From: Michael Schroeder <mls@suse.de>
Date: Tue, 26 May 2026 08:33:43 +0000 (+0200)
Subject: Add changes, bump version to 0.7.38
X-Git-Tag: 0.7.38^0
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=2cba95a19e870f441d7539e4711fd6a51d2b1c19;p=thirdparty%2Flibsolv.git

Add changes, bump version to 0.7.38
---

diff --git a/NEWS b/NEWS
index 44ad463d..8fc61a62 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,25 @@
 
 This file contains the major changes between libsolv versions:
 
+Version 0.7.38
+- selected bug fixes:
+  * made repo_add_solv more robust against corrupt files
+    (CVE-2026-9149)
+  * fix potential buffer overflow when verifying EdDSA signatures
+    (CVE-2026-48863)
+  * added limit checks in multiple places to catch overflows
+  * reduce the size of the language id cache
+  * fixed Debian canon selection
+  * fixed dbpath detection in repo_rpmdb_librpm
+  * reduced stack usage in repo page compression (needed for musl)
+
 Version 0.7.37
 - selected bug fixes:
   * fix parsing of sha512 checksums in debian repositories
+    (CVE-2026-9150)
   * improve speed of dirpool_add_dir makeing parsing of
     filelists.xml twice as fast
-  * fix parsing of recommands in the old Mandriva synthesis format
+  * fix parsing of recommends in the old Mandriva synthesis format
 
 Version 0.7.36
 - selected bug fixes:
diff --git a/VERSION.cmake b/VERSION.cmake
index 7ccfdff0..0482d890 100644
--- a/VERSION.cmake
+++ b/VERSION.cmake
@@ -49,5 +49,5 @@ SET(LIBSOLVEXT_SOVERSION "1")
 
 SET(LIBSOLV_MAJOR "0")
 SET(LIBSOLV_MINOR "7")
-SET(LIBSOLV_PATCH "37")
+SET(LIBSOLV_PATCH "38")
 
diff --git a/package/libsolv.changes b/package/libsolv.changes
index 7e2dc458..8f5016c7 100644
--- a/package/libsolv.changes
+++ b/package/libsolv.changes
@@ -1,10 +1,24 @@
+-------------------------------------------------------------------
+Tue May 26 10:31:41 CEST 2026 - Michael Schroeder <mls@suse.de>
+
+- made repo_add_solv more robust against corrupt files
+  [bsc#1265935] [CVE-2026-9149]
+- fix potential buffer overflow when verifying EdDSA signatures
+  [bsc#1266039] [CVE-2026-48863]
+- added limit checks in multiple places to catch overflows
+- reduce the size of the language id cache
+- fixed Debian canon selection
+- fixed dbpath detection in repo_rpmdb_librpm
+- reduced stack usage in repo page compression (needed for musl)
+
 -------------------------------------------------------------------
 Thu Apr 23 11:22:49 CEST 2026 - Michael Schroeder <mls@suse.de>
 
 - fix parsing of sha512 checksums in debian repositories
+  [bsc#1265938] [CVE-2026-9150]
 - improve speed of dirpool_add_dir makeing parsing of filelists.xml
   twice as fast
-- fix parsing of recommands in the old Mandriva synthesis format
+- fix parsing of recommends in the old Mandriva synthesis format
 - bump version to 0.7.37
 
 -------------------------------------------------------------------