Merging

PR: products/PackageHub!495

.gitea/workflows/patchinfo_numbering.yaml

@@ -1,9 +1,10 @@
-# Use this as .gitea/workflows/patchinfo_numberator.yaml in all products/* repos
 name: Patchinfo incident numbering
 
 on:
-  push:
   workflow_dispatch:
+  push:
+    branches:
+      - 'leap-*'
 
 env:
   REPO_PATH: /workspace/${{ gitea.repository }}
@@ -18,7 +19,7 @@ jobs:
         run: |
           test -n "${{ env.REPO_PATH }}" && rm -rfv "${{ env.REPO_PATH }}"/*
           git config --global --add safe.directory ${{ env.REPO_PATH }}
-          git clone ${{ env.REPO_URL }} ${{ env.REPO_PATH }}
+          git clone -b ${{ gitea.ref_name }} --single-branch ${{ env.REPO_URL }} ${{ env.REPO_PATH }}
 
       - name: Update all new _patchinfo files
         uses: https://src.opensuse.org/actions/patchinfo-numbering-action@v0

patchinfo.20260303142142866367.93181000773252/_patchinfo

@@ -1,18 +0,0 @@
-<patchinfo>
-  <packager>vicentebolea</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for paraview</summary>
-  <description>This update for paraview fixes the following issues:
-
-Changes in paraview:
-
-- Correct Python ParaView installation path, it was wrongly being
-  installed in a nested directory of its correct path.
-- Disabled PythonAdaptors and AdaptorsCamPython ParaView module
-  since it is a very accessory feature that it gets installed in
-  the wrong path.
-- Added simple python import test to check correct deployment.
-</description>
-  <package>paraview</package>
-</patchinfo>

patchinfo.20260304100704501685.93181000773252/_patchinfo

@@ -0,0 +1,60 @@
+<patchinfo incident="packagehub-148">
+  <issue tracker="bnc" id="1257988">VUL-0: CVE-2026-24681: freerdp,freerdp2: Heap-use-after-free in urb_bulk_transfer_cb</issue>
+  <issue tracker="bnc" id="1257991">VUL-0: CVE-2026-24684: freerdp,freerdp2: Heap-use-after-free in play_thread</issue>
+  <issue tracker="bnc" id="1257986">VUL-0: CVE-2026-24679: freerdp,freerdp2: Heap-buffer-overflow in urb_select_interface</issue>
+  <issue tracker="cve" id="2026-22859"/>
+  <issue tracker="bnc" id="1257990">VUL-0: CVE-2026-24683: freerdp,freerdp2: Heap-use-after-free in ainput_send_input_event</issue>
+  <issue tracker="cve" id="2026-24676"/>
+  <issue tracker="cve" id="2026-24684"/>
+  <issue tracker="bnc" id="1219049">VUL-0: CVE-2024-22211: freerdp: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow.</issue>
+  <issue tracker="cve" id="2026-22854"/>
+  <issue tracker="cve" id="2024-22211"/>
+  <issue tracker="bnc" id="1256940">VUL-0: CVE-2026-23530: freerdp,freerdp2: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle`</issue>
+  <issue tracker="bnc" id="1231317">[Build 20241004] openQA test fails in zdup: freerdp2 failed to build</issue>
+  <issue tracker="bnc" id="1256944">VUL-0: CVE-2026-23534: freerdp,freerdp2: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data`</issue>
+  <issue tracker="bnc" id="1256942">VUL-0: CVE-2026-23532: freerdp,freerdp2: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface`</issue>
+  <issue tracker="bnc" id="1256720">VUL-0: CVE-2026-22854: freerdp,freerdp2: Heap-buffer-overflow in drive_process_irp_read</issue>
+  <issue tracker="cve" id="2026-23530"/>
+  <issue tracker="bnc" id="1256941">VUL-0: CVE-2026-23531: freerdp,freerdp2: improper validation in `clear_decompress` can lead to heap buffer overflow</issue>
+  <issue tracker="bnc" id="1257983">VUL-0: CVE-2026-24676: freerdp,freerdp2: Heap-use-after-free in audio_format_compatible</issue>
+  <issue tracker="cve" id="2026-24682"/>
+  <issue tracker="bnc" id="1257982">VUL-0: CVE-2026-24675: freerdp,freerdp2: Heap-use-after-free in urb_select_interface</issue>
+  <issue tracker="cve" id="2026-23534"/>
+  <issue tracker="bnc" id="1257989">VUL-0: CVE-2026-24682: freerdp,freerdp2: Heap-buffer-overflow in audio_formats_free</issue>
+  <issue tracker="cve" id="2026-23531"/>
+  <issue tracker="bnc" id="1256725">VUL-0: CVE-2026-22859: freerdp,freerdp2: Heap-buffer-overflow in urb_select_configuration</issue>
+  <issue tracker="cve" id="2026-22852"/>
+  <issue tracker="cve" id="2026-24491"/>
+  <issue tracker="bnc" id="1257981">VUL-0: CVE-2026-24491: freerdp,freerdp2: Heap-use-after-free in video_timer</issue>
+  <issue tracker="bnc" id="1256718">VUL-0: CVE-2026-22852: freerdp,freerdp2: Heap-buffer-overflow in audin_process_formats</issue>
+  <issue tracker="bnc" id="1256722">VUL-0: CVE-2026-22856: freerdp,freerdp2: Heap-use-after-free in create_irp_thread</issue>
+  <issue tracker="cve" id="2026-24683"/>
+  <issue tracker="cve" id="2026-23532"/>
+  <issue tracker="cve" id="2026-22856"/>
+  <issue tracker="cve" id="2026-24681"/>
+  <issue tracker="cve" id="2026-24675"/>
+  <issue tracker="cve" id="2026-24679"/>
+  <packager>yfjiang</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for freerdp2</summary>
+  <description>This update for freerdp2 fixes the following issues:
+
+Changes in freerdp2:
+
+- Multiple CVE fixes:
+    CVE-2026-24491, bsc#1257981, CVE-2026-24675, bsc#1257982,
+    CVE-2026-24676, bsc#1257983, CVE-2026-24679, bsc#1257986,
+    CVE-2026-24681, bsc#1257988, CVE-2026-24682, bsc#1257989,
+    CVE-2026-24683, bsc#1257990, CVE-2026-24684, bsc#1257991,
+    CVE-2026-22852, bsc#1256718, CVE-2026-22854, bsc#1256720,
+    CVE-2026-22856, bsc#1256722, CVE-2026-22859, bsc#1256725,
+    CVE-2026-23530, bsc#1256940, CVE-2026-23531, bsc#1256941,
+    CVE-2026-23532, bsc#1256942, CVE-2026-23534, bsc#1256944.
+
+- Fix build issue in h264_ffmpeg.c (ffmpeg 7).
+
+- Add upstream fixes (picked from Debian) (boo#1231317)
+</description>
+  <package>freerdp2</package>
+</patchinfo>