Remove virtualbox from PackageHub

will be moved to Leap instead

.gitmodules

@@ -258,6 +258,10 @@
 	path = OpenShadingLanguage
 	url = ../../pool/OpenShadingLanguage
 	branch = leap-16.0
+[submodule "OpenSMTPD"]
+	path = OpenSMTPD
+	url = ../../pool/OpenSMTPD
+	branch = leap-16.0
 [submodule "OpenSubdiv"]
 	path = OpenSubdiv
 	url = ../../pool/opensubdiv
@@ -3070,6 +3074,10 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
+[submodule "doomsday"]
+	path = doomsday
+	url = ../../pool/doomsday
+	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7174,6 +7182,10 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
+[submodule "gnucobol"]
+	path = gnucobol
+	url = ../../pool/gnucobol
+	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro
@@ -10594,6 +10606,10 @@
 	path = most
 	url = ../../pool/most
 	branch = leap-16.0
+[submodule "motif"]
+	path = motif
+	url = ../../pool/motif
+	branch = leap-16.0
 [submodule "motion"]
 	path = motion
 	url = ../../pool/motion

patchinfo.20260131182523692426.93181000773252/_patchinfo

@@ -0,0 +1,29 @@
+<patchinfo incident="packagehub-127">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for kbuild</summary>
+  <description>This update for kbuild fixes the following issues:
+
+Changes in kbuild:
+
+- Update to snapshot 0.1.9998+svn3686
+  * header.kmk,footer-pass2-compiling-targets.kmk: Added EARLY_LIBS
+    and LATE_LIBS properties to better control the library order
+    when using templates. The libraries are collected from
+    EARLY_LIBS first, then LIBS, and LATE_LIBS last.
+  * header.kmk: Added KB_FN_LOAD_TOOL and KB_FN_LOAD_SDK for
+    explictly loading a tool or an sdk implementation.
+  * kmk: Automatically ascend if no makefile found and a goal was
+    given on the command line. This is to eliminating the need for
+    Makefile.kup-files as far as compiling individual source files
+    from an editor is concerned.
+  * header.kmk: Always zap the IFS variable so it won't confuse
+    kmk_ash.
+  * kmk/job.c: Deal with escape sequences inside double quotes when
+    we're using kmk_ash.
+  * kBuild/header.kmk: drop the .noarch suffix for
+    KBUILD_DEVTOOLS_TRG_NOARCH and KBUILD_DEVTOOLS_HST_NOARCH.
+</description>
+  <package>kbuild</package>
+</patchinfo>

patchinfo.20260203120457648647.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-117">
+  <issue tracker="bnc" id="1257190">pdfarranger does not start, but raises RuntimeError: context has already been set</issue>
+  <packager>dgarcia</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for pdfarranger</summary>
+  <description>This update for pdfarranger fixes the following issues:
+
+Changes in pdfarranger:
+
+- Fixed compatibility with python313 (boo#1257190).
+</description>
+  <package>pdfarranger</package>
+</patchinfo>

patchinfo.20260203171624727972.93181000773252/_patchinfo

@@ -0,0 +1,92 @@
+<patchinfo incident="packagehub-118">
+  <issue tracker="bnc" id="1255366">VUL-0: CVE-2025-64702: trivy: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS</issue>
+  <issue tracker="cve" id="2025-66564">CVE-2025-66564 github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing</issue>
+  <issue tracker="cve" id="2025-64702">VUL-0: CVE-2025-64702: TRACKERBUG: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS</issue>
+  <packager>dirkmueller</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for trivy</summary>
+  <description>This update for trivy fixes the following issues:
+
+Changes in trivy:
+
+- Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):
+  * release: v0.69.0 [main] (#9886)
+  * chore: bump trivy-checks to v2 (#9875)
+  * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)
+  * fix(repo): return a nil interface for gitAuth if missing (#10097)
+  * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)
+  * fix(rust): implement version inheritance for Cargo mono repos (#10011)
+  * feat(activestate): add support ActiveState images (#10081)
+  * feat(vex): support per-repo tls configuration (#10030)
+  * refactor: allow per-request transport options override (#10083)
+  * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)
+  * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)
+  * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)
+  * feat(rocky): enable modular package vulnerability detection (#10069)
+  * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)
+  * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)
+  * feat(report): add Trivy version to JSON output (#10065)
+  * fix(rust): add cargo workspace members glob support (#10032)
+  * feat: add AnalyzedBy field to track which analyzer detected packages (#10059)
+  * fix: use canonical SPDX license IDs from embeded licenses.json (#10053)
+  * docs: fix link to Docker Image Specification (#10057)
+  * feat(secret): add detection for Symfony default secret key (#9892)
+  * refactor(misconf): move common logic to base value and simplify typed values (#9986)
+  * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)
+  * feat(misconf): use Terraform plan configuration to partially restore schema (#9623)
+  * feat(misconf): add action block to Terraform schema (#10035)
+  * fix(misconf): correct typos in block and attribute names (#9993)
+  * test(misconf): simplify test values using *Test helpers (#9985)
+  * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)
+  * feat(misconf): support for ARM resources defined as an object (#9959)
+  * feat(misconf): support for azurerm_*_web_app (#9944)
+  * test: migrate private test helpers to `export_test.go` convention (#10043)
+  * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)
+  * fix(secret): improve word boundary detection for Hugging Face tokens (#10046)
+  * fix(go): use ldflags version for all pseudo-versions    (#10037)
+  * chore: switch to ID from AVDID in internal and user-facing fields (#9655)
+  * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)
+  * fix: move enum into items for array-type fields in JSON Schema (#10039)
+  * docs: fix incorrect documentation URLs (#10038)
+  * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)
+  * fix(docker): fix non-det scan results for images with embedded SBOM (#9866)
+  * chore(deps): bump the github-actions group with 11 updates (#10001)
+  * test: fix assertion after 2026 roll over (#10002)
+  * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)
+  * fix(license): normalize licenses for PostAnalyzers (#9941)
+  * feat(nodejs): parse licenses from `package-lock.json` file (#9983)
+  * chore: update reference links to Go Wiki (#9987)
+  * refactor: add xslices.Map and replace lo.Map usages (#9984)
+  * fix(image): race condition in image artifact inspection (#9966)
+  * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)
+  * refactor(debian): use txtar format for test data (#9957)
+  * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)
+  * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)
+  * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)
+  * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961)
+  * perf(misconf): optimize string concatenation in azure scanner (#9969)
+  * chore: add client option to install script (#9962)
+  * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)
+  * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)
+  * docs: update binary signature verification for sigstore bundles (#9929)
+  * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)
+  * chore(alpine): add EOL date for alpine 3.23 (#9934)
+  * feat(cloudformation): add support for Fn::ForEach (#9508)
+  * ci: enable `check-latest` for `setup-go` (#9931)
+  * feat(debian): detect third-party packages using maintainer list (#9917)
+  * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)
+  * feat(helm): add sslCertDir parameter (#9697)
+  * fix(misconf): respect .yml files when Helm charts are detected (#9912)
+  * feat(php): add support for dev dependencies in Composer (#9910)
+  * chore(deps): bump the common group across 1 directory with 9 updates (#9903)
+  * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)
+  * fix: remove trailing tab in statefulset template (#9889)
+  * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)
+  * feat(misconf): initial ansible scanning support (#9332)
+  * feat(misconf): Update Azure Database schema (#9811)
+  * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)
+  * chore: update the install script (#9874)
+</description>
+  <package>trivy</package>
+</patchinfo>

patchinfo.20260204155545137018.93181000773252/_patchinfo

@@ -0,0 +1,195 @@
+<patchinfo incident="packagehub-119">
+  <issue tracker="cve" id="2025-22869"/>
+  <issue tracker="bnc" id="1248920">VUL-0: CVE-2025-58058: tailscale: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory</issue>
+  <issue tracker="cve" id="2025-58058"/>
+  <packager>rrahl0</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for tailscale</summary>
+  <description>This update for tailscale fixes the following issues:
+
+Changes in tailscale:
+
+- Update to version 1.94.0:
+  * IS SET and NOT SET have been added as device posture operators
+  * India DERP Region City Name updated
+  * Custom DERP servers support GCP Certificate Manager
+  * Tailscale SSH authentication, when successful, results in LOGIN audit
+    messages being sent to the kernel audit subsystem
+  * Tailscale Peer Relay throughput is improved when the SO_REUSEPORT socket
+    option is supported on multi-core systems
+  * Tailscale Peer Relay server handshake transmission is guarded against
+    routing loops over Tailscale
+  * MagicDNS always resolves when using resolv.conf without a DNS manager
+  * tailscaled_peer_relay_forwarded_packets_total and
+    tailscaled_peer_relay_forwarded_bytes_total client metrics are available for
+    Tailscale Peer Relays
+  * Identity tokens are automatically generated for workload identities
+  * --audience flag added to tailscale up command to support auto generation of
+    ID tokens for workload identity
+  * tsnet nodes can host Tailscale Services
+  * The tailscale lock status -json command returns tailnet key authority (TKA)
+    data in a stable format
+  * Tailscale Peer Relays deliver improved throughput through monotonic time
+    comparison optimizations and reduced lock contention
+  * Tailscale Services virtual IPs are now automatically accepted by clients
+    across all platforms regardless of the status of the --accept-routes
+    feature
+
+- Update to version 1.94.0:
+  * derp/derpserver: add a unique sender cardinality estimate
+  * syncs: add means of declare locking assumptions for debug mode
+  * cmd/k8s-operator: add support for taiscale.com/http-redirect
+  * cmd/k8s-operator fix populateTLSSecret on tests
+  * feature/posture: log method and full URL for posture identity requests
+  * k8s-operator: Fix typos in egress-pod-readiness.go
+  * cmd/tailscale,ipn: add Unix socket support for serve
+  * client/systray: change systray to start after graphical.target
+  * cmd/k8s-operator: warn if users attempt to expose a headless Service
+  * cmd/tailscale/cli, util/qrcodes: format QR codes on Linux consoles
+  * tsnet: ensure funnel listener cleans up after itself when closed
+  * ipn/store/kubestore: don't load write replica certs in memory
+  * tsnet: allow for automatic ID token generation
+
+- Update to version 1.92.5:
+  * types/persist: omit Persist.AttestationKey based on IsZero
+  * disable hardware attestation for kubernetes
+  * allow opting out of ACME order replace extension
+- Update to version 1.92.4:
+  * nothing of importance
+
+- Update to version 1.92.3:
+  * WireGuard configuration that occurs automatically in the client, no longer
+    results in a panic
+
+- Update to version 1.92.2:
+  * cmd/derper: add GCP Certificate Manager support
+
+- Update to version 1.92.1:
+  * fix LocalBackend deadlock when packet arrives during profile switch
+  * wgengine: fix TSMP/ICMP callback leak
+- Update to version 1.92.0:
+  * no changelog provided
+- Update to version 1.90.9:
+  * tailscaled no longer deadlocks during event bursts
+  * The client no longer hangs after wake up
+
+- Update to version 1.90.8:
+  * tka: move RemoveAll() to CompactableChonk
+- Update to version 1.90.7:
+  * wgengine/magicsock: validate endpoint.derpAddr
+  * wgengine/magicsock: fix UDPRelayAllocReq/Resp deadlock
+  * net/udprelay: replace VNI pool with selection algorithm
+  * feature/relayserver,ipn/ipnlocal,net/udprelay: plumb DERPMap
+  * feature/relayserver: fix Shutdown() deadlock
+  * net/netmon: do not abandon a subscriber when exiting early
+  * tka: don't try to read AUMs which are partway through being written
+  * tka: rename a mutex to mu instead of single-letter l
+  * ipn/ipnlocal: use an in-memory TKA store if FS is unavailable
+
+- Update to version 1.90.6:
+  * Routes no longer stall and fail to apply when updated repeatedly in a short
+    period of time
+  * Tailscale SSH no longer hangs for 10s when connecting to tsrecorder. This
+    affected tailnets that use Tailscale SSH recording
+
+- Update to version 1.90.4:
+  * deadlock issue no longer occurs in the client when checking
+    for the network to be available
+  * tailscaled no longer sporadically panics when a
+    Trusted Platform Module (TPM) device is present
+
+- Update to version 1.90.3:
+  * tailscaled shuts down as expected and without panic
+  * tailscaled starts up as expected in a no router configuration environment
+
+- Update to version 1.90.2:
+  * util/linuxfw: fix 32-bit arm regression with iptables
+  * health: compare warnable codes to avoid errors on release branch
+  * feature/tpm: check TPM family data for compatibility
+
+- Upate to version 1.90.1:
+  * Clients can use configured DNS resolvers for all domains
+  * Node keys will be renewed seamlessly
+  * Unnecessary path discovery packets over DERP servers are suppressed
+  * Node key sealing is GA (generally available) and enabled by default
+
+- update to version 1.88.3:
+  * cmd/tailscale/cli: add ts2021 debug flag to set a dial plan
+  * control/controlhttp: simplify, fix race dialing, remove priority concept
+- update to version 1.88.2:
+  * k8s-operator: reset service status before append
+- require the minimum go version directly, in comparison to using the golang(API)
+  symbol
+
+- update to version 1.88.1:
+  * Tailscale CLI prompts users to confirm impactful actions
+  * Tailscale SSH works as expected when using an IP address instead of a
+    hostname and MagicDNS is disabled
+  * fixed: Taildrive sharing when su not present
+  * Taildrive files remain consistently accessible
+  * new: Tailscale tray GUI
+  * DERP IPs changed for Singapore and Tokyo
+- Fixing CVE-2025-58058, bsc#1248920
+
+- update to version 1.86.5:
+  * cmd/k8s-proxy,k8s-operator: fix serve config for userspace mode
+- update to version 1.86.4:
+  * nothing of relevance
+- update to version 1.86.3:
+  * nothing of relevance
+
+- update to version 1.86.2:
+  * A deadlock issue that may have occurred in the client
+  * An occasional crash when establishing a new port mapping with a gateway or
+    firewall
+
+- update to version 1.86.0:
+  * tsStateEncrypted device posture attribute for checking whether the
+    Tailscale client state is encrypted at rest
+  * Cross-site request forgery (CSRF) issue that may have resulted in a log in
+    error when accessing the web interface
+  * Recommended exit node when the previously recommended exit node is offline
+  * tailscale up --exit-node=auto:any and tailscale set --exit-node=auto:any
+    CLI commands track the recommended exit node and automatically switches to
+    it when available exit nodes or network conditions change
+  * tailscaled CLI command flag --encrypt-state encrypts the node state file on
+    the disk using trusted platform module (TPM)
+
+- update to 1.84.3:
+  * ipn/ipnlocal: Update hostinfo to control on service config change
+
+- update to 1.84.2:
+  * Re-enable setting —accept-dns by using TS_EXTRA_ARGS. This issue resulted
+    from stricter CLI arguments parsing introduced in Tailscale v1.84.0
+
+- update to 1.84.1:
+  * net/dns: cache dns.Config for reuse when compileConfig fails
+
+- update to 1.84.0:
+  * The --reason flag is added to the tailscale down command
+  * ReconnectAfter policy setting, which configures the maximum period of time
+    between a user disconnecting Tailscale and the client automatically
+    reconnecting
+  * Tailscale CLI commands throw an error if multiple of the same flag are detected
+  * Network connectivity issues when creating a new profile or switching
+    profiles while using an exit node
+  * DNS-over-TCP fallback works correctly with upstream servers reachable only
+    via the tailnet
+
+- update to 1.82.5:
+  * A panic issue related to CUBIC congestion control in userspace mode is resolved.
+
+- update to 1.82.0:
+  * DERP functionality within the client supports certificate pinning for
+    self-signed IP address certificates for those unable to use Let's Encrypt
+    or WebPKI certificates.
+  * Go is updated to version 1.24.1
+  * NAT traversal code uses the DERP connection that a packet arrived on as an
+    ultimate fallback route if no other information is available
+  * Captive portal detection reliability is improved on some in-flight Wi-Fi networks
+  * Port mapping success rate is improved
+  * Helsinki is added as a DERP region.
+</description>
+  <package>tailscale</package>
+</patchinfo>

patchinfo.20260204160233168297.93181000773252/_patchinfo

@@ -0,0 +1,202 @@
+<patchinfo incident="packagehub-121">
+  <issue tracker="bnc" id="1242186">yt-dlp is outdated</issue>
+  <packager>rrahl0</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for yt-dlp</summary>
+  <description>This update for yt-dlp fixes the following issues:
+
+Changes in yt-dlp:
+
+- Update to release 2026.01.31
+  * yt: Add `web_embedded` fallback for `android_vr` client
+  * yt: Remove broken `ios_downgraded` and `tv_embedded` player
+    clients
+
+- added quickjs recommends as a lighter alternative to deno and nodejs
+
+- Update to release 2026.01.29
+  * Accept float values for command-line option `--sleep-subtitles`
+  * Add `--format-sort-reset` option
+  * yt: Support comment subthreads
+
+- Update to release 2025.12.08
+  * cookies: Fix --cookies-from-browser for new installs of
+    Firefox 147+
+  * floatplane: add subtitle support
+  * yt: detect AI-upscaled formats
+
+- Relax JS runtime requirement from required to recommended,
+  some formats can be downloaded without either runtime.
+- Recommend nodejs as an alternative to deno
+  (Leap 15.6 has just nodejs).
+
+- Update to release 2025.11.12
+  * An external JavaScript runtime is now used for full YouTube
+    support (e.g. deno).
+
+- Use the pythons macro to reduce the amount of suse_version usage
+
+- Update to version 2025.10.22
+  * A stopgap release with a TEMPORARY partial fix for YouTube
+    support. Some formats may still be unavailable, especially if
+    cookies are passed to yt-dlp. The NEXT release, expected very
+    soon, will require an external JS runtime (e.g. Deno) in
+    order for YouTube downloads to work properly.
+  * The minimum required Python version has been raised to 3.10
+    (Python 3.9 has reached its end-of-life as of October 2025).
+
+- Update to release 2025.10.14
+  * yt: Detect experiment binding GVS PO Token to video id
+  * yt: Fix approximate timestamp extraction for feeds
+
+- Use Python 3.13 in 15.7, due to lack of 3.12
+
+- Update to release 2025.09.26
+  * twitch: vod: Fix live_status detection
+  * yt: Fix player JS overrides
+  * yt: Improve PO token logging
+  * yt: Player client maintenance
+  * yt: Replace tv_simply with web_safari in default clients
+- Fix Leap 15.6 build
+
+- Update to release 2025.09.23
+  * youtube: Force player 0004de42
+
+- Update to version 2025.09.05
+  * Fix --id deprecation warning
+  * charlierose: Fix extractor
+  * googledrive: Fix subtitles extraction
+  * itvbtcc: Fix extractor
+  * kick: vod: Support ongoing livestream VODs
+  * lrt: Fix extractors
+  * tver: Extract more metadata
+  * vevo: Restore extractors
+  * build: Overhaul Linux builds and refactor release workflow
+
+- Update to release 2025.08.27
+  * Add tcc player JS variant
+  * Deprioritize web_safari m3u8 formats
+  * Use alternative tv user-agent when authenticated
+
+- Update to release 2025.08.22
+  * cookies: Fix --cookies-from-browser with Firefox 142+
+
+- Update to release 2025.08.20
+  * Warn against use of `-f mp4`
+  * yt: Add es5 and es6 player JS variants
+  * yt: Default to main player JS variant
+  * yt: Extract title and description from initial data
+  * yt: Handle required preroll waiting period
+
+- Update to release 2025.08.11
+  * yt: Add player params to mweb client
+  * dash: Re-extract if using --load-info-json with
+    --live-from-start
+
+- Update to release 2025.07.21
+  * Default behaviour changed from --mtime to --no-mtime
+  * yt: Do not require PO Token for premium accounts
+  * yt: Extract global nsig helper functions
+  * yt: tab: Fix subscriptions feed extraction
+
+- Update to release 2025.06.30
+  * youtube: Fix premium formats extraction
+
+- Update to release 2025.06.25
+  * yt: Check any ios m3u8 formats prior to download
+  * yt: Improve player context payloads
+
+- Update to release 2025.06.09
+  * adobepass: add Fubo MSO, fix Philo MSO authentication
+  * yt: Add tv_simply player client
+  * yt: Extract srt subtitles
+  * yt: Rework nsig function name extraction
+
+- Update to release 2025.05.22
+  * yt: Add PO token support for subtitles
+  * yt: Add web_embedded client for age-restricted videos
+  * yt: Add a PO Token Provider Framework
+  * yt: Extract media_type for all videos
+  * yt: Fix --live-from-start support for premieres
+  * yt: Fix geo-restriction error handling
+
+- Update to release 2025.04.30 [boo#1242186]
+  * New option --preset-alias/-t has been added
+
+- Update to release 2025.03.31
+  * yt: add player_js_variant extractor-arg
+  * yt/tab: Fix playlist continuation extraction
+
+- Update to release 2025.03.27
+  * youtube: Make signature and nsig extraction more robust
+
+- Update to release 2025.03.26
+  * youtube: fix signature and nsig extraction for player 4fcd6e4a
+
+- Update to release 2025.03.21
+  * Fix external downloader availability when using
+    ``--ffmpeg-location``
+  * youtube: fix nsig and signature extraction for player 643afba4.
+
+- Require same version between yt-dlp -&gt; python-yt-dlp
+
+- Update to release 2025.02.19
+  * NSIG workaround for tce player JS
+
+- Update to release 2025.01.26
+  * bilibili: Support space video list extraction without login
+  * crunchyroll: Remove extractors
+  * youtube: Download tv client Innertube config
+  * youtube: Use different PO token for GVS and Player
+
+- Update to release 2025.01.15
+  * youtube: Do not use web_creator as a default client
+
+- Update to release 2025.01.12
+  * yt: fix DASH formats incorrectly skipped in some situations
+  * yt: refactor cookie auth
+
+- Fix 15.6 build
+
+- Update to release 2024.12.23
+  * yt: add age-gate workaround for some embeddable videos
+
+- Update to release 2024.12.13
+  * yt: fix signature function extraction for 2f1832d2
+  * yt: prioritize original language over auto-dubbed audio
+
+- Update to release 2024.12.06
+  * yt: fix ``n`` sig extraction for player 3bb1f723
+  * yt: fix signature function extraction
+  * yt: player client maintenance
+
+- Update to release 2024.12.03
+  * bilibili: Always try to extract HD formats
+  * youtube: Adjust player clients for site changes
+
+- Update to release 2024.11.18
+  * cloudflarestream: Avoid extraction via videodelivery.net
+  * youtube: remove broken OAuth support
+
+- Update to release 2024.11.04
+  * Prioritize AV1
+  * Remove Python &lt;= 3.8 support
+  * youtube: Adjust OAuth refresh token handling
+
+- Update to release 2024.10.22
+  * yt: Remove broken android_producer client
+  * yt: Remove broken age-restriction workaround
+  * yt: Support logging in with OAuth
+
+- Update to release 2024.10.07
+  * Fix cookie load error handling
+  * youtube: Change default player clients to ios,mweb
+  * patreon: Extract all m3u8 formats for locked posts
+
+- Update to release 2024.09.27
+  * Support excluding player_clients in extractor-arg
+  * clip: Prioritize https formats
+</description>
+  <package>yt-dlp</package>
+</patchinfo>

patchinfo.20260206094000823685.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-115">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gnucobol</summary>
+  <description>This update for gnucobol fixes the following issues:
+
+Introduce gnucobol.
+</description>
+  <package>gnucobol</package>
+</patchinfo>

patchinfo.20260209123942988001.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-116">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for doomsday</summary>
+  <description>This update for doomsday fixes the following issues:
+
+Introduce doomsday.
+</description>
+  <package>doomsday</package>
+</patchinfo>

patchinfo.20260209151441438275.93181000773252/_patchinfo

@@ -0,0 +1,26 @@
+<patchinfo incident="packagehub-122">
+  <issue tracker="cve" id="2026-1998"/>
+  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
+  <packager>dheidler</packager>
+  <rating>low</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
+
+- Version 1.26.1
+  * esp32: update esp_tinyusb component to v1.7.6
+  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
+  * esp32: add IDF Component Lockfiles to git repo
+  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
+  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
+  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
+
+- Fix building on single core systems
+  * Skip tests/thread/stress_schedule.py when single core system detected
+</description>
+  <package>micropython</package>
+</patchinfo>

patchinfo.20260209155200377268.93181000773252/_patchinfo

@@ -0,0 +1,14 @@
+<patchinfo incident="packagehub-114">
+  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
+  <packager>favogt</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for messagelib</summary>
+  <description>This update for messagelib fixes the following issues:
+
+Changes in messagelib:
+
+- Fix links sometimes not opening (boo#1257869, kde#493325):
+</description>
+  <package>messagelib</package>
+</patchinfo>

patchinfo.20260209213841964623.93181000773252/_patchinfo

@@ -1,4 +1,4 @@
-<patchinfo>
+<patchinfo incident="packagehub-120">
   <issue tracker="cve" id="2024-22391">VUL-0: CVE-2024-22391: gdcm: heap-based buffer overflow in the LookupTable:SetLUT functionality</issue>
   <issue tracker="cve" id="2024-22373">VUL-0: CVE-2024-22373: gdcm: out-of-bounds write in the JPEG2000Codec:DecodeByStreamsCommon functionality</issue>
   <issue tracker="cve" id="2024-25569">VUL-0: CVE-2024-25569: gdcm: out-of-bounds read in the RAWCodec:DecodeBytes functionality</issue>
@@ -227,4 +227,4 @@ Changes in python-pyorthanc:
   <package>orthanc-tcia</package>
   <package>orthanc-wsi</package>
   <package>python-pyorthanc</package>
-</patchinfo>
+</patchinfo>

patchinfo.20260211094020694841.220258959514430/_patchinfo

@@ -0,0 +1,104 @@
+<patchinfo incident="packagehub-123">
+  <packager>os-autoinst-obs-workflow</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for openQA, os-autoinst-distri-opensuse-deps</summary>
+  <description>This update for openQA, os-autoinst-distri-opensuse-deps fixes the following issues:
+
+Changes in openQA:
+
+- Update to version 5.1770274061.387b318c:
+  * Remove dependencies not available in 16
+  * Remove all explicit versions from ci-packages.txt
+  * Explicitly use new cache key for fullstack_cache
+  * Use devel:openQA 16.0 repositories
+  * fix: Create user directory without sudo
+  * refactor(ui): use native DOM APIs for bulk action logic
+  * Update devel:openQA:ci/base container to Leap 16
+  * Mark some one line catch statements uncoverable
+  * Move t/07-api_jobtokens.t to t/api/
+  * refactor: Avoid mapping of actions in df-based cleanup
+  * refactor: Use loop to invoke `_delete_jobs` repeatedly
+  * refactor: Simplify code for df-based cleanup further
+  * refactor: Extract repeated lookup and loop into separate function
+  * Dependency cron 2026-02-03
+  * feat(ui): add bulk action checkboxes to test overview filters
+  * feat(openqa-clone-custom-git-refspec): add "BADGE" mode
+  * fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode
+  * feat(UI): add delete button for job groups and parent groups
+  * refactor(javascripts): harden by using const in admin_groups.js
+  * feat(api): prevent deletion of non-empty parent job groups
+  * docs: Fix typo in MCP documentation
+  * docs: Improve note about enabling modern Perl features
+  * test: Remove unused parameters in `OpenQA::Test::Case::login`
+  * navbar: add new item in menu to link MCP documentation
+  * Refactor t/lib/OpenQA/Test/Case.pm with signatures
+  * test: Consider all API controller code covered
+  * test: Cover remaining error cases of worker API
+  * fix: Improve error handling when updating records in admin tables
+  * test: Ensure consistent coverage of job cancellation function
+  * Prepare documentation generation for Leap 16.0
+  * test: Cover remaining lines of `Search.pm`
+  * test: Cover remaining lines of `Locks.pm`
+  * refactor: Simplify `JobTemplate::destroy`
+  * refactor: Remove unused code from `JobTemplate.pm`
+  * git subrepo pull (merge) external/os-autoinst-common
+  * style: Add quotes in openqa-bootstrap
+  * feat: default API key expiration to 1 year, aligning with UI
+  * feat: wrap array in an object in api_key API responses
+  * feat: add API endpoint for deleting API keys
+  * feat: add API endpoint for listing API keys
+  * feat: add API endpoint for creating API keys
+  * fix(openqa-bootstrap): prevent shellcheck warning SC2086
+  * Add dependency on 'file'
+  * refactor: Write code in `JobGroup.pm` in a more compact way
+  * test: Consider `Job.pm` fully covered
+  * test: Add tests for error handling of artefact upload
+  * refactor: Format artefact upload test in a more compact way
+  * test: Add tests for using assigned worker on job status updates
+  * test: Add tests for re-scheduling invalid scheduled product
+  * test: Add tests for querying non-existent scheduled product
+  * refactor: Use more compact coding style in `show_scheduled_product`
+  * refactor: Improve `Mm.pm`
+  * test: Improve tests of multi-machine API
+  * Remove unused module Config::Tiny from dependencies
+
+- Update to version 5.1769603414.6c0fa72e:
+  * Handle links on test_log on missing git repo extension
+  * test: Consider `Test.pm` fully covered
+  * test: Extend tests for showing dependency graph
+  * fix: Merge parallel clusters correctly for displaying dependency tree
+
+Changes in os-autoinst-distri-opensuse-deps:
+
+- Added dependency perl(constant)
+- Added dependency perl(Inline::Python)
+- Removed dependency perl(Inline::Python)
+- Removed dependency perl(LWP::Simple)
+- Added dependency perl(LWP::Simple)
+- Removed dependency perl(POSIX)
+- Added dependency perl(parent)
+- Added dependency perl(POSIX)
+- Added dependency perl(strict)
+- Added dependency perl(utf8)
+- Added dependency perl(version)
+- Added dependency perl(warnings)
+- Removed dependency perl(constant)
+- Removed dependency perl(parent)
+- Removed dependency perl(strict)
+- Removed dependency perl(utf8)
+- Removed dependency perl(version)
+- Removed dependency perl(warnings)
+- Removed dependency /usr/bin/gzip
+- Added dependency /usr/bin/gzip
+
+- Removed dependency gzip
+- Added dependency /usr/bin/gzip
+</description>
+  <package>openQA</package>
+  <package>openQA:openQA-devel-test</package>
+  <package>openQA:openQA-test</package>
+  <package>openQA:openQA-worker-test</package>
+  <package>openQA:openQA-client-test</package>
+  <package>os-autoinst-distri-opensuse-deps</package>
+</patchinfo>

patchinfo.20260211133956922544.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-126">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for OpenSMTPD</summary>
+  <description>This update for OpenSMTPD fixes the following issues:
+
+Introduce OpenSMTPD.
+</description>
+  <package>OpenSMTPD</package>
+</patchinfo>

patchinfo.20260211134802096631.255638743075857/_patchinfo

@@ -0,0 +1,71 @@
+<patchinfo incident="packagehub-124">
+  <packager>oertel</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gn</summary>
+  <description>This update for gn fixes the following issues:
+
+Changes in gn:
+
+- Update to version 0.20251217:
+  * Fix sha2 on big endian
+  * [Windows] Reduce the number of worker threads on many-core machines
+  * Add a sha256 hash implementation and use it for string_hash
+  * Opt-in to the Windows SegmentHeap
+  * Add a `module_name` flag to source_set.
+  * Refactor module name to be dynamic.
+  * Optimize vector creation in compile_commands_writer.cc.
+  * Run 'tools/run_formatter.sh'
+  * Implement `string_hash` function.
+  * Support weak_libraries
+  * Do not add .inputdeps paths to --ninja-outputs-file
+  * Make clang modules output -fmodule-file=foo=&lt;pcm&gt;.
+  * infra: Revert CIPD autoconf
+  * infra: Include autoconf bin directory to PATH
+  * infra: Fix autoconf executable path
+  * infra: Use CIPD autoconf
+  * Allow led access in GN via http://go/ciba
+  * Revert "Build non-linkable deps async with Ninja's validaitons"
+  * Upgrade linux bots from ubuntu 22.04 to ubuntu 24.04
+  * Use unordered_map instead of map in HeaderChecker
+  * Add --file_relation to gn refs command
+  * Optimize vector initialization and preallocation in desc_builder.cc.
+  * Add `reserve` statement when vector size is known beforehand.
+  * Refactor container update by preferring the range insert.
+  * Handle symlinked directories correctly during gn clean on Windows.
+  * Fix relative imports from args.gn.
+
+- Update to version 0.20250918:
+  * update reference.md
+  * Include -fmodule-file flags in compile_commands.json
+  * Refactor C++ module dependency logic into a new utility
+  * Gitiles navigation bar
+  * Adds a len() function
+  * Avoid clashes of include_dir in rust-project.json.
+  * Check all targets to find duplicated outputs.
+  * infra/config: Remove luci.recipes.use_python3 experiment
+  * Handle empty outputs in WriteInputDepsStampOrPhonyAndGetDep
+  * build: Propagate module dependencies through group targets
+  * Deduplicate item in 'deps', 'sources' and related lists
+  * infra: Update comment for macOS version used in CQ/CI
+  * [Apple] Allow passing a manifest to the post-processing script
+  * Update link to buganizer in README.md
+  * [Apple] Fix `gn gen` when using swift and no_stamp_files
+  * [Apple] Remove deprecated aliases for `post_processing_$var`
+  * Revert "Allow newline in string literal"
+  * Use std::ranges::all_of in parse_tree_unittest
+  * infra: Correctly use macOS 13 instead of 11
+  * Update Xcode and macOS version in bots
+  * infra: Add shadow buckets to trigger led job
+  * Allow newline in string literal
+  * Revert "Update macOS version to 13 used in CQ/CI"
+  * Update macOS version to 13 used in CQ/CI
+  * Refactor command_format.cc
+  * Shorten targets from //path/to/foo:foo to //path/to/foo
+  * Modernize and improve parse_tree.cc
+  * Auto-format the codebase
+  * Remove hardcoded -fmodules-embed-all-files flag
+  * Reland "Use JSON escaping for JSON string output"
+</description>
+  <package>gn</package>
+</patchinfo>

patchinfo.20260212125825503328.255638743075857/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-125">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for motif</summary>
+  <description>This update for motif fixes the following issues:
+
+Introduce motif.
+</description>
+  <package>motif</package>
+</patchinfo>