Update submodules from pool/mosquitto#2 and create patchinfo.20260223091213884795.93181000773252/_patchinfo

PR: products/PackageHub!462

.gitmodules

@@ -15466,6 +15466,10 @@
 	path = python-PyKCS11
 	url = ../../pool/python-PyKCS11
 	branch = leap-16.0
+[submodule "python-pynetbox"]
+	path = python-pynetbox
+	url = ../../pool/python-pynetbox
+	branch = leap-16.0
 [submodule "python-PyPDF2"]
 	path = python-PyPDF2
 	url = ../../pool/python-PyPDF2
@@ -16086,6 +16090,10 @@
 	path = python-makefun
 	url = ../../pool/python-makefun
 	branch = leap-16.0
+[submodule "python-mando"]
+	path = python-mando
+	url = ../../pool/python-mando
+	branch = leap-16.0
 [submodule "python-mathics-pygments"]
 	path = python-mathics-pygments
 	url = ../../pool/python-mathics-pygments
@@ -16702,6 +16710,10 @@
 	path = python-qtwebengine-qt5
 	url = ../../pool/python-qtwebengine-qt5
 	branch = leap-16.0
+[submodule "python-radon"]
+	path = python-radon
+	url = ../../pool/python-radon
+	branch = leap-16.0
 [submodule "python-rapidfuzz"]
 	path = python-rapidfuzz
 	url = ../../pool/python-rapidfuzz
@@ -16862,6 +16874,10 @@
 	path = python-tcolorpy
 	url = ../../pool/python-tcolorpy
 	branch = leap-16.0
+[submodule "python-tenacity"]
+	path = python-tenacity
+	url = ../../pool/python-tenacity
+	branch = leap-16.0
 [submodule "python-textile"]
 	path = python-textile
 	url = ../../pool/python-textile
@@ -26094,10 +26110,6 @@
 	path = nextcloud-desktop
 	url = ../../pool/nextcloud-desktop
 	branch = leap-16.0
-[submodule "nmap"]
-	path = nmap
-	url = ../../pool/nmap
-	branch = leap-16.0
 [submodule "hplip"]
 	path = hplip
 	url = ../../pool/hplip

0Backports/Backports.productcompose

@@ -1414,7 +1414,14 @@ packagesets:
   - go1.24-race
   - go1.25
   - go1.25-doc
+  - go1.25-openssl
+  - go1.25-openssl-race
   - go1.25-race
+  - go1.26
+  - go1.26-doc
+  - go1.26-race
+  - go1.26-openssl
+  - go1.26-openssl-race
   - gobject-introspection
   - gobject-introspection-devel
   - golang-github-cpuguy83-go-md2man
@@ -4678,9 +4685,13 @@ packagesets:
   - nodejs22
   - nodejs22-devel
   - nodejs22-docs
+  - nodejs24
+  - nodejs24-devel
+  - nodejs24-docs
   - novnc
   - npm-default
   - npm22
+  - npm24
   - npth-devel
   - nss-mdns
   - nss_synth
@@ -7983,6 +7994,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - libLLVMSPIRVLib19
   - libatopology2
   - libdpdk-25
@@ -8096,6 +8109,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - kernel-zfcpdump
   - kiwi-settings
   - libHBAAPI2
@@ -8237,6 +8252,8 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_5-default
   - kernel-livepatch-6_12_0-160000_6-default
   - kernel-livepatch-6_12_0-160000_7-default
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_9-default
   - kiwi-pxeboot
   - kubevirt-virtctl
   - libFLAC++10-x86-64-v3

patchinfo.20260213163213815955.255638743075857/_patchinfo

@@ -0,0 +1,61 @@
+<patchinfo incident="packagehub-134">
+  <issue tracker="cve" id="2026-2319"/>
+  <issue tracker="cve" id="2026-2322"/>
+  <issue tracker="cve" id="2026-2313"/>
+  <issue tracker="cve" id="2026-2318"/>
+  <issue tracker="cve" id="2026-2441"/>
+  <issue tracker="cve" id="2026-2316"/>
+  <issue tracker="bnc" id="1258185">VUL-0: CVE-2026-2441: chromium: Use after free in CSS (fixed in 145.0.7632.75)</issue>
+  <issue tracker="cve" id="2026-2323"/>
+  <issue tracker="cve" id="2026-2321"/>
+  <issue tracker="cve" id="2026-2317"/>
+  <issue tracker="bnc" id="1258116">VUL-0: chromium: release 145.0.7632.45</issue>
+  <issue tracker="cve" id="2026-2315"/>
+  <issue tracker="cve" id="2026-2320"/>
+  <issue tracker="cve" id="2026-2314"/>
+  <issue tracker="bnc" id="1258199">chromium desktop icon shows @@MENUNAME</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- more fixes for desktop file, some variables were lowercased,
+  further adaptions in INSTALL script (boo#1258199)
+
+- also copy rollup into third_party/node/node_modules
+- stay on llvm-10 for swiftshader but bring a similar patch
+
+- drop use of rollup binaries and use rollup-3.x which does not
+  use prebuilt binaries (that fail at least on older ppc64le)
+  follow the approach of the debian packaging
+
+- update/resync ppc64le patches from fedora
+
+- fix INSTALL.sh again to replace the tags in desktop file,
+  appdata and manpage (boo#1258199) 
+
+- Chromium 145.0.7632.75:
+  * CVE-2026-2441: Use after free in CSS (boo#1258185)
+
+- Chromium 145.0.7632.67:
+  * Revert a change in url_fixer that may have caused crashes
+
+- Chromium 145.0.7632.45 (boo#1258116)
+  * jpeg-xl support has been readded
+  * CVE-2026-2313: Use after free in CSS
+  * CVE-2026-2314: Heap buffer overflow in Codecs
+  * CVE-2026-2315: Inappropriate implementation in WebGPU
+  * CVE-2026-2316: Insufficient policy enforcement in Frames
+  * CVE-2026-2317: Inappropriate implementation in Animation
+  * CVE-2026-2318: Inappropriate implementation in PictureInPicture
+  * CVE-2026-2319: Race in DevTools
+  * CVE-2026-2320: Inappropriate implementation in File input
+  * CVE-2026-2321: Use after free in Ozone
+  * CVE-2026-2322: Inappropriate implementation in File input
+  * CVE-2026-2323: Inappropriate implementation in Downloads
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260217100155183262.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-132">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-pynetbox</summary>
+  <description>This update for python-pynetbox fixes the following issues:
+
+Introduce python-pynetbox.
+</description>
+  <package>python-pynetbox</package>
+</patchinfo>

patchinfo.20260217101420747614.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-131">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-tenacity</summary>
+  <description>This update for python-tenacity fixes the following issues:
+
+Introduce python-tenacity.
+</description>
+  <package>python-tenacity</package>
+</patchinfo>

patchinfo.20260217101729385493.255638743075857/_patchinfo

@@ -0,0 +1,12 @@
+<patchinfo incident="packagehub-133">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for python-radon, python-mando</summary>
+  <description>This update for python-radon, python-mando fixes the following issues:
+
+Introduce python-radon and dependency python-mando.
+</description>
+  <package>python-radon</package>
+  <package>python-mando</package>
+</patchinfo>

patchinfo.20260217102701782018.255638743075857/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo>
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for nmap</summary>
-  <description>This update for nmap fixes the following issues:
-
-Add nmap.
-</description>
-  <package>nmap</package>
-</patchinfo>

patchinfo.20260217103144656312.255638743075857/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-130">
+  <packager>rrahl0</packager>
+  <rating>low</rating>
+  <category>recommended</category>
+  <summary>Recommended update for neovim</summary>
+  <description>This update for neovim fixes the following issues:
+
+Changes in neovim:
+
+- Update license header in the spec file template
+</description>
+  <package>neovim</package>
+</patchinfo>

patchinfo.20260217132152201956.255638743075857/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-129">
+  <packager>michals</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gitea-tea</summary>
+  <description>This update for gitea-tea fixes the following issues:
+
+Changes in gitea-tea:
+
+- Fix terminal rendering errors
+</description>
+  <package>gitea-tea</package>
+</patchinfo>

patchinfo.20260219090019061643.93181000773252/_patchinfo

@@ -0,0 +1,20 @@
+<patchinfo incident="packagehub-136">
+  <issue tracker="cve" id="2026-2649">VUL-0: chromium: update to 145.0.7632.109</issue>
+  <issue tracker="cve" id="2026-2650">VUL-0: chromium: update to 145.0.7632.109</issue>
+  <issue tracker="cve" id="2026-2648">VUL-0: chromium: update to 145.0.7632.109</issue>
+  <issue tracker="bnc" id="1258438">VUL-0: chromium: update to 145.0.7632.109</issue>
+  <packager>AndreasStieger</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 145.0.7632.109 (boo#1258438):
+  * CVE-2026-2648: Heap buffer overflow in PDFium
+  * CVE-2026-2649: Integer overflow in V8
+  * CVE-2026-2650: Heap buffer overflow in Media
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260219090959320014.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-135">
+  <issue tracker="bnc" id="1256414">VUL-0: CVE-2025-68158: python-Authlib: 1-click account takeover in applications that use the Authlib library</issue>
+  <issue tracker="cve" id="2025-68158">VUL-0: CVE-2025-68158: python-Authlib: 1-click account takeover in applications that use the Authlib library</issue>
+  <packager>nkrapp</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for python-Authlib</summary>
+  <description>This update for python-Authlib fixes the following issues:
+
+Changes in python-Authlib:
+
+- CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414)
+</description>
+  <package>python-Authlib</package>
+</patchinfo>

patchinfo.20260223091213884795.93181000773252/_patchinfo

@@ -0,0 +1,88 @@
+<patchinfo>
+  <issue tracker="bnc" id="1258671">Mosquitto versions &gt; 2.0.11 and &lt; 2.0.23 have a data loss bug</issue>
+  <issue tracker="cve" id="2024-3935">VUL-0: CVE-2024-3935: mosquitto: double free and subsequent crash when running under bridge mode and processing remote connections</issue>
+  <issue tracker="bnc" id="1232636">VUL-0: CVE-2024-10525: mosquitto: out-of-bounds memory access when acting in an on_subscribe callback for a crafted SUBACK packet with no reason codes</issue>
+  <issue tracker="bnc" id="1232635">VUL-0: CVE-2024-3935: mosquitto: double free and subsequent crash when running under bridge mode and processing remote connections</issue>
+  <issue tracker="cve" id="2024-10525">VUL-0: CVE-2024-10525: mosquitto: out-of-bounds memory access when acting in an on_subscribe callback for a crafted SUBACK packet with no reason codes</issue>
+  <packager>AndreasStieger</packager>
+  <rating>critical</rating>
+  <category>security</category>
+  <summary>Security update for mosquitto</summary>
+  <description>This update for mosquitto fixes the following issues:
+
+Changes in mosquitto:
+
+- update to 2.0.23 (boo#1258671)
+  * Fix handling of disconnected sessions for `per_listener_settings
+    true`
+  * Check return values of openssl *_get_ex_data() and
+    *_set_ex_data() to prevent possible crash. This could occur only
+    in extremely unlikely situations
+  * Check return value of openssl ASN1_string_[get0_]data()
+    functions for NULL. This prevents a crash in case of incorrect
+    certificate handling in openssl
+  * Fix potential crash on startup if a malicious/corrupt
+    persistence file from mosquitto 1.5 or earlier is loaded
+  * Limit auto_id_prefix to 50 characters
+
+- Update to version 2.0.22
+  Broker
+  * Bridge: Fix idle_timeout never occurring for lazy bridges.
+  * Fix case where max_queued_messages = 0 was not treated as
+    unlimited.
+  * Fix --version exit code and output.
+  * Fix crash on receiving a $CONTROL message over a bridge, if
+    per_listener_settings is set true and the bridge is carrying
+    out topic remapping.
+  * Fix incorrect reference clock being selected on startup on
+    Linux. Closes #3238.
+  * Fix reporting of client disconnections being incorrectly
+    attributed to "out of memory".
+  * Fix compilation when using WITH_OLD_KEEPALIVE.
+  * Fix problems with secure websockets.
+  * Fix crash on exit when using WITH_EPOLL=no.
+  * Fix clients being incorrectly expired when they have
+    keepalive == max_keepalive. Closes #3226, #3286.
+  Dynamic security plugin
+  * Fix mismatch memory free when saving config which caused
+    memory tracking to be incorrect.
+  Client library
+  * Fix C++ symbols being removed when compiled with link time
+    optimisation.
+  * TLS error handling was incorrectly setting a protocol error
+    for non-TLS errors. This would cause the mosquitto_loop_start()
+    thread to exit if no broker was available on the first
+    connection attempt. This has been fixed. Closes #3258.
+  * Fix linker errors on some architectures using cmake.
+
+- Update to version 2.0.21
+  Broker
+  * Fix clients sending a RESERVED packet not being quickly
+    disconnected.
+  * Fix bind_interface producing an error when used with an
+    interface that has an IPv6 link-local address and no other
+    IPv6 addresses.
+  * Fix mismatched wrapped/unwrapped memory alloc/free in
+    properties.
+  * Fix allow_anonymous false not being applied in local only mode.
+  * Add retain_expiry_interval option to fix expired retained
+    message not being removed from memory if they are not
+    subscribed to.
+  * Produce an error if invalid combinations of
+    cafile/capath/certfile/keyfile are used.
+  * Backport keepalive checking from develop to fix problems in
+    current implementation.
+  Client library
+  * Fix potential deadlock in mosquitto_sub if -W is used.
+  Apps
+  * mosquitto_ctrl dynsec now also allows -i to specify a clientid
+    as well as -c. This matches the documentation which states -i.
+  Tests
+  * Fix 08-ssl-connect-cert-auth-expired and
+    08-ssl-connect-cert-auth-revoked tests when under load.
+
+- systemd service: Wait till the network got setup to avoid
+  startup failure.
+</description>
+  <package>mosquitto</package>
+</patchinfo>