Packages changed: libgcrypt (1.9.3 -> 1.9.4) libgpg-error libssh (0.9.5 -> 0.9.6) openssl (1.1.1k -> 1.1.1l) openssl-1_1 (1.1.1k -> 1.1.1l) pkgconf (1.7.4 -> 1.8.0) === Details === ==== libgcrypt ==== Version update (1.9.3 -> 1.9.4) - Update to 1.9.4: * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch - Remove not needed patch libgcrypt-sparcv9.diff - Fix building test t-lock with pthread. [bsc#1189745] * Explicitly add -lpthread to compile the t-lock test. * Add libgcrypt-pthread-in-t-lock-test.patch ==== libgpg-error ==== - Drop --with-pic (no effect with --disable-static). ==== libssh ==== Version update (0.9.5 -> 0.9.6) Subpackages: libssh-config libssh4 - Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 ==== openssl ==== Version update (1.1.1k -> 1.1.1l) - Update to 1.1.1l release ==== openssl-1_1 ==== Version update (1.1.1k -> 1.1.1l) Subpackages: libopenssl1_1 - Update to 1.1.1l: * [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow. * [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns processing ASN.1 strings - Require the crypto-policies package from libopenssl-1_1 ==== pkgconf ==== Version update (1.7.4 -> 1.8.0) Subpackages: libpkgconf3 pkgconf-m4 pkgconf-pkg-config - Update to version 1.8.0: + Fix a minor memory leak relating to cross-personalities + Fix some edge cases with --redefine-prefix + Do not prepend sysroot_dir if the .pc file does not exist in the sysroot + Do not perform path filtering on default system include and library path lists.