Update submodules from pool/openQA#21 , pool/os-autoinst#14 and create patchinfo.20260206095645434427.93181000773252/_patchinfo

2026-02-06 10:57:51 +01:00
16 changed files with 97 additions and 119 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -258,10 +258,6 @@
 	path = OpenShadingLanguage
 	url = ../../pool/OpenShadingLanguage
 	branch = leap-16.0
-[submodule "OpenSMTPD"]
-	path = OpenSMTPD
-	url = ../../pool/OpenSMTPD
-	branch = leap-16.0
 [submodule "OpenSubdiv"]
 	path = OpenSubdiv
 	url = ../../pool/opensubdiv
@@ -3074,10 +3070,6 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
-[submodule "doomsday"]
-	path = doomsday
-	url = ../../pool/doomsday
-	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7182,10 +7174,6 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
-[submodule "gnucobol"]
-	path = gnucobol
-	url = ../../pool/gnucobol
-	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/1
+++ b/1
--- a/1
+++ b/1
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/2
+++ b/2
--- a/patchinfo.20260204115012215375.93181000773252/_patchinfo
+++ b/patchinfo.20260204115012215375.93181000773252/_patchinfo
@@ -1,30 +0,0 @@
-<patchinfo incident="packagehub-113">
-  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
-  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
-  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
-  <issue tracker="cve" id="2026-1207"/>
-  <issue tracker="cve" id="2026-1312"/>
-  <issue tracker="cve" id="2026-1287"/>
-  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
-  <issue tracker="cve" id="2025-13473"/>
-  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
-  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
-  <issue tracker="cve" id="2025-14550"/>
-  <issue tracker="cve" id="2026-1285"/>
-  <packager>mcalabkova</packager>
-  <rating>important</rating>
-  <category>security</category>
-  <summary>Security update for python-Django</summary>
-  <description>This update for python-Django fixes the following issues:
-
-Changes in python-Django:
-
- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
-</description>
-  <package>python-Django</package>
-</patchinfo>
--- a/patchinfo.20260204115510991084.93181000773252/_patchinfo
+++ b/patchinfo.20260204115510991084.93181000773252/_patchinfo
@@ -1,22 +0,0 @@
-<patchinfo incident="packagehub-112">
-  <issue tracker="cve" id="2026-1862"/>
-  <issue tracker="cve" id="2026-1861"/>
-  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
-  <packager>oertel</packager>
-  <rating>important</rating>
-  <category>security</category>
-  <summary>Security update for chromium</summary>
-  <description>This update for chromium fixes the following issues:
-
-Changes in chromium:
-
- Chromium 144.0.7559.132 (boo#1257650)
-  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
-    prior to 144.0.7559.132 allowed a remote attacker to potentially
-    exploit heap corruption via a crafted HTML page.
-  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
-    144.0.7559.132 allowed a remote attacker to potentially exploit
-    heap corruption via a crafted HTML page.
-</description>
-  <package>chromium</package>
-</patchinfo>
--- a/patchinfo.20260206094000823685.93181000773252/_patchinfo
+++ b/patchinfo.20260206094000823685.93181000773252/_patchinfo
@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-115">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for gnucobol</summary>
-  <description>This update for gnucobol fixes the following issues:
-
-Introduce gnucobol.
-</description>
-  <package>gnucobol</package>
-</patchinfo>
--- a/patchinfo.20260206095645434427.93181000773252/_patchinfo
+++ b/patchinfo.20260206095645434427.93181000773252/_patchinfo
@@ -0,0 +1,92 @@
+<patchinfo>
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst</summary>
+  <description>This update for openQA, os-autoinst fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1770274061.387b318c:
+  * Remove dependencies not available in 16
+  * Remove all explicit versions from ci-packages.txt
+  * Explicitly use new cache key for fullstack_cache
+  * Use devel:openQA 16.0 repositories
+  * fix: Create user directory without sudo
+  * refactor(ui): use native DOM APIs for bulk action logic
+  * Update devel:openQA:ci/base container to Leap 16
+  * Mark some one line catch statements uncoverable
+  * Move t/07-api_jobtokens.t to t/api/
+  * refactor: Avoid mapping of actions in df-based cleanup
+  * refactor: Use loop to invoke `_delete_jobs` repeatedly
+  * refactor: Simplify code for df-based cleanup further
+  * refactor: Extract repeated lookup and loop into separate function
+  * Dependency cron 2026-02-03
+  * feat(ui): add bulk action checkboxes to test overview filters
+  * feat(openqa-clone-custom-git-refspec): add "BADGE" mode
+  * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode
+  * feat(UI): add delete button for job groups and parent groups
+  * refactor(javascripts): harden by using const in admin_groups.js
+  * feat(api): prevent deletion of non-empty parent job groups
+  * docs: Fix typo in MCP documentation
+  * docs: Improve note about enabling modern Perl features
+  * test: Remove unused parameters in `OpenQA::Test::Case::login`
+  * navbar: add new item in menu to link MCP documentation
+  * Refactor t/lib/OpenQA/Test/Case.pm with signatures
+  * test: Consider all API controller code covered
+  * test: Cover remaining error cases of worker API
+  * fix: Improve error handling when updating records in admin tables
+  * test: Ensure consistent coverage of job cancellation function
+  * Prepare documentation generation for Leap 16.0
+  * test: Cover remaining lines of `Search.pm`
+  * test: Cover remaining lines of `Locks.pm`
+  * refactor: Simplify `JobTemplate::destroy`
+  * refactor: Remove unused code from `JobTemplate.pm`
+  * git subrepo pull (merge) external/os-autoinst-common
+  * style: Add quotes in openqa-bootstrap
+  * feat: default API key expiration to 1 year, aligning with UI
+  * feat: wrap array in an object in api_key API responses
+  * feat: add API endpoint for deleting API keys
+  * feat: add API endpoint for listing API keys
+  * feat: add API endpoint for creating API keys
+  * fix(openqa-bootstrap): prevent shellcheck warning SC2086
+  * Add dependency on 'file'
+  * refactor: Write code in `JobGroup.pm` in a more compact way
+  * test: Consider `Job.pm` fully covered
+  * test: Add tests for error handling of artefact upload
+  * refactor: Format artefact upload test in a more compact way
+  * test: Add tests for using assigned worker on job status updates
+  * test: Add tests for re-scheduling invalid scheduled product
+  * test: Add tests for querying non-existent scheduled product
+  * refactor: Use more compact coding style in `show_scheduled_product`
+  * refactor: Improve `Mm.pm`
+  * test: Improve tests of multi-machine API
+  * Remove unused module Config::Tiny from dependencies
+
+- Update to version 5.1769603414.6c0fa72e:
+  * Handle links on test_log on missing git repo extension
+  * test: Consider `Test.pm` fully covered
+  * test: Extend tests for showing dependency graph
+  * fix: Merge parallel clusters correctly for displaying dependency tree
+
+Changes in os-autoinst:
+
+Thu Feb 05 15:25:28 UTC 2026 - okurz@suse.com
+- Update to version 5.1770127521.c249fe9:
+  * refactor: Distinguish tests by the script path in `loadtest`
+  * refactor: Simplify approach for avoiding redefine warnings
+  * test: Allow running tests with `Test::Warnings&lt;0.033`
+  * test: Format test of `loadtestdir` in a more compact way
+  * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite
+  * feat: Allow enabling strict/warnings/signatures globally
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+</patchinfo>
--- a/patchinfo.20260209123942988001.93181000773252/_patchinfo
+++ b/patchinfo.20260209123942988001.93181000773252/_patchinfo
@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-116">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for doomsday</summary>
-  <description>This update for doomsday fixes the following issues:
-
-Introduce doomsday.
-</description>
-  <package>doomsday</package>
-</patchinfo>
--- a/patchinfo.20260209155200377268.93181000773252/_patchinfo
+++ b/patchinfo.20260209155200377268.93181000773252/_patchinfo
@@ -1,14 +0,0 @@
-<patchinfo incident="packagehub-114">
-  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
-  <packager>favogt</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for messagelib</summary>
-  <description>This update for messagelib fixes the following issues:
-
-Changes in messagelib:
-
- Fix links sometimes not opening (boo#1257869, kde#493325):
-</description>
-  <package>messagelib</package>
-</patchinfo>
--- a/patchinfo.20260211133956922544.255638743075857/_patchinfo
+++ b/patchinfo.20260211133956922544.255638743075857/_patchinfo
@@ -1,11 +0,0 @@
-<patchinfo>
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for OpenSMTPD</summary>
-  <description>This update for OpenSMTPD fixes the following issues:
-
-Introduce OpenSMTPD.
-</description>
-  <package>OpenSMTPD</package>
-</patchinfo>
--- a/2
+++ b/2