Add librepods

PR: products/PackageHub!380

.gitmodules

@@ -8866,6 +8866,10 @@
 	path = libreoffice-voikko
 	url = ../../pool/libreoffice-voikko
 	branch = leap-16.0
+[submodule "librepods"]
+	path = librepods
+	url = ../../pool/librepods
+	branch = leap-16.0
 [submodule "librepository"]
 	path = librepository
 	url = ../../pool/librepository
@@ -14706,6 +14710,10 @@
 	path = phoronix-test-suite
 	url = ../../pool/phoronix-test-suite
 	branch = leap-16.0
+[submodule "php-APCu"]
+	path = php-APCu
+	url = ../../pool/php-APCu
+	branch = leap-16.0
 [submodule "php-pear-Auth_SASL"]
 	path = php-pear-Auth_SASL
 	url = ../../pool/php-pear-Auth_SASL

0Backports/Backports.productcompose

@@ -140,6 +140,7 @@ packagesets:
   - geoipupdate-legacy
   - geolite2legacy
   - gio-branding-upstream
+  - glibc-livepatches
   - grpc-source
   - kernel-azure-livepatch-devel
   - kernel-default-livepatch-devel
@@ -151,6 +152,10 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_6-rt
   - kernel-livepatch-6_12_0-160000_7-default
   - kernel-livepatch-6_12_0-160000_7-rt
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_8-rt
+  - kernel-livepatch-6_12_0-160000_9-default
+  - kernel-livepatch-6_12_0-160000_9-rt
   - kernel-rt-livepatch
   - kernel-rt-livepatch-devel
   - krb5-mini
@@ -205,6 +210,7 @@ packagesets:
   - ocfs2-kmp-default
   - ocfs2-kmp-rt
   - openssl_tpm2
+  - openssl-3-livepatches
   - pam-extra-32bit
   - patterns-base-kernel_livepatching
   - patterns-base-transactional_base
@@ -226,6 +232,7 @@ packagesets:
   - patterns-base-update_test
   - plymouth-branding-upstream
   - postgresql17-devel-mini
+  - postgresql18-devel-mini
   - protobuf21-source
   - reproducible-faketools
   - reproducible-faketools-ant
@@ -5516,6 +5523,17 @@ packagesets:
   - postgresql17-pltcl
   - postgresql17-server
   - postgresql17-server-devel
+  - postgresql18
+  - postgresql18-contrib
+  - postgresql18-devel
+  - postgresql18-docs
+  - postgresql18-pgaudit
+  - postgresql18-pgvector
+  - postgresql18-plperl
+  - postgresql18-plpython
+  - postgresql18-pltcl
+  - postgresql18-server
+  - postgresql18-server-devel
   - powerman
   - powerman-devel
   - powertop

patchinfo.20260128144052763814.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-101">
+  <issue tracker="bnc" id="1257404">VUL-0: CVE-2026-1504: chromium: Inappropriate implementation in Background Fetch API (update to 144.0.7559.109)</issue>
+  <issue tracker="cve" id="2026-1504">VUL-0: CVE-2026-1504: chromium: Inappropriate implementation in Background Fetch API (update to 144.0.7559.109)</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+- Chromium 144.0.7559.109 (boo#1257404)
+  * CVE-2026-1504: Inappropriate implementation in Background Fetch API
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260128203742611950.93181000773252/_patchinfo

@@ -0,0 +1,82 @@
+<patchinfo incident="packagehub-104">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1769550212.662a4f95:
+  * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL
+  * refactor(investigation): Rename gitrepodir function
+  * Restart: handle subclassed AMQP plugin
+  * Revert "Update CircleCI image to Leap 16.0"
+  * fix: Fix invalid HTML in test creation form
+  * feat: Make test creation discoverable to all users
+  * refactor: Simplify/extend flash message templates
+  * feat: Avoid confusing/wrong "Administrator level required" error
+  * Update CircleCI image to Leap 16.0
+  * feat: Support `async=1` flag via `openqa-cli schedule --monitor`
+  * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b
+  * test: Fix failing style checks due to test file with invalid YAML
+  * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH
+  * fix: Fix error handling when redirecting to Git platform
+  * test: Distinguish different cases for showing settings files
+  * test: Cover case of invalid scenario definitions when creating test
+  * test: Consider `Step.pm` fully covered
+  * test: Cover case of showing unsupported results
+  * fix: Improve condition for checking valid step result
+  * test: Cover case of showing candidate needle with no tags
+  * refactor: Simplify `calc_matches`
+  * refactor: Write uncoverable error handler in one line
+  * refactor: Simplify `_new_screenshot`
+  * refactor: Rewrite code for screenshot name in a more compact way
+  * test: Cover options to take images/areas from existing needles
+  * Use body parameters in POST request
+  * feat: Add symlink for aeon in openqa-bootstrap script
+  * chore(deps): bump lodash from 4.17.21 to 4.17.23
+  * test: Add test for displaying audio results
+  * test: Cover remaining lines of `File.pm`
+  * feat: Improve log message about invalid config in df-based cleanup
+  * feat: Add dry run to df-based cleanup of job results
+  * Fix grammatic mistakes on the snapshots documentation
+  * Describe how snapshots work internally
+  * doc: Improve wording in documentation about space-aware cleanup
+  * doc: Clarify settings for space-aware cleanup
+  * doc: Use "file system" consistently in comments in config files
+  * doc: Wrap comments in `openqa.ini` at 80 characters
+  * doc: Use "file system" consistently in users documentation
+  * doc: Mention also `…_cleanup_max_free_percentage`
+  * doc: Move documentation about space-aware cleanup into its own section
+  * doc: Use "filesystem" instead of "partition" in config comments
+  * fix: Account deletion of screenshots of archived jobs correctly
+  * doc: Mention variables for df-based job result cleanup
+  * feat: Consider archive as well in df-based cleanup of job results
+
+Changes in os-autoinst:
+
+- Update to version 5.1769602729.9728790:
+  * fix: Improve wrong comment about enablement of modern Perl features
+  * Replace remaining functions with subroutine signatures in 18-qemu.t
+  * Fix snapshot overlay mechanism to avoid duplication
+  * fix(dist): provide proper copyright headers in all spec-files
+  * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content
+  * Remove deprecated BIOS and UEFI_PFLASH variables
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1769550212.662a4f950:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>

patchinfo.20260129102824525983.93181000773252/_patchinfo

@@ -1,4 +1,4 @@
-<patchinfo>
+<patchinfo incident="packagehub-100">
   <packager>tinita</packager>
   <rating>moderate</rating>
   <category>recommended</category>
@@ -404,4 +404,4 @@ Changes in perl-Perl-Tidy:
         Version 20240511 will work on older perl versions.
 </description>
   <package>perl-Perl-Tidy</package>
-</patchinfo>
+</patchinfo>

patchinfo.20260131182243156313.93181000773252/_patchinfo

@@ -0,0 +1,109 @@
+<patchinfo incident="packagehub-103">
+  <packager>shundhammer</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for myrlyn</summary>
+  <description>This update for myrlyn fixes the following issues:
+
+Changes in myrlyn:
+
+- Update to version 1.0.0:
+  * Version bump to 1.0.0
+  * Document zypp history filters
+  * Wider columns in zypp history
+  * zypp history filters are working
+  * New classes for zypp history filters
+  * Use [OK] as the default dialog button
+  * Suppress Qt bullshit messages that keep flooding the log
+  * Add zypp history filter dialog
+  * Add infrastructure for zypp history filters
+  * Extend zypp history browser time line to today if the last activity date was just 10 or less days ago
+  * Zypp history error handling
+  * Fix (+/-) count conditions
+  * Show (+/-) count in zypp history only for nontrivial transactions
+  * Reasonable column widths in zypp history browser
+  * Initial selection in zypp history browser
+  * Added new zypp history browser to features in README.md
+  * Show (+/-) count for commands in zypp history
+  * Show --zypp-history in usage message as normal, not debugging option
+  * Use standard columns in zypp history only for packages and patches
+  * Fixed column spanning for parent items
+  * Working zypp history browser navigation
+  * Populated history events tree
+  * First populated timeline (navigation) tree for the zypp history
+  * First rough parsing tests ok
+  * Add Ctrl+Shift+H shortcut to show zypp history
+  * First new (still empty) ZyppHistoryBrowser, drop old YQPkgHistoryDialog
+  * Code reorg + consistency
+  * Handle incomplete zypp history files
+  * New designer form for the zypp history browser
+  * More zypp history test data
+  * Add zypp history test data
+  * Factor out ZyppHistoryEvents
+  * Use a namespace for better organization
+  * Lots of boring zypp history parser code
+  * Parse zypp history command events
+  * Filling ZyppHistoryParser with life
+  * Filling ZyppHistoryParser with life
+  * New class ZyppHistoryParser
+  * New class ZyppHistory
+  * Handle command line options with additional argument
+  * Make sure at least one "search in" check box is checked when searching
+  * Support searching in RPM recommends, too
+  * Added tooltip for auto search default mode button
+  * Right-align auto search default mode button
+  * Enable switching the default auto search mode between "Starts With" and "Contains"
+  * New icons
+  * Allow no parent
+  * Unneeded includes
+  * Fixed script she-bang
+  * Class rename MyrlynTranslator -&gt; Translator
+  * Generalize MyrlynTranslator
+  * Re-imported latest QDirStat logger
+  * Show special resolver modes (up/dup) in status line
+  * Silenced left-over debug output
+  * Support using ~/.config/openSUSE/myrlyn-sudo.conf
+  * Fixed typo in .desktop file
+  * Added Video LAN community repo (also serves libdvdcss)
+  * Log the Qt environment
+  * More HiDPI hints in .desktop files
+  * Ensure the popup is centered
+  * Commented out unavailable/redundant community repos on 16.x
+  * No progress bar during post-transaction scripts
+  * Actually use myrlyn-run0 in myrlyn-run0.desktop
+  * Added systemd run0 support (#122 by @zeusgoose)
+  * Updated docs: Stability and maturity
+  * Added myrlyn-stable for Leap 15.6 from OBS home:shundhammer to downloads
+
+- Update to version 0.9.9:
+  * Version bump to 0.9.9
+  * Default to not using RPM groups on openSUSE / SLE distros
+  * Added the freshly published community repos for Leap 16.0 / SLES-16.0
+  * Hint about HiDPI scaling in .desktop files
+  * Keep QT_SCALE_FACTOR in myrlyn-sudo environment
+  * Don't show service filter view by default
+
+- Update to version 0.9.8:
+  * Version bump to 0.9.8
+  * Don't write a default for useRpmGroups for now (Closes #112)
+  * Make the default for "useRpmGroups" compile-time configurable
+  * Make "useRpmGroups" configurable in config file
+  * Use textdomain "rpm-groups" for RPM groups
+  * Removed redundant initial selection
+  * Class rename for consistency
+  * Lazy RPM tree init for startup performance
+  * Filter correcty for empty RPM groups
+  * Removed ancient fallback RPM groups
+  * Consistent terminology
+  * Open only the first two levels of the RPM groups tree
+  * Suppress Qt logging spam
+  * First hacky version of RPM groups (#112)
+  * Translate RPM groups and suppress 'Unspecified'
+  * Show RPM group in technical details view (#112)
+  * Use non-breaking hyphen in read‑only
+  * Don't consider ignored missing RPM signature as failed task (Closes #110)
+  * GitHub config
+  * Added Leap 16.x community repos
+</description>
+  <package>myrlyn</package>
+</patchinfo>

patchinfo.20260131183259168456.93181000773252/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-102">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for php-APCu</summary>
+  <description>This update for php-APCu fixes the following issues:
+
+Introduce php-APCu.
+</description>
+  <package>php-APCu</package>
+  <package>php-APCu:php7</package>
+  <package>php-APCu:php8</package>
+</patchinfo>

patchinfo.20260202141654318677.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-105">
+  <issue tracker="cve" id="2025-68670">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <issue tracker="bnc" id="1257362">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <packager>xiaoguang_wang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for xrdp</summary>
+  <description>This update for xrdp fixes the following issues:
+
+Changes in xrdp:
+
+- CVE-2025-68670: Fixed a potential overflow (bsc#1257362).
+</description>
+  <package>xrdp</package>
+</patchinfo>

patchinfo.20260204122956065362.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo>
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for librepods</summary>
+  <description>This update for librepods fixes the following issues:
+
+Introduce librepods.
+</description>
+  <package>librepods</package>
+</patchinfo>