Packages changed:
  aspell-en (2018.04.16 -> 2019.10.06)
  diffstat (1.62 -> 1.63)
  dtc
  file (5.37 -> 5.38)
  fltk (1.3.4 -> 1.3.5)
  libarchive (3.4.0 -> 3.4.1)
  libbsd (0.9.1 -> 0.10.0)
  libseccomp (2.4.1 -> 2.4.2)
  libvirt
  mariadb-connector-c (3.1.5 -> 3.1.6)
  myspell-dictionaries (20191016 -> 20191219)
  netpbm (10.86.3 -> 10.88.1)
  ovmf
  posix_cc
  protobuf (3.9.1 -> 3.9.2)
  python-SQLAlchemy (1.3.11 -> 1.3.12)
  python-snowballstemmer (1.9.1 -> 2.0.0)
  strace

=== Details ===

==== aspell-en ====
Version update (2018.04.16 -> 2019.10.06)

- version update to 2019.10.06
  Various new words.
  Remove compare's and fail's.

==== diffstat ====
Version update (1.62 -> 1.63)

- version update to 1.63
  + eliminate fixed buffer when decoding range.
  + use locale in computing filename column-width.
  + improve parsing for git diffs.
  + use terminal-width as default for -w to tty.
  + minor fix in do_merging (Miloslaw Smyk).
  + improve relative-pathname matching in count_lines()
  + add a parsing-case for svn diff.
  + quote filenames in -t/-T output.
  + fix cppcheck warnings about sscanf.
  + update configure macros
  + update config.guess, config.sub

==== dtc ====

- Use %make_build and recpect %optflags.

==== file ====
Version update (5.37 -> 5.38)
Subpackages: file-magic libmagic1

- Require pkgconfig(libseccomp) to enable the sandboxing feature
- Update to file version 5.38
  * Always accept -S (no sandbox) even if we don't support sandboxing
  * More syscalls elided for sandboxiing
  * For ELF dynamic means having an interpreter not just PT_DYNAMIC
  * Check for large ELF session header offset
  * When saving and restoring a locale, keep the locale name in our
    own storage.
  * Add a flag to disable CSV file detection.
  * Don't pass NULL/0 to memset to appease sanitizers.
  * Avoid spurious prints when looks for extensions or apple strings
    in fsmagic.
  * Add builtin decompressors for xz and and bzip.
  * Add a limit for the number of CDF elements.
  * More checks for overflow in CDF.
- Removed patches fixed upstream
  * CVE-2019-18218-46a8443f.patch
  * file-5.15-clear-invalid.patch
  * file-upstream.patch
- Modify patches
  * file-5.12-zip.dif
  * file-5.16-ocloexec.patch
  * file-5.17-option.dif
  * file-5.19-biorad.dif
  * file-5.19-printf.dif
  * file-5.19-zip2.0.dif
  * file-5.23-endian.patch
  * file-5.24-nitpick.dif
  * file-5.28-btrfs-image.dif
  * file-secure_getenv.patch
- Modify and rename patch file-5.37.dif which becomes now file-5.38.dif

==== fltk ====
Version update (1.3.4 -> 1.3.5)

- version update to 1.3.5
  * see CHANGES or
    https://www.fltk.org/articles.php?L1635

==== libarchive ====
Version update (3.4.0 -> 3.4.1)
Subpackages: bsdtar libarchive13

- Revert back to autoconf, cmake introduces a cycle. Leave cmake
  patches in since they are basically correct and might be useful
  in the future.
- Update to version 3.4.1
  New features:
  * Unicode filename support for reading lha/lzh archives
  * New pax write option "xattrhdr"
  Important bugfixes:
  * security fixes in wide string processing (#1276 #1298)
  * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
  * security fixes and optimizations to write filter logic (#351)
  * security fix related to use of readlink(2) (1dae5a5)
  * sparse file handling fixes (#1218 #1260)
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
- fix bsc#1157569
  CVE-2019-19221.patch out-of-bounds read in libarchive
- Switch to cmake build
- Add lib-suffix.patch to honor LIB_SUFFIX
- Add fix-zstd-test.patch to fix zstd test
- Add fix-soversion.patch to fix the soversion to 13 as autotools
- Add lz4 and zstd support
- Add BuildRequires on liblz4-devel and libzstd-devel

==== libbsd ====
Version update (0.9.1 -> 0.10.0)

- Update to version 0.10.0:
  * Several security related fixes for nlist() reported by Daniel
    Hodson and one by Coverity Scan.
  * Preliminary and partial Windows porting, thanks to Aaron
    Dierking.
  * Fix for a leak in the vis family of functions.
  * Fix for a configure check to not unnecessarily link against
    librt.
  * General portability fixes for musl, uClibc, macOS and
    GNU/kFreeBSD.
  * New architectures support for nlist().
  * Switch the <err.h> *c() functions to be standalone and add
    err(), warn(), errx() and warnx() familiy of functions in case
    the system lacks them.
  * Several man page fixes.

==== libseccomp ====
Version update (2.4.1 -> 2.4.2)

- Update to release 2.4.2
  * Add support for io-uring related system calls

==== libvirt ====
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for
  IA32_ARCH_CAPABILITIES MSR
  07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch
  bsc#1152505

==== mariadb-connector-c ====
Version update (3.1.5 -> 3.1.6)

- Update to release 3.1.6
  * Fixed: ERROR 2026 (HY000): SSL connection error: Certificate
    signature check failed
  * Fixed: Provide error code and message for Schannel errors
  * Fixed SEC_E_INVALID_TOKEN when server sends large message
    during SSL handshake

==== myspell-dictionaries ====
Version update (20191016 -> 20191219)
Subpackages: myspell-cs_CZ myspell-da_DK myspell-de myspell-de_DE myspell-el_GR myspell-en myspell-en_GB myspell-en_US myspell-es myspell-es_ES myspell-fr_FR myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-pl_PL myspell-pt_BR myspell-ru_RU

- version update to 20191219
  * Updated the English dictionaries: GB+US+CA+AU
  * tdf#128341 use python3
  * Bring shipped Spanish dictionary up to version 2.5
- modified sources
  % update.sh
    . gd_GB does not have dictionaries in gd_GB/dictionaries
    anymore, thus removing exception
    . check for /usr/bin/th_gen_idx.pl existence sooner
    . no Group: tag

==== netpbm ====
Version update (10.86.3 -> 10.88.1)
Subpackages: libnetpbm11

- version update to 10.88.1
  * anytopnm: Fix unpredictable behavior when file name contains
    spaces.
    pnmquant: Fail if user specifies more than one of -meanpixel,
  - meancolor, and -center, rather than just pick one.
  * pnmremap: Don't output any part of the image if program fails
    because the maxval of input and map file do not match, in a
    case where matching maxval is required, i.e. the user specified
  - firstisdefault or -missingcolor.
  * ppmhist: sort secondarily by RGB with -sort=frequency, so
    output is repeatable.
  * pnmcolormap: Add -splitpix, -splitcol, -splitdim.
    Thanks Vladislav Zavjalov.
  * pbmtext: fix erroneous failure message with long input text.
  * jpeg2ktopam, pamtojpeg2k: fix negative array index.  Always
    broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)).
  * jpeg2ktopam, pamtojpeg2k: fix assertion failure.  Always
    broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)).
  * jpeg2ktopam: Fix memory leak after decoder failure.  Always
    broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)).
  * jpeg2ktopam: fix null pointer dereference.  Always broken
    (pamtojpeg2k was new in Netpbm 10.12 (November 2002)).
  * pnmtorle, rletopnm: fix wild pointer dereference when memory
    allocation fails.  Always broken (programs were added to
    Netpbm in Release 9.0 (April 2000).
  * pamsumm: Fix bug: with -mean and a conflicting option such as
  - sum, the program ignores one of the options.  It should fail.
    Always broken (pamsumm was new in Netpbm 10.21 (March 2004).
    pamfind: Add -machine .
  * Multiple: fix bug: when you specify the same option twice, you
    can get a syntax error, with the message telling you you
    specified some other option that conflicts with it.  Should just
    take the last setting.
- modified patches
  % big-endian.patch (refreshed)
  % netpbm-security-code.patch (refreshed)

==== ovmf ====
Subpackages: qemu-ovmf-x86_64

- only build -aarch32 Cortex-A15 EFI on armv7hl

==== posix_cc ====

- Modernize spec file
- Build in build phase

==== protobuf ====
Version update (3.9.1 -> 3.9.2)
Subpackages: libprotobuf-lite20 libprotobuf20 python3-protobuf

- Use tarball provided by upstream
- Small package cleanup
- Updated to version 3.9.2
  (Objective-C)
  * Remove OSReadLittle* due to alignment requirements. (#6678)
  * Don't use unions and instead use memcpy for the type swaps. (#6672)

==== python-SQLAlchemy ====
Version update (1.3.11 -> 1.3.12)

- update to version 1.3.12:
  * [orm] [bug] Fixed issue involving lazy="raise" strategy where an ORM delete
  of an object would raise for a simple ?use-get? style many-to-one relationship
  that had lazy=?raise? configured. This is inconsistent vs. the change
  introduced in 1.3 as part of #4353, where it was established that a history
  operation that does not expect emit SQL should bypass the lazy="raise" check,
  and instead effectively treat it as lazy="raise_on_sql" for this case. The fix
  adjusts the lazy loader strategy to not raise for the case where the lazy load
  was instructed that it should not emit SQL if the object were not present.
  * [orm] [bug] Fixed regression introduced in 1.3.0 related to the association
  proxy refactor in #4351 that prevented composite() attributes from working in
  terms of an association proxy that references them.
  * [orm] [bug] Setting persistence-related flags on relationship() while also
  setting viewonly=True will now emit a regular warning, as these flags do not
  make sense for a viewonly=True relationship. In particular, the ?cascade?
  settings have their own warning that is generated based on the individual
  values, such as ?delete, delete-orphan?, that should not apply to a viewonly
  relationship. Note however that in the case of ?cascade?, these settings are
  still erroneously taking effect even though the relationship is set up as
  ?viewonly?. In 1.4, all persistence-related cascade settings will be disallowed
  on a viewonly=True relationship in order to resolve this issue.
  * [orm] [bug] [py3k] Fixed issue where when assigning a collection to itself
  as a slice, the mutation operation would fail as it would first erase the
  assigned collection inadvertently. As an assignment that does not change the
  contents should not generate events, the operation is now a no-op. Note that
  the fix only applies to Python 3; in Python 2, the __setitem__ hook isn?t
  called in this case; __setslice__ is used instead which recreates the list
  item-by-item in all cases.
  * [orm] [bug] Fixed issue where by if the ?begin? of a transaction failed at
  the Core engine/connection level, such as due to network error or database is
  locked for some transactional recipes, within the context of the Session
  procuring that connection from the conneciton pool and then immediately
  returning it, the ORM Session would not close the connection despite this
  connection not being stored within the state of that Session. This would lead
  to the connection being cleaned out by the connection pool weakref handler
  within garbage collection which is an unpreferred codepath that in some special
  configurations can emit errors in standard error.
  * sql [sql] [bug] Fixed bug where ?distinct? keyword passed to select() would
  not treat a string value as a ?label reference? in the same way that the
  select.distinct() does; it would instead raise unconditionally. This keyword
  argument and the others passed to select() will ultimately be deprecated for
  SQLAlchemy 2.0.
  * [sql] [bug] Changed the text of the exception for ?Can?t resolve label
  reference? to include other kinds of label coercions, namely that ?DISTINCT? is
  also in this category under the PostgreSQL dialect.

==== python-snowballstemmer ====
Version update (1.9.1 -> 2.0.0)

- update to 2.0.0:
  * Simplified generated code for ``repeat`` and ``atleast`` commands.
  * Implemented ?go grouping? optimisation.
  * Removed caching layer (#114).
  * Enabled building wheels (#115).
  * Updated package README.

==== strace ====

- Use -ffat-lto-objects to work around mpers.sh failure