Removed rpms
============

 - pam-32bit
 - libopenssl1_1-32bit
 - mozilla-nss-certs

Added rpms
==========

 - libopenssl1_1-32bit
 - libexiv2-27
 - p11-kit-nss-trust
 - pam-32bit

Package Source Changes
======================

cepces
+- Fix cepces won't compile on SLE15SP5; (bsc#1203273).
+
exiv2
-- add CVE-2021-37621.patch (CVE-2021-37621, bsc#1189333)
-- add CVE-2021-32617.patch (CVE-2021-32617, bsc#1186192)
-- add CVE-2020-19716.patch (CVE-2020-19716, bsc#1188645)
-- add CVE-2019-14368.patch (CVE-2019-14368, bsc#1143278)
-- add CVE-2019-20421.patch (CVE-2019-20421, bsc#1161901)
-
-- add CVE-2018-10772.patch (CVE-2018-10772, bsc#1092096)
-- add CVE-2018-18915.patch (CVE-2018-18915, bsc#1114690)
-- add CVE-2021-37620.patch (CVE-2021-37620, bsc#1189332)
-- add CVE-2021-29470.patch (CVE-2021-29470, bsc#1185447)
-
-- add CVE-2018-5772.patch (CVE-2018-5772, bsc#1076579)
-- add CVE-2018-8976.patch (CVE-2018-8976, bsc#1086810)
-- add CVE-2018-8977.patch (CVE-2018-8977, bsc#1086798)
-- add CVE-2020-18898.patch (CVE-2020-18898, bsc#1189780)
-- add CVE-2021-31291.patch (CVE-2021-29457 and CVE-2021-31291, bsc#1185002 and bsc#1188733)
-- add CVE-2021-31292.patch (CVE-2021-31292, bsc#1188756)
-- add CVE-2021-37618.patch (CVE-2021-37618, bsc#1189330)
-- add CVE-2021-37619.patch (CVE-2021-37619, bsc#1189331)
-- add CVE-2020-18899.patch (CVE-2020-18899, bsc#1189636)
-
-- add 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114):
-  * fixes null-pointer dereference in http.c causing denial of service
-- add 0001-IptcData-printStructure-Remove-buffer-overrun.patch  (bsc#1088424, CVE-2018-9305):
-  * fixes an out-of-bounds read in IptcData::printStructure in iptc.c
-- add 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282):
-  * fixes null pointer dereference in Exiv2:DataValue:copy in value.cpp
-- add 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch,
-  0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364):
-  * fixes denial of service in Exiv2::PsdImage::readMetadata
-- add 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513):
-  * fixes a denial of service (NULL pointer dereference and application crash)
+- add tracker for SLE (jsc#PED-1393)
+
+- update to 0.27.5 (bsc#1189332, CVE-2021-37620,
+    bsc#1189333, CVE-2021-37621,
+    bsc#1189334, CVE-2021-37622,
+    bsc#1189338, CVE-2021-34334,
+    bsc#1189335, CVE-2021-37623):
+  * BMFF bug fixes including CR3 previews
+  * Security fixes
+  * libFuzzer target
+  * Exiv2 monitored by oss-fuzz
+  * Minor bugs and fixes
+
+- enable bmff format
+- disable docs for now:
+  - graphviz was failing for a long time when trying to render the
+    pngs as graphviz-gd was missing
+  - even after adding this it still fails with missing fonts
+
+- Update to 0.27.4 (bsc#1186053, CVE-2021-29623,
+    bsc#1185447, CVE-2021-29470,
+    bsc#1185002, CVE-2021-29457,
+    bsc#1188733, CVE-2021-31291,
+    bsc#1186192, CVE-2021-32617):
+  - Support for bmff files (HEIC, HEIF, AVIF, CR3, JXL/bmff)
+  - Bash test scripts rewritten in python
+  - DNG 1.6 and Exif 2.32 support
+  - Bug and Security fixes
+  - Updated build and test environments
+  - Localisation support on Crowdin
+  - Revised documentation
+  - Other improvements
+- drop 1271.patch:
+  included in update
+
+- Add 1271.patch: Fix build using GCC 11 (boo#1185218).
+- Drop the sed hack to remove -fcf-protection: this is properly
+  solved with the above patch.
+
+- -fcf-protection doesn't work on i586 with gcc11 either (boo#1185218)
+
+- Fix build on non-x86 by dropping -fcf-protection flag
+  on non-x86 architectures
+
+- Update to 0.27.3:
+  * Bug and security fixes
+  * UNIX suppport
+  * Support for building with C++11 and C++14
+  * Revised build and test environments
+  * Revised documentation
+  * Improved charset handling in UserComment
+  * Other improvements
+
+- Use C++11 for building instead of C++98. Googletest 1.10 is no
+  longer compatible with C++98. For details, see
+  https://github.com/Exiv2/exiv2/issues/1163
+
+- Use FAT LTO objects in order to provide proper static library.
+
+- Update to 0.27.2 (bsc#1188645, CVE-2020-19716)
+  * Bug and security fixes
+  * Support for Nikon/AutoFocus and Sony/FocusPosition Metadata
+  * Documentation and man page revisions
+  * Updated Catalan Localisation
+  * Using mergify to sync select PRs between 0.27-maintenance and 0.28
+  * Monitoring API changes for v0.27 dot releases
+  * Prelinary Dutch Localisation
+  * Prelinary Support for Unix (FreeBSD and NetBSD)
+  * Better Build Bundle Dependency handling
+
+- Update exiv2-build-date.patch to new source tarball
+- Enable testsuite run in %check on x86_64 for Leap >= 15.0, SLE >= 15 and
+  Tumbleweed
+- Use libcurl for HTTP
+- Enable webready (webp image support)
+- Add licenses to %license & add BSD 3 clause license (used for some CMake
+  scripts)
+
+- update to 0.27.1 (CVE-2019-13108, bsc#1142675)
+  * Bug and security fixes.
+  * Deprecation warnings for Video, EPS and SSH support.
+  * Branch 0.27-maintenance for "dots" to avoid confusion with tag 0.27 (== 0.27.0 code).
+  * Support for Visual Studio 2019 using Conan and CMake
+- Update patch exiv2-build-date.patch
+- Drop exiv2-cmake-installdir.patch (included upstream)
+- Drop exiv2-rename-libxmp.patch (included upstream)
+- Drop exiv2-install-headers.patch (included upstream)
+- Drop exiv2-BanAllEntityUsage.patch (included upstream)
+
+- Create libexiv2-xmp-static subpackage
+
+- Updated exiv2-build-date.patch
+- Added exiv2-cmake-installdir.patch (exiv2 bug #623)
+- Added exiv2-rename-libxmp.patch (exiv2 bug #624)
+  * This should prevent possible issues with libxmp project
+- Added exiv2-install-headers.patch (exiv2 bug #627)
+- Added exiv2-BanAllEntityUsage.patch
+  * This prevents a denial of service attack related to XML entity expansion
+
+- Add libxmp.a to the devel package instead of deleting it, it's
+  needed by the new exiv2Config.cmake that's installed now
+- Add libexpat-devel requirement to the devel package, also needed
+  by exiv2Config.cmake
+
+- update to final 0.27.0 release
+
+- update to official RC2 tarball release:
+  which obsoletes the following patches in previous dists as backports
+  that have always been upstream:
+  * obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch
+  * obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364)
+  * obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513)
+  * obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114)
+  * obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305)
+  * obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282)
+
+- update to current 0.27-RC2 git state to fix SONAME
+  change issues
+- drop exiv2-0.27-rc2-branch.patch: built git tarball instead.
+
+- update to 0.27-RC1:
+  * Security Fixes.
+  * New build and test infrastructure.
+  * Many bug fixes.
+  * Support for MinGW/msys2.
+  * Buildserver rewritten.
+  * Support for Adobe XMPsdk
+- drop exiv2-update-to-0.26-branch.patch, parallel-build-dep.patch: obsolete
+- add exiv2-0.27-rc2-branch.patch: add fixes staged for RC2
-  * Includes fix for CVE-2019-14982 (bsc#1146294)
+  * Fixes CVE-2017-1000128 (bsc#1068871)
expat
+  * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
+    destruction of a shared DTD in XML_ExternalEntityParserCreate in
+    out-of-memory situations
+  - Added patch expat-CVE-2022-43680.patch
+
+- Security fix:
gnutls
+- Fix AVX CPU feature detection for OSXSAVE [bsc#1203299]
+  * Fixes a SIGILL termination at the verzoupper instruction when
+    trying to run GnuTLS on a Linux kernel with the noxsave command
+    line parameter set. Relevant mostly for virutal systems.
+  * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1282
+  * Add gnutls-clear-AVX-bits-if-it-cannot-be-queried-XSAVE.patch
+
gstreamer-plugins-good
+- Add gstreamer-CVE-2022-1920.patch: avoid integer overflow in
+  WavPack header handling code (boo#1201688 CVE-2022-1920).
+- Add gstreamer-CVE-2022-1921.patch: fix integer overflow resulting
+  in heap corruption (boo#1201693 CVE-2022-1921).
+- Add gstreamer-CVE-2022-1922-matroska.patch and
+  gstreamer-CVE_2022-1922-qt.patch: fix integer overflows in
+  zlib/bz2/etc. decompression (boo#1201702 boo#1201704 boo#1201706
+  boo#1201707 boo#1201708 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924
+  CVE-2022-1925 CVE-2022-2122).
+
kernel-firmware
-- Fix missing aliases for qlogic (bsc#1200889);
-  update other aliases as well from the latest SLE15-SP4 kernels
+- Update to version 20221031 (git commit 8bb75626e9dd):
+  * linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop
+  * iwlwifi: add new PNVM binaries from core74-44 release
+  * iwlwifi: add new FWs from core69-81 release
+  * qcom: update venus firmware files for VPU-2.0
+  * qcom: remove split SC7280 venus firmware images
+  * qcom: update venus firmware file for v5.4
+  * qcom: replace split SC7180 venus firmware images with symlink
+  * rtw89: 8852b: update fw to v0.27.32.1
+  * rtlwifi: update firmware for rtl8192eu to v35.7
+  * rtlwifi: Add firmware v4.0 for RTL8188FU
+  * i915: Add HuC 7.10.3 for DG2
+  * linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops
+  * linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
+  * linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops
+- Drop the CS35L41 firmware tarball that has been merged
+- Drop obsoleted cirrus-WHENCE-update.patch
+
+- Update to version 20221017 (git commit 48407ffd7adb):
+  * cnm: update chips&media wave521c firmware.
+  * brcm: add symlink for Pi Zero 2 W NVRAM file
+  * rtw89: 8852b: add initial fw v0.27.32.0
+  * iwlwifi: add new FWs from core72-129 release
+  * iwlwifi: update 9000-family firmwares to core72-129
+  * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A
+  * amdgpu: update GC 10.3.6 RLC firmware
+  * amdgpu: update GC 10.3.7 RLC firmware
+  * amdgpu: update Yellow Carp RLC firmware
+  * amdgpu: update Beige Goby RLC firmware
+  * amdgpu: update Dimgrey Cavefish RLC firmware
+  * amdgpu: update Navy Flounder RLC firmware
+  * amdgpu: update Sienna Cichlid RLC firmware
+  * mediatek: Update mt8195 SOF firmware to v0.4.1
+  * qcom: add squashed version of a530 zap shader
+  * rtw89: 8852c: update fw to v0.27.56.1
+  * rtw89: 8852c: update fw to v0.27.56.0
+  * mediatek: Update mt8186 SCP firmware
+- Update Cirrus CS35L41 firmware (bsc#1203699)
+  cirrus-WHENCE-update.patch
+- Update aliases from 6.1-rc1 kernel
+
+- Apply the same workaround to uncompressed flat package, too
+  (bsc#1204103)
+
+- Workaround for update failure of kernel-firmware-qcom package
+  due to the change from a directory to a symlink (bsc#1204103)
+
+- Update to version 20220930 (git commit fdf1a6525852):
+  * linux-firmware: Update AMD cpu microcode
+  * mediatek: mt8195: Update scp.img to v2.0.11956
+  * mediatek: Add new mt8195 SOF firmware
+  * mediatek: Update mt8186 SOF firmware to v0.2.1
+  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
+  * rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207
+  * linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
+  * linux-firmware: update firmware for MT7922 WiFi device
+  * linux-firmware: update firmware for MT7921 WiFi device
+  * cxgb4: Update firmware to revision 1.27.0.0 (jsc#PED-1501)
+  * i915: Add versionless HuC files for current platforms
+  * i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P
+  * qca: Update firmware files for BT chip WCN3991.
+  * Removing crnv32
+  * amdgpu: update yellow carp DMCUB firmware
+  * amdgpu: add firmware for VCN 3.1.2 IP block
+  * amdgpu: add firmware for SDMA 5.2.6 IP block
+  * amdgpu: add firmware for PSP 13.0.5 IP block
+  * amdgpu: add firmware for GC 10.3.6 IP block
+  * amdgpu: add firmware for DCN 3.1.5 IP block
+  * qcom: rename Lenovo ThinkPad X13s firmware paths
+  * rtw89: 8852c: update fw to v0.27.42.0
+  * rtw89: 8852c: update fw to v0.27.36.0
+- Fix install-split.sh for dealing with a symlink of directory
+
+- Update to version 20220902 (git commit 2f2f0181581d):
+  * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
+  * amdgpu: update beige goby VCN firmware
+  * amdgpu: update dimgrey cavefish VCN firmware
+  * amdgpu: update navy flounder VCN firmware
+  * amdgpu: update sienna cichlid VCN firmware (bsc#1202707)
+  * rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
+  * mediatek: reference the LICENCE file for MediaTek firmwares
+  * mediatek: Add new mt8186 SOF firmware
+  * ice: Update package to 1.3.30.0
+  * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
+  * brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
+  * brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
+  * brcm: Add nvram for the Asus TF103C tablet
+  * Add amd-ucode README file
+  * qca: Update firmware files for BT chip WCN6750.      This commit will update required firmware files for WCN6750.
+  * amdgpu: Update Yellow Carp VCN firmware
+  * qcom: Add firmware for Lenovo ThinkPad X13s
+- Update aliases from 6.0-rc
+- Update topics list for mtk-sof
+
+- Update to version 20220804 (git commit e6185d5197fd):
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX210
+  * linux-firmware: Update firmware file for Intel Bluetooth AX200
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
+  * linux-firmware: Add firmware for Cirrus CS35L41
+  * i915: Add GuC v70.4.1 for DG2
+  * i915: Add DMC v2.07 for DG2
+  * amdgpu partially revert "amdgpu: update beige goby to release 22.20"
+  * mediatek: Update mt8183/mt8192/mt8195 SCP firmware
+  * amdgpu: update renoir to release 22.20
+  * amdgpu: update beige goby to release 22.20
+  * amdgpu: update yellow carp to release 22.20
+  * amdgpu: update dimgrey cavefish to release 22.20
+  * amdgpu: update vega20 to release 22.20
+  * amdgpu: update vega12 to release 22.20
+  * amdgpu: update raven to release 22.20
+  * amdgpu: update navy flounder to release 22.20
+  * amdgpu: update vega10 to release 22.20
+  * amdgpu: update sienna cichlid to release 22.20
+  * amdgpu: update navi14 to release 22.20
+  * amdgpu: update green sardine to release 22.20
+  * amdgpu: update vangogh to release 22.20
+  * amdgpu: update navi12 to release 22.20
+  * amdgpu: update navi10 to release 22.20
+  * amdgpu: update picasso to release 22.20
+  * amdgpu: update aldebaran to release 22.20
+  * amdgpu: update psp 13.0.8 TA firmware
+  * WHENCE: Fix the dangling symlinks fix
+- Revert the previous rtw88/rtw8822c_fw.bin change due to regression
+  on HP Pavilion 15 (bsc#1202152)
+- Update alias from 5.19
+
+- Update to version 20220714 (git commit 84661a3ba62f):
+  * amdgpu: update DMCUB firmware for DCN 3.1.6
+  * WHENCE: Correct dangling symlinks
+  * Correct WHENCE entry for wfx firmware
+  * bnx2: Drop unsupported Broadcom NetXtremeII firmware
+  * bnx2: drop unsupported firmwares
+  * bnx2: sort firmware names in filesystem order
+  * Remove old Broadcom Everest (bnx2x) v4/5 firmware
+  * drop Token Ring network firmwares
+  * Drop TDA7706 radio firmware
+  * Drop Intel WiMax firmware
+  * Drop Computone IntelliPort Plus serial firmware
+  * Drop ATM Ambassador devices firmware
+  * brocade: drop old unsupported firmware revs
+  * amdgpu: update yellow carp DMCUB firmware
+  * linux-firmware: update firmware for MT7622 WiFi device
+  * linux-firmware: update firmware for MT7922 WiFi device
+  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX210
+  * linux-firmware: Update firmware file for Intel Bluetooth AX200
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * mediatek: Add SCP firmware for MT8186
+  * rtw88: 8822c: Update normal firmware to v9.9.13
+  * rtw88: 8822c: Update normal firmware to v9.9.12
+- Drop obsoleted temporary patches:
+  wfx-WHENCE-fix.diff
+  brcm-symlink-fixes.diff
+- Minor update of README.build
+- Fix missing aliases for qlogic (bsc#1200889)
+
+- Update to version 20220622 (git commit 9ed4d42c51ac):
+  * amdgpu: update Yellow Carp VCN firmware
+  * linux-firmware: update firmware for MT7921 WiFi device
+  * linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
+  * qed: update 8.59.1.0 firmware
+  * Link some devices that ship with the AW-CM256SM
+  * Add initial AzureWave AW-CM256SM NVRAM file
+  * Remove the Pine64 Quartz copy of the RPi NVRAM
+  * qca: Update firmware files for BT chip WCN6750.
+  * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00409
+  * WHENCE: add symlinks for StarFive based boards
+  * linux-firmware: wilc1000: update WILC1000 firmware to v15.6
+  * brcm: Add NVRAM file 43455 based Wifi/BT module as used on the Quartz64 Model B from Pine64. This file is based on the existing "brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt" NVRAM file.
+  * iwlwifi: add new FWs from core70-87 release
+  * iwlwifi: update 9000-family firmwares to core70-87
+- Temporary fix for incorrect symlinks for brcm in WHENCE:
+  brcm-symlink-fixes.diff
+- Minor updates of scripts, sorting alphabetically and add version
+  to Provides/Obsoletes
+- Update alias
+
+- Update to version 20220607 (git commit 02c69863c885):
+  * rtl_bt: Update RTL8852A BT USB firmware to 0xDFB8_0634
+  * Makefile: replace mkdir by install
+  * iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
+  * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9
+  * WHENCE: ath11k: move regdb.bin before board-2.bin
+  * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
+  * ath10k: QCA9888 hw2.0: update board-2.bin
+  * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
+  * ath10k: QCA4019 hw1.0: update board-2.bin
+  * ath10k: WCN3990 hw1.0: add board-2.bin
+- Update aliases from 5.19-rc1
+- Minor adjustment of spec template and makespec.sh to align with
+  the latest TW format
+
+- Update to version 20220516 (git commit 251d29004ffc):
+  * amdgpu: update beige goby firmware for 22.10
+  * amdgpu: update renoir firmware for 22.10
+  * amdgpu: update dimgrey cavefish firmware for 22.10
+  * amdgpu: update vega20 firmware for 22.10
+  * amdgpu: update yellow carp firmware for 22.10
+  * amdgpu: update vega12 firmware for 22.10
+  * amdgpu: update navy flounder firmware for 22.10
+  * amdgpu: update vega10 firmware for 22.10
+  * amdgpu: update raven2 firmware for 22.10
+  * amdgpu: update raven firmware for 22.10
+  * amdgpu: update sienna cichlid firmware for 22.10
+  * amdgpu: update green sardine firmware for 22.10
+  * amdgpu: update PCO firmware for 22.10
+  * amdgpu: update vangogh firmware for 22.10
+  * amdgpu: update navi14 firmware for 22.10
+  * amdgpu: update navi12 firmware for 22.10
+  * amdgpu: update navi10 firmware for 22.10
+  * amdgpu: update aldebaran firmware for 22.10
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9462
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth 9560
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX211
+  * linux-firmware: Update firmware file for Intel Bluetooth AX210
+  * linux-firmware: Update firmware file for Intel Bluetooth AX200
+  * linux-firmware: Update firmware file for Intel Bluetooth AX201
+  * mediatek: Update mt8192 SCP firmware
libarchive
+- Fix CVE-2021-31566, modifies file flags of symlink target
+  (CVE-2021-31566, bsc#1192426.patch)
+  CVE-2021-31566.patch
+- Fix bsc#1192427, processing fixup entries may follow symbolic links
+  bsc1192427.patch
+
libfprint
+- update to 1.94.5:
+  * New driver: fpcmoc, supporting various FPC MOC Fingerprint Sensors
+  * goodixmoc: New PIDs 0x6014, 0x6094, 0x631C, 0x634C, 0x6384, 0x659A.
+  * goodixmoc: Support resetting device on firmware failure due to corrupted DB.
+  * elanmoc: New PIDs 0x0c88, 0x0c8c, 0x0c8d.
+  * synaptics: New PID 0x0104.
+  * upektc: New PID 0x2017.
+  * Fixed various memory leaks
+  * More tests
+
libyui
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
libyui:libyui-ncurses
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
libyui:libyui-ncurses-pkg
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
libyui:libyui-qt
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
libyui:libyui-qt-graph
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
libyui:libyui-qt-pkg
+- Prevent antisocial focus grabbing in pkg list (bsc#1204429)
+- 4.4.6
+
+- Fixed build failure with gcc 13 (gh#libyui/libyui/#80)
+- Killed YCP zombies in log output and comments
+- 4.4.5
+
mozilla-nspr
+- update to version 4.34.1
+  * add file descriptor sanity checks in the NSPR poll function.
+
openssh
+- Add openssh-do-not-send-empty-message.patch: Prevent empty
+  messages from being sent. This avoids a superfluous new line
+  (bsc#1192439).
+
openssl-1_1
+- FIPS: Add a missing dependency on jitterentropy-devel for
+  libopenssl-1_1-devel [bsc#1202148]
+
+- FIPS: OpenSSL service-level indicator - Allow AES XTS 256 [bsc#1190651]
+  * Add patches: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
+
pam
+- Update pam_motd to the most current version. This fixes various issues
+  and adds support for mot.d directories [jsc#PED-1712].
+  * Added: pam-ped1712-pam_motd-directory-feature.patch
+
+- Do not include obsolete libselinux header files flask.h and
+  av_permissions.h.
+  [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch]
+
+- Between allocating the variable "ai" and free'ing them, there are
+  two "return NO" were we don't free this variable. This patch
+  inserts freaddrinfo() calls before the "return NO;"s.
+  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
+
+- Define _pam_vendordir as "/%{_sysconfdir}/pam.d"
+  The variable is needed by systemd and others.
+  [bsc#1196093, macros.pam]
+
+- Corrected a bad directive file which resulted in
+  the "securetty" file to be installed as "macros.pam".
+  [pam.spec]
+
+- Added tmpfiles for pam to set up directory for pam_faillock.
+  [pam.conf]
+
+- Corrected macros.pam entry for %_pam_moduledir
+  Cleanup in pam.spec:
+  * Replaced all references to ${_lib}/security in pam.spec by
+  %{_pam_moduledir}
+  * Removed definition of (unused) "amdir".
+
+- Added new file macros.pam on request of systemd.
+  [bsc#1190052, macros.pam]
+
+- Added pam_faillock to the set of modules.
+  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
+
+- In the 32-bit compatibility package for 64-bit architectures,
+  require "systemd-32bit" to be also installed as it contains
+  pam_systemd.so for 32 bit applications.
+  [bsc#1185562, baselibs.conf]
+
+- If "LOCAL" is configured in access.conf, and a login attempt from
+  a remote host is made, pam_access tries to resolve "LOCAL" as
+  a hostname and logs a failure.
+  Checking explicitly for "LOCAL" and rejecting access in this case
+  resolves this issue.
+  [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
+
+- pam_limits: "unlimited" is not a legitimate value for "nofile"
+  (see setrlimit(2)). So, when "nofile" is set to one of the
+  "unlimited" values, it is set to the contents of
+  "/proc/sys/fs/nr_open" instead.
+  Also changed the manpage of pam_limits to express this.
+  [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
+
+- Add a definition for pamdir to pam.spec
+  So that a proper contents of macros.pam can be constructed.
+  [pam.spec]
+
+- Create macros.pam with definition of %_pamdir so packages which
+  are commonly shared between Factory and SLE can use this macro
+  [pam.spec]
+
+- pam_cracklib: added code to check whether the password contains
+  a substring of of the user's name of at least <N> characters length
+  in some form.
+  This is enabled by the new parameter "usersubstr=<N>"
+  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
+  [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
+
+- pam_xauth.c: do not free() a string which has been (successfully)
+  passed to putenv().
+  [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
+
+- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
+  to avoid spurious (and misleading)
+    Warning: your password will expire in ... days.
+  fixed upstream with commit db6b293046a
+  [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
+
+- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
+  file system. Run /usr/bin/xauth using the old user's uid/gid
+  Patch courtesy of Dr. Werner Fink.
+  [bsc#1174593, pam-xauth_ownership.patch]
+
+- Moved pam_userdb to a separate package pam-extra.
+  [bsc#1166510, pam.spec]
+
+- disable libdb usage and pam_userdb again, as this causes some license
+  conflicts. (bsc#1166510)
+
+- Add libdb as build-time dependency to enable pam_userdb module.
+  Enable pam_userdb.so
+  [jsc#sle-7258, bsc#1164562, pam.spec]
+
+- When comparing an incoming IP address with an entry in
+  access.conf that only specified a single host (ie no netmask),
+  the incoming IP address was used rather than the IP address from
+  access.conf, effectively comparing the incoming address with
+  itself.  (Also fixed a small typo while I was at it)
+  [bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
+
+- Remove limits for nproc from /etc/security/limits.conf
+  ie remove pam-limit-nproc.patch
+  [bsc#1110700, pam-limit-nproc.patch]
+
+- pam_umask.8 needed to be patched as well.
+  [bsc#1089884, pam-fix-config-order-in-manpage.patch]
+
+- Changed order of configuration files to reflect actual code.
+  [bsc#1089884, pam-fix-config-order-in-manpage.patch]
+
+- Use %license (boo#1082318)
+
+- Prerequire group(shadow), user(root)
+
+- Allow symbolic hostnames in access.conf file.
+  [pam-hostnames-in-access_conf.patch, boo#1019866]
+
+- Increased nproc limits for non-privileged users to 4069/16384.
+  Removed limits for "root".
+  [pam-limit-nproc.patch, bsc#1012494, bsc#1013706]
+
+- pam-limit-nproc.patch: increased process limit to help
+  Chrome/Chromuim users with really lots of tabs. New limit gets
+  closer to UserTasksMax parameter in logind.conf
+
+- Add doc directory to filelist.
+
+- Remove obsolete README.pam_tally [bsc#977973]
+
+- Update Linux-PAM to version 1.3.0
+- Rediff encryption_method_nis.diff
+- Link pam_unix against libtirpc and external libnsl to enable
+  IPv6 support.
+
+- Add /sbin/unix2_chkpwd (moved from pam-modules)
+
+- Remove (since accepted upstream):
+  - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
+  - 0002-Remove-enable-static-modules-option-and-support-from.patch
+  - 0003-fix-nis-checks.patch
+  - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
+  - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
+
+- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
+  - Replace IPv4 only functions
+
+- Fix typo in common-account.pamd [bnc#959439]
+
+- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
+  - readd PAM_EXTERN for external PAM modules
+
+- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
+- Add 0002-Remove-enable-static-modules-option-and-support-from.patch
+- Add 0003-fix-nis-checks.patch
+
+- Add folder /etc/security/limits.d as mentioned in 'man pam_limits'
+
+- Update to version 1.2.1
+  - security update for CVE-2015-3238
+
+- Update to version 1.2.0
+  - obsoletes Linux-PAM-git-20150109.diff
+
+- Re-add lost patch encryption_method_nis.diff [bnc#906660]
+
+- Update to current git:
+  - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff
+  - obsoletes pam_loginuid-log_write_errors.diff
+  - obsoletes pam_xauth-sigpipe.diff
+  - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch
+
+- increase process limit to 1200 to help chromium users with many tabs
+
protobuf
+- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
+  CVE-2022-1941, bsc#1203681
+  * Add protobuf-CVE-2022-1941.patch
+- Fix a potential DoS issue when parsing with binary data in
+  protobuf-java, CVE-2022-3171, bsc#1204256
+  * Add protobuf-CVE-2022-3171.patch
+- Refresh protobuf-CVE-2021-22570.patch
+- Backport changes from 3.16.x tree for apply recent CVE patches
+  * Add protobuf-51026d922970e06475f005b39287963594134b96.patch
+  * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
+  * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
+  * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
+  * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
+  * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
+  * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
+  * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
+  * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
+- Reorganize patch set ordering
+
+- Fix potential Denial of Service in protobuf-java in the parsing procedure
+  for binary data, CVE-2021-22569, bsc#1194530
+  * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
+
transactional-update
+- Version 4.1.0
+  - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441]
+  - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in
+    the update environment; implements [jsc#PED-1078]
+  - Add support for "notify" reboot method for desktop use
+    [gh#openSUSE/transactional-update#93]
+  - Fix kdump initrd recreation detection; the check was performed in the
+    active snapshot instead of the target snapshot
+  - Document register command [bsc#1202900]
+  - Avoid unnecessary snapshots for register command [bsc#1202901]
+  - Various optimizations for register command
+  - Remove bogus error message when triggering reboot
+  - Rework /etc overlay documentation in "The Transactional Update Guide"
+  - Fix incorrect manpage formatting
+  - Remove leftover "salt" reboot method in configuration example file
+  - Replace deprecated std::mem_fn with lambdas
+
+- Migration of logrotate configuration to /usr/etc: Saving user
+  changed configuration files in /etc and restoring them while
+  an RPM update.
+
vsftpd
+- systemd versions prior to 244 do not support the ProtectXYZ
+  directives we use in our vsftpd.service file and log warnings
+  every time the daemon starts, which confuses our users. We avoid
+  this issue by removing the unsupported options from the service
+  file when installing on a distribution that comes with such an
+  older version of systemd. [bsc#1196918]
+
-  on all distributions. [jsc#PM-3322, bsc#1187686]
+  on all distributions. This allows us to update vsftpd in all
+  maintained SLE codestreams to the current Factory version and
+  mitigate the newly discovered ALPACA attack. [jsc#SLE-24275,
+  jsc#PM-3322, bsc#1187686]
xwayland
+- U_xkb-proof-GetCountedString-against-request-length-at.patch
+  * security update for CVE-2022-3550 (bsc#1204412)
+- U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
+  * security update for CVE-2022-3551 (bsc#1204416)
+
yast2
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.19
+
yast2-configuration-management
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.1
+
yast2-packager
+- Do not add an empty repository to the system when upgrading
+  a registered system using the Full installation medium
+  (bsc#1204399)
+- 4.5.8
+
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.7
+
yast2-samba-client
+- Enable pam_mount also for gdm-password service; (bsc#1204830);
+- 4.5.2
+
yast2-security
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.2
+