Packages changed:
  bash
  hostname
  krb5 (1.18 -> 1.18.1)
  libgcrypt
  openssl-1_1

=== Details ===

==== bash ====

- Add official patch bash50-017
  * There were cases where patch 16 reaped process substitution
    file descriptors (or FIFOs) and processes to early. This is
    a better fix for the problem that bash50-016 attempted to solve.
- Remove temporary patch bash50-fix-016-close-new-fifos.patch

==== hostname ====

- Fix LIBEXECDIR substitution for systemd service
- Add nis-domainname.service for FreeIPA

==== krb5 ====
Version update (1.18 -> 1.18.1)

- Upgrade to 1.18.1
  * Fix a crash when qualifying short hostnames when the system has
    no primary DNS domain.
  * Fix a regression when an application imports "service@" as a GSS
    host-based name for its acceptor credential handle.
  * Fix KDC enforcement of auth indicators when they are modified by
    the KDB module.
  * Fix removal of require_auth string attributes when the LDAP KDB
    module is used.
  * Fix a compile error when building with musl libc on Linux.
  * Fix a compile error when building with gcc 4.x.
  * Change the KDC constrained delegation precedence order for consistency
    with Windows KDCs.
- Remove 0009-Fix-null-dereference-qualifying-short-hostnames.patch

==== libgcrypt ====

- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch
- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch
- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch
- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
  - libgcrypt-PCT-DSA.patch
  - libgcrypt-PCT-RSA.patch
  - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
- FIPS: Run self-tests from constructor during power-on [bsc#1166748]
  * Set up global_init as the constructor function:
  - libgcrypt-global_init-constructor.patch
  * Relax the entropy requirements on selftest. This is especially
    important for virtual machines to boot properly before the RNG
    is available:
  - libgcrypt-random_selftests-testentropy.patch
  - libgcrypt-rsa-no-blinding.patch
  - libgcrypt-ecc-ecdsa-no-blinding.patch
  * Fix benchmark regression test in FIPS mode:
  - libgcrypt-FIPS-GMAC_AES-benckmark.patch
- Remove check not needed in _gcry_global_constructor [bsc#1164950]
  * Update libgcrypt-Restore-self-tests-from-constructor.patch
- FIPS: Run the self-tests from the constructor [bsc#1164950]
  * Add libgcrypt-invoke-global_init-from-constructor.patch

==== openssl-1_1 ====
Subpackages: libopenssl1_1

- Limit the DRBG selftests to not deplete entropy (bsc#1165274)
  * fixes also Firefox crashing with Kerberos (bsc#1167132)
  * update openssl-fips_selftest_upstream_drbg.patch