Update submodules from pool/orthanc#1, pool/gdcm#1, pool/orthanc-authorization#1, pool/orthanc-dicomweb#1, pool/orthanc-gdcm#1, pool/orthanc-indexer#1, pool/orthanc-mysql#1, pool/orthanc-neuro#1 and create patchinfo.20260209124750281584.93181000773252/_patchinfo

.gitmodules

@@ -3070,10 +3070,6 @@
 	path = dom2-core-tests
 	url = ../../pool/dom2-core-tests
 	branch = leap-16.0
-[submodule "doomsday"]
-	path = doomsday
-	url = ../../pool/doomsday
-	branch = leap-16.0
 [submodule "dosbox"]
 	path = dosbox
 	url = ../../pool/dosbox
@@ -7178,10 +7174,6 @@
 	path = gnu_ddrescue
 	url = ../../pool/gnu_ddrescue
 	branch = leap-16.0
-[submodule "gnucobol"]
-	path = gnucobol
-	url = ../../pool/gnucobol
-	branch = leap-16.0
 [submodule "gnuastro"]
 	path = gnuastro
 	url = ../../pool/gnuastro

patchinfo.20260206094000823685.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-115">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for gnucobol</summary>
-  <description>This update for gnucobol fixes the following issues:
-
-Introduce gnucobol.
-</description>
-  <package>gnucobol</package>
-</patchinfo>

patchinfo.20260209123942988001.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo incident="packagehub-116">
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for doomsday</summary>
-  <description>This update for doomsday fixes the following issues:
-
-Introduce doomsday.
-</description>
-  <package>doomsday</package>
-</patchinfo>

patchinfo.20260209124750281584.93181000773252/_patchinfo

@@ -0,0 +1,141 @@
+<patchinfo>
+  <issue tracker="cve" id="2024-25569">VUL-0: CVE-2024-25569: gdcm: out-of-bounds read in the RAWCodec:DecodeBytes functionality</issue>
+  <issue tracker="cve" id="2024-22391">VUL-0: CVE-2024-22391: gdcm: heap-based buffer overflow in the LookupTable:SetLUT functionality</issue>
+  <issue tracker="cve" id="2024-22373">VUL-0: CVE-2024-22373: gdcm: out-of-bounds write in the JPEG2000Codec:DecodeByStreamsCommon functionality</issue>
+  <packager>DocB</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro</summary>
+  <description>This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro fixes the following issues:
+
+Changes in orthanc:
+
+- dcmtk 370 breaks TW build
+
+- switch to lua 5.4
+
+- remove boost component system from framework
+
+- version 1.12.10
+  ' long changelog - see NEWS for details
+
+- Stop trying to pull libboost_system-devel in all orthanc packages.
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+
+- version 1.12.9
+  * long changelog - see NEWS for details
+
+Changes in gdcm:
+
+- apply fix for poppler 25.10 build error
+
+Changes in orthanc-authorization:
+
+- version 0.10.3
+  * New default permissions for worklists
+  * New default permissions for tools/metrics-prometheus
+  * New default permissions for tools/generate-uid
+
+- version 0.10.2
+  * New default permissions to add/delete modalities through the Rest API
+    https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137
+  * New standard configuration "stl"
+
+- remove libboost_system-devel for TW (removed in boost 1.89)-
+
+- version 0.10.1
+  * Fix audit-logs export in CSV format.
+  * New configuration "ExtraPermissions" to ADD new permissions to
+    the default "Permissions" entries.
+  * Improved handling of "Anonymous" user profiles (when no auth-tokens
+    are provided):  The plugin will now request the auth-service to
+    get an anonymous user profile even if there are no auth-tokens in the
+    HTTP request.
+  * The User profile can now contain a "groups" field if the auth-service
+    provides it.
+  * The User profile can now contain an "id" field if the auth-service
+    provides it.
+  * New experimental feature: audit-logs
+    - Enabled by the "EnableAuditLogs" configuration.
+    - Audit-logs are currently handled by the PostgreSQL plugin and can be
+      browsed through the route /auth/audit-logs.
+    - New default permission "audit-logs" to grant access to the
+      "/auth/audit-logs" route.
+  * Fix: The "server-id" field is now included in all requests sent to the
+    auth-service.
+
+Changes in orthanc-dicomweb:
+
+- version 1.22
+  * framework2.diff added for compatibilty with Orthanc framework &lt;= 1.12.10
+  * Fixed a possible deadlock when using "WadoRsLoaderThreadsCount" &gt; 1 when the HTTP
+    client disconnects while downloading the response.
+  * Fixed "Success: Success" errors when trying to send resources synchronously to a remote DICOMweb
+    server while the Orthanc job engine was busy with other tasks.
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+
+- version 1.21
+  * New configuration "WadoRsLoaderThreadsCount" to configure how many threads are loading
+    files from the storage when answering to a WADO-RS query.  A value &gt; 1 is meaningful
+    only if the storage is a distributed network storage (e.g object storage plugin).
+    A value of 0 means reading and writing are performed in sequence (default behaviour).
+  * New configuration "EnablePerformanceLogs" to display performance logs.  Currently
+    only showing the time required to execute a WADO-RS query.  For example:
+    WADO-RS: elapsed: 26106623 us, rate: 14.86 instances/s, 155.23Mbps
+  * Fix false errors logs generated e.g when OHIF requests the /dicom-web/studies/../metadata route:
+    "dicom-web:/Configuration.cpp:643] Unsupported return MIME type: application/dicom+json, multipart/related; type=application/octet-stream; transfer-syntax=*, will return DICOM+JSON"
+
+Changes in orthanc-gdcm:
+
+- version 1.8
+  * Prevent transcoding of DICOM images with empty
+    SharedFunctionalGroupsSequence (5200,9229), as this might crash GDCM.
+  * The built-in Orthanc transcoder being usually more stable, the default
+    value of the "RestrictTransferSyntaxes" configuration has been updated
+    to configure the GDCM plugin for J2K transfer syntaxes only since these
+    transfer syntaxes are currently not supported by the built-in Orthanc
+    transcoder.
+    - If "RestrictTransferSyntaxes" is not specified in your configuration,
+      it is now equivalent to
+        "RestrictTransferSyntaxes" : [
+          "1.2.840.10008.1.2.4.90",   // JPEG 2000 Image Compression (Lossless Only)
+          "1.2.840.10008.1.2.4.91",   // JPEG 2000 Image Compression
+          "1.2.840.10008.1.2.4.92",   // JPEG 2000 Part 2 Multicomponent Image Compression (Lossless Only)
+          "1.2.840.10008.1.2.4.93"    // JPEG 2000 Part 2 Multicomponent Image Compression
+        ]
+      which was the recommended configuration.
+    - If "RestrictTransferSyntaxes" is defined but empty, the GDCM plugin will
+      now be used to transcode ALL transfer syntaxes (this was the default
+      behaviour up to version 1.7)
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+
+- version 1.7
+  * Upgrade to GDCM 3.0.24 for static builds. Fixes:
+    - CVE-2024-22373: https://nvd.nist.gov/vuln/detail/CVE-2024-22373
+    - CVE-2024-22391: https://nvd.nist.gov/vuln/detail/CVE-2024-22391
+    - CVE-2024-25569: https://nvd.nist.gov/vuln/detail/CVE-2024-25569
+
+Changes in orthanc-indexer:
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+
+Changes in orthanc-mysql:
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+
+Changes in orthanc-neuro:
+
+- remove libboost_system-devel for TW (removed in boost 1.89)
+</description>
+  <package>orthanc</package>
+  <package>gdcm</package>
+  <package>orthanc-authorization</package>
+  <package>orthanc-dicomweb</package>
+  <package>orthanc-gdcm</package>
+  <package>orthanc-indexer</package>
+  <package>orthanc-mysql</package>
+  <package>orthanc-neuro</package>
+</patchinfo>

patchinfo.20260209151441438275.93181000773252/_patchinfo

@@ -1,26 +0,0 @@
-<patchinfo>
-  <issue tracker="cve" id="2026-1998"/>
-  <issue tracker="bnc" id="1257803">VUL-0: CVE-2026-1998: micropython: segmentation fault in `mp_map_lookup` via `mp_import_all`</issue>
-  <packager>dheidler</packager>
-  <rating>low</rating>
-  <category>security</category>
-  <summary>Security update for micropython</summary>
-  <description>This update for micropython fixes the following issues:
-
-Changes in micropython:
-
-- CVE-2026-1998: Fixed segmentation fault in `mp_map_lookup` via `mp_import_all` (bsc#1257803).
-
-- Version 1.26.1
-  * esp32: update esp_tinyusb component to v1.7.6
-  * tools: add an environment variable MICROPY_MAINTAINER_BUILD
-  * esp32: add IDF Component Lockfiles to git repo
-  * shared/tinyusb: fix hang from new tx_overwritabe_if_not_connected flag
-  * shared/tinyusb/mp_usbd_cdc: rewrite USB CDC TX loop
-  * tools/mpremote: don't apply Espressif DTR/RTS quirk to TinyUSB CDC dev
-
-- Fix building on single core systems
-  * Skip tests/thread/stress_schedule.py when single core system detected
-</description>
-  <package>micropython</package>
-</patchinfo>

patchinfo.20260209155200377268.93181000773252/_patchinfo

@@ -1,14 +0,0 @@
-<patchinfo incident="packagehub-114">
-  <issue tracker="bnc" id="1257869">KMail2: Klick on link does not open Browser</issue>
-  <packager>favogt</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for messagelib</summary>
-  <description>This update for messagelib fixes the following issues:
-
-Changes in messagelib:
-
-- Fix links sometimes not opening (boo#1257869, kde#493325):
-</description>
-  <package>messagelib</package>
-</patchinfo>