Removed rpms
============
- aaa_base-malloccheck
Added rpms
==========
Package Source Changes
======================
avahi
+- Add avahi-CVE-2023-1981.patch: emit error if requested service
+ is not found (boo#1210328 CVE-2023-1981).
+
+- switch to use _multibuild
+- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
+- use https urls
+
kernel-default
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
libxml2
+- Security update:
+ * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
+ isn't deterministic
+ - Added patch libxml2-CVE-2023-29469.patch
+ * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
+ xmlSchemaFixupComplexType
+ - Added patch libxml2-CVE-2023-28484-1.patch
+ - Added patch libxml2-CVE-2023-28484-2.patch
+
+- Remove unneeded dependency (bsc#1209918).
+
mozilla-nss
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
+ fixes to PBKDF2 parameter validation.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
+ validate extra PBKDF2 parameters according to FIPS 140-3.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
+ update session->lastOpWasFIPS before destroying the key after
+ derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
+ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
+ CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
+- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
+ excess code.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
+
+- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
+ checks. Thanks to Martin for the DHKey parts.
+
+- Add manpages to mozilla-nss-tools (bsc#1208242)
+
newt
-- Make it build with latest TeXLive 2012 with new package layout
-
-- update to 0.52.14:
- + fix returning strings in whiptail and whiptcl (rh#752818)
- + fix configure to work with multiple python versions (rh#737998)
-- removed newt-0.52.13-python_version.patch : fixed upstream
-- compile with fPIC - fixes problems with _snackmodule.so
- thanks to Joerg Steffens (bnc#734171)
-- newt-doc recommends the main package as the examples need it
-- added newt-0.52.14-incorrect-fsf-address.patch
-
-- Remove redundant tags/sections per specfile guideline suggestions
-
-- update to 0.52.13:
- + add support for changing colors in individual labels, scrollbars, entries,
- textboxes and scales, add custom colorsets
- + add support for NEWT_COLORS and NEWT_COLORS_FILE variables (rh#689903)
- + allow resizing of form
- + fix errors found by coverity
- + fix va_list usage (Gwenole Beauchesne)
- + fix building and installing on Mac OS X (rh#652479)
- + check for slang.h header, support DESTDIR variable, add --without-python
- option (Otavio Salvador)
- + add Persian, Low German translations
-- added newt-0.52.13-python_version.patch to fix detection of
- python version in configure script
-
-- add comment to keep static lib
-
-- fix baselibs.conf
- o newt > libnewt0_52
-- fix naming
- o define libname libnewt
- o define libsoname {libname}0_52
-- fix deps
- o add pkg-config
- o move {py_requires} to subpkg python-newt
-- remove Author from description
-
-- update to 0.52.12:
- + fix whiptail --gauge and its description in man page (#620083)
- + remove space after \n in whiptail texts (#620083)
- + remove NLS code from snack (#599608)
- + expose more keys to python as shortcuts in dialogs (Jakob Kemi)
- + release python global-thread-lock during dialog displays (Jakob Kemi)
- + fix warnings in whiptcl.c and include Tcl_PkgProvide() call (Mikhail T.)
- + don't NULL deref when an invalid array is specified in checkboxtree
- (Arnaldo Carvalho de Melo)
-- build on older distributions by owning locale/as
-
-- package baselibs.conf
-
-- update to 0.52.11
- * fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905)
- * use full textbox width when reflowing and allow minimal width 1
- * fix writing lines longer than width in textbox
- * don't use va_list in newtvwindow more than once (#523696)
- * bind \E[Z to back-tab in built-in keymap (#468046)
- * terminate string after reading file in whiptail
- * add newtRadioSetCurrent function (Thomas Jarosch)
- * add pkgconfig support (Thomas Jarosch)
- * add Malay, Malayalam, Assamese, Gujarati, Bengali India, Kannada, Telugu
- translations
- * include tutorial in txt format
- * include debian patches
- - fix crash in textbox SetText when topLines != 0
- - don't link modules with libraries already linked with libnewt
- - add Asturian and Marathi translations
-- cleanup spec
- * sorted TAGS
- * macros __make, __install, ...
- name -> {name}
- version -> {version}
- buildroot -> {buildroot}
- _defaultdocdir -> {_defaultdocdir}
- ....
-- removed obsolete newt-CVE-2009-2905.patch
-
-- fix heap-based buffer overflow in function doReflow in textbox.c
- (fix bnc#540930 and CVE-2009-2905 : newt-CVE-2009-2905.patch)
-
slang
-- add automake as buildrequire to avoid implicit dependency
-
-- fix baselibs.conf
-
-- disabled parallel build again, still broken
-
-- updated to version 2.2.2
- + new languag features
- * ternary expressions
- * break and condition statements can now work on several levels
- of loops
- * multiline strings
- * List_Type objects can now also be indexed using an array of
- indices
- + new modules: zlib, fork, sysconf
- + new intrinsic functions: sumsq, expm1, log1p, list_to_array,
- string_matches, _close, _fileno, dup2, getsid, killpg,
- getpriority, setpriority, ldexp, frexp
- + provides pkg-info file
- + many bugfixes
-- split package to conform to library naming policy
-- rebased patches, removed obsolete slang-2.2.1-format.patch
-- added patch slang-2.2.2-makefile.patch from Fedora which fixes
- shared libs permissions, the slang shared library symlink, and
- parallel build dependency issues and removes rpath
-- build pcre, png, and zlib modules
-- removed incorrect license information
-- more accurate summary and description
-- further cleanup
-
-- unbreak occasional build failures by disabling parallel make.
-
-- fixed better
-
-- include headers to fix build
-
-- add baselibs.conf as a source
-- enable parallel build
-