Removed rpms
============

 - libBasicUsageEnvironment1

Added rpms
==========

 - libBasicUsageEnvironment2
 - wicked-nbft

Package Source Changes
======================

ImageMagick
+  fix CVE-2022-44267 [bsc#1207982], denial of service when parsing a PNG image
+  fix CVE-2022-44268 [bsc#1207983], arbitrary file disclosure when parsing a PNG image
+  + ImageMagick-CVE-2022-44267,44268.patch
+
+- security update
+- added patches
NetworkManager-applet
+- Add meson-0.61-build-fix.patch to fix the build on meson >= 0.61
+  (jsc#PED-2644, glgo#GNOME/network-manager-applet!107)
+
apr-util
+- security fix CVE-2022-25147, bsc#1207866: buffer overflow
+  possible with specially crafted input
+  + added patch apr-util-CVE-2022-25147.patch
+
bind
+- Update to release 9.16.37
+  Security Fixes:
+  * An UPDATE message flood could cause named to exhaust all
+    available memory. This flaw was addressed by adding a new
+    update-quota option that controls the maximum number of
+    outstanding DNS UPDATE messages that named can hold in a queue
+    at any given time (default: 100). (CVE-2022-3094)
+  * named could crash with an assertion failure when an RRSIG query
+    was received and stale-answer-client-timeout was set to a
+    non-zero value. This has been fixed. (CVE-2022-3736)
+  * named running as a resolver with the
+    stale-answer-client-timeout option set to any value greater
+    than 0 could crash with an assertion failure, when the
+    recursive-clients soft quota was reached. This has been fixed.
+    (CVE-2022-3924)
+  New Features:
+  * The new update-quota option can be used to control the number
+    of simultaneous DNS UPDATE messages that can be processed to
+    update an authoritative zone on a primary server, or forwarded
+    to the primary server by a secondary server. The default is
+    100. A new statistics counter has also been added to record
+    events when this quota is exceeded, and the version numbers for
+    the XML and JSON statistics schemas have been updated.
+  Feature Changes:
+  * The Differentiated Services Code Point (DSCP) feature in BIND
+    has been deprecated. Configuring DSCP values in named.conf now
+    causes a warning to be logged. Note that this feature has only
+    been partly operational since the new Network Manager was
+    introduced in BIND 9.16.0.
+  * The catalog zone implementation has been optimized to work with
+    hundreds of thousands of member zones.
+  Bug Fixes:
+  * In certain query resolution scenarios (e.g. when following
+    CNAME records), named configured to answer from stale cache
+    could return a SERVFAIL response despite a usable, non-stale
+    answer being present in the cache. This has been fixed.
+  [bsc#1207471, bsc#1207473, bsc#1207475, jsc#SLE-24600]
+
+- Update to release 9.16.36
+  Feature Changes:
+  * The auto-dnssec option has been deprecated and will be removed
+    in a future BIND 9.19.x release. Please migrate to
+    dnssec-policy.
+  Bug Fixes:
+  * When a catalog zone was removed from the configuration, in some
+    cases a dangling pointer could cause the named process to
+    crash.
+  * When a zone was deleted from a server, a key management object
+    related to that zone was inadvertently kept in memory and only
+    released upon shutdown. This could lead to constantly
+    increasing memory use on servers with a high rate of changes
+    affecting the set of zones being served.
+  * In certain cases, named waited for the resolution of
+    outstanding recursive queries to finish before shutting down.
+  * The zone <name>/<class>: final reference detached log message
+    was moved from the INFO log level to the DEBUG(1) log level to
+    prevent the named-checkzone tool from superfluously logging
+    this message in non-debug mode.
+  [jsc#SLE-24600]
+
curl
+- Security Fix: [bsc#1207992, CVE-2023-23916]
+  * HTTP multi-header compression denial of service
+  * Add curl-CVE-2023-23916.patch
+
+- Security Fixes:
+  * HSTS ignored on multiple requests [bsc#1207990, CVE-2023-23914]
+  * HSTS amnesia with --parallel [bsc#1207991, CVE-2023-23915]
+  * Add curl-CVE-2023-23914-23915.patch
+
f2fs-tools
+- Replace transitional %usrmerged macro with regular version check (boo#1206798)
+
freerdp
+- Multiple CVE fixes (bsc#1205512)
+  + Add freerdp-Added-missing-length-checks-in-zgfx_decompress_segme.patch
+  * Fixes CVE-2022-39316 & CVE-2022-39317
+  + Add freerdp-CVE-2022-39320.patch
+  * Added missing length check in urb_control_transfer
+  + Add freerdp-CVE-2022-39347.patch
+  * Fix path validation in drive channel
+  + Add freerdp-CVE-2022-41877.patch
+  * Fixed missing stream length check in drive_file_query_directory
+
gnome-chess
+- Update to version 43.1:
+  + Fix build with latest valac.
+  + Fix keyboard shortcuts dialog.
+  + Updated translations.
+
gnome-sudoku
+- Update to version 43.1:
+  + Revert "Fix redundant undo stack entries for earmarks".
+  + Warnings when solution to puzzle is violated no longer consider
+    earmarks.
+  + Updated translations.
+
graphite2
+- fixed license string [bsc#1207676]:
+  LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later
+
-- Remove harfbuzz dep. Breaks another buildcycle.
-  This effectively means we are not running tests. No functional
-  changes otherwise.
-
-- Remove texlive dep to remove dep circle.
-
-- Use rpath so the tests work.
-
-- Enable the tests. They work on 13.1 but fail on Factory...
-
-- Version bump to 1.2.4:
-  * Various bugfixes
-  * Expanded testsuite
-- Remove graphite2-arm.patch - applied upstream
-- Add patches from debian:
-  * soname.diff
-  * no-specific-nunit-version.diff
-- Run^Wdocument tests and generate documentation
-
-- Use cmake macros for nice and tidy setup.
-
-- Add baselibs.conf and provide libgraphite2-3-32bit, which is at
-  this moment required by harfbuzz.
-
-- graphite2-arm.patch :Fix build in arm and possible other platforms, we should
-  notuse -nodefaultlibs as a linker flag and let the system
-  do its job automatically.
-- freetype-devel should be freetype2-devel
-
-- license update: LGPL-2.1+ or GPL-2.0+ or MPL-1.1
-  See License file (most source code notices concur)
-
-- Whitespace trying to figure out why spec file is interpreted as
-  binary.
-
-- Fix desc not to mention libexttextcat.
-
-- Initial commit version 1.2.0.
-
kernel-default
+- aquantia: Do not purge addresses when setting the number of
+  rings (jsc#PED-1530).
+- commit 39a03b2
+
+- net: atlantic: macsec: clear encryption keys from the stack
+  (jsc#PED-1530).
+- commit 643f719
+
+- atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530).
+- commit 4a9a64f
+
+- net: atlantic: fix potential memory leak in aq_ndev_close()
+  (jsc#PED-1530).
+- commit 719db2f
+
+- net: atlantic: remove aq_nic_deinit() when resume
+  (jsc#PED-1530).
+- commit ff2f581
+
+- net: atlantic: remove deep parameter on suspend/resume functions
+  (jsc#PED-1530).
+- commit 9e96b4d
+
+- net: atlantic:fix repeated words in comments (jsc#PED-1530).
+- commit d6d4ffb
+
+- net: atlantic: verify hw_head_ lies within TX buffer ring
+  (jsc#PED-1530).
+- commit 7059ede
+
+- net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530).
+- commit e719b81
+
+- net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530).
+- commit b04c254
+
+- net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530).
+- commit 0263576
+
+- Update
+  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
+  (bsc#1207361 bsc#1207036 CVE-2023-23454).
+- commit 521fdca
+
+- Update
+  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
+  (bsc#1207361 bc#1207125 CVE-2023-23455).
+- commit c8b6243
+
+- io_uring/poll: fix poll_refs race with cancelation (bsc#1207511
+  CVE-2023-0468).
+- io_uring: make poll refs more robust (bsc#1207511
+  CVE-2023-0468).
+- io_uring: cmpxchg for poll arm refs release (bsc#1207511
+  CVE-2023-0468).
+- io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468).
+- io_uring: update res mask in io_poll_check_events (bsc#1207511
+  CVE-2023-0468).
+- commit 4fe9bfe
+
+- io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and
+  wakeups (bsc#1207100).
+- eventfd: provide a eventfd_signal_mask() helper (bsc#1207100).
+- eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100).
+- commit 9e5a117
+
+- fbdev: Fix invalid page access after closing deferred I/O
+  devices (bsc#1207284).
+- commit 6a8d940
+
+- ipmi:ssif: Add 60ms time internal between write retries
+  (bsc#1206459).
+- ipmi:ssif: Increase the message retry time (bsc#1206459).
+- commit 14626c0
+
kernel-kvmsmall
+- aquantia: Do not purge addresses when setting the number of
+  rings (jsc#PED-1530).
+- commit 39a03b2
+
+- net: atlantic: macsec: clear encryption keys from the stack
+  (jsc#PED-1530).
+- commit 643f719
+
+- atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530).
+- commit 4a9a64f
+
+- net: atlantic: fix potential memory leak in aq_ndev_close()
+  (jsc#PED-1530).
+- commit 719db2f
+
+- net: atlantic: remove aq_nic_deinit() when resume
+  (jsc#PED-1530).
+- commit ff2f581
+
+- net: atlantic: remove deep parameter on suspend/resume functions
+  (jsc#PED-1530).
+- commit 9e96b4d
+
+- net: atlantic:fix repeated words in comments (jsc#PED-1530).
+- commit d6d4ffb
+
+- net: atlantic: verify hw_head_ lies within TX buffer ring
+  (jsc#PED-1530).
+- commit 7059ede
+
+- net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530).
+- commit e719b81
+
+- net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530).
+- commit b04c254
+
+- net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530).
+- commit 0263576
+
+- Update
+  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
+  (bsc#1207361 bsc#1207036 CVE-2023-23454).
+- commit 521fdca
+
+- Update
+  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
+  (bsc#1207361 bc#1207125 CVE-2023-23455).
+- commit c8b6243
+
+- io_uring/poll: fix poll_refs race with cancelation (bsc#1207511
+  CVE-2023-0468).
+- io_uring: make poll refs more robust (bsc#1207511
+  CVE-2023-0468).
+- io_uring: cmpxchg for poll arm refs release (bsc#1207511
+  CVE-2023-0468).
+- io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468).
+- io_uring: update res mask in io_poll_check_events (bsc#1207511
+  CVE-2023-0468).
+- commit 4fe9bfe
+
+- io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and
+  wakeups (bsc#1207100).
+- eventfd: provide a eventfd_signal_mask() helper (bsc#1207100).
+- eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100).
+- commit 9e5a117
+
+- fbdev: Fix invalid page access after closing deferred I/O
+  devices (bsc#1207284).
+- commit 6a8d940
+
+- ipmi:ssif: Add 60ms time internal between write retries
+  (bsc#1206459).
+- ipmi:ssif: Increase the message retry time (bsc#1206459).
+- commit 14626c0
+
less
+- Apply "cve-2022-46663.patch" to fix a vulnerability in less that
+  could be exploited for denial-of-service attacks or even remote
+  code execution by printing specially crafted escape sequences to
+  the terminal. [CVE-2022-46663, bsc#1207815]
+
libmwaw
+- update to 0.3.21 (jsc#PED-1785):
+  * add debug code to read some private rsrc data
+  + allow to read some MacWrite which does not have printer informations
+  * add a parser for Scoop files
+  * add a parser for ScriptWriter files
+  * add a parser for ReadySetGo 1-4 files
+
libreoffice
+- Update to 7.4.3.2 (jsc#PED-1785):
+  You can check for 7.4 release notes here:
+  https://wiki.documentfoundation.org/ReleaseNotes/7.4
+  You can check for each minor release notes here:
+  https://wiki.documentfoundation.org/Releases/7.4.3/RC2
+  https://wiki.documentfoundation.org/Releases/7.4.3/RC1
+  https://wiki.documentfoundation.org/Releases/7.4.2/RC3
+  https://wiki.documentfoundation.org/Releases/7.4.2/RC2
+  https://wiki.documentfoundation.org/Releases/7.4.2/RC1
+  https://wiki.documentfoundation.org/Releases/7.4.1/RC2
+  https://wiki.documentfoundation.org/Releases/7.4.1/RC1
+  https://wiki.documentfoundation.org/Releases/7.4.0/RC3
+  https://wiki.documentfoundation.org/Releases/7.4.0/RC2
+  https://wiki.documentfoundation.org/Releases/7.4.0/RC1
+- Updated bundled dependencies:
+  * boost_1_77_0.tar.xz -> boost_1_79_0.tar.xz
+  * curl-7.83.1.tar.xz -> curl-7.86.0.tar.xz
+  * icu4c-70_1-data.zip -> icu4c-71_1-data.zip
+  * icu4c-70_1-src.tgz -> icu4c-71_1-src.tgz
+  * pdfium-4699.tar.gz2 -> pdfium-5058.tar.bz2
+  * poppler-21.11.0.tar.xz -> poppler-22.09.0.tar.xz
+  * poppler-data-0.4.10.tar.gz -> poppler-data-0.4.11.tar.gz
+  * skia-m97-a7230803d64ae9d44f4e1282444801119a3ae967.tar.xz
+  - > skia-m103-b301ff025004c9cd82816c86c547588e6c24b466.tar.xz
+- Added patches:
+  * fix_harfbuzz_on_sle12_sp5.patch
+  * fix_webp_on_sle12_sp5.patch
+  * use-fixmath-shared-library.patch
+- Refresh fix_gtk_popover_on_3.20.patch
+- Removed upstreamed patches:
+  * bsc1197498.patch
+  * bsc1200009.patch
+  * bsc1201093.patch
+  * bsc1202032.patch
+  * bsc1202114.patch
+  * CVE-2022-3140-4.patch
+
live555
+- update to 2023.01.19:
+  - By default, we no longer compile "groupsock/NetAddress.cpp" for Windows to use
+    "gethostbyname()", because of a report that this breaks IPv6 name resolution.
+
+- update to 2023.01.11:
+  * Updated the "BasicTaskScheduler"/"DelayQueue" implementation to make the 'token counter'
+    a field of the task scheduler object, rather than having it be a static variable.
+    This avoids potential problems if an application uses more than one thread (with each thread
+    having its own task scheduler).
+
mozilla-nss
+- update to NSS 3.79.4 (bsc#1208138)
+  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
+    (CVE-2023-0767)
+
tiff
+  * CVE-2022-48281 [bsc#1207413]
+    + tiff-CVE-2022-48281.patch
+
+- security update:
transmission
+- Apply downstream patch from Gentoo to fix a crash with openSSL 3
+  (boo#1207914):
+  * transmission-3.00-openssl-3.patch
+
+- boo#1207555: Transmission can't open Bittorrent v2 torrents
+  Add transmission-hybrid-torrent-length.patch
+
xf86-input-joystick
+- Update to version 1.6.4
+  * Fix quoting in man page synopsis section
+  * Update README for gitlab migration
+  * Update configure.ac bug URL for gitlab migration
+  * Fix spelling/wording issues
+  * gitlab CI: add a basic build test
+  * gitlab CI: stop requiring Signed-off-by in commits
+  * autogen.sh: Implement GNOME Build API
+  * autogen.sh: use quoted string variables
+  * Adapt to USB HID header changes on NetBSD-8.99.9.
+  * autogen: add default patch prefix
+  * configure: Drop AM_MAINTAINER_MODE
+  * autogen.sh: use exec instead of waiting for configure to finish
+
xf86-video-voodoo
+- update to 1.2.6:
+  * Remove miInitializeBackingStore
+    Stop using deprecated xf86PciInfo.h
+    Fix spelling/wording issues
+    Build xz tarballs instead of bzip2
+    Update configure.ac bug URL for gitlab migration
+    autogen: add default patch prefix
+    autogen.sh: use quoted string variables
+    autogen.sh: use exec instead of waiting for configure to finish
+    autogen.sh: Honor NOCONFIGURE=1
+    configure: Drop AM_MAINTAINER_MODE
+    don't use PCITAG in struct anymore
+- drop U_don-t-use-PCITAG-in-struct-anymore.patch (upstream)
+
yast2-bootloader
+- make secure boot for ppc64 consistent with how secure boot works
+  on other architectures (bsc#1206295)
+- 4.5.8
+
yast2-iscsi-client
+- Expose all core functionality from IscsiClientLib, with options
+  to suppress usage of pop-ups (related t gh#yast/d-installer#402).
+
+- Finish client: copy the content of both /etc/iscsi and
+  /var/lib/iscsi (bsc#1207374).
+- Finish client: never enable both the iscsid socket and the
+  service (partial fix for bsc#1207839).
+- 4.5.7
+
yast2-network
+- Fix calling method read on nil crash in bootloader caused by
+  not restoring SCR chroot in save_network client when running
+  in autoyast (bsc#1207968)
+- 4.5.16
+
yast2-packager
+- Prevent crash if nil dependencies instead of [] (bsc#1208068)
+- 4.5.14
+