out of bounds read in Media
+  * CVE-2025-11212: Inappropriate implementation in Media
+  * CVE-2025-11213: Inappropriate implementation in Omnibox
+  * CVE-2025-11215: Off by one error in V8
+  * CVE-2025-11216: Inappropriate implementation in Storage
+  * CVE-2025-11219: Use after free in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
+Chromium 141.0.7390.37 (beta released 2025-09-24)
+
+Chromium 140.0.7339.207 (boo#1250472)
+
+  * CVE-2025-10890: Side-channel information leakage in V8
+  * CVE-2025-10891: Integer overflow in V8
+  * CVE-2025-10892: Integer overflow in V8
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251015125625066283.90520734224245/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo>
+  <issue tracker="bnc" id="1252013">VUL-0: CVE-2025-11756: chromium: Use after free in Safe Browsing</issue>
+  <issue tracker="cve" id="2025-11756"/>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Chromium 141.0.7390.107:
+
+* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
+
+</description>
+  <package>chromium</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085122907353.93181000773252/_patchinfo

@@ -0,0 +1,103 @@
+<patchinfo>
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for opi</summary>
+  <description>This update for opi fixes the following issues:
+
+- Version 5.8.8
+  * Fix adding openh264 repo on leap 16.0
+
+This update for opi fixes the following issues:
+
+- Version 5.8.7
+  * Fix ocenaudio url
+  * Add LocalSend plugin
+  * Run all tests in verbose mode
+  * Print written repo files in verbose mode
+  * Increase timeouts in test/06_install_non_interactive.py
+  * Remove DNF references from README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.8.5
+  * add librewolf plugin (#205)
+  * Install .NET 9
+  * Add verbose mode
+  * Change the order of the process in the github module
+  * Add rustdesk plugin
+
+This update for opi fixes the following issues:
+
+- Version 5.8.4
+  * Use arm64 rpm for libation on aarch64
+
+This update for opi fixes the following issues:
+
+- Version 5.8.3
+  * Install dependencies rpm-build and squashfs at runtime if needed
+  * Drop DNF support
+
+This update for opi fixes the following issues:
+
+- Version 5.8.2
+  * Warn about adding staging repos
+  * Gracefully handle zypper exit code 106 (repos without cache present)
+
+This update for opi fixes the following issues:
+
+- Version 5.8.1
+  * Fix SyntaxWarning: invalid escape sequence '\s'
+
+This update for opi fixes the following issues:
+
+- Version 5.8.0
+  * Add mullvad-brower
+
+This update for opi fixes the following issues:
+
+- Version 5.7.0
+  * Add leap-only plugin to install zellij from github release
+  * Don't use subprocess.run user kwarg on 15.6
+  * Fix tests: Use helloworld-opi-tests instead of zfs
+  * Perform search despite locked rpmdb
+  * Simplify backend code
+
+This update for opi fixes the following issues:
+
+- Use no macros in url in .spec for packtrack
+
+This update for opi fixes the following issues:
+
+- Version 5.6.0
+  * Add plugin to install vagrant from hashicorp repo
+
+This update for opi fixes the following issues:
+
+- Version 5.5.0
+  * Update opi/plugins/collabora.py
+  * add collabora office desktop
+  * Omit unsupported cli args on leap in 99_install_opi.py
+  * Switch to PEP517 install
+  * Fix 09_install_with_multi_repos_in_single_file_non_interactive.py
+  * Fix 07_install_multiple.py on tumbleweed
+  * Fix test suite on tumbleweed
+  * Update available apps in opi - README.md
+
+This update for opi fixes the following issues:
+
+- Version 5.4.0
+  * Show key ID when importing or deleting package signing keys
+  * Add option to install google-chrome-canary
+
+This update for opi fixes the following issues:
+
+- Version 5.3.0
+  * Fix tests for new zypper version
+  * fix doblue slash in packman repo url
+  * Add Plugin to install Libation
+
+</description>
+  <package>opi</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251017085327031166.93181000773252/_patchinfo

@@ -0,0 +1,17 @@
+<patchinfo>
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for virtme</summary>
+  <description>This update for virtme fixes the following issues:
+
+- Update to 1.38:
+  * Fix the infamous Stale file handle (ESTALE) errors with virtiofsd
+  * Fix for systemctl daemon-reload when systemd support is enabled
+  * Fix for a kernel symlink issue affecting openSUSE/SLE
+  * README/docs improvements
+  * Various coding style cleanups
+</description>
+  <package>virtme</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251020125830692820.93181000773252/_patchinfo

@@ -0,0 +1,55 @@
+<patchinfo>
+  <issue tracker="bnc" id="1206292">[SELinux] Wine/Proton not working reliably with default SELinux configuration</issue>
+  <packager>regularhunter</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for lutris</summary>
+  <description>This update for lutris fixes the following issues:
+
+- Move selinux dependency
+
+- Fix gaming under selinux (bsc#1206292)
+
+- Fix wrong placement of lang_package macro in spec file
+
+- Update to 0.5.19:
+  * Fix Proton integration bugs so Proton-fixes are applied
+  * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions;
+    Proton will handle these.
+  * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton
+  * DXVK's integrated D8VK will be enabled in Proton
+  * Emulator BIOS file location (used by libretro) may be set in Preferences
+  * Obtain the release year from GOG and Itch.io.
+  * MAME Machine setting uses a searchable entry for its enourmous list
+  * Support for importing Commodore 64 ROMs
+
+- Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for
+  Leap, fix for build error: directories not owned by a package:
+  /etc/apparmor.d
+
+- update to 0.5.18:
+  * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed
+  * Use dark theme by default
+  * Display cover-art rather than banners by default
+  * Add 'Uncategorized' view to sidebar
+  * Preference options that do not work on Wayland will be hidden when on Wayland
+  * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip
+  * A new filter button on the search box can build many of these fancy tags for you
+  * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything
+  * Updated the Flathub and Amazon source to new APIs, restoring integration
+  * Itch.io source integration will load a collection named 'Lutris' if present
+  * GOG and Itch.io sources can now offer Linux and Windows installers for the same game
+  * Added support for the 'foot' terminal
+  * Support for DirectX 8 in DXVK v2.4
+  * Support for Ayatana Application Indicators
+  * Additional options for Ruffle runner
+  * Updated download links for the Atari800 and MicroM8 runners
+  * No longer re-download cached installation files even when some are missing
+  * Lutris log is included in the 'System' tab of the Preferences window
+  * Improved error reporting, with the Lutris log included in the error details
+  * Add AppArmor profile for Ubuntu versions &gt;= 23.10
+  * Add Duckstation runner
+</description>
+  <package>lutris</package>
+  <seperate_build_arch/>
+</patchinfo>

patchinfo.20251024113708178377.93181000773252/_patchinfo

@@ -0,0 +1,120 @@
+<patchinfo>
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1761228068.a3a7f84d:
+  * Dependency cron 2025-10-23
+
+- Update to version 5.1761037330.ad78558e:
+  * Avoid needless check for number of clones
+  * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
+
+- Update to version 5.1760515610.a802d1dd:
+  * Lower the prio of archiving jobs to avoid piling up finalize jobs
+  * Add signatures in Schema::Result::ApiKeys
+
+- Update to version 5.1760245411.e3aeaaec:
+  * Dependency cron 2025-10-12
+
+- Update to version 5.1760108577.fd2f2a48:
+  * Log unavailability due to high load only as warning
+  * Filter job stats of scheduled products also by arch and build
+  * Document how to disable image optimizations
+  * Make image optimization errors stop the job producing an incomplete job
+  * Improve wording in description about job stats API
+  * Run `optipng` for real and handle errors if it fails
+
+- Update to version 5.1759912962.689b31ed:
+  * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
+
+- Update to version 5.1759834744.06a7028a:
+  * parser: ktap: Return earlier if subtest result is SKIP
+  * parser: ktap: Fallback to subtest index if name is not available
+
+- Update to version 5.1759440640.bb989cab:
+  * Don't redirect to asset domain via /needles/ID/(image|json) route
+
+- Update to version 5.1759402042.49e912c3:
+  * Introduce array job settings
+  * Retry `obs_rsync_update_*` tasks if Gru service terminates
+
+- Update to version 5.1759329378.3b8e8685:
+  * Reduce the number of required checks for Mergify again
+  * Ensure a failing cache service is seen as such by the worker/scheduler
+
+- Update to version 5.1759248257.70b23b32:
+  * Increase number of successful checks in Mergify config again
+  * Disable Helm Chart CI checks temporarily
+  * Consider all jobs for cleanup, not just jobs that were executed
+  * Verify job deletion when dependent job present
+
+- Update to version 5.1759149505.49c40b0b:
+  * Use always the latest PostgreSQL image in Compose and documentation
+  * Update the PostgreSQL version in the contributing documentation
+  * Update PostgreSQL data path in Docker Compose file after updating to v18
+  * Specify PostgreSQL version in Docker Compose configuration explicitly
+  * mergify: Allow more time for dependabot update reaction
+  * Remove version property from docker-compose
+  * README: Fix openQA badge after switch to UEFI
+  * build(deps-dev): bump eslint from 9.35.0 to 9.36.0
+
+- Update to version 5.1758910696.7549bb98:
+  * Replace argument assignment with signatures on ObsRsync/Task
+  * Enable automatic dependabot updates again after improvements
+  * docs: Add instructions for a continuous dashboard setup
+  * Replace argument assignment with signatures Folders package
+  * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
+  * script: Also use OPENQA_WEBUI_MODE for related services
+
+- Update to version 5.1758814503.03d923a4:
+  * Use Mojo::File in Worker for is_qemu_running
+  * Use Mojo::File in Worker for meminfo
+  * Document archiving of important jobs
+
+- Update to version 5.1758729450.b88c0b40:
+  * Reject jobs if worker is broken when receiving a new job
+
+- Update to version 5.1758711845.e5c02221:
+  * script: Allow to configure openQA mode
+  * t: run at least once Memorylimit register with max_rss_limit &gt; 0
+  * Replace argument assignation with signatures on MemoryLimit
+
+Changes in os-autoinst:
+
+- Update to version 5.1761036042.c43e4ab:
+  * Update perltidy
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759328765.e7438f7:
+  * Allow redirects in needle NeedleDownloader
+  * Don't overwrite firewall xml
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+
+- Update to version 5.1759134946.e08d7c7:
+  * Add UEFI support for ipxe kernel boot
+  * t: Use consistent Mojo::File in 08-autotest as well
+  * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface
+  * os-autoinst-setup-multi-machine: Only call zypper when necessary
+  * os-autoinst-setup-multi-machine: Improve network interface check
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <seperate_build_arch/>
+</patchinfo>

staging.config

@@ -1,4 +1,4 @@
 {
-  "ObsProject": "openSUSE:Backports:SLE-16.1",
-  "StagingProject": "openSUSE:Backports:SLE-16.1:PullRequest"
+  "ObsProject": "openSUSE:Backports:SLE-16.0",
+  "StagingProject": "openSUSE:Backports:SLE-16.0:PullRequest"
 }

workflow.config

@@ -1,23 +1,74 @@
 {
   "Workflows": ["pr"],
-  "GitProjectName": "products/PackageHub#leap-16.1",
+  "GitProjectName": "products/PackageHub#leap-16.0",
   "Organization": "pool",
-  "Branch": "leap-16.1",
+  "Branch": "leap-16.0",
   "ManualMergeProject": true,
+  "NoProjectGitPR": true,
   "Reviewers": [
-    "*packagehub-review",
+    "-maintenance-release-review",
+    "*opensuse-review",
     "+legaldb",
     "-autogits_obs_staging_bot",
+    "-qam-openqa-review"
   ],
   "ReviewGroups": [
     {
-      "Name": "packagehub-review",
+      "Name": "maintenance-release-review",
       "Reviewers": [
+        "abergmann",
+        "amattiazzo",
+        "bfilho",
+        "cmatos",
+        "crazybyte",
+        "emanuelecappello",
+        "gsonnu",
+        "maintenance-robot",
+        "mauriziogalli",
+        "mbozicevic",
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "pluskalm",
+        "rfrohl",
+        "slemke"
+        ],
+      "Silent": true
+    },
+    {
+      "Name": "opensuse-review",
+      "Reviewers": [
+        "alarrosa",
+        "anag",
+        "atartamo",
         "bigironman",
-        "lkocman-factory",
-        "maxlin_factory",
+        "darix",
+        "dimstar",
+        "dmach",
+        "eroca",
+        "jdsn",
+        "jengelh",
+        "mcalabkova",
+        "mstrigl",
+        "nkrapp",
+        "oertel",
+        "RBrownSUSE",
+        "simotek",
         "smithfarm"
-        ]
+      ],
+      "Silent": true
+    },
+    {
+      "Name": "qam-openqa-review",
+      "Reviewers": [
+        "mimi_vx",
+        "mschnitzer",
+        "msmeissn",
+        "openqa-maintenance",
+        "foursixnine-openqa",
+        "szarate"
+        ],
+      "Silent": true
     }
   ]
 }