patchinfo.20260306125327680533.93181000773252/_patchinfo

@@ -0,0 +1,71 @@
+<patchinfo>
+  <issue tracker="bnc" id="1258632">VUL-0: CVE-2026-26996: openQA: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string</issue>
+  <issue tracker="bnc" id="1259005">VUL-0: CVE-2026-27904: openQA: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking complexity and a ReDoS</issue>
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>important</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1772536058.8ca2d170:
+  * fix(config): Drop max_conns to allow proper queueing
+  * refactor: Improve code in `renderTestLists()`
+  * feat: Pass all parameters when making AJAX requests on "All tests" page
+  * feat: Allow use of `job_setting` parameter also on "All tests" page
+  * refactor: Simplify code for passing query parameters on "All tests"
+  * fix(dependencies): add missing "make" to devel sub-package
+  * test: remove stabilized tests from tools/unstable_tests.txt
+  * test(lib): remove unused "disconnect" function
+  * test(lib): mark uncovered line
+  * build(Makefile): add make target help text
+  * fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632)
+
+- Update to version 5.1772460208.7a4e1e06:
+  * docs: Document array-like job settings and `job_setting` parameter
+  * test: Ensure test of filter params of jobs API fails if code breaks
+  * feat: Support searching by job settings in API to list jobs
+  * refactor: Improve `cancel_by_settings`
+  * fix: Allow filtering by more than one job setting in various routes
+  * test: Improve checks in `t/api/02-iso.t`
+  * feat: Allow searching by job settings via overview routes
+  * style: use consistent q{} syntax for SQL strings in Cache Model
+  * refactor: streamline IPC::Run usage and signal handling
+  * test: remove t/25-cache-service.t from unstable_tests.txt
+  * test: improve robustness of t/25-cache-service.t
+  * test: refactor InfluxDB subtest to reduce duplication
+  * test: improve infrastructure for t/25-cache-service.t
+  * fix: improve database robustness in Cache model
+  * fix: log rsync stderr in CacheService::Task::Sync
+  * test: support OPENQA_TEST_WAIT_INTERVAL in wait_for
+  * fix(cache): capture stderr and handle exit status robustly in Sync task
+  * test: make SIGCHLD handler selective in OpenQA::Test::Utils
+  * docs: document aggregate result badges for overview queries
+
+Changes in os-autoinst:
+
+- Update to version 5.1772663930.9a9bd7d:
+  * feat: add EXIT_AFTER_MODULE to stop after a specified module
+  * fix: Update gre_tunnel_preup script to support NetworkManager
+  * feat: Handle timeout when typing command in `background_script_run`
+  * feat: Allow opting-out of check when typing command in `script_run`
+  * feat: Handle timeout when typing command in `script_run`
+  * test: implement conventional commits check with gitlint
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1772536058.8ca2d1709:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>