Mailinglist Archive: opensuse-factory (224 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180926 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

Please do not reply to this email to report issues, rather file a bug
on For more information on filing bugs please

Packages changed:
btrfsmaintenance (0.4.1 -> 0.4.2)
ghostscript (9.23 -> 9.25)
libical (3.0.3 -> 3.0.4)
libreoffice ( ->
lilv (0.24.2 -> 0.24.4)
opusfile (0.10 -> 0.11)
perl-Convert-UUlib (1.4 -> 1.5)
perl-HTML-Format (2.11 -> 2.12)
perl-LWP-Protocol-https (6.06 -> 6.07)
python-matplotlib (2.2.3 -> 3.0.0)
sqlite3 (3.24.0 -> 3.25.0)
sssd (1.16.2 -> 2.0.0)
unbound (1.7.3 -> 1.8.0)
usbredir (0.7.1 -> 0.8.0)
yast2-python-bindings (4.0.4 -> 4.0.5)

=== Details ===

==== btrfsmaintenance ====
Version update (0.4.1 -> 0.4.2)

- update to version 0.4.2
- CVE-2018-14722: expand auto mountpoints in a safe way
- btrfs-defrag: fix missing function to detect btrfs filesystems (#52)
- btrfs-trim: more verbose fstrim output (#60)
- dist-install: print information about timer unit installation (#58)

==== cups ====
Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupscgi1
libcupsimage2 libcupsmime1 libcupsppdc1

- Fix warning message upon update (boo#1050845): Remove template
service cups-lpd@ from service_* macro in scriptlets.

==== ethtool ====

- Use noun phrase for summary.

==== fftw3 ====
Subpackages: libfftw3-3 libfftw3_threads3

- Stay with openmpi also on ppc

==== ghostscript ====
Version update (9.23 -> 9.25)
Subpackages: ghostscript-x11

- Version upgrade to 9.25
For the highlights in this release see the highlights in the
9.25rc1 first release candidate for 9.25 entry below.
We (i.e. Ghostscript upstream) strongly urge users to upgrade
to this latest release to avoid these issues.
For a release summary see:
For details see the News.htm and History9.htm files.
The Ghostscript 9.25 release should fix (see below)
in particular those security issues:
* CVE-2018-15909: shading_param incomplete type checking bsc#1106172
* CVE-2018-15908: .tempfile file permission issues bsc#1106171
* CVE-2018-15910: LockDistillerParams type confusion bsc#1106173
* CVE-2018-15911: uninitialized memory access in the aesdecode bsc#1106195
* CVE-2018-16513: setcolor missing type check bsc#1107412
* CVE-2018-16509: /invalidaccess bypass after failed restore bsc#1107410
* CVE-2018-16510: Incorrect exec stack handling in the "CS"
and "SC" PDF primitives bsc#1107411
* CVE-2018-16542: .definemodifiedfont memory corruption
if /typecheck is handled bsc#1107413
* CVE-2018-16541 incorrect free logic in pagedevice replacement bsc#1107421
* CVE-2018-16540 use-after-free in copydevice handling bsc#1107420
* CVE-2018-16539: incorrect access checking in temp file
handling to disclose contents of files bsc#1107422
* CVE-2018-16543: gssetresolution and gsgetresolution allow
for unspecified impact bsc#1107423
* CVE-2018-16511: type confusion in "ztype" could be used by
remote attackers able to supply crafted PostScript to crash
the interpreter or possibly have unspecified other impact bsc#1107426
* CVE-2018-16585 .setdistillerkeys PostScript command is
accepted even though it is not intended for use bsc#1107581
* CVE-2018-16802: Incorrect"restoration of privilege" checking
when running out of stack during exceptionhandling could be
used by attackers able to supply crafted PostScript to execute
code using the "pipe" instruction. This is due to an incomplete
fix for CVE-2018-16509 bnc#1108027
Regarding what the above "should fix" means:
PostScript is a general purpose Turing-complete programming
language (cf.
that supports in particular file access on the system disk.
When Ghostscript processes PostScript it runs a PostScript
program as the user who runs Ghostscript.
When Ghostscript processes an arbitrary PostScript file,
the user who runs Ghostscript runs an arbitrary program
which can do anything on the system where Ghostscript runs
that this user is allowed to do on that system.
To make it safer when Ghostscript runs a PostScript program
the Ghostscript command line option '-dSAFER' disables
certain file access functionality, for details see
Its name 'SAFER' says everything: It makes it 'safer'
to let Ghostscript run a PostScript program,
but it does not make it completely safe.
In theory software is safe against misuse (i.e. has no bugs).
In practice there is an endless sequence of various kind of
security issues (i.e. software can be misused to do more than
what is intended) that get fixed issue by issue ad infinitum.
In the end all that means:
In practice the user who runs Ghostscript must not let it
process arbitrary PostScript files from untrusted origin.
In particular Ghostscript is usually run when printing
documents (with the '-dSAFER' option set), see the part about
"It is crucial to limit access to CUPS to trusted users" in
- Version upgrade to 9.25rc1 (first release candidate for 9.25).
Highlights in this release include:
* This release fixes problems with argument handling, some
unintended results of the security fixes to the SAFER file
access restrictions (specifically accessing ICC profile files),
and some additional security issues over the 9.24 release.
* Security issues have been the primary focus of this release,
including solving several (well publicised) real
and potential exploits.
We (i.e. Ghostscript upstream) strongly urge users to upgrade
to this latest release to avoid these issues.
* Avoid that ps2epsi fails with
'Error: /undefined in --setpagedevice--'
Recent changes required to harden SAFER mode mean that
it is no longer possible to run ps2epsi in SAFER mode,
because it relies upon unsafe Ghostscript non-standard
extension operators.
Removing SAFER and DELAYSAFER, and the code to reset SAFER,
allow ps2epsi to run as well as it ever did (ie badly).
This program (i.e. ps2epsi) should now be considered unsafe,
you should not use it on untrusted PostScript programs.
Likely we (i.e. Ghostscript upstream) will deprecate and
remove this program in future.
For details see the News.htm and History9.htm files.
Regarding installing packages (in particular release candidates)
from the openSUSE build service development project "Printing"
- Version upgrade to 9.24
Highlights in this release include:
* Security issues have been the primary focus of this release,
including solving several (well publicised)
real and potential exploits.
We (i.e. Ghostscript upstream) strongly urge users to upgrade
to this latest release to avoid these issues.
* As well as Ghostscript itself, jbig2dec has had a significant
amount of work improving its robustness in the face of
out specification files.
* IMPORTANT: We (i.e. Ghostscript upstream) are in the process
of forking LittleCMS. LCMS2 is not thread safe, and cannot
be made thread safe without breaking the ABI. Our fork
will be thread safe, and include performance enhancements
(these changes have all be been offered and rejected upstream).
We will maintain compatibility between Ghostscript and LCMS2
for a time, but not in perpetuity. Our fork will be available
as its own package separately from Ghostscript (and MuPDF).
* The usual round of bug fixes, compatibility changes,
and incremental improvements.
For a release summary see:
For details see the News.htm and History9.htm files.
- fix_ln_docdir_gsdatadir.patch is no longer needed
because the issue is fixed in the upstream sources.
- CVE-2018-10194.patch is no longer needed
because the issue is fixed in the upstream sources.

==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
test/ as autoreconf does not work
- Backport of upstream fixes (boo#1108450)
* gnutls-3.6.3-backport-upstream-fixes.patch
Fixes taken from upstream commits:
* * 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert
retrieval function")
* * 42945a7aab6d ("allow no certificates to be reported by the
gnutls_certificate_retrieve_function callbacks")
* * 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext
being last on client hello")
The patch was taken from

==== haveged ====
Subpackages: libhavege1

- Add patch f2193587.patch from github pull request
* Fix segfault on arm machines which do not eport the cache size
or say it is -1 in sysfs
- Refresh patches

==== jack ====

- Remove unnecessary requires for libjack0 and remove obsolete
- Use %license on "COPYING"
- Add upstream patch to fix return value check of mmap() (boo#1108981):
- Update the waf code to the 2.0 series in order to work under
python3.7 taken from upstream git:
* jack-waf2.patch

==== libical ====
Version update (3.0.3 -> 3.0.4)

- Update to new upstream release 3.0.4
* Silently fail RSCALE recurrence clauses when RSCALE is disabled
* Fixed icalcomponent_set_comment() and icalcomponent_set_uid()
* Skip UTF-8 marker when parsing
* Fix parsing ? in VCF files produced by Outlook
* Fix TZID on DATE-TIME value can override time specified in UTC
* CMake discovery module for ICU uses pkg-config now
* New publicly available function: icalparameter_kind_is_valid()
* Built-in timezones updated to tzdata2018e

==== libmusicbrainz5 ====

- Switch to %cmake macros
- Drop the test phase, it does nothing it just compiles file that
can communicate with the musicbrainz server, which can't be
validated in OBS

==== libreoffice ====
Version update ( ->
Subpackages: libreoffice-branding-upstream libreoffice-calc libreoffice-draw
libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3
libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs
libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en
libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr
libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl
libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN
libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno
libreoffice-qt5 libreoffice-writer libreofficekit

- Version update to
* 6.1.2 RC1
- Switch to serf from neon package that is quite dead
- Remove sysstray configure option as the code was removed
- Update to
* 6.1.1 RC2

==== lilv ====
Version update (0.24.2 -> 0.24.4)

- Version update to 0.24.4:
* Fix saving state when broken links are encountered
* Don't attempt to load remote or non-Turtle files
* lv2apply: Activate plugin before running
* lv2apply: Use default values when they are not nan
* lv2bench: Improve support for plugins with sequence ports
* lv2bench: Support running a single plugin given on the command line
* Gracefully handle plugins with missing binary URIs
* Remove use of deprecated readdir_r
* Install Python bindings when configured without tests
(thanks Clement Skau)

==== opusfile ====
Version update (0.10 -> 0.11)

- Version update to 0.11:
* Fix two potential integer overflows. (These were not security-critical
unless the compiler took the opportunity provided by the undefined behavior to
format your hard drive.)
* Allow JPEGs in METADATA_BLOCK_PICTURE tags to include EXIF data.
* A few warning fixes for gcc 8.
* Make opus_tags_copy return OP_EFAULT on failure instead of returning
* Various integration and testing environment improvements.

==== perl-Convert-UUlib ====
Version update (1.4 -> 1.5)

- update to 1.4
- fix a heap overflow (testcase by Krzysztof Wojta?).
- on systems that support it (posix + mmap + map_anonymous),
allocate all dynamic areas via mmap and put four guard
pages around them, to catch similar heap overflows
safely in the future.
- find a safer way to pass in CC/CFLAGS to uulib.
- added stability canary support.

==== perl-HTML-Format ====
Version update (2.11 -> 2.12)

- updated to 2.12
see /usr/share/doc/packages/perl-HTML-Format/Changes
2.12 2015-10-10 17:49:45+01:00 Europe/London
- Minor test related fixes
- Transition to using File::Slurper in place of File::Slurp
Thanks to Karen Etheridge for the patch
- Add Travis CI integration
- Cleaned with spec-cleaner

==== perl-LWP-Protocol-https ====
Version update (6.06 -> 6.07)

- 6.07 2017-02-19
- Cleaned up the Changes log
- Explicitly add hostname for SNI to start_SSL (GH PR#17)
- Fix the license name
- Update some documentation on SSL args
- Fix bug when checking for Mozilla::CA (GH PR#29)
- Refreshed patch LWP-Protocol-https-6.04-systemca.diff
- Cleaned spec file with spec-cleaner

==== python-cffi ====
Subpackages: python2-cffi python3-cffi

- Add 3184b0a675fc425b821b528d7fdf744b2f08dadf.patch as
a workardond against (possible bug in
GCC, see
- Remove ignore-tests.patch -- testing what will happen
- Add e2e324a2f13e3a646de6f6ff03e90ed7d37e2636.patch from
upstream to remove some warnings.
- Switch off falling tests with new patch
ignore-tests.patch instead of -k parameter for py.test.
- update to version 1.11.5:
* Issue #357: fix ffi.emit_python_code() which generated a buggy
Python file if you are using a struct with an anonymous union
field or vice-versa.
* Windows: ffi.dlopen() should now handle unicode filenames.
* ABI mode: implemented ffi.dlclose() for the in-line case (it used
to be present only in the out-of-line case).
* Fixed a corner case for install --record=xx --root=yy
with an out-of-line ABI module. Also fixed Issue #345.
* More hacks on Windows for running CFFI?s own
* Issue #358: in embedding, to protect against (the rare case of)
Python initialization from several threads in parallel, we have to
use a spin-lock. On CPython 3 it is worse because it might
spin-lock for a long time (execution of Py_InitializeEx()). Sadly,
recent changes to CPython make that solution needed on CPython 2
* CPython 3 on Windows: we no longer compile with Py_LIMITED_API by
default because such modules cannot be used with virtualenv. Issue
[#350] mentions a workaround if you still want that and are not
concerned about virtualenv: pass a
define_macros=[("Py_LIMITED_API", None)] to the
ffibuilder.set_source() call.
- specfile:
* delete patch cffi-loader.patch; included upstream
- update to version 1.11.4:
* Windows: reverted linking with python3.dll, because virtualenv
does not make this DLL available to virtual environments for
now. See Issue #355. On Windows only, the C extension modules
created by cffi follow for now the standard naming scheme
foo.cp36-win32.pyd, to make it clear that they are regular CPython
modules depending on python36.dll.
- changes from version 1.11.3:
* Fix on CPython 3.x: reading the attributes __loader__ or __spec__
from the cffi-generated lib modules gave a buggy
SystemError. (These attributes are always None, and provided only
to help compatibility with tools that expect them in all modules.)
* More Windows fixes: workaround for MSVC not supporting large
literal strings in C code (from
ffi.embedding_init_code(large_string)); and an issue with
Py_LIMITED_API linking with python35.dll/python36.dll instead of
* Small documentation improvements.
- Add patch cffi-loader.patch to fix bsc#1070737
- Sort out with spec-cleaner
- update to version 1.11.2:
* Fix Windows issue with managing the thread-state on CPython 3.0 to
- Update pytest in spec to add c directory tests in addition to
testing directory.
- Omit test_init_once_multithread tests as they rely on multiple
threads finishing in a given time. Returns sporadic pass/fail
within build.
- Update to 1.11.1:
* Fix tests, remove deprecated C API usage
* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
extensions (cpython issue #29943)
* Fix for 3.7.0a1+
- Update to 1.11.0:
* Support the modern standard types char16_t and char32_t. These
work like wchar_t: they represent one unicode character, or when
used as charN_t * or charN_t[] they represent a unicode string.
The difference with wchar_t is that they have a known, fixed
size. They should work at all places that used to work with
wchar_t (please report an issue if I missed something). Note
that with set_source(), you need to make sure that these types
are actually defined by the C source you provide (if used in
* Support the C99 types float _Complex and double _Complex. Note
that libffi doesn?t support them, which means that in the ABI
mode you still cannot call C functions that take complex
numbers directly as arguments or return type.
* Fixed a rare race condition when creating multiple FFI instances
from multiple threads. (Note that you aren?t meant to create
many FFI instances: in inline mode, you should write
ffi = cffi.FFI() at module level just after import cffi; and in
out-of-line mode you don?t instantiate FFI explicitly at all.)
* Windows: using callbacks can be messy because the CFFI internal
error messages show up to stderr?but stderr goes nowhere in many
applications. This makes it particularly hard to get started
with the embedding mode. (Once you get started, you can at least
use @ffi.def_extern(onerror=...) and send the error logs where
it makes sense for your application, or record them in log
files, and so on.) So what is new in CFFI is that now, on
Windows CFFI will try to open a non-modal MessageBox (in addition
to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console
applications that crash close immediately, but that is also the
situation where stderr should be visible anyway.
* Progress on support for callbacks in NetBSD.
* Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.
* ffi.gc() now takes an optional third parameter, which gives an
estimate of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly
(issue #320). In the future, this might have an effect on
CPython too (provided the CPython issue 31105 is addressed).
* Add a note to the documentation: the ABI mode gives function
objects that are slower to call than the API mode does. For
some reason it is often thought to be faster. It is not!
- Update to 1.10.1:
* Fixed the line numbers reported in case of cdef() errors. Also,
I just noticed, but pycparser always supported the preprocessor
directive # 42 "foo.h" to mean ?from the next line, we?re in
file foo.h starting from line 42?, which it puts in the error
- update to 1.10.0:
* Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
to handle with a default allocator. Speeds up
where most of the time you never touch most of the array.
* Some OS/X build fixes (?only with Xcode but without CLT?).
* Improve a couple of error messages: when getting mismatched versions of
cffi and its backend; and when calling functions which cannot be called with
libffi because an argument is a struct that is ?too complicated? (and not
a struct pointer, which always works).
* Add support for some unusual compilers (non-msvc, non-gcc, non-icc,
* Implemented the remaining cases for ffi.from_buffer. Now all
buffer/memoryview objects can be passed. The one remaining check is against
passing unicode strings in Python 2. (They support the buffer interface, but
that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
times not what you expect. In Python 3 this has been fixed and the unicode
strings don?t support the memoryview interface any more.)
* The C type _Bool or bool now converts to a Python boolean when reading,
instead of the content of the byte as an integer. The potential
incompatibility here is what occurs if the byte contains a value different
from 0 and 1. Previously, it would just return it; with this change, CFFI
raises an exception in this case. But this case means ?undefined behavior?
in C; if you really have to interface with a library relying on this,
don?t use bool in the CFFI side. Also, it is still valid to use a byte
string as initializer for a bool[], but now it must only contain \x00 or
\x01. As an aside, ffi.string() no longer works on bool[] (but it never made
much sense, as this function stops at the first zero).
* ffi.buffer is now the name of cffi?s buffer type, and ffi.buffer() works
like before but is the constructor of that type.
* ffi.addressof(lib, "name") now works also in in-line mode, not only in
out-of-line mode. This is useful for taking the address of global variables.
* Issue #255: cdata objects of a primitive type (integers, floats, char) are
now compared and ordered by value. For example, <cdata 'int' 42> compares
equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
<cdata 'int' -1> does not compare equal to ffi.cast("unsigned int", -1): it
compares smaller, because -1 < 4294967295.
* PyPy: and ffi.new_allocator()() did not record ?memory pressure?,
causing the GC to run too infrequently if you call very often
and/or with large arrays. Fixed in PyPy 5.7.
* Support in ffi.cdef() for numeric expressions with + or -. Assumes that
there is no overflow; it should be fixed first before we add more general
support for arbitrary arithmetic on constants.
- do not generate HTML documentation for packages that are indirect
dependencies of Sphinx
(see docs at )
- update to 1.9.1
- Structs with variable-sized arrays as their last field: now we track the
length of the array after is called, just like we always tracked
the length of"int[]", 42). This lets us detect out-of-range
accesses to array items. This also lets us display a better repr(), and
have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
both functions would return a result based on the size of the declared
structure type, with an assumed empty array. (Thanks andrew for starting
this refactoring.)
- Add support in cdef()/set_source() for unspecified-length arrays in
typedefs: typedef int foo_t[...];. It was already supported for global
variables or structure fields.
- I turned in v1.8 a warning from cffi/ into an error: 'enum xxx' has
no values explicitly defined: refusing to guess which integer type it is
meant to be (unsigned/signed, int/long). Now I?m turning it back to a
warning again; it seems that guessing that the enum has size int is a
99%-safe bet. (But not 100%, so it stays as a warning.)
- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
remaining issue that is hard to fix: if you pass a Python file object to a
FILE * argument, then os.dup() is used and the new file descriptor is only
closed when the GC reclaims the Python file object?and not at the earlier
time when you call close(), which only closes the original file descriptor.
If this is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and call
fdopen() from C (...via cffi).
- When passing a void * argument to a function with a different pointer type,
or vice-versa, the cast occurs automatically, like in C. The same occurs
for initialization with and a few other places. However, I
thought that char * had the same property?but I was mistaken. In C you get
the usual warning if you try to give a char * to a char ** argument, for
example. Sorry about the confusion. This has been fixed in CFFI by giving
for now a warning, too. It will turn into an error in a future version.
- Issue #283: fixed on structures/unions with nested anonymous
structures/unions, when there is at least one union in the mix. When
initialized with a list or a dict, it should now behave more closely like
the { } syntax does in GCC.
- CPython 3.x: experimental: the generated C extension modules now use the
?limited API?, which means that, as a compiled .so/.dll, it should work
directly on any version of CPython >= 3.2. The name produced by distutils
is still version-specific. To get the version-independent name, you can
rename it manually to, or use the very recent setuptools 26.
- Added ffi.compile(debug=...), similar to python build --debug but
defaulting to True if we are running a debugging version of Python itself.
- Removed the restriction that ffi.from_buffer() cannot be used on byte
strings. Now you can get a char * out of a byte string, which is valid as
long as the string object is kept alive. (But don?t use it to modify the
string object! If you need this, use bytearray or other official
- PyPy 5.4 can now pass a byte string directly to a char * argument (in older
versions, a copy would be made). This used to be a CPython-only
- ffi.gc(p, None) removes the destructor on an object previously created by
another call to ffi.gc()
- bool(ffi.cast("primitive type", x)) now returns False if the value is zero
(including -0.0), and True otherwise. Previously this would only return
False for cdata objects of a pointer type when the pointer is NULL.
- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
it was not supported was that it was hard to do in PyPy, but it works since
PyPy 5.3.) To call a C function with a char * argument from a buffer
object?now including bytearrays?you write
Additionally, this is now supported: p[0:length] = bytearray-object. The
problem with this was that a iterating over bytearrays gives numbers
instead of characters. (Now it is implemented with just a memcpy, of
course, not actually iterating over the characters.)
- C++: compiling the generated C code with C++ was supposed to work, but
failed if you make use the bool type (because that is rendered as the C
_Bool type, which doesn?t exist in C++).
- help(lib) and help(lib.myfunc) now give useful information, as well as
dir(p) where p is a struct or pointer-to-struct.
- drop upstreamed python-cffi-avoid-bitshifting-negative-int.patch
- update for multipython build
- Add python-cffi-avoid-bitshifting-negative-int.patch to actually
fix the "negative left shift" warning by replacing bitshifting
in appropriate places by bitwise and comparison to self; patch
taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no
longer required.
- disable "negative left shift" warning in test suite to prevent
failures with gcc6, until upstream fixes the undefined code
in question (boo#981848, cffi-1.5.2-wnoerror.patch)
- Update to version 1.6.0:
* ffi.list_types()
* ffi.unpack()
* extern ?Python+C?
* in API mode, contains the C signature now.
* Yet another attempt at robustness of ffi.def_extern() against
CPython?s interpreter shutdown logic.
- update to 1.5.2
* support for cffi-based embedding
* more robustness for shutdown logic
- update to version 1.4.2:
* Nothing changed from v1.4.1.
- changes from version 1.4.1:
* Fix the compilation failure of cffi on CPython 3.5.0. (3.5.1
works; some detail changed that makes some underscore-starting
macros disappear from view of extension modules, and I worked
around it, thinking it changed in all 3.5 versions?but no: it was
only in 3.5.1.)
- changes from version 1.4.0:
* A better way to do callbacks has been added (faster and more
portable, and usually cleaner). It is a mechanism for the
out-of-line API mode that replaces the dynamic creation of
callback objects (i.e. C functions that invoke Python) with the
static declaration in cdef() of which callbacks are needed. This
is more C-like, in that you have to structure your code around the
idea that you get a fixed number of function pointers, instead of
creating them on-the-fly.
* ffi.compile() now takes an optional verbose argument. When True,
distutils prints the calls to the compiler.
* ffi.compile() used to fail if given sources with a path that
includes "..". Fixed.
* ffi.init_once() added. See docs.
* dir(lib) now works on libs returned by ffi.dlopen() too.
* Cleaned up and modernized the content of the demo subdirectory in
the sources (thanks matti!).
* ffi.new_handle() is now guaranteed to return unique void * values,
even if called twice on the same object. Previously, in that case,
CPython would return two cdata objects with the same void *
value. This change is useful to add and remove handles from a
global dict (or set) without worrying about duplicates. It already
used to work like that on PyPy. This change can break code that
used to work on CPython by relying on the object to be kept alive
by other means than keeping the result of ffi.new_handle()
alive. (The corresponding warning in the docs of ffi.new_handle()
has been here since v0.8!)
- changes from version 1.3.1:
* The optional typedefs (bool, FILE and all Windows types) were not
always available from out-of-line FFI objects.
* Opaque enums are phased out from the cdefs: they now give a
warning, instead of (possibly wrongly) being assumed equal to
unsigned int. Please report if you get a reasonable use case for
* Some parsing details, notably volatile is passed along like const
and restrict. Also, older versions of pycparser mis-parse some
pointer-to-pointer types like char * const *: the ?const? ends up
at the wrong place. Added a workaround.
- changes from version 1.3.0:
* Added ffi.memmove().
* Pull request #64: out-of-line API mode: we can now declare
floating-point types with typedef float... foo_t;. This only works
if foo_t is a float or a double, not long double.
* Issue #217: fix possible unaligned pointer manipulation, which
crashes on some architectures (64-bit, non-x86).
* Issues #64 and #126: when using set_source() or verify(), the
const and restrict keywords are copied from the cdef to the
generated C code; this fixes warnings by the C compiler. It also
fixes corner cases like typedef const int T; T a; which would
previously not consider a as a constant. (The cdata objects
themselves are never const.)
* Win32: support for __stdcall. For callbacks and function pointers;
regular C functions still don?t need to have their calling
convention declared.
* Windows: CPython 2.7 distutils doesn?t work with Microsoft?s
official Visual Studio for Python, and I?m told this is not a
bug. For ffi.compile(), we removed a workaround that was inside
cffi but which had unwanted side-effects. Try saying import
setuptools first, which patches distutils...
- Update to version 1.2.1
* No changes entry for this version
- Changes from version 1.2.0
* Out-of-line mode: ``int a[][...];`` can be used to declare a structure
field or global variable which is, simultaneously, of total length
unknown to the C compiler (the ``a[]`` part) and each element is
itself an array of N integers, where the value of N *is * known to the
C compiler (the ``int`` and ``[...]`` parts around it). Similarly,
``int a[5][...];`` is supported (but probably less useful: remember
that in C it means ``int (a[5])[...];``).
* PyPy: the ``lib.some_function`` objects were missing the attributes
``__name__``, ``__module__`` and ``__doc__`` that are expected e.g. by
some decorators-management functions from ``functools``.
* Out-of-line API mode: you can now do ``from _example.lib import x``
to import the name ``x`` from ``_example.lib``, even though the
``lib`` object is not a standard module object. (Also works in ``from
_example.lib import *``, but this is even more of a hack and will fail
if ``lib`` happens to declare a name called ``__all__``. Note that
`` *`` excludes the global variables; only the functions and constants
make sense to import like this.)
* ``lib.__dict__`` works again and gives you a copy of the
dict---assuming that ``lib`` has got no symbol called precisely
``__dict__``. (In general, it is safer to use ``dir(lib)``.)
* Out-of-line API mode: global variables are now fetched on demand at
every access. It fixes issue #212 (Windows DLL variables), and also
allows variables that are defined as dynamic macros (like ``errno``)
or ``__thread`` -local variables. (This change might also tighten
the C compiler's check on the variables' type.)
* Issue #209: dereferencing NULL pointers now raises RuntimeError
instead of segfaulting. Meant as a debugging aid. The check is
only for NULL: if you dereference random or dead pointers you might
still get segfaults.
* Issue #152: callbacks__: added an argument ``ffi.callback(...,
onerror=...)``. If the main callback function raises an exception
and ``onerror`` is provided, then ``onerror(exception, exc_value,
traceback)`` is called. This is similar to writing a ``try:
except:`` in the main callback function, but in some cases (e.g. a
signal) an exception can occur at the very start of the callback
function---before it had time to enter the ``try: except:`` block.
* Issue #115: added ``ffi.new_allocator()``, which officializes
support for `alternative allocators`__.
.. __: using.html#callbacks
.. __: using.html#alternative-allocators
- update to version 1.1.0 (fate#318838):
* Out-of-line API mode: we can now declare integer types with
typedef int... foo_t;. The exact size and signedness of foo_t
is figured out by the compiler.
* Out-of-line API mode: we can now declare multidimensional
arrays (as fields or as globals) with int n[...][...]. Before,
only the outermost dimension would support the ... syntax.
* Out-of-line ABI mode: we now support any constant declaration,
instead of only integers whose value is given in the cdef. Such
?new? constants, i.e. either non-integers or without a value
given in the cdef, must correspond to actual symbols in the
lib. At runtime they are looked up the first time we access
them. This is useful if the library defines extern const
sometype somename;.
* ffi.addressof(lib, "func_name") now returns a regular cdata
object of type ?pointer to function?. You can use it on any
function from a library in API mode (in ABI mode, all functions
are already regular cdata objects). To support this, you need
to recompile your cffi modules.
* Issue #198: in API mode, if you declare constants of a struct
type, what you saw from lib.CONSTANT was corrupted.
* Issue #196: ffi.set_source("package._ffi", None) would
incorrectly generate the Python source to
instead of package/ Also fixed: in some cases, if the C
file was in build/foo.c, the .o file would be put in
- additional changes from version 1.0.3:
* Same as 1.0.2, apart from doc and test fixes on some platforms
- additional changes from version 1.0.2:
* Variadic C functions (ending in a ?...? argument) were not
supported in the out-of-line ABI mode. This was a bug?there was
even a (non-working) example doing exactly that!
- additional changes from version 1.0.1:
* ffi.set_source() crashed if passed a sources=[..] argument.
Fixed by chrippa on pull request #60.
* Issue #193: if we use a struct between the first cdef() where
it is declared and another cdef() where its fields are defined,
then this definition was ignored.
* Enums were buggy if you used too many ?...? in their definition
- additional changes from version 1.0.0:
* The main news item is out-of-line module generation:
+ for ABI level, with ffi.dlopen()
+ for API level, which used to be with ffi.verify(), now
- add python-cffi-rpmlintrc: cffi specifically installs C headers
in site-packages
- add new test dependency gcc-c++
- skip the tests on SLE11 since they fail on i586
- Update to 0.9.2
* No upstream changelog
See for a list of
- Update to 0.8.6
* No upstream changelog
See for a list of
- update to 0.8.2
* minor bugfixes
- remove cffi-pytest-integration.patch as it is no longer necessary
- Require libffi43-devel on SLE_11_SP2 instead of using pkg-config to fix build
- update to 0.8.1
* fixes on Python 3 on OS/X, and some FreeBSD fixes (thanks Tobias)
- added a note wrt disabled tests
- add cffi-pytest-integration.patch: allowinf call pytest from
- update to 0.8
* integrated support for C99 variable-sized structures
* multi-thread safety
* ffi.getwinerror()
* a number of small fixes
- Require python-setuptools instead of distribute (upstreams merged)
- use pkgconfig(libffi) to get the most recent ffi
- Update to 0.7.2
* add implicit bool
* standard names are handled as defaults in cdef declarations
* enum types follow GCC rules and not just int
* supports simple slices x[start:stop]
* enums are handled like ints
* new ffi.new_handle(python_object)
* and various bugfixes
- Initial version

==== python-matplotlib ====
Version update (2.2.3 -> 3.0.0)
Subpackages: python3-matplotlib python3-matplotlib-cairo python3-matplotlib-gtk3

- Update to version 3.0.0
* Improved default backend selection
* Cyclic colormaps
* Ability to scale axis by a fixed order of magnitude
* Add AnchoredDirectionArrows feature to mpl_toolkits
* Add minorticks_on()/off() methods for colorbar
* Colorbar ticks can now be automatic
* Don't automatically rename duplicate file names
* Legend now has a *title_fontsize* kwarg (and rcParam)
* Support for axes.prop_cycle property *markevery* in rcParams
* Multipage PDF support for pgf backend
* Pie charts are now circular by default
* Add ax.get_gridspec to .SubplotBase
* Axes titles will no longer overlap xaxis
* New convenience methods for GridSpec
* Figure has an ~.figure.Figure.add_artist method
* math directive renamed to mathmpl
- Python 2 support was dropped upstream, so disable it in the spec
file and drop python2-specific parts.
- Enable wx backend for python 3, since python 3 is now supported
by wxPython upstream.

==== snapper ====
Subpackages: libsnapper4 snapper-zypp-plugin

- avoid setenv after fork (bsc#1107587)

==== sqlite3 ====
Version update (3.24.0 -> 3.25.0)
Subpackages: libsqlite3-0 libsqlite3-0-32bit

- SQLite 3.25.0:
* Add support for window functions
* Add support for renaming columns within a table
* Query optimizer improvements
* slightly better concurrency in multi-threaded environments
* The ORDER BY LIMIT optimization might have caused an infinite
loop in the byte code of the prepared statement under very
obscure circumstances, due to a confluence of minor defects in
the query optimizer

==== sssd ====
Version update (1.16.2 -> 2.0.0)
Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0
sssd-32bit sssd-krb5-common sssd-ldap

- Update to new upstream release 2.0.0
* The Python API for managing users and groups in local domains
(id_provider=local) was removed completely. The local
provider (id_provider=local) and the command line tools to
manage users and groups in the local domains, such as
sss_useradd is not built anymore.
* The LDAP provider had a special-case branch for evaluating
group memberships with the RFC2307bis schema when group
nesting was explicitly disabled. This codepath is removed.
* The "ldap_sudo_include_regexp" option changed its default
value from true to false. Wildcards in the sudoHost LDAP
attribute are no longer evaluated. This was costly to
evaluate on the LDAP server side and at the same time rarely
* The list of PAM services which are allowed to authenticate
using a Smart Card is now configurable using a new option
- Update to upstream release 1.16.3
* New Features:
* kdcinfo files for informing krb5 about discovered KDCs are
now also generated for trusted domains in setups that use
id_provider=ad and IPA masters in a trust relationship with
an AD domain.
* The Kerberlos locator plugin can now process multiple
address if SSSD generates more than one. A
* Bug fixes:
* Fixed information leak due to incorrect permissions on
/var/lib/sss/pipes/sudo [CVE-2018-10852, bsc#1098377]
* Cached password are now stored with a salt. Old ones will be
regenerated on next authentication, and the auth server needs
to be reachable for that.
* The sss_ssh proces leaked file descriptors when converting
more than one X.509 certificate to an SSH public key.
* The PAC responder is now able to process Domain Local in case
the PAC uses SID compression (Windows Server 2012+).
* Address the issue that some versions of OpenSSH would close
the pipe towards sss_ssh_authorizedkeys when the matching key
is found before the rest of the output is read.
* User lookups no longer fail if user's e-mail address
conflicts with another user's fully qualified name.
* The override_shell and override_homedir options are no longer
applied to entries from the files domain.
* The grace logins with an expired password when authenticating
against certain newer versions of the 389DS/RHDS LDAP server
did not work.
- Removed patches that are included upstream now:

==== swig ====

- Add patches to build with python 3.7 properly:
* swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_ConvertF.patch
* swig-3.0.12-Coverity-fix-issue-reported-for-SWIG_Python_FixMetho.patch
* swig-3.0.12-Coverity-fix-issue-reported-for-wrapper-argument-che.patch
* swig-3.0.12-Fix-Coverity-issue-reported-for-setslice-pycontainer.patch
* swig-3.0.12-Fix-generated-code-for-constant-expressions-containi.patch
* swig-3.0.12-fix-collections.patch
- Use version req to check for 1500 instead for non-existing release
- Move to generic requires those that are true under both conditions
- Use autopatch to apply all the patches at once

==== unbound ====
Version update (1.7.3 -> 1.8.0)
Subpackages: libunbound2 unbound-anchor

- update to 1.8.0:
Number of bug fixes, a list of features added and some defaults changed.
- unbound-control auth_zone_reload _zone_ option rereads the zonefile.
- unbound-control auth_zone_transfer _zone_ option starts the probe
sequence for a master to transfer the zone from and transfers when
a new zone version is available.
- num.queries.tls counter for queries over TLS.
- log port number with err_addr logs.
- dns64-ignore-aaaa: config option to list domain names for which the
existing AAAA is ignored and dns64 processing is used on the A
- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass
if DNSSEC is not enabled. New option -R allows fallback from
resolv.conf to direct queries.
- Note RFC8162 support. SMIMEA record type can be read in by the
zone record parser.
- Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
- Add config tcp-idle-timeout (default 30s). This applies to
client connections only; the timeout on TCP connections upstream
is unaffected.
- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options
and implement option in client responses.
- Add delay parameter to streamtcp, -d secs.
To be used when testing idle timeout.
- Expose if a query (or a subquery) was ratelimited (not src IP
ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
This also introduces a change to 'ub_event_callback_type' in
- Patch to implement tcp-connection-limit from Jim Hague (Sinodun).
This limits the number of simultaneous TCP client connections
from a nominated netblock.
- Fix #4142: improvements and fixes.
Add unit dependency ordering (based on systemd-resolved).
Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings
about missing privileges during startup). Add 'AF_INET6' to
'RestrictAddressFamilies' (without it IPV6 can't work). From
Guido Shanahan.
- unbound-checkconf checks if modules exist and prints if they are
not compiled in the name of the wrong module.
- Patch for stub-no-cache and forward-no-cache options that disable
caching for the contents of that stub or forward, for when you
want immediate changes visible, from Bjoern A. Zeeb.
- Upgraded crosscompile script to include libunbound DLL in the
- Set libunbound to increase current, because the libunbound change
to the event callback function signature. That needs programs,
that use it, to recompile against the new header definition.
- log-servfail: yes prints log lines that say why queries are
returning SERVFAIL to clients.
- log-local-actions: yes option for unbound.conf that logs all the
local zone actions, a patch from Saksham Manchanda (Secure64).
- #4146: num.query.subnet and num.query.subnet_cache counters.
- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This
gives access to reply information for the client's communication
point when the callback is called before the mesh state (modules).
Changes to C and Python's inplace_callback signatures were also
- Set defaults to yes for a number of options to increase speed and
resilience of the server. The so-reuseport, harden-below-nxdomain,
and minimal-responses options are enabled by default. They used
to be disabled by default, waiting to make sure they worked. They
are enabled by default now, and can be disabled explicitly by
setting them to "no" in the unbound.conf config file. The reuseport
and minimal options increases speed of the server, and should be
otherwise harmless. The harden-below-nxdomain option works well
together with the recently default enabled qname minimisation, this
causes more fetches to use information from the cache.
- Added serve-expired-ttl and serve-expired-ttl-reset options.
Bug Fixes
- Windows example service.conf edited with more windows specific
- #4108: systemd reload hang fix.
- Fix usage printout for unbound-host, hostname has to be last
argument on BSDs and Windows.
- Partial fix for permission denied on IPv6 address on FreeBSD.
- Fix that auth-zone master reply with current SOA serial does not
stop scan of masters for an updated zone.
- Fix that auth-zone does not start the wait timer without checking
if the wait timer has already been started.
- #4109: Fix that package config depends on python unconditionally.
- Patch, do not export python from pkg-config, from Petr Men?ík.
- Fix checking for libhiredis printout in configure output.
- Fix typo on man page in ip-address description.
- Update libunbound/python/examples/ example code to
also set the 20326 trust anchor for the root in the example code.
- Better documentation for unblock-lan-zones and insecure-lan-zones
config statements.
- Fix permission denied printed for auth zone probe random port nrs.
- Fix documentation ambiguity for tls-win-cert in tls-upstream and
forward-tls-upstream docs.
- iana port update.
- Fix round robin for failed addresses with prefer-ip6: yes
- Note in documentation that the cert name match code needs
OpenSSL 1.1.0 or later to be enabled.
- Fix to improve systemd socket activation code file descriptor
- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
easily changed to adjust default rtt assumptions.
- Fix #4127 unbound -h does not list -p help.
- Print error if SSL name verification configured but not available
in the ssl library.
- Fix that ratelimit and ip-ratelimit are applied after reload of
changed config file.
- Resize ratelimit and ip-ratelimit caches if changed on reload.
- Fix #4129 unbound-control error message with wrong cert permissions
is too cryptic.
- Fix #4130: print text describing -dd and unbound-checkconf on
config file read error at startup, the errors may have been moved
away by the startup process.
- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
- Fix use-systemd readiness signalling, only when use-systemd is yes
and not in signal handler.
- Fix #4135: 64-bit Windows Installer Creates Entries Under The
Wrong Registry Key, reported by Brian White.
- Fix man page, say that chroot is enabled by default.
- Sort out test runs when the build directory isn't the project
root directory.
- Error if EDNS Keepalive received over UDP.
- Correct and expand manual page entries for keepalive and idle timeout.
- Implement progressive backoff of TCP idle/keepalive timeout.
- Fix 'make depend' to work when build dir is not project root.
- Fix #4139: Fix unbound-host leaks memory on ANY.
- Fix to remove systemd sockaddr function check, that is not
always present. Make socket activation more lenient. But not
different when socket activation is not used.
- Fix #4136: insufficiency from mismatch of FLEX capability between
released tarball and build host. Fix to unconditionally call
destroy in daemon.c.
- Make capsforid fallback QNAME minimisation aware.
- document --enable-subnet in doc/README.
- Fix #4144: dns64 module caches wrong (negative) information.
- Fix that printout of error for cycle targets is a verbosity 4
printout and does not wrongly print it is a memory error.
- Fix segfault in auth-zone read and reorder of RRSIGs.
- Fix contrib/fastrpz.patch.
- Fix warning on compile without threads.
- print servfail info to log as error.
- added more servfail printout statements, to the iterator.
- Fix classification for QTYPE=CNAME queries when QNAME minimisation is
- Fix only misc failure from log-servfail when val-log-level is not
- Fix lintflags for lint on FreeBSD.
- Fix that a local-zone with a local-zone-type that is transparent
in a view with view-first, makes queries check for answers from the
local-zones defined outside of views.

==== usbredir ====
Version update (0.7.1 -> 0.8.0)
Subpackages: libusbredirhost1 libusbredirparser1

- Update to version 0.8.0
+ usbredirfilter:
- Fix busy wait due endless recursion when interface_count is zero
+ usbredirhost:
- Fix leak on error
+ usbredirserver:
- Use 'busnum-devnum' instead of 'usbbus-usbaddr'
- Add support for bind specific address -4 for ipv4, -6 for ipv6
- Reject empty vendorid from command line
- Enable TCP keepalive

==== yast2-python-bindings ====
Version update (4.0.4 -> 4.0.5)

- Fix Id construction for python2, use items instead of iteritems
for python2/python3 compatability; (bsc#1108558).
- Switched license in spec file from SPDX2 to SPDX3 format.

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages