Removed rpms
============

 - libqhull7-7_2_0
 - libscalapack2-mvapich2-32bit
 - libscalapack2-mvapich2-devel-32bit
 - libscalapack2_2_1_0-gnu-mpich-hpc
 - libscalapack2_2_1_0-gnu-mpich-hpc-devel
 - libscalapack2_2_1_0-gnu-mpich-hpc-devel-static
 - libscalapack2_2_1_0-gnu-mvapich2-hpc
 - libscalapack2_2_1_0-gnu-mvapich2-hpc-devel
 - libscalapack2_2_1_0-gnu-mvapich2-hpc-devel-static
 - libscalapack2_2_1_0-gnu-openmpi2-hpc
 - libscalapack2_2_1_0-gnu-openmpi2-hpc-devel
 - libscalapack2_2_1_0-gnu-openmpi2-hpc-devel-static
 - libscalapack2_2_1_0-gnu-openmpi3-hpc
 - libscalapack2_2_1_0-gnu-openmpi3-hpc-devel
 - libscalapack2_2_1_0-gnu-openmpi3-hpc-devel-static
 - libscalapack2_2_1_0-gnu-openmpi4-hpc
 - libscalapack2_2_1_0-gnu-openmpi4-hpc-devel
 - libscalapack2_2_1_0-gnu-openmpi4-hpc-devel-static
 - python3-Sphinx-doc-man
 - python3-libfdt
 - qhull-devel
 - superlu-gnu-hpc-devel
 - superlu-gnu-hpc-doc
 - superlu-gnu-hpc-examples
 - superlu_5_2_2-gnu-hpc-devel
 - superlu_5_2_2-gnu-hpc-doc
 - superlu_5_2_2-gnu-hpc-examples

Added rpms
==========

 - libcamel-1_2-62
 - libcamel-1_2-62-32bit
 - libedataserver-1_2-24
 - libedataserver-1_2-24-32bit
 - libedataserverui-1_2-2
 - libedataserverui-1_2-2-32bit

Package Source Changes
======================

bouncycastle
+- Update to version 1.72:
+  * Defects Fixed:
+  - There were parameter errors in XMSS^MT OIDs for
+    XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have
+    been fixed.
+  - There was an error in Merkle tree construction for the
+    Evidence Records (ERS) implementation which could result in
+    invalid roots been timestamped. ERS now produces an
+    ArchiveTimeStamp for each data object/group with an associated
+    reduced hash tree. The reduced hash tree is now calculated as
+    a simple path to the root of the tree for each record.
+  - OpenPGP will now ignore signatures marked as non-exportable
+    on encoding.
+  - A tagging calculation error in GCMSIV which could result in
+    incorrect tags has been fixed.
+  - Issues around Java 17 which could result in failing tests
+    have been addressed.
+  * Additional Features and Functionality:
+  - BCJSSE: TLS 1.3 is now enabled by default where no explicit
+    protocols are supplied (e.g. "TLS" or "Default" SSLContext
+    algorithms, or SSLContext.getDefault() method).
+  - BCJSSE: Rewrite SSLEngine implementation to improve compatibility
+    with SunJSSE.
+  - BCJSSE: Support export of keying material via extension API.
+  - (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266.
+  - (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are
+    offered now. Earlier versions are still supported if explicitly
+    enabled. Users may need to check they are offering suitable
+    cipher suites for TLS 1.3.
+  - (D)TLS (low-level API): Add support for raw public keys per RFC 7250.
+  - CryptoServicesRegistrar now has a setServicesConstraints() method
+    on it which can be used to selectively turn off algorithms.
+  - The NIST PQC Alternate Candidate, Picnic, has been added to the low
+    level API and the BCPQC provider.
+  - SPHINCS+ has been upgraded to the latest submission, SPHINCS+ 3.1
+    and support for Haraka has been added.
+  - Evidence records now support timestamp renewal and hash renewal.
+  - The SIKE Alternative Candidate NIST Post Quantum Algorithm has
+    been added to the low-level PQC API.
+  - The NTRU Round 3 Finalist Candidate NIST Post Quantum Algorithm
+    has been added to the low-level API and the BCPQC provider.
+  - The Falcon Finalist NIST Post Quantum Algorithm has been added to
+    the low-level API and the BCPQC provider.
+  - The CRYSTALS-Kyber Finalist NIST Post Quantum Algorithm has been
+    added to the low-level API and the BCPQC provider.
+  - Argon2 Support has been added to the OpenPGP API.
+  - XDH IES has now been added to the BC provider.
+  - The OpenPGP API now supports AEAD encryption and decryption.
+  - The NTRU Prime Alternative Candidate NIST Post Quantum Algorithms
+    have been added to the low-level API and the BCPQC provider.
+  - The CRYSTALS-Dilithium Finalist NIST Post Quantum Algorithm has
+    been added to the low-level API and the BCPQC provider.
+  - The BIKE NIST Post Quantum Alternative/Round-4 Candidate has been
+    added to the low-level API and the BCPQC provider.
+  - The HQC NIST Post Quantum Alternative/Round-4 Candidate has been
+    added to the low-level API and the BCPQC provider.
+  - Grain128AEAD has been added to the lightweight API.
+  - A fast version of CRC24 has been added for use with the PGP API.
+  - Some additional methods and fields have been exposed in the
+    PGPOnePassSignature class to (hopefully) make it easier to
+    deal with nested signatures.
+  - CMP support classes have been updated to reflect the latest
+    editions to the the draft RFC "Lightweight Certificate Management
+    Protocol (CMP) Profile".
+  - Support has been added to the PKCS#12 implementation for the
+    Oracle trusted certificate attribute.
+  - Performance of our BZIP2 classes has been improved.
+  * Notes:
+  - Keep in mind the PQC algorithms are still under development and
+    we are still at least a year and a half away from published standards.
+    This means the algorithms may still change so by all means experiment,
+    but do not use the PQC algoritms for anything long term.
+  - The legacy "Rainbow" and "McEliece" implementations have been
+    removed from the BCPQC provider. The underlying classes are
+    still present if required. Other legacy algorithm implementations
+    can be found under the org.bouncycastle.pqc.legacy package.
+  * Security Notes:
+  - The PQC SIKE algorithm is provided for research purposes only.
+    It should now be regarded as broken. The SIKE implementation
+    will be withdrawn in BC 1.73.
+  * Rebase bouncycastle-javadoc.patch
+
dracut
+- Update to version 055+suse.360.g076f1113:
+  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
+  fips=1 and separate /boot break s390x (bsc#1204478):
+  * fix(fips): move fips-boot script to pre-pivot
+  * fix(fips): only unmount /boot if it was mounted by the fips module
+  * feat(fips): add progress messages
+  * fix(fips): do not blindly remove /boot
+
dtc
+- makefile-bison-rule.patch: Makefile: fix infinite recursion by dropping
+  non-existent `%.output`
+
+- update to 1.6.1:
+  * A number of bugfixes
+  * Fix many warnings with -Wsign-compare
+  * Add compilation with meson (not used by default so far)
+  * Yet another revamp of how we handle unaligned accesses
+  * Added a number of extra checks for common tree errors
+  * Checks for interrupt providers
+  * i2c reg properties
+  * Tighten checking of gpio properties
+  * Reduce dependencies when building libfdt only
+  * Allow libfdt.h header to be used from C++ more easily
+  * Accept .dtbo extension for overlays
+  * Update valid node and property characters to match current devicetree spec
+  * Add several checks for root node sanity in fdt_check_full()
+  * Somewhat more robust type labelling for the benefit of yaml output
+
+- Update to 1.6.0 (no changelog)
+- Removed dtc-no-common-conflict.patch
+
+- add dtc-no-common-conflict.patch (bsc#1160388)
+
+- Use %make_build and recpect %optflags.
+
git
+- Apply "CVE-2023-25652.patch" to fix a security vulnerability
+  where by feeding a specially crafted input to `git apply
+  - -reject`, a path outside the working tree could be overwritten
+  with partially controlled contents (corresponding to the rejected
+  hunk(s) from the given patch). [CVE-2023-25652, bsc#1210686]
+- Apply "CVE-2023-25815.patch" to fix a security vulnerability that
+  exists when Git is compiled with runtime prefix support and runs
+  without translated messages, then it still used the gettext
+  machinery to display messages, which subsequently potentially
+  looked for translated messages in unexpected places. This allowed
+  for malicious placement of crafted messages. [CVE-2023-25815,
+  bsc#1210686]
+- Apply "CVE-2023-29007-0.patch", "CVE-2023-29007-1.patch",
+  "CVE-2023-29007-2.patch", and "CVE-2023-29007-3.patch" to fix a
+  security vulnerability that occurred when renaming or deleting a
+  section from a configuration file, then certain malicious
+  configuration values might have been misinterpreted as the
+  beginning of a new configuration section, leading to arbitrary
+  configuration injection. [CVE-2023-29007, bsc#1210686]
+
glib2
+- Update glib2-fix-normal-form-handling-in-gvariant.patch:
+  Backported from upstream to fix regression on s390x.
+  (bsc#1210135, glgo#GNOME/glib!2978)
+
+- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
+  from upstream to fix normal form handling in GVariant.
+  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
+  glgo#GNOME/glib!3125)
+
kernel-firmware-nvidia-gsp-G06
+- update firmware to version 525.116.03
+
ledmon
+- Don't use ProtectKernelTunables, can break some use cases
+  (bsc#1210656)
+
libtpms
+- 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch:
+  Fixes CVE-2023-1017 & CVE-2023-1018: fixed memory corruptions in CryptParameterDecryption (bsc#1206022 bsc#1206023)
+
lshw
+- Update to version B.02.19.2+git.20230320 (bsc#1209531):
+  * fix NVMe multipath detection
+  * NVMe: fix logical name with native multipath
+
+- Update to version B.02.19.2+git.20220831:
+  * PA-RISC: handle pushd failure
+
mdadm
+- Fixes for mdmon to ensure it run at the right time in the
+  fight mount namespace.  This fixes various problems with
+  IMSM raid arrays in 15-SP4 (bsc#1205493, bsc#1205830)
+  - mdmon: fix segfault
+    0052-mdmon-fix-segfault.patch
+  - util: remove obsolete code from get_md_name
+    0053-util-remove-obsolete-code-from-get_md_name.patch
+  - mdmon: don't test both 'all' and 'container_name'.
+    0054-mdmon-don-t-test-both-all-and-container_name.patch
+  - mdmon: change systemd unit file to use --foreground
+    0055-mdmon-change-systemd-unit-file-to-use-foreground.patch
+  - mdmon: Remove need for KillMode=none
+    0056-mdmon-Remove-need-for-KillMode-none.patch
+  - mdmon: Improve switchroot interactions.
+    0057-mdmon-Improve-switchroot-interactions.patch
+  - mdopen: always try create_named_array()
+    0058-mdopen-always-try-create_named_array.patch
+  - Improvements for IMSM_NO_PLATFORM testing
+    0059-Improvements-for-IMSM_NO_PLATFORM-testing.patch
+
nvidia-open-driver-G06-signed
+-  Update to version 525.116.03
+
python-osc-tiny
+- Release .0.7.12
+  * Enhanced usability and reliability for `HttpSignatureAuth`
+  * Prevent sharing of sessions across forked processes
+  * Fixed typo in quickstart doc
+
+- Release 0.7.11
+  * Make it possible to force setting meta
+  * Improved strong authentication method
+  * Support product list views honoring the `expand` parameter
+
+- Release 0.7.10
+  * Include the original error message, when an SSH key cannot be read
+  * Added a link to the documentation of `HttpSignatureAuth`
+  * Allow `Package.exists` to raise exceptions
+  * Added methods to get/set the project config
+
+- Release 0.7.9:
+  * Simplified handling of SSH keys (fixes #114)
+  * Replaced `Request.cmd` with `Request.update` (fixes #113)
+  * Added a comment parameter to project and package `set_meta`
+
+- Fixed problem with dependency in SPEC file(bsc#1206040)
+- Release 0.7.7:
+  * Support for Python 3.11
+  * Workaround for another parameter inconsistency in the API
+  * Treat `deleted` and `expand` parameters of `/source/<project>/`
+    as boolean (despite not being documented as such)
+  * Do not send the `deleted` parameter, when the `view` parameter
+    is present
+
rubygem-actionview-5_1
+- Add patch to fix CVE-2022-27777 (bsc#1199060)
+  0004-CVE-2022-27777.patch
+
+- Add patch to fix CVE-2020-15169 (bsc#1176421)
+  0003-CVE-2020-15169.patch
+
+- Add patch to fix CVE-2020-8167 (bsc#1172184)
+  0002-CVE-2020-8167.patch
+