Packages changed:
  btrfsmaintenance (0.4.1 -> 0.4.2)
  cups
  ethtool
  fftw3
  ghostscript (9.23 -> 9.25)
  gnutls
  haveged
  jack
  libical (3.0.3 -> 3.0.4)
  libmusicbrainz5
  libreoffice (6.1.1.1 -> 6.1.2.1)
  lilv (0.24.2 -> 0.24.4)
  opusfile (0.10 -> 0.11)
  perl-Convert-UUlib (1.4 -> 1.5)
  perl-HTML-Format (2.11 -> 2.12)
  perl-LWP-Protocol-https (6.06 -> 6.07)
  python-cffi
  python-matplotlib (2.2.3 -> 3.0.0)
  snapper
  sqlite3 (3.24.0 -> 3.25.0)
  sssd (1.16.2 -> 2.0.0)
  swig
  unbound (1.7.3 -> 1.8.0)
  usbredir (0.7.1 -> 0.8.0)
  yast2-python-bindings (4.0.4 -> 4.0.5)

=== Details ===

==== btrfsmaintenance ====
Version update (0.4.1 -> 0.4.2)

- update to version 0.4.2
  - CVE-2018-14722: expand auto mountpoints in a safe way
  - btrfs-defrag: fix missing function to detect btrfs filesystems (#52)
  - btrfs-trim: more verbose fstrim output (#60)
  - dist-install: print information about timer unit installation (#58)

==== cups ====
Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupscgi1 libcupsimage2 libcupsmime1 libcupsppdc1

- Fix warning message upon update (boo#1050845): Remove template
  service cups-lpd@ from service_* macro in scriptlets.

==== ethtool ====

- Use noun phrase for summary.

==== fftw3 ====
Subpackages: libfftw3-3 libfftw3_threads3

- Stay with openmpi also on ppc

==== ghostscript ====
Version update (9.23 -> 9.25)
Subpackages: ghostscript-x11

- Version upgrade to 9.25
  For the highlights in this release see the highlights in the
  9.25rc1 first release candidate for 9.25 entry below.
  PLEASE NOTE:
  We (i.e. Ghostscript upstream) strongly urge users to upgrade
  to this latest release to avoid these issues.
  For a release summary see:
  http://www.ghostscript.com/doc/9.25/News.htm
  For details see the News.htm and History9.htm files.
  The Ghostscript 9.25 release should fix (see below)
  in particular those security issues:
  * CVE-2018-15909: shading_param incomplete type checking
    https://bugs.ghostscript.com/show_bug.cgi?id=699660
    https://bugzilla.suse.com/show_bug.cgi?id=1106172 bsc#1106172
  * CVE-2018-15908: .tempfile file permission issues
    https://bugs.ghostscript.com/show_bug.cgi?id=699657
    https://bugzilla.suse.com/show_bug.cgi?id=1106171 bsc#1106171
  * CVE-2018-15910: LockDistillerParams type confusion
    https://bugs.ghostscript.com/show_bug.cgi?id=699656
    https://bugzilla.suse.com/show_bug.cgi?id=1106173 bsc#1106173
  * CVE-2018-15911: uninitialized memory access in the aesdecode
    https://bugs.ghostscript.com/show_bug.cgi?id=699665
    https://bugzilla.suse.com/show_bug.cgi?id=1106195 bsc#1106195
  * CVE-2018-16513: setcolor missing type check
    https://bugs.ghostscript.com/show_bug.cgi?id=699655
    https://bugzilla.suse.com/show_bug.cgi?id=1107412 bsc#1107412
  * CVE-2018-16509: /invalidaccess bypass after failed restore
    https://bugs.ghostscript.com/show_bug.cgi?id=699654
    https://bugzilla.suse.com/show_bug.cgi?id=1107410 bsc#1107410
  * CVE-2018-16510: Incorrect exec stack handling in the "CS"
    and "SC" PDF primitives
    https://bugs.ghostscript.com/show_bug.cgi?id=699671
    https://bugzilla.suse.com/show_bug.cgi?id=1107411 bsc#1107411
  * CVE-2018-16542: .definemodifiedfont memory corruption
    if /typecheck is handled
    https://bugs.ghostscript.com/show_bug.cgi?id=699668
    https://bugzilla.suse.com/show_bug.cgi?id=1107413 bsc#1107413
  * CVE-2018-16541 incorrect free logic in pagedevice replacement
    https://bugs.ghostscript.com/show_bug.cgi?id=699664
    https://bugzilla.suse.com/show_bug.cgi?id=1107421 bsc#1107421
  * CVE-2018-16540 use-after-free in copydevice handling
    https://bugs.ghostscript.com/show_bug.cgi?id=699661
    https://bugzilla.suse.com/show_bug.cgi?id=1107420 bsc#1107420
  * CVE-2018-16539: incorrect access checking in temp file
    handling to disclose contents of files
    https://bugs.ghostscript.com/show_bug.cgi?id=699658
    https://bugzilla.suse.com/show_bug.cgi?id=1107422 bsc#1107422
  * CVE-2018-16543: gssetresolution and gsgetresolution allow
    for unspecified impact
    https://bugs.ghostscript.com/show_bug.cgi?id=699670
    https://bugzilla.suse.com/show_bug.cgi?id=1107423 bsc#1107423
  * CVE-2018-16511: type confusion in "ztype" could be used by
    remote attackers able to supply crafted PostScript to crash
    the interpreter or possibly have unspecified other impact
    https://bugs.ghostscript.com/show_bug.cgi?id=699659
    https://bugzilla.suse.com/show_bug.cgi?id=1107426 bsc#1107426
  * CVE-2018-16585 .setdistillerkeys PostScript command is
    accepted even though it is not intended for use
    https://bugzilla.suse.com/show_bug.cgi?id=1107581 bsc#1107581
  * CVE-2018-16802: Incorrect"restoration of privilege" checking
    when running out of stack during exceptionhandling could be
    used by attackers able to supply crafted PostScript to execute
    code using the "pipe" instruction. This is due to an incomplete
    fix for CVE-2018-16509
    https://bugs.ghostscript.com/show_bug.cgi?id=699714
    https://bugs.ghostscript.com/show_bug.cgi?id=699718
    https://bugzilla.suse.com/show_bug.cgi?id=1108027 bnc#1108027
  Regarding what the above "should fix" means:
  PostScript is a general purpose Turing-complete programming
  language (cf. https://en.wikipedia.org/wiki/PostScript)
  that supports in particular file access on the system disk.
  When Ghostscript processes PostScript it runs a PostScript
  program as the user who runs Ghostscript.
  When Ghostscript processes an arbitrary PostScript file,
  the user who runs Ghostscript runs an arbitrary program
  which can do anything on the system where Ghostscript runs
  that this user is allowed to do on that system.
  To make it safer when Ghostscript runs a PostScript program
  the Ghostscript command line option '-dSAFER' disables
  certain file access functionality, for details see
  /usr/share/doc/ghostscript/9.25/Use.htm
  Its name 'SAFER' says everything: It makes it 'safer'
  to let Ghostscript run a PostScript program,
  but it does not make it completely safe.
  In theory software is safe against misuse (i.e. has no bugs).
  In practice there is an endless sequence of various kind of
  security issues (i.e. software can be misused to do more than
  what is intended) that get fixed issue by issue ad infinitum.
  In the end all that means:
  In practice the user who runs Ghostscript must not let it
  process arbitrary PostScript files from untrusted origin.
  In particular Ghostscript is usually run when printing
  documents (with the '-dSAFER' option set), see the part about
  "It is crucial to limit access to CUPS to trusted users" in
  https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- Version upgrade to 9.25rc1 (first release candidate for 9.25).
  Highlights in this release include:
  * This release fixes problems with argument handling, some
    unintended results of the security fixes to the SAFER file
    access restrictions (specifically accessing ICC profile files),
    and some additional security issues over the 9.24 release.
  * Security issues have been the primary focus of this release,
    including solving several (well publicised) real
    and potential exploits.
    PLEASE NOTE:
    We (i.e. Ghostscript upstream) strongly urge users to upgrade
    to this latest release to avoid these issues.
  * Avoid that ps2epsi fails with
    'Error: /undefined in --setpagedevice--'
    Recent changes required to harden SAFER mode mean that
    it is no longer possible to run ps2epsi in SAFER mode,
    because it relies upon unsafe Ghostscript non-standard
    extension operators.
    Removing SAFER and DELAYSAFER, and the code to reset SAFER,
    allow ps2epsi to run as well as it ever did (ie badly).
    This program (i.e. ps2epsi) should now be considered unsafe,
    you should not use it on untrusted PostScript programs.
    Likely we (i.e. Ghostscript upstream) will deprecate and
    remove this program in future.
  For details see the News.htm and History9.htm files.
  Regarding installing packages (in particular release candidates)
  from the openSUSE build service development project "Printing"
  see https://build.opensuse.org/project/show/Printing
- Version upgrade to 9.24
  Highlights in this release include:
  * Security issues have been the primary focus of this release,
    including solving several (well publicised)
    real and potential exploits.
    PLEASE NOTE:
    We (i.e. Ghostscript upstream) strongly urge users to upgrade
    to this latest release to avoid these issues.
  * As well as Ghostscript itself, jbig2dec has had a significant
    amount of work improving its robustness in the face of
    out specification files.
  * IMPORTANT: We (i.e. Ghostscript upstream) are in the process
    of forking LittleCMS. LCMS2 is not thread safe, and cannot
    be made thread safe without breaking the ABI. Our fork
    will be thread safe, and include performance enhancements
    (these changes have all be been offered and rejected upstream).
    We will maintain compatibility between Ghostscript and LCMS2
    for a time, but not in perpetuity. Our fork will be available
    as its own package separately from Ghostscript (and MuPDF).
  * The usual round of bug fixes, compatibility changes,
    and incremental improvements.
  For a release summary see:
  http://www.ghostscript.com/doc/9.24/News.htm
  For details see the News.htm and History9.htm files.
- fix_ln_docdir_gsdatadir.patch is no longer needed
  because the issue is fixed in the upstream sources.
- CVE-2018-10194.patch is no longer needed
  because the issue is fixed in the upstream sources.

==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
  test/Makefile.in as autoreconf does not work
- Backport of upstream fixes (boo#1108450)
  * gnutls-3.6.3-backport-upstream-fixes.patch
  Fixes taken from upstream commits:
  * * 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function")
  * * 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks")
  * * 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello")
  The patch was taken from https://github.com/weechat/weechat/issues/1231

==== haveged ====
Subpackages: libhavege1

- Add patch f2193587.patch from github pull request
  * Fix segfault on arm machines which do not eport the cache size
    or say it is -1 in sysfs
- Refresh patches

==== jack ====

- Remove unnecessary requires for libjack0 and remove obsolete
  comments.
- Use %license on "COPYING"
- Add upstream patch to fix return value check of mmap() (boo#1108981):
  fix-mmap-return-value-check.patch
- Update the waf code to the 2.0 series in order to work under
  python3.7 taken from upstream git:
  * jack-waf2.patch

==== libical ====
Version update (3.0.3 -> 3.0.4)

- Update to new upstream release 3.0.4
  * Silently fail RSCALE recurrence clauses when RSCALE is disabled
  * Fixed icalcomponent_set_comment() and icalcomponent_set_uid()
  * fix FREQ=MONTHLY;BYMONTH
  * Skip UTF-8 marker when parsing
  * Fix parsing ? in VCF files produced by Outlook
  * Fix TZID on DATE-TIME value can override time specified in UTC
  * CMake discovery module for ICU uses pkg-config now
  * New publicly available function: icalparameter_kind_is_valid()
  * Built-in timezones updated to tzdata2018e

==== libmusicbrainz5 ====

- Switch to %cmake macros
- Drop the test phase, it does nothing it just compiles file that
  can communicate with the musicbrainz server, which can't be
  validated in OBS

==== libreoffice ====
Version update (6.1.1.1 -> 6.1.2.1)
Subpackages: libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit

- Version update to 6.1.2.1:
  * 6.1.2 RC1
- Switch to serf from neon package that is quite dead
- Remove sysstray configure option as the code was removed
- Update to 6.1.1.2:
  * 6.1.1 RC2

==== lilv ====
Version update (0.24.2 -> 0.24.4)

- Version update to 0.24.4:
  * Fix saving state when broken links are encountered
  * Don't attempt to load remote or non-Turtle files
  * lv2apply: Activate plugin before running
  * lv2apply: Use default values when they are not nan
  * lv2bench: Improve support for plugins with sequence ports
  * lv2bench: Support running a single plugin given on the command line
  * Gracefully handle plugins with missing binary URIs
  * Remove use of deprecated readdir_r
  * Install Python bindings when configured without tests
    (thanks Clement Skau)

==== opusfile ====
Version update (0.10 -> 0.11)

- Version update to 0.11:
  * Fix two potential integer overflows. (These were not security-critical unless the compiler took the opportunity provided by the undefined behavior to format your hard drive.)
  * Allow JPEGs in METADATA_BLOCK_PICTURE tags to include EXIF data.
  * A few warning fixes for gcc 8.
  * Make opus_tags_copy return OP_EFAULT on failure instead of returning success.
  * Various integration and testing environment improvements.

==== perl-Convert-UUlib ====
Version update (1.4 -> 1.5)

- update to 1.4
  - fix a heap overflow (testcase by Krzysztof Wojta?).
  - on systems that support it (posix + mmap + map_anonymous),
    allocate all dynamic areas via mmap and put four guard
    pages around them, to catch similar heap overflows
    safely in the future.
  - find a safer way to pass in CC/CFLAGS to uulib.
  - added stability canary support.

==== perl-HTML-Format ====
Version update (2.11 -> 2.12)

- updated to 2.12
  see /usr/share/doc/packages/perl-HTML-Format/Changes
  2.12      2015-10-10 17:49:45+01:00 Europe/London
  - Minor test related fixes
  - Transition to using File::Slurper in place of File::Slurp
    Thanks to Karen Etheridge for the patch
  - Add Travis CI integration
- Cleaned with spec-cleaner

==== perl-LWP-Protocol-https ====
Version update (6.06 -> 6.07)

- 6.07      2017-02-19
  - Cleaned up the Changes log
  - Explicitly add hostname for SNI to start_SSL (GH PR#17)
  - Fix the license name
  - Update some documentation on SSL args
  - Fix bug when checking for Mozilla::CA (GH PR#29)
- Refreshed patch LWP-Protocol-https-6.04-systemca.diff
- Cleaned spec file with spec-cleaner

==== python-cffi ====
Subpackages: python2-cffi python3-cffi

- Add 3184b0a675fc425b821b528d7fdf744b2f08dadf.patch as
  a workardond against
  https://bitbucket.org/cffi/cffi/issues/378/ (possible bug in
  GCC, see https://bugzilla.redhat.com/1552724).
- Remove ignore-tests.patch -- testing what will happen
- Add e2e324a2f13e3a646de6f6ff03e90ed7d37e2636.patch from
  upstream to remove some warnings.
- Switch off falling tests with new patch
  ignore-tests.patch instead of -k parameter for py.test.
  https://bitbucket.org/cffi/cffi/issues/384/
- update to version 1.11.5:
  * Issue #357: fix ffi.emit_python_code() which generated a buggy
    Python file if you are using a struct with an anonymous union
    field or vice-versa.
  * Windows: ffi.dlopen() should now handle unicode filenames.
  * ABI mode: implemented ffi.dlclose() for the in-line case (it used
    to be present only in the out-of-line case).
  * Fixed a corner case for setup.py install --record=xx --root=yy
    with an out-of-line ABI module. Also fixed Issue #345.
  * More hacks on Windows for running CFFI?s own setup.py.
  * Issue #358: in embedding, to protect against (the rare case of)
    Python initialization from several threads in parallel, we have to
    use a spin-lock. On CPython 3 it is worse because it might
    spin-lock for a long time (execution of Py_InitializeEx()). Sadly,
    recent changes to CPython make that solution needed on CPython 2
    too.
  * CPython 3 on Windows: we no longer compile with Py_LIMITED_API by
    default because such modules cannot be used with virtualenv. Issue
    [#350] mentions a workaround if you still want that and are not
    concerned about virtualenv: pass a
    define_macros=[("Py_LIMITED_API", None)] to the
    ffibuilder.set_source() call.
- specfile:
  * delete patch cffi-loader.patch; included upstream
- update to version 1.11.4:
  * Windows: reverted linking with python3.dll, because virtualenv
    does not make this DLL available to virtual environments for
    now. See Issue #355. On Windows only, the C extension modules
    created by cffi follow for now the standard naming scheme
    foo.cp36-win32.pyd, to make it clear that they are regular CPython
    modules depending on python36.dll.
- changes from version 1.11.3:
  * Fix on CPython 3.x: reading the attributes __loader__ or __spec__
    from the cffi-generated lib modules gave a buggy
    SystemError. (These attributes are always None, and provided only
    to help compatibility with tools that expect them in all modules.)
  * More Windows fixes: workaround for MSVC not supporting large
    literal strings in C code (from
    ffi.embedding_init_code(large_string)); and an issue with
    Py_LIMITED_API linking with python35.dll/python36.dll instead of
    python3.dll.
  * Small documentation improvements.
- Add patch cffi-loader.patch to fix bsc#1070737
- Sort out with spec-cleaner
- update to version 1.11.2:
  * Fix Windows issue with managing the thread-state on CPython 3.0 to
    3.5
- Update pytest in spec to add c directory tests in addition to
  testing directory.
- Omit test_init_once_multithread tests as they rely on multiple
  threads finishing in a given time. Returns sporadic pass/fail
  within build.
- Update to 1.11.1:
  * Fix tests, remove deprecated C API usage
  * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
    extensions (cpython issue #29943)
  * Fix for 3.7.0a1+
- Update to 1.11.0:
  * Support the modern standard types char16_t and char32_t. These
    work like wchar_t: they represent one unicode character, or when
    used as charN_t * or charN_t[] they represent a unicode string.
    The difference with wchar_t is that they have a known, fixed
    size. They should work at all places that used to work with
    wchar_t (please report an issue if I missed something). Note
    that with set_source(), you need to make sure that these types
    are actually defined by the C source you provide (if used in
    cdef()).
  * Support the C99 types float _Complex and double _Complex. Note
    that libffi doesn?t support them, which means that in the ABI
    mode you still cannot call C functions that take complex
    numbers directly as arguments or return type.
  * Fixed a rare race condition when creating multiple FFI instances
    from multiple threads. (Note that you aren?t meant to create
    many FFI instances: in inline mode, you should write
    ffi = cffi.FFI() at module level just after import cffi; and in
    out-of-line mode you don?t instantiate FFI explicitly at all.)
  * Windows: using callbacks can be messy because the CFFI internal
    error messages show up to stderr?but stderr goes nowhere in many
    applications. This makes it particularly hard to get started
    with the embedding mode. (Once you get started, you can at least
    use @ffi.def_extern(onerror=...) and send the error logs where
    it makes sense for your application, or record them in log
    files, and so on.) So what is new in CFFI is that now, on
    Windows CFFI will try to open a non-modal MessageBox (in addition
    to sending raw messages to stderr). The MessageBox is only
    visible if the process stays alive: typically, console
    applications that crash close immediately, but that is also the
    situation where stderr should be visible anyway.
  * Progress on support for callbacks in NetBSD.
  * Functions returning booleans would in some case still return 0
    or 1 instead of False or True. Fixed.
  * ffi.gc() now takes an optional third parameter, which gives an
    estimate of the size (in bytes) of the object. So far, this is
    only used by PyPy, to make the next GC occur more quickly
    (issue #320). In the future, this might have an effect on
    CPython too (provided the CPython issue 31105 is addressed).
  * Add a note to the documentation: the ABI mode gives function
    objects that are slower to call than the API mode does. For
    some reason it is often thought to be faster. It is not!
- Update to 1.10.1:
  * Fixed the line numbers reported in case of cdef() errors. Also,
    I just noticed, but pycparser always supported the preprocessor
    directive # 42 "foo.h" to mean ?from the next line, we?re in
    file foo.h starting from line 42?, which it puts in the error
    messages.
- update to 1.10.0:
  * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
  to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)
  where most of the time you never touch most of the array.
  * Some OS/X build fixes (?only with Xcode but without CLT?).
  * Improve a couple of error messages: when getting mismatched versions of
    cffi and its backend; and when calling functions which cannot be called with
    libffi because an argument is a struct that is ?too complicated? (and not
    a struct pointer, which always works).
  * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)
  * Implemented the remaining cases for ffi.from_buffer. Now all
    buffer/memoryview objects can be passed. The one remaining check is against
    passing unicode strings in Python 2. (They support the buffer interface, but
    that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
    times not what you expect. In Python 3 this has been fixed and the unicode
    strings don?t support the memoryview interface any more.)
  * The C type _Bool or bool now converts to a Python boolean when reading,
    instead of the content of the byte as an integer. The potential
    incompatibility here is what occurs if the byte contains a value different
    from 0 and 1. Previously, it would just return it; with this change, CFFI
    raises an exception in this case. But this case means ?undefined behavior?
    in C; if you really have to interface with a library relying on this,
    don?t use bool in the CFFI side. Also, it is still valid to use a byte
    string as initializer for a bool[], but now it must only contain \x00 or
    \x01. As an aside, ffi.string() no longer works on bool[] (but it never made
    much sense, as this function stops at the first zero).
  * ffi.buffer is now the name of cffi?s buffer type, and ffi.buffer() works
    like before but is the constructor of that type.
  * ffi.addressof(lib, "name") now works also in in-line mode, not only in
    out-of-line mode. This is useful for taking the address of global variables.
  * Issue #255: cdata objects of a primitive type (integers, floats, char) are
    now compared and ordered by value. For example, <cdata 'int' 42> compares
    equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
    <cdata 'int' -1> does not compare equal to ffi.cast("unsigned int", -1): it
    compares smaller, because -1 < 4294967295.
  * PyPy: ffi.new() and ffi.new_allocator()() did not record ?memory pressure?,
    causing the GC to run too infrequently if you call ffi.new() very often
    and/or with large arrays. Fixed in PyPy 5.7.
  * Support in ffi.cdef() for numeric expressions with + or -. Assumes that
    there is no overflow; it should be fixed first before we add more general
    support for arbitrary arithmetic on constants.
- do not generate HTML documentation for packages that are indirect
  dependencies of Sphinx
  (see docs at https://cffi.readthedocs.org/ )
- update to 1.9.1
  - Structs with variable-sized arrays as their last field: now we track the
    length of the array after ffi.new() is called, just like we always tracked
    the length of ffi.new("int[]", 42). This lets us detect out-of-range
    accesses to array items. This also lets us display a better repr(), and
    have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
    both functions would return a result based on the size of the declared
    structure type, with an assumed empty array. (Thanks andrew for starting
    this refactoring.)
  - Add support in cdef()/set_source() for unspecified-length arrays in
    typedefs: typedef int foo_t[...];. It was already supported for global
    variables or structure fields.
  - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has
    no values explicitly defined: refusing to guess which integer type it is
    meant to be (unsigned/signed, int/long). Now I?m turning it back to a
    warning again; it seems that guessing that the enum has size int is a
    99%-safe bet. (But not 100%, so it stays as a warning.)
  - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
    remaining issue that is hard to fix: if you pass a Python file object to a
    FILE * argument, then os.dup() is used and the new file descriptor is only
    closed when the GC reclaims the Python file object?and not at the earlier
    time when you call close(), which only closes the original file descriptor.
    If this is an issue, you should avoid this automatic convertion of Python
    file objects: instead, explicitly manipulate file descriptors and call
    fdopen() from C (...via cffi).
  - When passing a void * argument to a function with a different pointer type,
    or vice-versa, the cast occurs automatically, like in C. The same occurs
    for initialization with ffi.new() and a few other places. However, I
    thought that char * had the same property?but I was mistaken. In C you get
    the usual warning if you try to give a char * to a char ** argument, for
    example. Sorry about the confusion. This has been fixed in CFFI by giving
    for now a warning, too. It will turn into an error in a future version.
  - Issue #283: fixed ffi.new() on structures/unions with nested anonymous
    structures/unions, when there is at least one union in the mix. When
    initialized with a list or a dict, it should now behave more closely like
    the { } syntax does in GCC.
  - CPython 3.x: experimental: the generated C extension modules now use the
    ?limited API?, which means that, as a compiled .so/.dll, it should work
    directly on any version of CPython >= 3.2. The name produced by distutils
    is still version-specific. To get the version-independent name, you can
    rename it manually to NAME.abi3.so, or use the very recent setuptools 26.
  - Added ffi.compile(debug=...), similar to python setup.py build --debug but
    defaulting to True if we are running a debugging version of Python itself.
  - Removed the restriction that ffi.from_buffer() cannot be used on byte
    strings. Now you can get a char * out of a byte string, which is valid as
    long as the string object is kept alive. (But don?t use it to modify the
    string object! If you need this, use bytearray or other official
    techniques.)
  - PyPy 5.4 can now pass a byte string directly to a char * argument (in older
    versions, a copy would be made). This used to be a CPython-only
    optimization.
  - ffi.gc(p, None) removes the destructor on an object previously created by
    another call to ffi.gc()
  - bool(ffi.cast("primitive type", x)) now returns False if the value is zero
    (including -0.0), and True otherwise. Previously this would only return
    False for cdata objects of a pointer type when the pointer is NULL.
  - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
    it was not supported was that it was hard to do in PyPy, but it works since
    PyPy 5.3.) To call a C function with a char * argument from a buffer
    object?now including bytearrays?you write lib.foo(ffi.from_buffer(x)).
    Additionally, this is now supported: p[0:length] = bytearray-object. The
    problem with this was that a iterating over bytearrays gives numbers
    instead of characters. (Now it is implemented with just a memcpy, of
    course, not actually iterating over the characters.)
  - C++: compiling the generated C code with C++ was supposed to work, but
    failed if you make use the bool type (because that is rendered as the C
    _Bool type, which doesn?t exist in C++).
  - help(lib) and help(lib.myfunc) now give useful information, as well as
    dir(p) where p is a struct or pointer-to-struct.
- drop upstreamed python-cffi-avoid-bitshifting-negative-int.patch
- update for multipython build
- Add python-cffi-avoid-bitshifting-negative-int.patch to actually
  fix the "negative left shift" warning by replacing bitshifting
  in appropriate places by bitwise and comparison to self; patch
  taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no
  longer required.
- disable "negative left shift" warning in test suite to prevent
  failures with gcc6, until upstream fixes the undefined code
  in question (boo#981848, cffi-1.5.2-wnoerror.patch)
- Update to version 1.6.0:
  * ffi.list_types()
  * ffi.unpack()
  * extern ?Python+C?
  * in API mode, lib.foo.__doc__ contains the C signature now.
  * Yet another attempt at robustness of ffi.def_extern() against
    CPython?s interpreter shutdown logic.
- update to 1.5.2
  * support for cffi-based embedding
  * more robustness for shutdown logic
- update to version 1.4.2:
  * Nothing changed from v1.4.1.
- changes from version 1.4.1:
  * Fix the compilation failure of cffi on CPython 3.5.0. (3.5.1
    works; some detail changed that makes some underscore-starting
    macros disappear from view of extension modules, and I worked
    around it, thinking it changed in all 3.5 versions?but no: it was
    only in 3.5.1.)
- changes from version 1.4.0:
  * A better way to do callbacks has been added (faster and more
    portable, and usually cleaner). It is a mechanism for the
    out-of-line API mode that replaces the dynamic creation of
    callback objects (i.e. C functions that invoke Python) with the
    static declaration in cdef() of which callbacks are needed. This
    is more C-like, in that you have to structure your code around the
    idea that you get a fixed number of function pointers, instead of
    creating them on-the-fly.
  * ffi.compile() now takes an optional verbose argument. When True,
    distutils prints the calls to the compiler.
  * ffi.compile() used to fail if given sources with a path that
    includes "..". Fixed.
  * ffi.init_once() added. See docs.
  * dir(lib) now works on libs returned by ffi.dlopen() too.
  * Cleaned up and modernized the content of the demo subdirectory in
    the sources (thanks matti!).
  * ffi.new_handle() is now guaranteed to return unique void * values,
    even if called twice on the same object. Previously, in that case,
    CPython would return two cdata objects with the same void *
    value. This change is useful to add and remove handles from a
    global dict (or set) without worrying about duplicates. It already
    used to work like that on PyPy. This change can break code that
    used to work on CPython by relying on the object to be kept alive
    by other means than keeping the result of ffi.new_handle()
    alive. (The corresponding warning in the docs of ffi.new_handle()
    has been here since v0.8!)
- changes from version 1.3.1:
  * The optional typedefs (bool, FILE and all Windows types) were not
    always available from out-of-line FFI objects.
  * Opaque enums are phased out from the cdefs: they now give a
    warning, instead of (possibly wrongly) being assumed equal to
    unsigned int. Please report if you get a reasonable use case for
    them.
  * Some parsing details, notably volatile is passed along like const
    and restrict. Also, older versions of pycparser mis-parse some
    pointer-to-pointer types like char * const *: the ?const? ends up
    at the wrong place. Added a workaround.
- changes from version 1.3.0:
  * Added ffi.memmove().
  * Pull request #64: out-of-line API mode: we can now declare
    floating-point types with typedef float... foo_t;. This only works
    if foo_t is a float or a double, not long double.
  * Issue #217: fix possible unaligned pointer manipulation, which
    crashes on some architectures (64-bit, non-x86).
  * Issues #64 and #126: when using set_source() or verify(), the
    const and restrict keywords are copied from the cdef to the
    generated C code; this fixes warnings by the C compiler. It also
    fixes corner cases like typedef const int T; T a; which would
    previously not consider a as a constant. (The cdata objects
    themselves are never const.)
  * Win32: support for __stdcall. For callbacks and function pointers;
    regular C functions still don?t need to have their calling
    convention declared.
  * Windows: CPython 2.7 distutils doesn?t work with Microsoft?s
    official Visual Studio for Python, and I?m told this is not a
    bug. For ffi.compile(), we removed a workaround that was inside
    cffi but which had unwanted side-effects. Try saying import
    setuptools first, which patches distutils...
- Update to version 1.2.1
  * No changes entry for this version
- Changes from version 1.2.0
  * Out-of-line mode: ``int a[][...];`` can be used to declare a structure
    field or global variable which is, simultaneously, of total length
    unknown to the C compiler (the ``a[]`` part) and each element is
    itself an array of N integers, where the value of N   *is  * known to the
    C compiler (the ``int`` and ``[...]`` parts around it).    Similarly,
    ``int a[5][...];`` is supported (but probably less useful: remember
    that in C it means ``int (a[5])[...];``).
  * PyPy: the ``lib.some_function`` objects were missing the attributes
    ``__name__``, ``__module__`` and ``__doc__`` that are expected e.g. by
    some decorators-management functions from ``functools``.
  * Out-of-line API mode: you can now do ``from _example.lib import x``
    to import the name ``x`` from ``_example.lib``, even though the
    ``lib`` object is not a standard module object.    (Also works in ``from
    _example.lib import   *``, but this is even more of a hack and will fail
    if ``lib`` happens to declare a name called ``__all__``.    Note that
    ``  *`` excludes the global variables; only the functions and constants
    make sense to import like this.)
  * ``lib.__dict__`` works again and gives you a copy of the
    dict---assuming that ``lib`` has got no symbol called precisely
    ``__dict__``.    (In general, it is safer to use ``dir(lib)``.)
  * Out-of-line API mode: global variables are now fetched on demand at
    every access.    It fixes issue #212 (Windows DLL variables), and also
    allows variables that are defined as dynamic macros (like ``errno``)
    or ``__thread`` -local variables.    (This change might also tighten
    the C compiler's check on the variables' type.)
  * Issue #209: dereferencing NULL pointers now raises RuntimeError
    instead of segfaulting.    Meant as a debugging aid.    The check is
    only for NULL: if you dereference random or dead pointers you might
    still get segfaults.
  * Issue #152: callbacks__: added an argument ``ffi.callback(...,
    onerror=...)``.    If the main callback function raises an exception
    and ``onerror`` is provided, then ``onerror(exception, exc_value,
    traceback)`` is called.    This is similar to writing a ``try:
    except:`` in the main callback function, but in some cases (e.g. a
    signal) an exception can occur at the very start of the callback
    function---before it had time to enter the ``try: except:`` block.
  * Issue #115: added ``ffi.new_allocator()``, which officializes
    support for `alternative allocators`__.
    .. __: using.html#callbacks
    .. __: using.html#alternative-allocators
- update to version 1.1.0 (fate#318838):
  * Out-of-line API mode: we can now declare integer types with
    typedef int... foo_t;. The exact size and signedness of foo_t
    is figured out by the compiler.
  * Out-of-line API mode: we can now declare multidimensional
    arrays (as fields or as globals) with int n[...][...]. Before,
    only the outermost dimension would support the ... syntax.
  * Out-of-line ABI mode: we now support any constant declaration,
    instead of only integers whose value is given in the cdef. Such
    ?new? constants, i.e. either non-integers or without a value
    given in the cdef, must correspond to actual symbols in the
    lib. At runtime they are looked up the first time we access
    them. This is useful if the library defines extern const
    sometype somename;.
  * ffi.addressof(lib, "func_name") now returns a regular cdata
    object of type ?pointer to function?. You can use it on any
    function from a library in API mode (in ABI mode, all functions
    are already regular cdata objects). To support this, you need
    to recompile your cffi modules.
  * Issue #198: in API mode, if you declare constants of a struct
    type, what you saw from lib.CONSTANT was corrupted.
  * Issue #196: ffi.set_source("package._ffi", None) would
    incorrectly generate the Python source to package._ffi.py
    instead of package/_ffi.py. Also fixed: in some cases, if the C
    file was in build/foo.c, the .o file would be put in
    build/build/foo.o.
- additional changes from version 1.0.3:
  * Same as 1.0.2, apart from doc and test fixes on some platforms
- additional changes from version 1.0.2:
  * Variadic C functions (ending in a ?...? argument) were not
    supported in the out-of-line ABI mode. This was a bug?there was
    even a (non-working) example doing exactly that!
- additional changes from version 1.0.1:
  * ffi.set_source() crashed if passed a sources=[..] argument.
    Fixed by chrippa on pull request #60.
  * Issue #193: if we use a struct between the first cdef() where
    it is declared and another cdef() where its fields are defined,
    then this definition was ignored.
  * Enums were buggy if you used too many ?...? in their definition
- additional changes from version 1.0.0:
  * The main news item is out-of-line module generation:
    + for ABI level, with ffi.dlopen()
    + for API level, which used to be with ffi.verify(), now
    deprecated
- add python-cffi-rpmlintrc: cffi specifically installs C headers
  in site-packages
- add new test dependency gcc-c++
- skip the tests on SLE11 since they fail on i586
- Update to 0.9.2
  * No upstream changelog
    See https://bitbucket.org/cffi/cffi/commits/all for a list of
    commits
- Update to 0.8.6
  * No upstream changelog
    See https://bitbucket.org/cffi/cffi/commits/all for a list of
    commits
- update to 0.8.2
  * minor bugfixes
- remove cffi-pytest-integration.patch as it is no longer necessary
- Require libffi43-devel on SLE_11_SP2 instead of using pkg-config to fix build
- update to 0.8.1
  * fixes on Python 3 on OS/X, and some FreeBSD fixes (thanks Tobias)
- added a note wrt disabled tests
- add cffi-pytest-integration.patch: allowinf call pytest from setup.py
- update to 0.8
  * integrated support for C99 variable-sized structures
  * multi-thread safety
  * ffi.getwinerror()
  * a number of small fixes
- Require python-setuptools instead of distribute (upstreams merged)
- use pkgconfig(libffi) to get the most recent ffi
- Update to 0.7.2
  * add implicit bool
  * standard names are handled as defaults in cdef declarations
  * enum types follow GCC rules and not just int
  * supports simple slices x[start:stop]
  * enums are handled like ints
  * new ffi.new_handle(python_object)
  * and various bugfixes
- Initial version

==== python-matplotlib ====
Version update (2.2.3 -> 3.0.0)
Subpackages: python3-matplotlib python3-matplotlib-cairo python3-matplotlib-gtk3

- Update to version 3.0.0
  * Improved default backend selection
  * Cyclic colormaps
  * Ability to scale axis by a fixed order of magnitude
  * Add AnchoredDirectionArrows feature to mpl_toolkits
  * Add minorticks_on()/off() methods for colorbar
  * Colorbar ticks can now be automatic
  * Don't automatically rename duplicate file names
  * Legend now has a *title_fontsize* kwarg (and rcParam)
  * Support for axes.prop_cycle property *markevery* in rcParams
  * Multipage PDF support for pgf backend
  * Pie charts are now circular by default
  * Add ax.get_gridspec to .SubplotBase
  * Axes titles will no longer overlap xaxis
  * New convenience methods for GridSpec
  * Figure has an ~.figure.Figure.add_artist method
  * math directive renamed to mathmpl
- Python 2 support was dropped upstream, so disable it in the spec
  file and drop python2-specific parts.
- Enable wx backend for python 3, since python 3 is now supported
  by wxPython upstream.

==== snapper ====
Subpackages: libsnapper4 snapper-zypp-plugin

- avoid setenv after fork (bsc#1107587)

==== sqlite3 ====
Version update (3.24.0 -> 3.25.0)
Subpackages: libsqlite3-0 libsqlite3-0-32bit

- SQLite 3.25.0:
  * Add support for window functions
  * Add support for renaming columns within a table
  * Query optimizer improvements
  * slightly better concurrency in multi-threaded environments
  * The ORDER BY LIMIT optimization might have caused an infinite
    loop in the byte code of the prepared statement under very
    obscure circumstances, due to a confluence of minor defects in
    the query optimizer

==== sssd ====
Version update (1.16.2 -> 2.0.0)
Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap

- Update to new upstream release 2.0.0
  * The Python API for managing users and groups in local domains
    (id_provider=local) was removed completely. The local
    provider (id_provider=local) and the command line tools to
    manage users and groups in the local domains, such as
    sss_useradd is not built anymore.
  * The LDAP provider had a special-case branch for evaluating
    group memberships with the RFC2307bis schema when group
    nesting was explicitly disabled. This codepath is removed.
  * The "ldap_sudo_include_regexp" option changed its default
    value from true to false. Wildcards in the sudoHost LDAP
    attribute are no longer evaluated. This was costly to
    evaluate on the LDAP server side and at the same time rarely
    used.
  * The list of PAM services which are allowed to authenticate
    using a Smart Card is now configurable using a new option
    pam_p11_allowed_services.
- Update to upstream release 1.16.3
  * New Features:
  * kdcinfo files for informing krb5 about discovered KDCs are
    now also generated for trusted domains in setups that use
    id_provider=ad and IPA masters in a trust relationship with
    an AD domain.
  * The Kerberlos locator plugin can now process multiple
    address if SSSD generates more than one. A
  * Bug fixes:
  * Fixed information leak due to incorrect permissions on
    /var/lib/sss/pipes/sudo [CVE-2018-10852, bsc#1098377]
  * Cached password are now stored with a salt. Old ones will be
    regenerated on next authentication, and the auth server needs
    to be reachable for that.
  * The sss_ssh proces leaked file descriptors when converting
    more than one X.509 certificate to an SSH public key.
  * The PAC responder is now able to process Domain Local in case
    the PAC uses SID compression (Windows Server 2012+).
  * Address the issue that some versions of OpenSSH would close
    the pipe towards sss_ssh_authorizedkeys when the matching key
    is found before the rest of the output is read.
  * User lookups no longer fail if user's e-mail address
    conflicts with another user's fully qualified name.
  * The override_shell and override_homedir options are no longer
    applied to entries from the files domain.
  * The grace logins with an expired password when authenticating
    against certain newer versions of the 389DS/RHDS LDAP server
    did not work.
- Removed patches that are included upstream now:
  0001-SUDO-Create-the-socket-with-stricter-permissions.patch,
  0002-intg-Do-not-hardcode-nsslibdir.patch,
  0003-Fix-build-for-1-16-2-version.patch

==== swig ====

- Add patches to build with python 3.7 properly:
  * swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_ConvertF.patch
  * swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_FixMetho.patch
  * swig-3.0.12-Coverity-fix-issue-reported-for-wrapper-argument-che.patch
  * swig-3.0.12-Fix-Coverity-issue-reported-for-setslice-pycontainer.patch
  * swig-3.0.12-Fix-generated-code-for-constant-expressions-containi.patch
  * swig-3.0.12-fix-collections.patch
- Use version req to check for 1500 instead for non-existing release
- Move to generic requires those that are true under both conditions
- Use autopatch to apply all the patches at once

==== unbound ====
Version update (1.7.3 -> 1.8.0)
Subpackages: libunbound2 unbound-anchor

- update to 1.8.0:
  Number of bug fixes, a list of features added and some defaults changed.
  Features
- unbound-control auth_zone_reload _zone_ option rereads the zonefile.
- unbound-control auth_zone_transfer _zone_ option starts the probe
  sequence for a master to transfer the zone from and transfers when
  a new zone version is available.
- num.queries.tls counter for queries over TLS.
- log port number with err_addr logs.
- dns64-ignore-aaaa: config option to list domain names for which the
  existing AAAA is ignored and dns64 processing is used on the A
  record.
- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass
  if DNSSEC is not enabled.  New option -R allows fallback from
  resolv.conf to direct queries.
- Note RFC8162 support.  SMIMEA record type can be read in by the
  zone record parser.
- Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
- Add config tcp-idle-timeout (default 30s). This applies to
  client connections only; the timeout on TCP connections upstream
  is unaffected.
- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options
  and implement option in client responses.
- Add delay parameter to streamtcp, -d secs.
  To be used when testing idle timeout.
- Expose if a query (or a subquery) was ratelimited (not src IP
  ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
  This also introduces a change to 'ub_event_callback_type' in
  libunbound/unbound-event.h.
- Patch to implement tcp-connection-limit from Jim Hague (Sinodun).
  This limits the number of simultaneous TCP client connections
  from a nominated netblock.
- Fix #4142: unbound.service.in: improvements and fixes.
  Add unit dependency ordering (based on systemd-resolved).
  Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings
  about missing privileges during startup). Add 'AF_INET6' to
  'RestrictAddressFamilies' (without it IPV6 can't work). From
  Guido Shanahan.
- unbound-checkconf checks if modules exist and prints if they are
  not compiled in the name of the wrong module.
- Patch for stub-no-cache and forward-no-cache options that disable
  caching for the contents of that stub or forward, for when you
  want immediate changes visible, from Bjoern A. Zeeb.
- Upgraded crosscompile script to include libunbound DLL in the
  zipfile.
- Set libunbound to increase current, because the libunbound change
  to the event callback function signature.  That needs programs,
  that use it, to recompile against the new header definition.
- log-servfail: yes prints log lines that say why queries are
  returning SERVFAIL to clients.
- log-local-actions: yes option for unbound.conf that logs all the
  local zone actions, a patch from Saksham Manchanda (Secure64).
- #4146: num.query.subnet and num.query.subnet_cache counters.
- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This
  gives access to reply information for the client's communication
  point when the callback is called before the mesh state (modules).
  Changes to C and Python's inplace_callback signatures were also
  necessary.
- Set defaults to yes for a number of options to increase speed and
  resilience of the server.  The so-reuseport, harden-below-nxdomain,
  and minimal-responses options are enabled by default.  They used
  to be disabled by default, waiting to make sure they worked.  They
  are enabled by default now, and can be disabled explicitly by
  setting them to "no" in the unbound.conf config file.  The reuseport
  and minimal options increases speed of the server, and should be
  otherwise harmless.  The harden-below-nxdomain option works well
  together with the recently default enabled qname minimisation, this
  causes more fetches to use information from the cache.
- Added serve-expired-ttl and serve-expired-ttl-reset options.
  Bug Fixes
- Windows example service.conf edited with more windows specific
  configuration.
- #4108: systemd reload hang fix.
- Fix usage printout for unbound-host, hostname has to be last
  argument on BSDs and Windows.
- Partial fix for permission denied on IPv6 address on FreeBSD.
- Fix that auth-zone master reply with current SOA serial does not
  stop scan of masters for an updated zone.
- Fix that auth-zone does not start the wait timer without checking
  if the wait timer has already been started.
- #4109: Fix that package config depends on python unconditionally.
- Patch, do not export python from pkg-config, from Petr Men?ík.
- Fix checking for libhiredis printout in configure output.
- Fix typo on man page in ip-address description.
- Update libunbound/python/examples/dnssec_test.py example code to
  also set the 20326 trust anchor for the root in the example code.
- Better documentation for unblock-lan-zones and insecure-lan-zones
  config statements.
- Fix permission denied printed for auth zone probe random port nrs.
- Fix documentation ambiguity for tls-win-cert in tls-upstream and
  forward-tls-upstream docs.
- iana port update.
- Fix round robin for failed addresses with prefer-ip6: yes
- Note in documentation that the cert name match code needs
  OpenSSL 1.1.0 or later to be enabled.
- Fix to improve systemd socket activation code file descriptor
  assignment.
- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
  easily changed to adjust default rtt assumptions.
- Fix #4127 unbound -h does not list -p help.
- Print error if SSL name verification configured but not available
  in the ssl library.
- Fix that ratelimit and ip-ratelimit are applied after reload of
  changed config file.
- Resize ratelimit and ip-ratelimit caches if changed on reload.
- Fix #4129 unbound-control error message with wrong cert permissions
  is too cryptic.
- Fix #4130: print text describing -dd and unbound-checkconf on
  config file read error at startup, the errors may have been moved
  away by the startup process.
- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
- Fix use-systemd readiness signalling, only when use-systemd is yes
  and not in signal handler.
- Fix #4135: 64-bit Windows Installer Creates Entries Under The
  Wrong Registry Key, reported by Brian White.
- Fix man page, say that chroot is enabled by default.
- Sort out test runs when the build directory isn't the project
  root directory.
- Error if EDNS Keepalive received over UDP.
- Correct and expand manual page entries for keepalive and idle timeout.
- Implement progressive backoff of TCP idle/keepalive timeout.
- Fix 'make depend' to work when build dir is not project root.
- Fix #4139: Fix unbound-host leaks memory on ANY.
- Fix to remove systemd sockaddr function check, that is not
  always present.  Make socket activation more lenient.  But not
  different when socket activation is not used.
- Fix #4136: insufficiency from mismatch of FLEX capability between
  released tarball and build host.  Fix to unconditionally call
  destroy in daemon.c.
- Make capsforid fallback QNAME minimisation aware.
- document --enable-subnet in doc/README.
- Fix #4144: dns64 module caches wrong (negative) information.
- Fix that printout of error for cycle targets is a verbosity 4
  printout and does not wrongly print it is a memory error.
- Fix segfault in auth-zone read and reorder of RRSIGs.
- Fix contrib/fastrpz.patch.
- Fix warning on compile without threads.
- print servfail info to log as error.
- added more servfail printout statements, to the iterator.
- Fix classification for QTYPE=CNAME queries when QNAME minimisation is
  enabled.
- Fix only misc failure from log-servfail when val-log-level is not
  enabled.
- Fix lintflags for lint on FreeBSD.
- Fix that a local-zone with a local-zone-type that is transparent
  in a view with view-first, makes queries check for answers from the
  local-zones defined outside of views.

==== usbredir ====
Version update (0.7.1 -> 0.8.0)
Subpackages: libusbredirhost1 libusbredirparser1

- Update to version 0.8.0
  + usbredirfilter:
  - Fix busy wait due endless recursion when interface_count is zero
  + usbredirhost:
  - Fix leak on error
  + usbredirserver:
  - Use 'busnum-devnum' instead of 'usbbus-usbaddr'
  - Add support for bind specific address -4 for ipv4, -6 for ipv6
  - Reject empty vendorid from command line
  - Enable TCP keepalive

==== yast2-python-bindings ====
Version update (4.0.4 -> 4.0.5)

- Fix Id construction for python2, use items instead of iteritems
  for python2/python3 compatability; (bsc#1108558).
- Switched license in spec file from SPDX2 to SPDX3 format.