Removed rpms ============ - aaa_base-malloccheck Added rpms ========== Package Source Changes ====================== avahi +- Add avahi-CVE-2023-1981.patch: emit error if requested service + is not found (boo#1210328 CVE-2023-1981). + +- switch to use _multibuild +- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete +- use https urls + kernel-default +- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 + bsc#1209615). +- commit 92426ca + +- vmxnet3: use gro callback when UPT is enabled (bsc#1209739). +- commit 507557e + +- Update CVE reference to + patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch + (git-fixes bsc#1210454 CVE-2023-2019). +- commit 75fc91b + +- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch + (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 + jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 + CVE-2023-2008). +- commit 342d08e + +- nfc: st-nci: Fix use after free bug in ndlc_remove due to race + condition (git-fixes bsc#1210337 CVE-2023-1990). +- commit 12594bd + libxml2 +- Security update: + * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings + isn't deterministic + - Added patch libxml2-CVE-2023-29469.patch + * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in + xmlSchemaFixupComplexType + - Added patch libxml2-CVE-2023-28484-1.patch + - Added patch libxml2-CVE-2023-28484-2.patch + +- Remove unneeded dependency (bsc#1209918). + mozilla-nss +- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with + fixes to PBKDF2 parameter validation. + +- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to + validate extra PBKDF2 parameters according to FIPS 140-3. + +- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to + update session->lastOpWasFIPS before destroying the key after + derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, + CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, + CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. +- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some + excess code. + +- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546). + +- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency + checks. Thanks to Martin for the DHKey parts. + +- Add manpages to mozilla-nss-tools (bsc#1208242) + newt -- Make it build with latest TeXLive 2012 with new package layout - -- update to 0.52.14: - + fix returning strings in whiptail and whiptcl (rh#752818) - + fix configure to work with multiple python versions (rh#737998) -- removed newt-0.52.13-python_version.patch : fixed upstream -- compile with fPIC - fixes problems with _snackmodule.so - thanks to Joerg Steffens (bnc#734171) -- newt-doc recommends the main package as the examples need it -- added newt-0.52.14-incorrect-fsf-address.patch - -- Remove redundant tags/sections per specfile guideline suggestions - -- update to 0.52.13: - + add support for changing colors in individual labels, scrollbars, entries, - textboxes and scales, add custom colorsets - + add support for NEWT_COLORS and NEWT_COLORS_FILE variables (rh#689903) - + allow resizing of form - + fix errors found by coverity - + fix va_list usage (Gwenole Beauchesne) - + fix building and installing on Mac OS X (rh#652479) - + check for slang.h header, support DESTDIR variable, add --without-python - option (Otavio Salvador) - + add Persian, Low German translations -- added newt-0.52.13-python_version.patch to fix detection of - python version in configure script - -- add comment to keep static lib - -- fix baselibs.conf - o newt > libnewt0_52 -- fix naming - o define libname libnewt - o define libsoname {libname}0_52 -- fix deps - o add pkg-config - o move {py_requires} to subpkg python-newt -- remove Author from description - -- update to 0.52.12: - + fix whiptail --gauge and its description in man page (#620083) - + remove space after \n in whiptail texts (#620083) - + remove NLS code from snack (#599608) - + expose more keys to python as shortcuts in dialogs (Jakob Kemi) - + release python global-thread-lock during dialog displays (Jakob Kemi) - + fix warnings in whiptcl.c and include Tcl_PkgProvide() call (Mikhail T.) - + don't NULL deref when an invalid array is specified in checkboxtree - (Arnaldo Carvalho de Melo) -- build on older distributions by owning locale/as - -- package baselibs.conf - -- update to 0.52.11 - * fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905) - * use full textbox width when reflowing and allow minimal width 1 - * fix writing lines longer than width in textbox - * don't use va_list in newtvwindow more than once (#523696) - * bind \E[Z to back-tab in built-in keymap (#468046) - * terminate string after reading file in whiptail - * add newtRadioSetCurrent function (Thomas Jarosch) - * add pkgconfig support (Thomas Jarosch) - * add Malay, Malayalam, Assamese, Gujarati, Bengali India, Kannada, Telugu - translations - * include tutorial in txt format - * include debian patches - - fix crash in textbox SetText when topLines != 0 - - don't link modules with libraries already linked with libnewt - - add Asturian and Marathi translations -- cleanup spec - * sorted TAGS - * macros __make, __install, ... - name -> {name} - version -> {version} - buildroot -> {buildroot} - _defaultdocdir -> {_defaultdocdir} - .... -- removed obsolete newt-CVE-2009-2905.patch - -- fix heap-based buffer overflow in function doReflow in textbox.c - (fix bnc#540930 and CVE-2009-2905 : newt-CVE-2009-2905.patch) - slang -- add automake as buildrequire to avoid implicit dependency - -- fix baselibs.conf - -- disabled parallel build again, still broken - -- updated to version 2.2.2 - + new languag features - * ternary expressions - * break and condition statements can now work on several levels - of loops - * multiline strings - * List_Type objects can now also be indexed using an array of - indices - + new modules: zlib, fork, sysconf - + new intrinsic functions: sumsq, expm1, log1p, list_to_array, - string_matches, _close, _fileno, dup2, getsid, killpg, - getpriority, setpriority, ldexp, frexp - + provides pkg-info file - + many bugfixes -- split package to conform to library naming policy -- rebased patches, removed obsolete slang-2.2.1-format.patch -- added patch slang-2.2.2-makefile.patch from Fedora which fixes - shared libs permissions, the slang shared library symlink, and - parallel build dependency issues and removes rpath -- build pcre, png, and zlib modules -- removed incorrect license information -- more accurate summary and description -- further cleanup - -- unbreak occasional build failures by disabling parallel make. - -- fixed better - -- include headers to fix build - -- add baselibs.conf as a source -- enable parallel build -