Add motif

PR: products/PackageHub!425

.gitmodules

@@ -3070,6 +3070,10 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
+[submodule "doomsday"]
+	path = doomsday
+	url = ../../pool/doomsday
+	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7174,6 +7178,10 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
+[submodule "gnucobol"]
+	path = gnucobol
+	url = ../../pool/gnucobol
+	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
@@ -10594,6 +10602,10 @@
 	path = most
 	url = ../../pool/most
 	branch = leap-16.0
+[submodule "motif"]
+	path = motif
+	url = ../../pool/motif
+	branch = leap-16.0
 [submodule "motion"]
 	path = motion
 	url = ../../pool/motion
@@ -12966,6 +12978,10 @@
 	path = perl-Data-Visitor
 	url = ../../pool/perl-Data-Visitor
 	branch = leap-16.0
+[submodule "perl-Date-Manip"]
+	path = perl-Date-Manip
+	url = ../../pool/perl-Date-Manip
+	branch = leap-16.0
 [submodule "perl-DateTime-Calendar-Mayan"]
 	path = perl-DateTime-Calendar-Mayan
 	url = ../../pool/perl-DateTime-Calendar-Mayan
@@ -13750,6 +13766,10 @@
 	path = perl-Mojolicious-Plugin-OAuth2
 	url = ../../pool/perl-Mojolicious-Plugin-OAuth2
 	branch = leap-16.0
+[submodule "perl-Mojolicious-Plugin-OpenAPI"]
+	path = perl-Mojolicious-Plugin-OpenAPI
+	url = ../../pool/perl-Mojolicious-Plugin-OpenAPI
+	branch = leap-16.0
 [submodule "perl-Mojolicious-Plugin-Webpack"]
 	path = perl-Mojolicious-Plugin-Webpack
 	url = ../../pool/perl-Mojolicious-Plugin-Webpack
@@ -14346,6 +14366,10 @@
 	path = perl-TAP-Formatter-GitHubActions
 	url = ../../pool/perl-TAP-Formatter-GitHubActions
 	branch = leap-16.0
+[submodule "perl-TAP-Harness-JUnit"]
+	path = perl-TAP-Harness-JUnit
+	url = ../../pool/perl-TAP-Harness-JUnit
+	branch = leap-16.0
 [submodule "perl-Task-Weaken"]
 	path = perl-Task-Weaken
 	url = ../../pool/perl-Task-Weaken
@@ -14706,6 +14730,10 @@
 	path = phoronix-test-suite
 	url = ../../pool/phoronix-test-suite
 	branch = leap-16.0
+[submodule "php-APCu"]
+	path = php-APCu
+	url = ../../pool/php-APCu
+	branch = leap-16.0
 [submodule "php-pear-Auth_SASL"]
 	path = php-pear-Auth_SASL
 	url = ../../pool/php-pear-Auth_SASL

0Backports/Backports.productcompose

@@ -140,6 +140,7 @@ packagesets:
   - geoipupdate-legacy
   - geolite2legacy
   - gio-branding-upstream
+  - glibc-livepatches
   - grpc-source
   - kernel-azure-livepatch-devel
   - kernel-default-livepatch-devel
@@ -151,6 +152,10 @@ packagesets:
   - kernel-livepatch-6_12_0-160000_6-rt
   - kernel-livepatch-6_12_0-160000_7-default
   - kernel-livepatch-6_12_0-160000_7-rt
+  - kernel-livepatch-6_12_0-160000_8-default
+  - kernel-livepatch-6_12_0-160000_8-rt
+  - kernel-livepatch-6_12_0-160000_9-default
+  - kernel-livepatch-6_12_0-160000_9-rt
   - kernel-rt-livepatch
   - kernel-rt-livepatch-devel
   - krb5-mini
@@ -205,6 +210,7 @@ packagesets:
   - ocfs2-kmp-default
   - ocfs2-kmp-rt
   - openssl_tpm2
+  - openssl-3-livepatches
   - pam-extra-32bit
   - patterns-base-kernel_livepatching
   - patterns-base-transactional_base
@@ -226,6 +232,7 @@ packagesets:
   - patterns-base-update_test
   - plymouth-branding-upstream
   - postgresql17-devel-mini
+  - postgresql18-devel-mini
   - protobuf21-source
   - reproducible-faketools
   - reproducible-faketools-ant
@@ -5516,6 +5523,17 @@ packagesets:
   - postgresql17-pltcl
   - postgresql17-server
   - postgresql17-server-devel
+  - postgresql18
+  - postgresql18-contrib
+  - postgresql18-devel
+  - postgresql18-docs
+  - postgresql18-pgaudit
+  - postgresql18-pgvector
+  - postgresql18-plperl
+  - postgresql18-plpython
+  - postgresql18-pltcl
+  - postgresql18-server
+  - postgresql18-server-devel
   - powerman
   - powerman-devel
   - powertop

patchinfo.20260127094025704164.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-108">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Date-Manip</summary>
+  <description>This update for perl-Date-Manip fixes the following issues:
+
+Introduce perl-Date-Manip.
+</description>
+  <package>perl-Date-Manip</package>
+</patchinfo>

patchinfo.20260128085041420529.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-107">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-TAP-Harness-JUnit</summary>
+  <description>This update for perl-TAP-Harness-JUnit fixes the following issues:
+
+Introduce perl-TAP-Harness-JUnit.
+</description>
+  <package>perl-TAP-Harness-JUnit</package>
+</patchinfo>

patchinfo.20260128144052763814.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-101">
+  <issue tracker="bnc" id="1257404">VUL-0: CVE-2026-1504: chromium: Inappropriate implementation in Background Fetch API (update to 144.0.7559.109)</issue>
+  <issue tracker="cve" id="2026-1504">VUL-0: CVE-2026-1504: chromium: Inappropriate implementation in Background Fetch API (update to 144.0.7559.109)</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+- Chromium 144.0.7559.109 (boo#1257404)
+  * CVE-2026-1504: Inappropriate implementation in Background Fetch API
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260128203742611950.93181000773252/_patchinfo

@@ -0,0 +1,82 @@
+<patchinfo incident="packagehub-104">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst, openQA-devel-container</summary>
+  <description>This update for openQA, os-autoinst, openQA-devel-container fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1769550212.662a4f95:
+  * refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL
+  * refactor(investigation): Rename gitrepodir function
+  * Restart: handle subclassed AMQP plugin
+  * Revert "Update CircleCI image to Leap 16.0"
+  * fix: Fix invalid HTML in test creation form
+  * feat: Make test creation discoverable to all users
+  * refactor: Simplify/extend flash message templates
+  * feat: Avoid confusing/wrong "Administrator level required" error
+  * Update CircleCI image to Leap 16.0
+  * feat: Support `async=1` flag via `openqa-cli schedule --monitor`
+  * fix: Avoid serializing `null` click point after e19aee4 and da7cce6b
+  * test: Fix failing style checks due to test file with invalid YAML
+  * test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH
+  * fix: Fix error handling when redirecting to Git platform
+  * test: Distinguish different cases for showing settings files
+  * test: Cover case of invalid scenario definitions when creating test
+  * test: Consider `Step.pm` fully covered
+  * test: Cover case of showing unsupported results
+  * fix: Improve condition for checking valid step result
+  * test: Cover case of showing candidate needle with no tags
+  * refactor: Simplify `calc_matches`
+  * refactor: Write uncoverable error handler in one line
+  * refactor: Simplify `_new_screenshot`
+  * refactor: Rewrite code for screenshot name in a more compact way
+  * test: Cover options to take images/areas from existing needles
+  * Use body parameters in POST request
+  * feat: Add symlink for aeon in openqa-bootstrap script
+  * chore(deps): bump lodash from 4.17.21 to 4.17.23
+  * test: Add test for displaying audio results
+  * test: Cover remaining lines of `File.pm`
+  * feat: Improve log message about invalid config in df-based cleanup
+  * feat: Add dry run to df-based cleanup of job results
+  * Fix grammatic mistakes on the snapshots documentation
+  * Describe how snapshots work internally
+  * doc: Improve wording in documentation about space-aware cleanup
+  * doc: Clarify settings for space-aware cleanup
+  * doc: Use "file system" consistently in comments in config files
+  * doc: Wrap comments in `openqa.ini` at 80 characters
+  * doc: Use "file system" consistently in users documentation
+  * doc: Mention also `…_cleanup_max_free_percentage`
+  * doc: Move documentation about space-aware cleanup into its own section
+  * doc: Use "filesystem" instead of "partition" in config comments
+  * fix: Account deletion of screenshots of archived jobs correctly
+  * doc: Mention variables for df-based job result cleanup
+  * feat: Consider archive as well in df-based cleanup of job results
+
+Changes in os-autoinst:
+
+- Update to version 5.1769602729.9728790:
+  * fix: Improve wrong comment about enablement of modern Perl features
+  * Replace remaining functions with subroutine signatures in 18-qemu.t
+  * Fix snapshot overlay mechanism to avoid duplication
+  * fix(dist): provide proper copyright headers in all spec-files
+  * fix(dist): try to fix os-autoinst-obs-auto-submit reverting content
+  * Remove deprecated BIOS and UEFI_PFLASH variables
+
+Changes in openQA-devel-container:
+
+- Update to version 5.1769550212.662a4f950:
+  * Update to latest openQA version
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst</package>
+  <package>os-autoinst:os-autoinst-test</package>
+  <package>os-autoinst:os-autoinst-devel-test</package>
+  <package>os-autoinst:os-autoinst-openvswitch-test</package>
+  <package>openQA-devel-container</package>
+</patchinfo>

patchinfo.20260131182243156313.93181000773252/_patchinfo

@@ -0,0 +1,109 @@
+<patchinfo incident="packagehub-103">
+  <packager>shundhammer</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for myrlyn</summary>
+  <description>This update for myrlyn fixes the following issues:
+
+Changes in myrlyn:
+
+- Update to version 1.0.0:
+  * Version bump to 1.0.0
+  * Document zypp history filters
+  * Wider columns in zypp history
+  * zypp history filters are working
+  * New classes for zypp history filters
+  * Use [OK] as the default dialog button
+  * Suppress Qt bullshit messages that keep flooding the log
+  * Add zypp history filter dialog
+  * Add infrastructure for zypp history filters
+  * Extend zypp history browser time line to today if the last activity date was just 10 or less days ago
+  * Zypp history error handling
+  * Fix (+/-) count conditions
+  * Show (+/-) count in zypp history only for nontrivial transactions
+  * Reasonable column widths in zypp history browser
+  * Initial selection in zypp history browser
+  * Added new zypp history browser to features in README.md
+  * Show (+/-) count for commands in zypp history
+  * Show --zypp-history in usage message as normal, not debugging option
+  * Use standard columns in zypp history only for packages and patches
+  * Fixed column spanning for parent items
+  * Working zypp history browser navigation
+  * Populated history events tree
+  * First populated timeline (navigation) tree for the zypp history
+  * First rough parsing tests ok
+  * Add Ctrl+Shift+H shortcut to show zypp history
+  * First new (still empty) ZyppHistoryBrowser, drop old YQPkgHistoryDialog
+  * Code reorg + consistency
+  * Handle incomplete zypp history files
+  * New designer form for the zypp history browser
+  * More zypp history test data
+  * Add zypp history test data
+  * Factor out ZyppHistoryEvents
+  * Use a namespace for better organization
+  * Lots of boring zypp history parser code
+  * Parse zypp history command events
+  * Filling ZyppHistoryParser with life
+  * Filling ZyppHistoryParser with life
+  * New class ZyppHistoryParser
+  * New class ZyppHistory
+  * Handle command line options with additional argument
+  * Make sure at least one "search in" check box is checked when searching
+  * Support searching in RPM recommends, too
+  * Added tooltip for auto search default mode button
+  * Right-align auto search default mode button
+  * Enable switching the default auto search mode between "Starts With" and "Contains"
+  * New icons
+  * Allow no parent
+  * Unneeded includes
+  * Fixed script she-bang
+  * Class rename MyrlynTranslator -&gt; Translator
+  * Generalize MyrlynTranslator
+  * Re-imported latest QDirStat logger
+  * Show special resolver modes (up/dup) in status line
+  * Silenced left-over debug output
+  * Support using ~/.config/openSUSE/myrlyn-sudo.conf
+  * Fixed typo in .desktop file
+  * Added Video LAN community repo (also serves libdvdcss)
+  * Log the Qt environment
+  * More HiDPI hints in .desktop files
+  * Ensure the popup is centered
+  * Commented out unavailable/redundant community repos on 16.x
+  * No progress bar during post-transaction scripts
+  * Actually use myrlyn-run0 in myrlyn-run0.desktop
+  * Added systemd run0 support (#122 by @zeusgoose)
+  * Updated docs: Stability and maturity
+  * Added myrlyn-stable for Leap 15.6 from OBS home:shundhammer to downloads
+
+- Update to version 0.9.9:
+  * Version bump to 0.9.9
+  * Default to not using RPM groups on openSUSE / SLE distros
+  * Added the freshly published community repos for Leap 16.0 / SLES-16.0
+  * Hint about HiDPI scaling in .desktop files
+  * Keep QT_SCALE_FACTOR in myrlyn-sudo environment
+  * Don't show service filter view by default
+
+- Update to version 0.9.8:
+  * Version bump to 0.9.8
+  * Don't write a default for useRpmGroups for now (Closes #112)
+  * Make the default for "useRpmGroups" compile-time configurable
+  * Make "useRpmGroups" configurable in config file
+  * Use textdomain "rpm-groups" for RPM groups
+  * Removed redundant initial selection
+  * Class rename for consistency
+  * Lazy RPM tree init for startup performance
+  * Filter correcty for empty RPM groups
+  * Removed ancient fallback RPM groups
+  * Consistent terminology
+  * Open only the first two levels of the RPM groups tree
+  * Suppress Qt logging spam
+  * First hacky version of RPM groups (#112)
+  * Translate RPM groups and suppress 'Unspecified'
+  * Show RPM group in technical details view (#112)
+  * Use non-breaking hyphen in read‑only
+  * Don't consider ignored missing RPM signature as failed task (Closes #110)
+  * GitHub config
+  * Added Leap 16.x community repos
+</description>
+  <package>myrlyn</package>
+</patchinfo>

patchinfo.20260131183259168456.93181000773252/_patchinfo

@@ -0,0 +1,13 @@
+<patchinfo incident="packagehub-102">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for php-APCu</summary>
+  <description>This update for php-APCu fixes the following issues:
+
+Introduce php-APCu.
+</description>
+  <package>php-APCu</package>
+  <package>php-APCu:php7</package>
+  <package>php-APCu:php8</package>
+</patchinfo>

patchinfo.20260202141654318677.93181000773252/_patchinfo

@@ -0,0 +1,15 @@
+<patchinfo incident="packagehub-105">
+  <issue tracker="cve" id="2025-68670">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <issue tracker="bnc" id="1257362">VUL-0: CVE-2025-68670: xrdp:  improper bounds check when processing user domain information during the connection sequence can lead to a stack buffer overflow</issue>
+  <packager>xiaoguang_wang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for xrdp</summary>
+  <description>This update for xrdp fixes the following issues:
+
+Changes in xrdp:
+
+- CVE-2025-68670: Fixed a potential overflow (bsc#1257362).
+</description>
+  <package>xrdp</package>
+</patchinfo>

patchinfo.20260203102131310899.93181000773252/_patchinfo

@@ -0,0 +1,117 @@
+<patchinfo incident="packagehub-106">
+  <issue tracker="cve" id="2025-15059"/>
+  <issue tracker="cve" id="2025-14422"/>
+  <issue tracker="cve" id="2025-14424"/>
+  <issue tracker="bnc" id="1255766">VUL-0: CVE-2025-15059: gimp: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255294">VUL-0: CVE-2025-14423: gimp: LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-14425"/>
+  <issue tracker="cve" id="2025-14423"/>
+  <issue tracker="bnc" id="1255293">VUL-0: CVE-2025-14422: gimp: PNM File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255295">VUL-0: CVE-2025-14424: gimp: XCF File Parsing Use-After-Free Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255296">VUL-0: CVE-2025-14425: gimp: JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+- Update to 3.0.8
+  - Font Loading Performance
+    - Improvements in start-up time for users with a large number
+      of fonts was backported from our 3.2 RC2 release. As a
+      result, we now wait to load images until fonts are
+      initialized - this prevents some occasional odd displays and
+      other issues when an XCF file tried to access a partially
+      loaded font.
+  - Assorted updates and fixes
+    - Daniel Plakhotich helped us identify an issue when exporting
+      a lossless WEBP image could be affected by lossy settings
+      (such as Quality being less than 100%). We’ve updated our
+      WEBP plug-in to prevent this from happening.
+    - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable
+      can now be run with a --no-interface flag instead of
+      requiring users to call gimp-console-3.0 even on devices with
+      no display. The --show-debug-menu flag is now visible as
+      well.
+    - programmer_ceds improved our flatpak by adding safe guards to
+      show the correct configuration directory regardless of
+      whether XDG_CONFIG_HOME is defined on the user’s system. This
+      should make it much easier for flatpak users to install and
+      use third party plug-ins.
+    - We fixed a rare but possible crash when using the Equalize
+      filter on images with NaN values. Images that contain these
+      are usually created from scientific or mapping data, so
+      you’re unlikely to come across them in standard editing.
+    - Jeremy Bicha fixed an internal issue where the wrong version
+      number could be used when installing minor releases (such as
+      the 3.2 release candidates and upcoming 3.2 stable release).
+    - As noted in our 3.2RC2 news post, we have updated our SVG
+      import code to improve the rendered path.
+    - Further improvements have been made to our non-destructive
+      filter code to improve stability, especially when copying and
+      pasting layers and images with filters attached to them. Some
+      issues related to applying NDE filters on Quick Masks have
+      also been corrected.
+    - An unintended Search pop-up that appeared when typing while
+      the Channels dockable was selected has been turned off.
+    - When saving XCFs for GIMP 2.10 compatibility, we
+      unintentionally saved Grid color using the new color format.
+      This caused errors when reopening the XCF in 2.10. This
+      problem has now been fixed! If you encounter any other XCF
+      incompatibility, please let us know.
+  - Themes and UX
+    - The Navigation and Selection Editor dockables no longer show
+      a large bright texture when no image is actively selected.
+      This was especially noticeable on dark themes.
+    - When a layer has no active filters, the Fx column had the
+      same “checkbox” outline when hovered over as the lock column.
+      This led to confusion about clicking it to add filters. We
+      have removed the outline on hover as a small step to help
+      address this.
+    - Ondřej Míchal fixed alignment and cut-off issues with the
+      buttons on our Transform tool overlays. All buttons should
+      now be properly centered and visible.
+    - The options for filling layers with colors when resizing the
+      canvas will be turned off when not relevant (such as when you
+      set layers to not be resized).
+    - More GUI elements such as dialog header icons will now
+      respond to your icon size preferences.
+    - Ondřej Míchal has continued his work to update our UI with
+      the more usable Spin Scale widget. He has also updated the
+      widget itself to improve how it works for users and
+      developers alike.
+  - Security fixes
+    - Jacob Boerema and Gabriele Barbero continued to patch
+      potential security issues related to some of our file format
+      plug-ins. In addition to existing fixes mentioned in the
+      release candidate news posts, the following exploits are now
+      prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530
+      ZDI-CAN-28591 ZDI-CAN-28599
+    - Another potential issue related to ICO files with incorrect
+      metadata was reported by Dhiraj. It does not have a CVE
+      number yet, but it has been fixed for GIMP 3.0.8. Jacob
+      Boerema also fixed a potential issue with loading Creator
+      blocks in Paintshop Pro PSP images.
+  - API
+    - For plug-in and script developers, a few new public APIs were
+      backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer ()
+      allows you to retrieve a GEGL buffer from a Cairo surface
+      (such as a text layer). Note that this deprecates
+      gimp_cairo_surface_create_buffer ().
+    - gimp_config_set_xcf_version () and
+      gimp_config_get_xcf_version () can be used to specify a
+      particular XCF version for a configuration. This will allow
+      you to have that data serialized/deserialized for certain
+      versions of GIMP if there were differences (such as the Grid
+      colors mentioned above).
+    - Fixes were made for retrieving image metadata via scripting.
+      GimpMetadata is now a visible child of GExiv2Metadata, so you
+      can use standard gexiv2 functions to retrieve information
+      from it.
+    - Original thumbnail metadata is also now removed on export to
+      prevent potential issues when exporting into a new format.
+</description>
+  <package>gimp</package>
+</patchinfo>

patchinfo.20260204115012215375.93181000773252/_patchinfo

@@ -0,0 +1,30 @@
+<patchinfo incident="packagehub-113">
+  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
+  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
+  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
+  <issue tracker="cve" id="2026-1207"/>
+  <issue tracker="cve" id="2026-1312"/>
+  <issue tracker="cve" id="2026-1287"/>
+  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
+  <issue tracker="cve" id="2025-13473"/>
+  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
+  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
+  <issue tracker="cve" id="2025-14550"/>
+  <issue tracker="cve" id="2026-1285"/>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+Changes in python-Django:
+
+- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
+- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
+- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
+- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
+- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
+- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
+</description>
+  <package>python-Django</package>
+</patchinfo>

patchinfo.20260204115510991084.93181000773252/_patchinfo

@@ -0,0 +1,22 @@
+<patchinfo incident="packagehub-112">
+  <issue tracker="cve" id="2026-1862"/>
+  <issue tracker="cve" id="2026-1861"/>
+  <issue tracker="bnc" id="1257650">VUL-0: chromium: release 144.0.7559.132</issue>
+  <packager>oertel</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for chromium</summary>
+  <description>This update for chromium fixes the following issues:
+
+Changes in chromium:
+
+- Chromium 144.0.7559.132 (boo#1257650)
+  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
+    prior to 144.0.7559.132 allowed a remote attacker to potentially
+    exploit heap corruption via a crafted HTML page.
+  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
+    144.0.7559.132 allowed a remote attacker to potentially exploit
+    heap corruption via a crafted HTML page.
+</description>
+  <package>chromium</package>
+</patchinfo>

patchinfo.20260204115645891071.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-109">
+  <packager>letsfindaway</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for OpenBoard</summary>
+  <description>This update for OpenBoard fixes the following issues:
+
+Changes in OpenBoard:
+
+- add AppData in metainfo.xml
+- update to release version 1.7.5
+</description>
+  <package>OpenBoard</package>
+</patchinfo>

patchinfo.20260204120853139168.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-111">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Mojolicious-Plugin-OpenAPI</summary>
+  <description>This update for perl-Mojolicious-Plugin-OpenAPI fixes the following issues:
+
+Introduce perl-Mojolicious-Plugin-OpenAPI.
+</description>
+  <package>perl-Mojolicious-Plugin-OpenAPI</package>
+</patchinfo>

patchinfo.20260204160351183292.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-110">
+  <issue tracker="bnc" id="1256465">Week numbers are off by one in Evolution's calendar (Year view)</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for evolution</summary>
+  <description>This update for evolution fixes the following issues:
+
+Changes in evolution:
+
+- Fix incorrect week numbers in calendar year view (bsc#1256465).
+</description>
+  <package>evolution</package>
+</patchinfo>

patchinfo.20260206094000823685.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-115">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnucobol</summary>
+  <description>This update for gnucobol fixes the following issues:
+
+Introduce gnucobol.
+</description>
+  <package>gnucobol</package>
+</patchinfo>

patchinfo.20260209123942988001.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-116">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for doomsday</summary>
+  <description>This update for doomsday fixes the following issues:
+
+Introduce doomsday.
+</description>
+  <package>doomsday</package>
+</patchinfo>

patchinfo.20260209155200377268.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-114">
+  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
+  <packager>favogt</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for messagelib</summary>
+  <description>This update for messagelib fixes the following issues:
+
+Changes in messagelib:
+
+- Fix links sometimes not opening (boo#1257869, kde#493325):
+</description>
+  <package>messagelib</package>
+</patchinfo>

patchinfo.20260211132658114505.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo>
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for motif</summary>
+  <description>This update for motif fixes the following issues:
+
+Introduce motif.
+</description>
+  <package>motif</package>
+</patchinfo>