Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20220206 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (21.3.4 -> 21.3.5) Mesa-drivers (21.3.4 -> 21.3.5) argyllcms (2.2.0 -> 2.3.0) avahi cyrus-sasl dosfstools dracut (055+suse.194.gdd41932a -> 055+suse.226.g44139dde) gcr gnome-bluetooth gnome-control-center gnome-shell gnome-tweaks gstreamer-plugins-bad libcontainers-common libqt5-qtbase libqt5-qtwayland libusb-1_0 (1.0.24 -> 1.0.25) libxkbcommon (1.3.1 -> 1.4.0) llvm13 (13.0.0 -> 13.0.1) lvm2 lvm2-device-mapper malcontent (0.10.1 -> 0.10.3) patterns-microos procps python-Pillow (8.4.0 -> 9.0.1) python-SQLAlchemy (1.4.29 -> 1.4.31) python-more-itertools (8.10.0 -> 8.12.0) python-oauthlib (3.1.1 -> 3.2.0) python-pysmbc re2 (20211101 -> 20220201) systemd xwayland (21.1.4 -> 22.0.99.902) === Details === ==== Mesa ==== Version update (21.3.4 -> 21.3.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.3.5 * bugfix release: mostly Zink fixes ==== Mesa-drivers ==== Version update (21.3.4 -> 21.3.5) Subpackages: Mesa-dri Mesa-gallium - update to 21.3.5 * bugfix release: mostly Zink fixes ==== argyllcms ==== Version update (2.2.0 -> 2.3.0) - Update to version 2.3.0: * Fixed spotread -YL (i1Pro1/2 lamp remediation) to function even if calibration is impossible due to the white reference being out of tolerance. * Fix SpyderX faulty initial black calibration * Added icomuf_reset_before_close flag for SpyderX, as some versions of the instrument have been reported to lock up after use. * Modified the ArgyllCMS CIECAM02 implementation to include a blue hue linearization tweak, to improve the "blue goes purple" effect when gamut mapping or clipping highly saturated blues to smaller gamuts. * Added spotread -Y y option that forces the listing of instrument specific display calibrations in the usage, even for serial instruments. * Removed native i1d3 C6 instrument support as a favor to X-Rite. * Improved cxf2ti3 so that it should cope with XML that uses "Colour" spelling rather than "Color". * Added I1D3_ESCAPE environment variable to allow a user to potentialy use any current or future OEM coded i1d3 instrument. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Change to systemd-sysusers ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - cyrus-sasl: prevent fail of %pre when berkely db utils are not installed (seems like we want to use this only for upgrade so no Prereq added) - move license to licensedir - remove use of RPM_BUILD_ROOT - minimal spec cleanups - avoid bashisms ==== dosfstools ==== - Drop vim BuildRequires: the test suite passes without it present. ==== dracut ==== Version update (055+suse.194.gdd41932a -> 055+suse.226.g44139dde) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.226.g44139dde: * fix(zfcp_rules): remove collect based udev rule creators * fix(dasd_rules): remove collect based udev rule creators * fix(kernel-modules-extra): handle zstd module extension * fix(ifcfg): add SUSE specific write-ifcfg file (bsc#1193518) * fix(dracut-functions): skip iSCSI sessions without initiatorname (bsc#1195011) * fix(dracut-functions.sh): ip route parsing (bsc#1195011) * fix(fips): missing sourcing of dracut-lib * fix(fips): wrong error message * fix(network-legacy): install only existing SUSE specific files (bsc#1194879) * fix(network-legacy): set dhclient as optional (bsc#1194879) * fix(40network): consistent use of "$gw" for gateway (bsc#1192685) * fix(multipathd-configure.service): drop unneeded dependencies * fix(multipath): check if mpathconf is available * fix(multipathd.service): drop dependencies on iscsi and iscsid * fix(multipathd.service): adapt to upstream multipath-tools unit file * fix(multipathd.service): remove dependency on systemd-udev-settle * fix(fips): avoid shellcheck warnings * fix(fips): get _vmname value only if it is needed * fix(fips.sh): respect rd.fips.skipkernel * fix(fips): alignment with the upstream format ==== gcr ==== Subpackages: gcr-data gcr-prompter gcr-ssh-askpass libgck-1-0 libgcr-3-1 typelib-1_0-Gck-1 typelib-1_0-Gcr-3 - Add b3ca1d02bb0148ca787ac4aead164d7c8ce2c4d8.patch: Fix build with meson 060.0 and newer. ==== gnome-bluetooth ==== Subpackages: libgnome-bluetooth13 typelib-1_0-GnomeBluetooth-1_0 - Add 755fd758f866d3a3f7ca482942beee749f13a91e.patch Fix build with meson 0.61 and newer. ==== gnome-control-center ==== Subpackages: gnome-control-center-goa - Add 4f64deb5f1bc7b83fcc4381b7dbbaf71ad4a77c8.patch: Fix build with meson 0.61.0 and newer. - Add 496c719d7b1492b54c34ace648feb3802f34f774.patch: Remove duplicate line from .desktop file - Drop some ancient Provides and Obsoletes that are no longer needed: acme, fontilus, themus, control-center2, control-center2-devel, gnome-control-center-branding, gnome-control-center-branding-openSUSE and gnome-control-center-branding-upstream. - Update our Supplements to current standard. ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Disable gs-fate318433-prevent-same-account-multi-logins.patch: temporarily disable it to workaround a regression of remote connection (bsc#1195141). ==== gnome-tweaks ==== - Add 86.patch: Fix build with meson 0.60.0 and newer. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Go back to using pkgconfig(fdk-aac) BuildRequires. ==== libcontainers-common ==== - Update storage to 1.38.2 - Update image to 5.19.1 - Update Podman to 3.4.4 - Update common to 0.47.3 ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Add patch to avoid unintentionally using binaries from CWD (boo#1195386, CVE-2022-23853): * 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch ==== libqt5-qtwayland ==== Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Add patches to fix applications not updating after some time (kde#449163): * 0001-Client-Remove-mWaitingForUpdateDelivery.patch * 0002-Guard-mResizeDirty-by-the-correctMutex.patch * 0003-Fix-up-mutexes-for-frame-callbacks.patch - Add patch to fix several feature detection tests: * 0001-Use-proper-dependencies-in-compile-tests.patch ==== libusb-1_0 ==== Version update (1.0.24 -> 1.0.25) - Update to version 1.0.25 * Fix regression with some particular devices * Fix regression with libusb_handle_events_timeout_completed() * Fix regression with cpu usage in libusb_bulk_transfer * New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option * Various other bug fixes and improvements - Drop not longer needed patch: * 0001-fix-descriptor-parsing.patch ==== libxkbcommon ==== Version update (1.3.1 -> 1.4.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.4.0 * In libxkbregistry, variants now inherit iso639, iso3166 and brief from parent layout if omitted. * In libxkbregistry, skip over invalid ISO-639 or ISO-3166 entries. ==== llvm13 ==== Version update (13.0.0 -> 13.0.1) - Update to version 13.0.1. * This release contains bug-fixes for the LLVM 13.0.0 release. This release is API and ABI compatible with 13.0.0. - Rebase llvm-do-not-install-static-libraries.patch. - Drop obsolete patches: * llvm-fix-building-with-GCC-12.patch - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Update constraints for riscv64 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - udev: create symlinks and watch even in suspended state (bsc#1195231) + (add) 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - udev: create symlinks and watch even in suspended state (bsc#1195231) + (add) 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ==== malcontent ==== Version update (0.10.1 -> 0.10.3) Subpackages: libmalcontent-0-0 typelib-1_0-Malcontent-0 - Update to version 0.10.3: + Bugs fixed: - Do not make malcontent-control user uninstallable using gui - malcontent-control: . Fix an unterminated option entry array . Focus controls rather than user selector + Updated translations. - Changes from version 0.10.2: + Hide the launcher for malcontent-control from gnome-shell if using the GNOME desktop; find it via gnome-control-center instead + Bugs fixed: - Limit depth of clone of subprojects - Rename master to main branch + Updated translations. - Add f433aaf8c8f82f0aeaedee664f08bc6fcad47b0d.patch: Fix build with meson 0.61.0. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Disable pulseaudio obsoletes. Most (if not all) systems already upgraded to pipewire, so this avoids the issues this causes on TW (boo#1194264) - Remove redundant pipewire dependencies as they are all brough in by `pipewire`, which should be brought in by `pipewire-pulseaudio` ==== procps ==== Subpackages: libprocps8 - Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is ignore SIGURG ==== python-Pillow ==== Version update (8.4.0 -> 9.0.1) - update to version 9.0.1: * In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk] * Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere] - Don't try to build on unsupported Python 3.6 - Remove python2 statements from specfile - update to 9.0.0 * Dropped support for Python 3.6 * PILLOW_VERSION has been removed. Use __version__ instead. * Support for FreeType 2.7 has been removed; FreeType 2.8 is the minimum supported. * Image.show command parameter has been removed. Use a subclass of PIL.ImageShow.Viewer instead. * Image._showxv has been removed. Use show() instead. * ImageFile.raise_ioerror: IOError was merged into OSError in Python 3.3. * So, ImageFile.raise_ioerror has been removed. Use ImageFile.raise_oserror instead. * An optional line width parameter has been added to ImageDraw.Draw.polygon. * API Addition: If xdg-open is present on Linux, this new PIL.ImageShow.Viewer subclass will be registered. It displays images using the application selected by the system. * Added support for ?title? argument to DisplayViewer ==== python-SQLAlchemy ==== Version update (1.4.29 -> 1.4.31) - specfile: * update copyright year - update to version 1.4.31: * orm + [orm] [bug] Fixed issue in Session.bulk_save_objects() where the sorting that takes place when the preserve_order parameter is set to False would sort partially on Mapper objects, which is rejected in Python 3.11. References: #7591 * postgresql + [postgresql] [bug] [regression] Fixed regression where the change in #7148 to repair ENUM handling in PostgreSQL broke the use case of an empty ARRAY of ENUM, preventing rows that contained an empty array from being handled correctly when fetching results. References: #7590 * mysql + [mysql] [bug] [regression] Fixed regression in asyncmy dialect caused by #7567 where removal of the PyMySQL dependency broke binary columns, due to the asyncmy dialect not being properly included within CI tests. References: #7593 * mssql + [mssql] Added support for FILESTREAM when using VARBINARY(max) in MSSQL. References: #7243 - changes from version 1.4.30: * orm + [orm] [bug] Fixed issue in joined-inheritance load of additional attributes functionality in deep multi-level inheritance where an intermediary table that contained no columns would not be included in the tables joined, instead linking those tables to their primary key identifiers. While this works fine, it nonetheless in 1.4 began producing the cartesian product compiler warning. The logic has been changed so that these intermediary tables are included regardless. While this does include additional tables in the query that are not technically necessary, this only occurs for the highly unusual case of deep 3+ level inheritance with intermediary tables that have no non primary key columns, potential performance impact is therefore expected to be negligible. References: #7507 + [orm] [bug] Fixed issue where calling upon registry.map_imperatively() more than once for the same class would produce an unexpected error, rather than an informative error that the target class is already mapped. This behavior differed from that of the mapper() function which does report an informative message already. References: #7579 + [orm] [bug] [asyncio] Added missing method AsyncSession.invalidate() to the AsyncSession class. References: #7524 + [orm] [bug] [regression] Fixed regression which appeared in 1.4.23 which could cause loader options to be mis-handled in some cases, in particular when using joined table inheritance in combination with the polymorphic_load="selectin" option as well as relationship lazy loading, leading to a TypeError. References: #7557 + [orm] [bug] [regression] Fixed ORM regression where calling the aliased() function against an existing aliased() construct would fail to produce correct SQL if the existing construct were against a fixed table. The fix allows that the original aliased() construct is disregarded if it were only against a table that?s now being replaced. It also allows for correct behavior when constructing a aliased() without a selectable argument against a aliased() that?s against a subuquery, to create an alias of that subquery (i.e. to change its name). The nesting behavior of aliased() remains in place for the case where the outer aliased() object is against a subquery which in turn refers to the inner aliased() object. This is a relatively new 1.4 feature that helps to suit use cases that were previously served by the deprecated Query.from_self() method. References: #7576 + [orm] [bug] Fixed issue where Select.correlate_except() method, when passed either the None value or no arguments, would not correlate any elements when used in an ORM context (that is, passing ORM entities as FROM clauses), rather than causing all FROM elements to be considered as ?correlated? in the same way which occurs when using Core-only constructs. References: #7514 + [orm] [bug] [regression] Fixed regression from 1.3 where the ?subqueryload? loader strategy would fail with a stack trace if used against a query that made use of Query.from_statement() or Select.from_statement(). As subqueryload requires modifying the original statement, it?s not compatible with the ?from_statement? use case, especially for statements made against the text() construct. The behavior now is equivalent to that of 1.3 and previously, which is that the loader strategy silently degrades to not be used for such statements, typically falling back to using the lazyload strategy. References: #7505 * sql + [sql] [bug] [postgresql] Added additional rule to the system that determines TypeEngine implementations from Python literals to apply a second level of adjustment to the type, so that a Python datetime with or without tzinfo can set the timezone=True parameter on the returned DateTime object, as well as Time. This helps with some round-trip scenarios on type-sensitive PostgreSQL dialects such as asyncpg, psycopg3 (2.0 only). References: #7537 + [sql] [bug] Added an informative error message when a method object is passed to a SQL construct. Previously, when such a callable were passed, as is a common typographical error when dealing with method-chained SQL constructs, they were interpreted as ?lambda SQL? targets to be invoked at compilation time, which would lead to silent failures. As this feature was not intended to be used with methods, method objects are now rejected. References: #7032 * mypy + [mypy] [bug] Fixed Mypy crash when running id daemon mode caused by a missing attribute on an internal mypy Var instance. References: #7321 * asyncio + [asyncio] [usecase] Added new method AdaptedConnection.run_async() to the DBAPI connection interface used by asyncio drivers, which allows methods to be called against the underlying ?driver? connection directly within a sync-style function where the await keyword can?t be used, such as within SQLAlchemy event handler functions. The method is analogous to the AsyncConnection.run_sync() method which translates async-style calls to sync-style. The method is useful for things like connection-pool on-connect handlers that need to invoke awaitable methods on the driver connection when it?s first created. References: #7580 * postgresql + [postgresql] [usecase] Added string rendering to the UUID datatype, so that stringifying a statement with ?literal_binds? that uses this type will render an appropriate string value for the PostgreSQL backend. Pull request courtesy José Duarte. References: #7561 + [postgresql] [bug] [asyncpg] Improved support for asyncpg handling of TIME WITH TIMEZONE, which was not fully implemented. References: #7537 + [postgresql] [bug] [mssql] [reflection] Fixed reflection of covering indexes to report include_columns as part of the dialect_options entry in the reflected index dictionary, thereby enabling round trips from reflection->create to be complete. Included columns continue to also be present under the include_columns key for backwards compatibility. References: [#7382] + [postgresql] [bug] Fixed handling of array of enum values which require escape characters. References: #7418 + mysql + [mysql] [change] Replace SHOW VARIABLES LIKE statement with equivalent SELECT @@variable in MySQL and MariaDB dialect initialization. This should avoid mutex contention caused by SHOW VARIABLES, improving initialization performance. References: #7518 + [mysql] [bug] Removed unnecessary dependency on PyMySQL from the asyncmy dialect. Pull request courtesy long2ice. References: [#7567] ==== python-more-itertools ==== Version update (8.10.0 -> 8.12.0) - specfile: * update copyright year - update to version 8.12.0: * Bug fixes + Some documentation issues were fixed (thanks to Masynchin, spookylukey, astrojuanlu, and stephengmatthews) + Python 3.5 support was temporarily restored (thanks to mattbonnell) - changes from version 8.11.0: * New functions + The before_and_after, sliding_window, and triplewise recipes from the Python 3.10 docs were added + duplicates_everseen and duplicates_justseen (thanks to OrBin and DavidPratt512) + minmax (thanks to Ricocotam, MSeifert04, and ruancomelli) + strictly_n (thanks to hwalinga and NotWearingPants) + unique_in_window * Changes to existing functions + groupby_transform had its type stub improved (thanks to mjk4 and ruancomelli) + is_sorted now accepts a strict parameter (thanks to Dutcho and ruancomelli) + zip_broadcast was updated to fix a bug (thanks to kalekundert) ==== python-oauthlib ==== Version update (3.1.1 -> 3.2.0) - specfile: * update copyright year - update to version 3.2.0: * OAuth2.0 Client: * #795: Add Device Authorization Flow for Web Application * #786: Add PKCE support for Client * #783: Fallback to none in case of wrong expires_at format. * OAuth2.0 Provider: * #790: Add support for CORS to metadata endpoint. * #791: Add support for CORS to token endpoint. * #787: Remove comma after Bearer in WWW-Authenticate * OAuth2.0 Provider - OIDC: + #755: Call save_token in Hybrid code flow + #751: OIDC add support of refreshing ID Tokens with refresh_id_token + #751: The RefreshTokenGrant modifiers now take the same arguments as the AuthorizationCodeGrant modifiers (token, token_handler, request). * General: + Added Python 3.9, 3.10, 3.11 + Improve Travis & Coverage ==== python-pysmbc ==== - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient); (jsc#SLE-20577); ==== re2 ==== Version update (20211101 -> 20220201) - Update to 2022-02-01: * Address a `-Wunused-but-set-variable' warning from Clang 13.x * Don't specify the -std flag in Makefile or re2.pc * Remove a redundant map access ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-sysvinit udev - Always create systemd-network system user, even if systemd-networkd is not installed (bsc#1195559) - Make more use of %{_unitdir} in files.{systemd,container} - Installation of libnss_mymachines.so depended on %{bootstrap} but it is actually installed when %{with machined} is true. - Call ldconfig when container subpackage is installed since it ships nss-mymachines NSS plug-in module. - Import commit 117bd7f14aa7834d85a4306cd380d292bec04108 1395c74be7 udevadm: cleanup-db: don't delete information for kept db entries (bsc#1194912) bbafc8092a udevadm: cleanup_dir: use dot_or_dot_dot() - Drop 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch Given the fact that Factory no more ship SysV init scripts since several months, only scripts coming from 3rd party applications should remain which are unlikely to rely on the SUSE specifities implemented by these patches. This change was announced on the Factory mailing list: https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3... - Import commit 885e0b9126bd2cf1e3f6b147c45ec58a5550c75c 41334be59e meson: minor cleanup 3db0c28462 sysusers: split up systemd.conf - Drop 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch (bsc#1195153) Since v241, the patch isn't useful anymore because resolved is no more able to create /etc/resolv.conf symlink by itself,it runs as 'systemd-resolve' user. The symlink is now handled by a tmpfiles config file which is only installed when systemd-resolved is. The tmpfiles config file has currently a lower priority than the one shipped by netconfig. - Make use of %ldconfig_scriptlets - Merge nss-resolved and nss-mymachines NSS plug-in modules into systemd-network and systemd-container respectively. These modules are plug-in modules hence the shared library packaging policy doesn't apply for them. Moreover they're pretty useless alone without their respective systemd services, Hence let's reduce the number of sub-packages as the list keeps increasing. - Merge libudev-devel into systemd-devel - Make sure that libopenssl-devel is installed when building resolved. Openssl was implictly pulled in by systemd-experimental subpackage but could be missing if the build of this subpackage was disabled. - resolved: disable fallback DNS servers and fail when no DNS server info could be obtained from the links. It's better to let the sysadmin know that something is likely misconfigured rather than silently handing over the DNS queries to Google or Cloudflare. - resolved: disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - Replace '%setup+%autopatch' with '%autosetup' - systemd.spec: explicitely list all files for each main (sub) packages Using glob patterns in %files section to reduce the number of listed files was error-prone as some introduced files could silently be placed in the wrong subpackage. The sections were also hard to read and many files needed to be excluded from the main package making the point of glob pattern usage moot. systemd, udev, systemd-container and systemd-network packages have now their list of files described in a dedicated file. The lists are kept sorted to make them easy to parse. The size of the files, especially the one for the main package, is still reasonable and much easier to read now. During this rework, a couple of cleanups happened: more use of %{_systemd_util_dir}, some files was incorrectly owned by the main package and have been moved to the correct sub-package, etc... Note: the rest of the subpackages might be addressed later but let's find how it goes for now. ==== xwayland ==== Version update (21.1.4 -> 22.0.99.902) - Update to version 22.0.99.902 * render: Fix build with gcc 12 - Update to version 22.0.99.901 * DRM lease support * Enables sRGB fbconfigs in GLX * Requires libxcvt * Refactoring of the present code in Xwayland * Implements support for touchpad gestures * Support for xfixes's ClientDisconnectMode and optional terminate delay - Add pkgconfig(libxcvt) BuildRequires: New dependency. - Add xwayland.keyring, use url for sources, validate sig. - Move man pages from devel to main binary package. - Enable LTO, no longer disable LTO via macro.