Packages changed: aspell-en (2018.04.16 -> 2019.10.06) diffstat (1.62 -> 1.63) dtc file (5.37 -> 5.38) fltk (1.3.4 -> 1.3.5) libarchive (3.4.0 -> 3.4.1) libbsd (0.9.1 -> 0.10.0) libseccomp (2.4.1 -> 2.4.2) libvirt mariadb-connector-c (3.1.5 -> 3.1.6) myspell-dictionaries (20191016 -> 20191219) netpbm (10.86.3 -> 10.88.1) ovmf posix_cc protobuf (3.9.1 -> 3.9.2) python-SQLAlchemy (1.3.11 -> 1.3.12) python-snowballstemmer (1.9.1 -> 2.0.0) strace === Details === ==== aspell-en ==== Version update (2018.04.16 -> 2019.10.06) - version update to 2019.10.06 Various new words. Remove compare's and fail's. ==== diffstat ==== Version update (1.62 -> 1.63) - version update to 1.63 + eliminate fixed buffer when decoding range. + use locale in computing filename column-width. + improve parsing for git diffs. + use terminal-width as default for -w to tty. + minor fix in do_merging (Miloslaw Smyk). + improve relative-pathname matching in count_lines() + add a parsing-case for svn diff. + quote filenames in -t/-T output. + fix cppcheck warnings about sscanf. + update configure macros + update config.guess, config.sub ==== dtc ==== - Use %make_build and recpect %optflags. ==== file ==== Version update (5.37 -> 5.38) Subpackages: file-magic libmagic1 - Require pkgconfig(libseccomp) to enable the sandboxing feature - Update to file version 5.38 * Always accept -S (no sandbox) even if we don't support sandboxing * More syscalls elided for sandboxiing * For ELF dynamic means having an interpreter not just PT_DYNAMIC * Check for large ELF session header offset * When saving and restoring a locale, keep the locale name in our own storage. * Add a flag to disable CSV file detection. * Don't pass NULL/0 to memset to appease sanitizers. * Avoid spurious prints when looks for extensions or apple strings in fsmagic. * Add builtin decompressors for xz and and bzip. * Add a limit for the number of CDF elements. * More checks for overflow in CDF. - Removed patches fixed upstream * CVE-2019-18218-46a8443f.patch * file-5.15-clear-invalid.patch * file-upstream.patch - Modify patches * file-5.12-zip.dif * file-5.16-ocloexec.patch * file-5.17-option.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.23-endian.patch * file-5.24-nitpick.dif * file-5.28-btrfs-image.dif * file-secure_getenv.patch - Modify and rename patch file-5.37.dif which becomes now file-5.38.dif ==== fltk ==== Version update (1.3.4 -> 1.3.5) - version update to 1.3.5 * see CHANGES or https://www.fltk.org/articles.php?L1635 ==== libarchive ==== Version update (3.4.0 -> 3.4.1) Subpackages: bsdtar libarchive13 - Revert back to autoconf, cmake introduces a cycle. Leave cmake patches in since they are basically correct and might be useful in the future. - Update to version 3.4.1 New features: * Unicode filename support for reading lha/lzh archives * New pax write option "xattrhdr" Important bugfixes: * security fixes in wide string processing (#1276 #1298) * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 * security fixes and optimizations to write filter logic (#351) * security fix related to use of readlink(2) (1dae5a5) * sparse file handling fixes (#1218 #1260) - Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream - fix bsc#1157569 CVE-2019-19221.patch out-of-bounds read in libarchive - Switch to cmake build - Add lib-suffix.patch to honor LIB_SUFFIX - Add fix-zstd-test.patch to fix zstd test - Add fix-soversion.patch to fix the soversion to 13 as autotools - Add lz4 and zstd support - Add BuildRequires on liblz4-devel and libzstd-devel ==== libbsd ==== Version update (0.9.1 -> 0.10.0) - Update to version 0.10.0: * Several security related fixes for nlist() reported by Daniel Hodson and one by Coverity Scan. * Preliminary and partial Windows porting, thanks to Aaron Dierking. * Fix for a leak in the vis family of functions. * Fix for a configure check to not unnecessarily link against librt. * General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD. * New architectures support for nlist(). * Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them. * Several man page fixes. ==== libseccomp ==== Version update (2.4.1 -> 2.4.2) - Update to release 2.4.2 * Add support for io-uring related system calls ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - CVE-2019-11135: Add TSX_CTRL and TAA_NO bits for IA32_ARCH_CAPABILITIES MSR 07aaced4-Add-TAA-No.patch, f411b7ef6-Add-TSX-CTRL.patch bsc#1152505 ==== mariadb-connector-c ==== Version update (3.1.5 -> 3.1.6) - Update to release 3.1.6 * Fixed: ERROR 2026 (HY000): SSL connection error: Certificate signature check failed * Fixed: Provide error code and message for Schannel errors * Fixed SEC_E_INVALID_TOKEN when server sends large message during SSL handshake ==== myspell-dictionaries ==== Version update (20191016 -> 20191219) Subpackages: myspell-cs_CZ myspell-da_DK myspell-de myspell-de_DE myspell-el_GR myspell-en myspell-en_GB myspell-en_US myspell-es myspell-es_ES myspell-fr_FR myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-pl_PL myspell-pt_BR myspell-ru_RU - version update to 20191219 * Updated the English dictionaries: GB+US+CA+AU * tdf#128341 use python3 * Bring shipped Spanish dictionary up to version 2.5 - modified sources % update.sh . gd_GB does not have dictionaries in gd_GB/dictionaries anymore, thus removing exception . check for /usr/bin/th_gen_idx.pl existence sooner . no Group: tag ==== netpbm ==== Version update (10.86.3 -> 10.88.1) Subpackages: libnetpbm11 - version update to 10.88.1 * anytopnm: Fix unpredictable behavior when file name contains spaces. pnmquant: Fail if user specifies more than one of -meanpixel, - meancolor, and -center, rather than just pick one. * pnmremap: Don't output any part of the image if program fails because the maxval of input and map file do not match, in a case where matching maxval is required, i.e. the user specified - firstisdefault or -missingcolor. * ppmhist: sort secondarily by RGB with -sort=frequency, so output is repeatable. * pnmcolormap: Add -splitpix, -splitcol, -splitdim. Thanks Vladislav Zavjalov. * pbmtext: fix erroneous failure message with long input text. * jpeg2ktopam, pamtojpeg2k: fix negative array index. Always broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)). * jpeg2ktopam, pamtojpeg2k: fix assertion failure. Always broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)). * jpeg2ktopam: Fix memory leak after decoder failure. Always broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)). * jpeg2ktopam: fix null pointer dereference. Always broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)). * pnmtorle, rletopnm: fix wild pointer dereference when memory allocation fails. Always broken (programs were added to Netpbm in Release 9.0 (April 2000). * pamsumm: Fix bug: with -mean and a conflicting option such as - sum, the program ignores one of the options. It should fail. Always broken (pamsumm was new in Netpbm 10.21 (March 2004). pamfind: Add -machine . * Multiple: fix bug: when you specify the same option twice, you can get a syntax error, with the message telling you you specified some other option that conflicts with it. Should just take the last setting. - modified patches % big-endian.patch (refreshed) % netpbm-security-code.patch (refreshed) ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - only build -aarch32 Cortex-A15 EFI on armv7hl ==== posix_cc ==== - Modernize spec file - Build in build phase ==== protobuf ==== Version update (3.9.1 -> 3.9.2) Subpackages: libprotobuf-lite20 libprotobuf20 python3-protobuf - Use tarball provided by upstream - Small package cleanup - Updated to version 3.9.2 (Objective-C) * Remove OSReadLittle* due to alignment requirements. (#6678) * Don't use unions and instead use memcpy for the type swaps. (#6672) ==== python-SQLAlchemy ==== Version update (1.3.11 -> 1.3.12) - update to version 1.3.12: * [orm] [bug] Fixed issue involving lazy="raise" strategy where an ORM delete of an object would raise for a simple ?use-get? style many-to-one relationship that had lazy=?raise? configured. This is inconsistent vs. the change introduced in 1.3 as part of #4353, where it was established that a history operation that does not expect emit SQL should bypass the lazy="raise" check, and instead effectively treat it as lazy="raise_on_sql" for this case. The fix adjusts the lazy loader strategy to not raise for the case where the lazy load was instructed that it should not emit SQL if the object were not present. * [orm] [bug] Fixed regression introduced in 1.3.0 related to the association proxy refactor in #4351 that prevented composite() attributes from working in terms of an association proxy that references them. * [orm] [bug] Setting persistence-related flags on relationship() while also setting viewonly=True will now emit a regular warning, as these flags do not make sense for a viewonly=True relationship. In particular, the ?cascade? settings have their own warning that is generated based on the individual values, such as ?delete, delete-orphan?, that should not apply to a viewonly relationship. Note however that in the case of ?cascade?, these settings are still erroneously taking effect even though the relationship is set up as ?viewonly?. In 1.4, all persistence-related cascade settings will be disallowed on a viewonly=True relationship in order to resolve this issue. * [orm] [bug] [py3k] Fixed issue where when assigning a collection to itself as a slice, the mutation operation would fail as it would first erase the assigned collection inadvertently. As an assignment that does not change the contents should not generate events, the operation is now a no-op. Note that the fix only applies to Python 3; in Python 2, the __setitem__ hook isn?t called in this case; __setslice__ is used instead which recreates the list item-by-item in all cases. * [orm] [bug] Fixed issue where by if the ?begin? of a transaction failed at the Core engine/connection level, such as due to network error or database is locked for some transactional recipes, within the context of the Session procuring that connection from the conneciton pool and then immediately returning it, the ORM Session would not close the connection despite this connection not being stored within the state of that Session. This would lead to the connection being cleaned out by the connection pool weakref handler within garbage collection which is an unpreferred codepath that in some special configurations can emit errors in standard error. * sql [sql] [bug] Fixed bug where ?distinct? keyword passed to select() would not treat a string value as a ?label reference? in the same way that the select.distinct() does; it would instead raise unconditionally. This keyword argument and the others passed to select() will ultimately be deprecated for SQLAlchemy 2.0. * [sql] [bug] Changed the text of the exception for ?Can?t resolve label reference? to include other kinds of label coercions, namely that ?DISTINCT? is also in this category under the PostgreSQL dialect. ==== python-snowballstemmer ==== Version update (1.9.1 -> 2.0.0) - update to 2.0.0: * Simplified generated code for ``repeat`` and ``atleast`` commands. * Implemented ?go grouping? optimisation. * Removed caching layer (#114). * Enabled building wheels (#115). * Updated package README. ==== strace ==== - Use -ffat-lto-objects to work around mpers.sh failure