Add librepods

.gitmodules

@@ -8866,6 +8866,10 @@
 	path = libreoffice-voikko
 	url = ../../pool/libreoffice-voikko
 	branch = leap-16.0
+[submodule "librepods"]
+	path = librepods
+	url = ../../pool/librepods
+	branch = leap-16.0
 [submodule "librepository"]
 	path = librepository
 	url = ../../pool/librepository
@@ -12966,10 +12970,6 @@
 	path = perl-Data-Visitor
 	url = ../../pool/perl-Data-Visitor
 	branch = leap-16.0
-[submodule "perl-Date-Manip"]
-	path = perl-Date-Manip
-	url = ../../pool/perl-Date-Manip
-	branch = leap-16.0
 [submodule "perl-DateTime-Calendar-Mayan"]
 	path = perl-DateTime-Calendar-Mayan
 	url = ../../pool/perl-DateTime-Calendar-Mayan
@@ -14350,10 +14350,6 @@
 	path = perl-TAP-Formatter-GitHubActions
 	url = ../../pool/perl-TAP-Formatter-GitHubActions
 	branch = leap-16.0
-[submodule "perl-TAP-Harness-JUnit"]
-	path = perl-TAP-Harness-JUnit
-	url = ../../pool/perl-TAP-Harness-JUnit
-	branch = leap-16.0
 [submodule "perl-Task-Weaken"]
 	path = perl-Task-Weaken
 	url = ../../pool/perl-Task-Weaken

patchinfo.20260127094025704164.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-108">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for perl-Date-Manip</summary>
-  <description>This update for perl-Date-Manip fixes the following issues:
-
-Introduce perl-Date-Manip.
-</description>
-  <package>perl-Date-Manip</package>
-</patchinfo>

patchinfo.20260128085041420529.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-107">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for perl-TAP-Harness-JUnit</summary>
-  <description>This update for perl-TAP-Harness-JUnit fixes the following issues:
-
-Introduce perl-TAP-Harness-JUnit.
-</description>
-  <package>perl-TAP-Harness-JUnit</package>
-</patchinfo>

patchinfo.20260203102131310899.93181000773252/_patchinfo

@@ -1,117 +0,0 @@
-<patchinfo incident="packagehub-106">
-  <issue tracker="cve" id="2025-15059"/>
-  <issue tracker="cve" id="2025-14422"/>
-  <issue tracker="cve" id="2025-14424"/>
-  <issue tracker="bnc" id="1255766">VUL-0: CVE-2025-15059: gimp: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
-  <issue tracker="bnc" id="1255294">VUL-0: CVE-2025-14423: gimp: LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
-  <issue tracker="cve" id="2025-14425"/>
-  <issue tracker="cve" id="2025-14423"/>
-  <issue tracker="bnc" id="1255293">VUL-0: CVE-2025-14422: gimp: PNM File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
-  <issue tracker="bnc" id="1255295">VUL-0: CVE-2025-14424: gimp: XCF File Parsing Use-After-Free Remote Code Execution Vulnerability</issue>
-  <issue tracker="bnc" id="1255296">VUL-0: CVE-2025-14425: gimp: JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
-  <packager>mgorse</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for gimp</summary>
-  <description>This update for gimp fixes the following issues:
-
-Changes in gimp:
-
-- Update to 3.0.8
-  - Font Loading Performance
-    - Improvements in start-up time for users with a large number
-      of fonts was backported from our 3.2 RC2 release. As a
-      result, we now wait to load images until fonts are
-      initialized - this prevents some occasional odd displays and
-      other issues when an XCF file tried to access a partially
-      loaded font.
-  - Assorted updates and fixes
-    - Daniel Plakhotich helped us identify an issue when exporting
-      a lossless WEBP image could be affected by lossy settings
-      (such as Quality being less than 100%). We’ve updated our
-      WEBP plug-in to prevent this from happening.
-    - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable
-      can now be run with a --no-interface flag instead of
-      requiring users to call gimp-console-3.0 even on devices with
-      no display. The --show-debug-menu flag is now visible as
-      well.
-    - programmer_ceds improved our flatpak by adding safe guards to
-      show the correct configuration directory regardless of
-      whether XDG_CONFIG_HOME is defined on the user’s system. This
-      should make it much easier for flatpak users to install and
-      use third party plug-ins.
-    - We fixed a rare but possible crash when using the Equalize
-      filter on images with NaN values. Images that contain these
-      are usually created from scientific or mapping data, so
-      you’re unlikely to come across them in standard editing.
-    - Jeremy Bicha fixed an internal issue where the wrong version
-      number could be used when installing minor releases (such as
-      the 3.2 release candidates and upcoming 3.2 stable release).
-    - As noted in our 3.2RC2 news post, we have updated our SVG
-      import code to improve the rendered path.
-    - Further improvements have been made to our non-destructive
-      filter code to improve stability, especially when copying and
-      pasting layers and images with filters attached to them. Some
-      issues related to applying NDE filters on Quick Masks have
-      also been corrected.
-    - An unintended Search pop-up that appeared when typing while
-      the Channels dockable was selected has been turned off.
-    - When saving XCFs for GIMP 2.10 compatibility, we
-      unintentionally saved Grid color using the new color format.
-      This caused errors when reopening the XCF in 2.10. This
-      problem has now been fixed! If you encounter any other XCF
-      incompatibility, please let us know.
-  - Themes and UX
-    - The Navigation and Selection Editor dockables no longer show
-      a large bright texture when no image is actively selected.
-      This was especially noticeable on dark themes.
-    - When a layer has no active filters, the Fx column had the
-      same “checkbox” outline when hovered over as the lock column.
-      This led to confusion about clicking it to add filters. We
-      have removed the outline on hover as a small step to help
-      address this.
-    - Ondřej Míchal fixed alignment and cut-off issues with the
-      buttons on our Transform tool overlays. All buttons should
-      now be properly centered and visible.
-    - The options for filling layers with colors when resizing the
-      canvas will be turned off when not relevant (such as when you
-      set layers to not be resized).
-    - More GUI elements such as dialog header icons will now
-      respond to your icon size preferences.
-    - Ondřej Míchal has continued his work to update our UI with
-      the more usable Spin Scale widget. He has also updated the
-      widget itself to improve how it works for users and
-      developers alike.
-  - Security fixes
-    - Jacob Boerema and Gabriele Barbero continued to patch
-      potential security issues related to some of our file format
-      plug-ins. In addition to existing fixes mentioned in the
-      release candidate news posts, the following exploits are now
-      prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530
-      ZDI-CAN-28591 ZDI-CAN-28599
-    - Another potential issue related to ICO files with incorrect
-      metadata was reported by Dhiraj. It does not have a CVE
-      number yet, but it has been fixed for GIMP 3.0.8. Jacob
-      Boerema also fixed a potential issue with loading Creator
-      blocks in Paintshop Pro PSP images.
-  - API
-    - For plug-in and script developers, a few new public APIs were
-      backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer ()
-      allows you to retrieve a GEGL buffer from a Cairo surface
-      (such as a text layer). Note that this deprecates
-      gimp_cairo_surface_create_buffer ().
-    - gimp_config_set_xcf_version () and
-      gimp_config_get_xcf_version () can be used to specify a
-      particular XCF version for a configuration. This will allow
-      you to have that data serialized/deserialized for certain
-      versions of GIMP if there were differences (such as the Grid
-      colors mentioned above).
-    - Fixes were made for retrieving image metadata via scripting.
-      GimpMetadata is now a visible child of GExiv2Metadata, so you
-      can use standard gexiv2 functions to retrieve information
-      from it.
-    - Original thumbnail metadata is also now removed on export to
-      prevent potential issues when exporting into a new format.
-</description>
-  <package>gimp</package>
-</patchinfo>

patchinfo.20260204122956065362.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo>
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for librepods</summary>
+  <description>This update for librepods fixes the following issues:
+
+Introduce librepods.
+</description>
+  <package>librepods</package>
+</patchinfo>

patchinfo.20260204155545137018.93181000773252/_patchinfo

@@ -1,195 +0,0 @@
-<patchinfo>
-  <issue tracker="cve" id="2025-22869"/>
-  <issue tracker="bnc" id="1248920">VUL-0: CVE-2025-58058: tailscale: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
-  <issue tracker="cve" id="2025-58058"/>
-  <packager>rrahl0</packager>
-  <rating>important</rating>
-  <category>security</category>
-  <summary>Security update for tailscale</summary>
-  <description>This update for tailscale fixes the following issues:
-
-Changes in tailscale:
-
-- Update to version 1.94.0:
-  * IS SET and NOT SET have been added as device posture operators
-  * India DERP Region City Name updated
-  * Custom DERP servers support GCP Certificate Manager
-  * Tailscale SSH authentication, when successful, results in LOGIN audit
-    messages being sent to the kernel audit subsystem
-  * Tailscale Peer Relay throughput is improved when the SO_REUSEPORT socket
-    option is supported on multi-core systems
-  * Tailscale Peer Relay server handshake transmission is guarded against
-    routing loops over Tailscale
-  * MagicDNS always resolves when using resolv.conf without a DNS manager
-  * tailscaled_peer_relay_forwarded_packets_total and
-    tailscaled_peer_relay_forwarded_bytes_total client metrics are available for
-    Tailscale Peer Relays
-  * Identity tokens are automatically generated for workload identities
-  * --audience flag added to tailscale up command to support auto generation of
-    ID tokens for workload identity
-  * tsnet nodes can host Tailscale Services
-  * The tailscale lock status -json command returns tailnet key authority (TKA)
-    data in a stable format
-  * Tailscale Peer Relays deliver improved throughput through monotonic time
-    comparison optimizations and reduced lock contention
-  * Tailscale Services virtual IPs are now automatically accepted by clients
-    across all platforms regardless of the status of the --accept-routes
-    feature
-
-- Update to version 1.94.0:
-  * derp/derpserver: add a unique sender cardinality estimate
-  * syncs: add means of declare locking assumptions for debug mode
-  * cmd/k8s-operator: add support for taiscale.com/http-redirect
-  * cmd/k8s-operator fix populateTLSSecret on tests
-  * feature/posture: log method and full URL for posture identity requests
-  * k8s-operator: Fix typos in egress-pod-readiness.go
-  * cmd/tailscale,ipn: add Unix socket support for serve
-  * client/systray: change systray to start after graphical.target
-  * cmd/k8s-operator: warn if users attempt to expose a headless Service
-  * cmd/tailscale/cli, util/qrcodes: format QR codes on Linux consoles
-  * tsnet: ensure funnel listener cleans up after itself when closed
-  * ipn/store/kubestore: don't load write replica certs in memory
-  * tsnet: allow for automatic ID token generation
-
-- Update to version 1.92.5:
-  * types/persist: omit Persist.AttestationKey based on IsZero
-  * disable hardware attestation for kubernetes
-  * allow opting out of ACME order replace extension
-- Update to version 1.92.4:
-  * nothing of importance
-
-- Update to version 1.92.3:
-  * WireGuard configuration that occurs automatically in the client, no longer
-    results in a panic
-
-- Update to version 1.92.2:
-  * cmd/derper: add GCP Certificate Manager support
-
-- Update to version 1.92.1:
-  * fix LocalBackend deadlock when packet arrives during profile switch
-  * wgengine: fix TSMP/ICMP callback leak
-- Update to version 1.92.0:
-  * no changelog provided
-- Update to version 1.90.9:
-  * tailscaled no longer deadlocks during event bursts
-  * The client no longer hangs after wake up
-
-- Update to version 1.90.8:
-  * tka: move RemoveAll() to CompactableChonk
-- Update to version 1.90.7:
-  * wgengine/magicsock: validate endpoint.derpAddr
-  * wgengine/magicsock: fix UDPRelayAllocReq/Resp deadlock
-  * net/udprelay: replace VNI pool with selection algorithm
-  * feature/relayserver,ipn/ipnlocal,net/udprelay: plumb DERPMap
-  * feature/relayserver: fix Shutdown() deadlock
-  * net/netmon: do not abandon a subscriber when exiting early
-  * tka: don't try to read AUMs which are partway through being written
-  * tka: rename a mutex to mu instead of single-letter l
-  * ipn/ipnlocal: use an in-memory TKA store if FS is unavailable
-
-- Update to version 1.90.6:
-  * Routes no longer stall and fail to apply when updated repeatedly in a short
-    period of time
-  * Tailscale SSH no longer hangs for 10s when connecting to tsrecorder. This
-    affected tailnets that use Tailscale SSH recording
-
-- Update to version 1.90.4:
-  * deadlock issue no longer occurs in the client when checking
-    for the network to be available
-  * tailscaled no longer sporadically panics when a
-    Trusted Platform Module (TPM) device is present
-
-- Update to version 1.90.3:
-  * tailscaled shuts down as expected and without panic
-  * tailscaled starts up as expected in a no router configuration environment
-
-- Update to version 1.90.2:
-  * util/linuxfw: fix 32-bit arm regression with iptables
-  * health: compare warnable codes to avoid errors on release branch
-  * feature/tpm: check TPM family data for compatibility
-
-- Upate to version 1.90.1:
-  * Clients can use configured DNS resolvers for all domains
-  * Node keys will be renewed seamlessly
-  * Unnecessary path discovery packets over DERP servers are suppressed
-  * Node key sealing is GA (generally available) and enabled by default
-
-- update to version 1.88.3:
-  * cmd/tailscale/cli: add ts2021 debug flag to set a dial plan
-  * control/controlhttp: simplify, fix race dialing, remove priority concept
-- update to version 1.88.2:
-  * k8s-operator: reset service status before append
-- require the minimum go version directly, in comparison to using the golang(API)
-  symbol
-
-- update to version 1.88.1:
-  * Tailscale CLI prompts users to confirm impactful actions
-  * Tailscale SSH works as expected when using an IP address instead of a
-    hostname and MagicDNS is disabled
-  * fixed: Taildrive sharing when su not present
-  * Taildrive files remain consistently accessible
-  * new: Tailscale tray GUI
-  * DERP IPs changed for Singapore and Tokyo
-- Fixing CVE-2025-58058, bsc#1248920
-
-- update to version 1.86.5:
-  * cmd/k8s-proxy,k8s-operator: fix serve config for userspace mode
-- update to version 1.86.4:
-  * nothing of relevance
-- update to version 1.86.3:
-  * nothing of relevance
-
-- update to version 1.86.2:
-  * A deadlock issue that may have occurred in the client
-  * An occasional crash when establishing a new port mapping with a gateway or
-    firewall
-
-- update to version 1.86.0:
-  * tsStateEncrypted device posture attribute for checking whether the
-    Tailscale client state is encrypted at rest
-  * Cross-site request forgery (CSRF) issue that may have resulted in a log in
-    error when accessing the web interface
-  * Recommended exit node when the previously recommended exit node is offline
-  * tailscale up --exit-node=auto:any and tailscale set --exit-node=auto:any
-    CLI commands track the recommended exit node and automatically switches to
-    it when available exit nodes or network conditions change
-  * tailscaled CLI command flag --encrypt-state encrypts the node state file on
-    the disk using trusted platform module (TPM)
-
-- update to 1.84.3:
-  * ipn/ipnlocal: Update hostinfo to control on service config change
-
-- update to 1.84.2:
-  * Re-enable setting —accept-dns by using TS_EXTRA_ARGS. This issue resulted
-    from stricter CLI arguments parsing introduced in Tailscale v1.84.0
-
-- update to 1.84.1:
-  * net/dns: cache dns.Config for reuse when compileConfig fails
-
-- update to 1.84.0:
-  * The --reason flag is added to the tailscale down command
-  * ReconnectAfter policy setting, which configures the maximum period of time
-    between a user disconnecting Tailscale and the client automatically
-    reconnecting
-  * Tailscale CLI commands throw an error if multiple of the same flag are detected
-  * Network connectivity issues when creating a new profile or switching
-    profiles while using an exit node
-  * DNS-over-TCP fallback works correctly with upstream servers reachable only
-    via the tailnet
-
-- update to 1.82.5:
-  * A panic issue related to CUBIC congestion control in userspace mode is resolved.
-
-- update to 1.82.0:
-  * DERP functionality within the client supports certificate pinning for
-    self-signed IP address certificates for those unable to use Let's Encrypt
-    or WebPKI certificates.
-  * Go is updated to version 1.24.1
-  * NAT traversal code uses the DERP connection that a packet arrived on as an
-    ultimate fallback route if no other information is available
-  * Captive portal detection reliability is improved on some in-flight Wi-Fi networks
-  * Port mapping success rate is improved
-  * Helsinki is added as a DERP region.
-</description>
-  <package>tailscale</package>
-</patchinfo>