Removed rpms
============

 - tftpboot-installation-SLE-15-SP3-aarch64
 - wine-devel-32bit
 - wine-staging-devel-32bit
 - tftpboot-installation-SLE-15-SP3-x86_64
 - libmunge2-32bit
 - libpipewire-0_3-0-32bit
 - pipewire-libjack-0_3-32bit
 - pipewire-spa-plugins-0_2-32bit
 - tftpboot-installation-SLE-15-SP3-ppc64le

Added rpms
==========

 - libmunge2-32bit
 - libpipewire-0_3-0-32bit
 - pipewire-libjack-0_3-32bit
 - pipewire-spa-plugins-0_2-32bit
 - tftpboot-installation-SLE-15-SP3-ppc64le
 - kernel-obs-build
 - tftpboot-installation-SLE-15-SP3-aarch64
 - tftpboot-installation-SLE-15-SP3-x86_64
 - wine-devel-32bit
 - wine-staging-devel-32bit

Package Source Changes
======================

0ad
+- BuildRequires nvidia-texture-tools only when needed
+
+- Enable nvidia-texture-tools only on supported archs
+
chromium
+- Chromium 90.0.4430.93 (boo#1185398):
+  - CVE-2021-21227: Insufficient data validation in V8.
+  - CVE-2021-21232: Use after free in Dev Tools.
+  - CVE-2021-21233: Heap buffer overflow in ANGLE.
+  - CVE-2021-21228: Insufficient policy enforcement in extensions.
+  - CVE-2021-21229: Incorrect security UI in downloads.
+  - CVE-2021-21230: Type Confusion in V8.
+  - CVE-2021-21231: Insufficient data validation in V8.
+  - Reference: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
+
+- Chromium 90.0.4430.85 (boo#1185047):
+  * CVE-2021-21222: Heap buffer overflow in V8
+  * CVE-2021-21223: Integer overflow in Mojo
+  * CVE-2021-21224: Type Confusion in V8
+  * CVE-2021-21225: Out of bounds memory access in V8
+  * CVE-2021-21226: Use after free in navigation
+- Chromium 90.0.4430.72 (boo#1184764):
+  * CVE-2021-21201: Use after free in permissions
+  * CVE-2021-21202: Use after free in extensions
+  * CVE-2021-21203: Use after free in Blink
+  * CVE-2021-21204: Use after free in Blink
+  * CVE-2021-21205: Insufficient policy enforcement in navigation
+  * CVE-2021-21221: Insufficient validation of untrusted input in Mojo
+  * CVE-2021-21207: Use after free in IndexedDB
+  * CVE-2021-21208: Insufficient data validation in QR scanner
+  * CVE-2021-21209: Inappropriate implementation in storage
+  * CVE-2021-21210: Inappropriate implementation in Network
+  * CVE-2021-21211: Inappropriate implementation in Navigatio
+  * CVE-2021-21212: Incorrect security UI in Network Config UI
+  * CVE-2021-21213: Use after free in WebMIDI
+  * CVE-2021-21214: Use after free in Network API
+  * CVE-2021-21215: Inappropriate implementation in Autofill
+  * CVE-2021-21216: Inappropriate implementation in Autofill
+  * CVE-2021-21217: Uninitialized Use in PDFium
+  * CVE-2021-21218: Uninitialized Use in PDFium
+  * CVE-2021-21219: Uninitialized Use in PDFiu
+  * drop chromium-89-quiche-private.patch
+  * drop chromium-89-quiche-dcheck.patch
+  * drop chromium-89-skia-CropRect.patch
+  * drop chromium-89-dawn-include.patch
+  * drop chromium-89-webcodecs-deps.patch
+  * drop chromium-89-AXTreeSerializer-include.patch
+  * drop libva-2.11.patch
+  * drop libva-2.11-nolegacy.patch
+  * drop chromium-84-blink-disable-clang-format.patch
+- chromium-90-gslang-linkage-fixup.patch: fixed a weird static/nonpic error
+- chromium-90-cstdint.patch: some cstd includes added
+- chromium-90-fseal.patch: F_SEAL defines added
+
envoy-proxy
+- Update _constraints for backports
+
flacon
+- Update to version 7.0.1
+  * Added informative error messages when the program can't load
+    an audio file:
+    + The audio file does not exist.
+    + The audio file may be corrupted or an unsupported audio
+    format.
+    + Decoder program is not installed.
+    + Decoder program is installed in the settings but binary
+    file does not exist.
+  * Improved warning messages:
+    + Do not show a warning if the output format does not
+    support the quality of the input HD audio, but you have
+    set the correct bits per sample and sample rate in the
+    preferences.
+  * Redesigned the logic of loading CUE files containing
+    multiple files, for example, 2 sides of an LP. Now they are
+    displayed as a single list, have a single track numbering,
+    and allow you to change album tags in a single operation.
+  * Fixed: Flacon refuses to compute ReplayGain for no good
+    reason.
+  * Improved search for covers arts.
+  * Added better icons for dark themes.
+  * Added a few codepages for some East Asian languages.
+  * Translations updated.
+
ganglia
+- Do-not-use-var-run-but-run-as-path-for-PID-file.patch:
+  Change PID file for gmetad and gmond from /var/run to /run
+  (bsc#1185158 & bsc#1185159).
+
+- Only requires user(daemon) on major versions >= 15.
+- Work around silly %autopatch bug in SLE 12.
+
+- Replace system-user-daemon with user(daemon): be resilient to
+  package name changes.
+
haruna
+- Update to version 0.6.3
+  * Set breeze icon theme before QApplication creation
+
installation-images:SLES
+- merge gh#openSUSE/installation-images#507
+- Revert "trigger automatic nvme discovery (bsc#1184908)"
+- trigger automatic nvme discovery in udev start script
+  (bsc#1184908)
+- 16.56.9
+
+- merge gh#openSUSE/installation-images#501
+- trigger automatic nvme discovery (bsc#1184908)
+- 16.56.8
+
+- merge gh#openSUSE/installation-images#499
+- fix NVMf autoconnect udev rule (bsc#1184908)
+
kernel-64kb
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-debug
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-default
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-docs
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-kvmsmall
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-obs-build
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-obs-qa
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-preempt
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-source
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
kernel-syms
+- Refresh
+  patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch.
+- commit dbaac01
+
+- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
+- commit 58c17cd
+
+- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()"
+  (bsc#1185038)
+  This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf.
+  Reverted upstream.
+- commit 73b3872
+
+- perf/x86/intel/uncore: Remove uncore extra PCI dev
+  HSWEP_PCI_PCU_3 (bsc#1184685).
+- commit 91f11e3
+
+- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
+  Previously essiv was part of dm-crypt but now it is separate.
+  Include the module in kernel-obs-build when available.
+  Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
+- commit bd99014
+
miredo
+- Add reproducible.patch to drop build host name (boo#1084909)
+- Drop miredo-no-build-date.patch - not needed because of gcc patch
+
+- Set LogLevel to info in the systemd service files to prevent
+  miredo spamming syslog with debug messages (boo#1165313)
+
nfoview
+- Update to 1.28:
+  * Switch default font from Terminus to Cascadia Code as Terminus is
+    most commonly a bitmap font, which no longer work with Pango 1.44:
+    https://gitlab.gnome.org/GNOME/pango/issues/386
+  * Always fall back on the platform default monospace font
+  * Add Dutch translation (Heimen Stoffels)
+
+- Update to version 1.27.1:
+  * Fix CSS error with the abnormal weight of the Unscii font
+- Drop nfoview-fix-css-font-abnormal-weight.patch
+
+- Update to version 1.27:
+  * New app icon, as full-color and symbolic SVGs.
+  * Use the reverse domain name "io.otsaloma.nfoview" for desktop
+    file, appdata file and icons.
+- Changes from version 1.26.1:
+  * Updated translations.
+- Modernize spec, use autosetup and python macros.
+- Add fdupes BuildRequires and macro, remove duplicate files.
+- Drop -lang Recommends: No longer needed, supplements in place.
+- Drop hicolor-icon-theme and update-desktop-files
+  Requires(post(un)) and macros: No longer needed.
+- Add nfoview-fix-css-font-abnormal-weight.patch: Fix CSS error
+  with the abnormal weight of the Unscii font.
+
+- Update to version 1.26:
+  * Use native file dialogs when available.
+- Changes from version 1.25:
+  * Add support for building a Flatpak.
+  * Add 64x64 and 128x128 icons.
+  * Update AppData XML file.
+  * Fix build reproducibility.
+  * Updated translations.
+
+- Update to version 1.24:
+  * Avoid error output if not using header bars
+  * Set program name
+  * Sort input file list to make build reproducible (boo#1041090)
+
-- Initial package created - 1.9.5.
-- Patch to correct font name and size.
-
nrpe
+- fix apparmor profile to allow /run as well as /var/run
+
+- added nrpe-4.0.4-silence_wrong_package_version_messages.patch
+  NRPE logs 'packet version was invalid' and 'Could not read request
+  from client' if the NRPE version on the client does not match the
+  one on the server side.
+  This patch reduces the importance of the log entry to be just
+  informal, which should silent most client logs, while it makes
+  it still available for debugging.
+
+- update to 4.0.3
+  ENHANCEMENTS
+  * Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam)
+  * Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
+  * Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
+  * Added -3 option to force check_nrpe to use NRPE v3 packets
+  * OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
+  * OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht)
+  FIXES
+  * Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)
+  * Fixed buffer length calculations/writing past memory boundaries
+    on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
+  * Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
+  * Fixed syslog flooding with CRC-checking errors when both plugin
+    and agent were updated to version 4 (Sebastian Wolf)
+  * Checks for '!' now only occur inside the command buffer (Joni Eskelinen)
+  * NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
+  * allowed_hosts will no longer test getaddrinfo records against the
+    wrong protocol (dombenson)
+  * nasty_metachars will now handle C escape sequences properly when
+    specified in the config file (Sebastian Wolf)
+  * Calculated packet sizes now struct padding/alignment when sending
+    and receiving messages (Sebastian Wolf)
+  * Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
+  * When using include_dir, individual files' errors do not prevent
+    the remaining files from being read (Sebastian Wolf)
+- refreshed the following patches:
+  * nrpe-implicit_declaration.patch
+  * nrpe-improved_help.patch
+  * nrpe_check_control.patch
+- renamed and refreshed the following patches/sources:
+  * nrpe-3.2.1-disable-chkconfig_in_Makefile.patch
+  - > nrpe-disable-chkconfig_in_Makefile.patch
+  * nrpe-3.2.1-static_dh_parameters.patch
+  - > nrpe-static_dh_parameters.patch
+  * nrpe-3.2.1-dh.h -> nrpe-dh.h
+- enhanced README.SUSE with some words about Apparmor
+- added an include directive in usr.sbin.nrpe apparmor config
+  and a basic local/usr.sbin.nrpe file in the docu-directory
+
+- Don't install SuSEfirewall2 service file, SuSEfirewall2 is gone
+
+- nrpe.xml firewalld file is handled by firewalld package
+- Leap 15.1 is suse_version 1500 (thanks, dimstar)
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+  shortcut through the -mini flavors.
+
+- Do not package nrpe.xml for Leap 15.0, as it is included in
+  firewalld package there.
+
+- add nrpe.xml snipplet for firewalld
+- still ship nrpe snipplet for SuSEfirewalld for now
+- use systemd files directly from upstream:
+  + drop Requires=var-run.mount line from service file
+  + drop nrpe.service
+  + drop nrpe.socket
+  + do not create tmpfiles.d/nrpe in spec any longer
+- handle migration from /etc/nagios/nrpe.cfg to /etc/nrpe.cfg also
+  for systemd case (triggerun)
+- increase warn/crit level for processes to 350/400 in a default
+  installation
+- added patch and dh.h file to NOT re-calculate dh.h parameters
+  during each build (for reproducable builds).
+  Can be enable/disable by setting the 'reproducable' build
+  condition. Default is: "on" for suse_version >= 15
+  + nrpe-3.2.1-static_dh_parameters.patch
+  + nrpe-3.2.1-dh.h
+- use _rundir and _tmpfilesdir macros everywhere
+- do not create nagios user/group during install on (open)SUSE
+  systems and rely on the files section here instead
+- rename nagios-nrpe-rpmlintrc and nagios-nrpe-SuSEfirewall2 to
+  nrpe-rpmlintrc and nrpe-SuSEfirewall2
+- simplify rpmlintrc
+- build nrpe-doc package as noarch
+- specfile cleanup & remove other distribution specials
+- disable chkconfig call in Makefile on old distributions
+  nrpe-3.2.1-disable-chkconfig_in_Makefile.patch
+
+- only include %{_sysconfdir}/xinetd.d on newer distributions
+  (fixes submission of this package as update for SLE12-SP4
+  and Leap 42.3 - boo#938906)
+
-- call tmpfiles_create in postinstall
+- call tmpfiles_create in postinstall (bsc#1080637 and bsc#924649)
openSUSE-xfce-icon-theme
+- Update to version 4.16.1+git5.e82fd05:
+  * Remove unused entries (boo#1183828)
+
+- Update to version 4.16.1+git4.47431fc:
+  * Add temporary fix for missing file-roller icon
+
openscad
+- openGL is required but Arm uses openGL ES, so exclude %arm
+  and aarch64
+
+- fix build with new C++ compilers, add boost_include.diff
+
+- Use memoryperjob constraint instead of %limit_build macro.
+
openvswitch
+- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177).
+  * 0001-Replace-deprecated-var-run-with-run.patch
+
pgn-extract
+- Update to 20.02
+  * Added --linenumbers
+  * Added --fixtagstrings.
+  * Date matches with -t and -T extended to match on month and day
+    as well as year.
+  * Added --wtm and --btm.
+  * Added limited relational TimeControl matching with -t
+  * Added missing 'ep' for en passant moves with -Wxlalg and -Wxolalg.
+  * Bug fix to eliminate illegal pawn moves in long algebraic notation.
+  * Added --startply.
+  * Added --fenpattern, --fenpatterni, --materialy and --materialz
+    as command-line arguments.
+  * Delete NAGs appearing before the first move of a game.
+- Rebase patches:
+  * pgn-extract-no-buildtime.patch
+  * pgn-extract-set_eco.pgn_path.patch
+
pipewire
+- Add %systemd_ordering so systemd is installed before pipewire
+  on fresh installations. This allows to set the service presets
+  correctly on new systems since the %systemd_user_* macros don't
+  do anything if systemd is not installed (boo#1185459).
+
plowshare
+- Add reproducible.patch to override build date (boo#1047218)
+
python39
+- Update to 3.9.4:
+  - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
+    as it changed the PyThreadState struct size and broke the 3.9.x ABI
+    in the 3.9.3 release (visible on 32-bit platforms using binaries
+    compiled using an earlier version of Python 3.9.x headers).
+  - bpo#26053: Fixed bug where the pdb interactive run command echoed
+    the args from the shell command line, even if those have been
+    overridden at the pdb prompt.
+  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
+    feature of the pydoc module which could be abused to read
+    arbitrary files on the disk (directory traversal
+    vulnerability). Moreover, even source code of Python modules
+    can contain sensitive data like passwords. Vulnerability
+    reported by David SchwĂśrer.
+  - bpo#43285: ftplib no longer trusts the IP address value
+    returned from the server in response to the PASV command by
+    default. This prevents a malicious FTP server from using the
+    response to probe IPv4 address and port combinations on the
+    client network. Code that requires the former vulnerable
+    behavior may set a trust_server_pasv_ipv4_address attribute
+    on their ftplib.FTP instances to True to re-enable it.
+  - bpo#43439: Add audit hooks for gc.get_objects(),
+    gc.get_referrers() and gc.get_referents(). Patch by Pablo
+    Galindo.
+  - bpo#43660: Fix crash that happens when replacing sys.stderr
+    with a callable that can remove the object while an exception
+    is being printed. Patch by Pablo Galindo.
+  - bpo#43555: Report the column offset for SyntaxError for
+    invalid line continuation characters. Patch by Pablo Galindo.
+  - bpo#43517: Fix misdetection of circular imports when using
+    from pkg.mod import attr, which caused false positives in
+    non-trivial multi-threaded code.
+  - bpo#35883: Python no longer fails at startup with a fatal
+    error if a command line argument contains an invalid Unicode
+    character. The Py_DecodeLocale() function now escapes byte
+    sequences which would be decoded as Unicode characters
+    outside the [U+0000; U+10ffff] range.
+  - bpo#43406: Fix a possible race condition where
+    PyErr_CheckSignals tries to execute a non-Python signal
+    handler.
+  - bpo#42500: Improve handling of exceptions near recursion
+    limit. Converts a number of Fatal Errors in RecursionErrors.
+  - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
+    and fragment in the URL of the server.
+  - bpo#35930: Raising an exception raised in a “future” instance
+    will create reference cycles.
+  - bpo#43577: Fix deadlock when using ssl.SSLContext debug
+    callback with ssl.SSLContext.sni_callback().
+  - bpo#43521: ast.unparse can now render NaNs and empty sets.
+  - bpo#43423: subprocess.communicate() no longer raises an
+    IndexError when there is an empty stdout or stderr IO buffer
+    during a timeout on Windows.
+  - bpo#27820: Fixed long-standing bug of smtplib.SMTP where
+    doing AUTH LOGIN with initial_response_ok=False will fail.
+    The cause is that SMTP.auth_login _always_ returns a password
+    if provided with a challenge string, thus non-compliant with
+    the standard for AUTH LOGIN. Also fixes bug with the test for
+    smtpd.
+  - bpo#43332: Improves the networking efficiency of http.client
+    when using a proxy via set_tunnel(). Fewer small send calls
+    are made during connection setup.
+  - bpo#43399: Fix ElementTree.extend not working on iterators
+    when using the Python implementation
+  - bpo#43316: The python -m gzip command line application now
+    properly fails when detecting an unsupported extension. It
+    exits with a non-zero exit code and prints an error message
+    to stderr.
+  - bpo#43260: Fix TextIOWrapper can not flush internal buffer
+    forever after very large text is written.
+  - bpo#42782: Fail fast in shutil.move() to avoid creating
+    destination directories on failure.
+  - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
+    introduced in Python 3.7.
+  - bpo#43199: Answer “Why is there no goto?” in the Design and
+    History FAQ.
+  - bpo#43407: Clarified that a result from time.monotonic(),
+    time.perf_counter(), time.process_time(), or
+    time.thread_time() can be compared with the result from any
+    following call to the same function - not just the next
+    immediate call.
+  - bpo#27646: Clarify that ‘yield from <expr>’ works with any
+    iterable, not just iterators.
+  - bpo#36346: Update some deprecated unicode APIs which are
+    documented as “will be removed in 4.0” to “3.12”. See PEP 623
+    for detail.
+  - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
+    skip the test if setlocale() fails. Patch by Victor Stinner.
+  - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
+    security level policy.
+  - bpo#43288: Fix test_importlib to correctly skip Unicode file
+    tests if the fileystem does not support them.
+  - bpo#43617: Improve configure.ac: Check for presence of
+    autoconf-archive package and remove our copies of M4 macros.
+  - bpo#42225: Document that IDLE can fail on Unix either from
+    misconfigured IP masquerage rules or failure displaying
+    complex colored (non-ascii) characters.
+  - bpo#43283: Document why printing to IDLE’s Shell is often
+    slower than printing to a system terminal and that it can be
+    made faster by pre-formatting a single string before
+    printing.
+
+- Update to 3.9.2:
+  - bpo#42938 (bsc#1181126): Avoid static buffers when computing
+    the repr of ctypes.c_double and ctypes.c_longdouble
+    values. This issue was assigned CVE-2021-3177.
+  - bpo#42967 (bsc#1182379): Fix web cache poisoning
+    vulnerability by defaulting the query args separator to &,
+    and allowing the user to choose a custom separator. This
+    issue was assigned CVE-2021-23336.
+- Upstreamed patches were removed:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bsc1167501-invalid-alignment.patch
+  - skip_random_failing_tests.patch
+  - CVE-2019-5010-null-defer-x509-cert-DOS.patch
+
+- Add Obsoletes for python3-base when primary interpreter is set to
+  properly replace it during upgrades.  (bsc#1181324)
+
+- Update to 3.9.1:
+  Security bugs:
+  - Prevented potential DoS attack via CPU and RAM exhaustion
+    when processing malformed Apple Property List files in binary
+    format.
+  - The plistlib module no longer accepts entity declarations in
+    XML plist files to avoid XML vulnerabilities. This should not
+    affect users as entity declarations are not used in regular
+    plist files.
+  - Add volatile to the accumulator variable in
+    hmac.compare_digest, making constant-time-defeating
+    optimizations less likely.
+  Core and Builtins
+  - Allow assignment expressions in set literals and set
+    comprehensions as per PEP 572. Patch by Pablo Galindo.
+  - Fix a regression introduced by the new parser, where an
+    unparenthesized walrus operator was not allowed within
+    generator expressions.
+  - types.GenericAlias objects can now be the targets of
+    weakrefs.
+  - Fixed a bug in the PEG parser that was causing crashes in
+    debug mode. Now errors are checked in left-recursive rules to
+    avoid cases where such errors do not get handled in time and
+    appear as long-distance crashes in other places.
+  - Fixed a possible crash in the PEG parser when checking for
+    the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
+    Galindo.
+  - Fix handling of errors during creation of PyFunctionObject,
+    which resulted in operations on uninitialized memory. Patch
+    by Yonatan Goldschmidt.
+  - Fix a bug in the parser, where a curly brace following
+    a primary didn’t fail immediately. This led to invalid
+    expressions like a {b} to throw a SyntaxError with a wrong
+    offset, or invalid expressions ending with a curly brace like
+    a { to not fail immediately in the REPL.
+  - Fix possible buffer overflow in the new parser when checking
+    for continuation lines. Patch by Pablo Galindo.
+  - Run the parser two times. On the first run, disable all the
+    rules that only generate better error messages to gain
+    performance. If there’s a parse failure, run the parser
+    a second time with those enabled.
+  - Document the default implementation of object.__eq__.
+  - Fix peephole optimizer misoptimize conditional jump
+    + JUMP_IF_NOT_EXC_MATCH pair.
+  - The garbage collector now tracks all user-defined classes.
+    Patch by Brandt Bucher.
+  - Fixed potential issues with removing not completely
+    initialized module from sys.modules when import fails.
+  - Star-unpacking is now allowed for with item’s targets in the
+    PEG parser.
+  - Fixed stack overflow in issubclass() and isinstance() when
+    getting the __bases__ attribute leads to infinite recursion.
+  - When loading a native module and a load failure occurs,
+    prevent a possible UnicodeDecodeError when not running in
+    a UTF-8 locale by decoding the load error message using the
+    current locale’s encoding.
+  - Correctly count control blocks in ‘except’ in compiler.
+    Ensures that a syntax error, rather a fatal error, occurs for
+    deeply nested, named exception handlers.
+  Library
+  - types.GenericAlias will now raise a TypeError when attempting
+    to initialize with a keyword argument. Previously, this would
+    cause the interpreter to crash if the interpreter was
+    compiled with debug symbols. This does not affect
+    interpreters compiled for release. Patch by Ken Jin.
+  - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
+    parsed. Replace the special purpose getallmatchingheaders
+    with generic get_all method and add relevant tests.
+  - inspect.findsource() now raises OSError instead of IndexError
+    when co_lineno of a code object is greater than the file
+    length. This can happen, for example, when a file is edited
+    after it was imported. PR by Irit Katriel.
+  - Fix handling of trailing comments by inspect.getsource().
+  - ChainMap.__iter__ no longer calls __getitem__ on underlying
+    maps
+  - TracebackException no longer holds a reference to the
+    exception’s traceback object. Consequently, instances of
+    TracebackException for equivalent but non-equal exceptions
+    now compare as equal.
+  - We fixed an issue in pickle.whichmodule in which importing
+    multiprocessing could change the how pickle identifies which
+    module an object belongs to, potentially breaking the
+    unpickling of those objects.
+  - Clarify the error message for asyncio.IncompleteReadError
+    when expected is None.
+  - Extracting a symlink from a tarball should succeed and
+    overwrite the symlink if it already exists. The fix is to
+    remove the existing file or symlink before extraction. Based
+    on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
+    Kumaran.
+  - Fixed tkinter.ttk.Style.map(). The function accepts now the
+    representation of the default state as empty sequence (as
+    returned by Style.map()). The structure of the result is now
+    the same on all platform and does not depend on the value of
+    wantobjects.
+  - Fix various issues with typing.Literal parameter handling
+    (flatten, deduplicate, use type to cache key). Patch provided
+    by Yurii Karabas.
+  - Fix the threading.Thread class at fork: do nothing if the
+    thread is already stopped (ex: fork called at Python exit).
+    Previously, an error was logged in the child process.
+  - The onerror callback from shutil.rmtree now receives correct
+    function when os.open fails.
+  - Fix os.sendfile() on illumos.
+  - Fixed writing binary Plist files larger than 4 GiB.
+  - The repr() of typing types containing Generic Alias Types
+    previously did not show the parameterized types in the
+    GenericAlias. They have now been changed to do so.
+  - webbrowser: Ignore NotADirectoryError when calling
+    xdg-settings.
+  - binhex.binhex() consisently writes macOS 9 line endings.
+  - Fix a stack overflow error for asyncio Task or Future repr().
+  - The overflow occurs under some circumstances when a Task or
+    Future recursively returns itself.
+  - Fix memory leak in subprocess.Popen() in case an uid (gid)
+    specified in user (group, extra_groups) overflows uid_t
+    (gid_t).
+  - Improve asyncio.wait function to create the futures set just
+    one time.
+  - InvalidFileException and RecursionError are now the only
+    errors caused by loading malformed binary Plist file
+    (previously ValueError and TypeError could be raised in some
+    specific cases).
+  - Pickling heap types implemented in C with protocols 0 and
+    1 raises now an error instead of producing incorrect data.
+  - plistlib: fix parsing XML plists with hexadecimal integer
+    values
+  - Fix an incorrectly formatted error from
+    _codecs.charmap_decode() when called with a mapped value
+    outside the range of valid Unicode code points. PR by Max
+    Bernstein.
+  - Fix pickling pure Python datetime.time subclasses. Patch by
+    Dean Inwood.
+  - Fixed a bug that was causing ctypes.util.find_library() to
+    return None when triying to locate a library in an
+    environment when gcc>=9 is available and ldconfig is not.
+    Patch by Pablo Galindo
+  - C14N 2.0 serialisation in xml.etree.ElementTree failed for
+    unprefixed attributes when a default namespace was defined.
+  - Fix a bug in the symtable module that was causing
+    module-scope global variables to not be reported as both
+    local and global. Patch by Pablo Galindo.
+  - str() for the type attribute of the tkinter.Event object
+    always returns now the numeric code returned by Tk instead of
+    the name of the event type.
+  - fix tkinter.EventType Enum so all members are strings, and
+    none are tuples
+  - Fix SQLite3 segfault when backing up closed database. Patch
+    contributed by Peter David McCormick.
+  - Fix the tarfile module to write only basename of TAR file to
+    GZIP compression header.
+  - Allow ctypes.wintypes to be imported on non-Windows systems.
+  - shutil.which() now ignores empty entries in PATHEXT instead
+    of treating them as a match.
+  - Fix time-of-check/time-of-action issue in
+    subprocess.Popen.send_signal.
+  - Fix --outfile for cProfile / profile not writing the output
+    file in the original directory when the program being
+    profiled changes the working directory. PR by Anthony
+    Sottile.
+  - ZipFile truncates files to avoid corruption when a shorter
+    comment is provided in append (“a”) mode. Patch by Jan Mazur.
+  - Fixed KeyError exception when flattening an email to a string
+    attempts to replace a non-existent Content-Transfer-Encoding
+    header.
+  Documentation
+  - Fix the URL for the IMAP protocol documents.
+  - Document __format__ functionality for IP addresses.
+  - Clarify that subscription expressions are also valid for
+    certain classes and types in the standard library, and for
+    user-defined classes and types if the classmethod
+    __class_getitem__() is provided.
+  - Documented generic alias type and types.GenericAlias. Also
+    added an entry in glossary for generic types.
+  - In Programming FAQ “Sequences (Tuples/Lists)” section, add
+    “How do you remove multiple items from a list”.
+  - Fix RemovedInSphinx40Warning when building the documentation.
+    Patch by Dong-hee Na.
+  - Update the refcounts info of PyType_FromModuleAndSpec.
+  - Fix tarfile’s extractfile documentation
+  - Document some restrictions on the default string
+    representations of numeric classes.
+  Tests
+  - Reenable test_gdb on gdb 9.2 and newer:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
+    fixed in gdb 10.1.
+  - Fix test_asyncio.test_call_later() race condition: don’t
+    measure asyncio performance in the call_later() unit test.
+    The test failed randomly on the CI.
+  - Include _testinternalcapi module in Windows installer for
+    test suite
+  - Fix test_logging.test_race_between_set_target_and_flush():
+    the test now waits until all threads complete to avoid
+    leaking running threads.
+  - Avoid a test failure in test_lib2to3 if the module has
+    already imported at the time the test executes. Patch by
+    Pablo Galindo.
+  - Tests for CJK codecs no longer call eval() on content
+    received via HTTP.
+  - Fix test_site.test_license_exists_at_url(): call
+    urllib.request.urlcleanup() to reset the global
+    urllib.request._opener. Patch by Victor Stinner.
+  - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
+    not available
+  - Add tests for SIGINT handling in the runpy module.
+  - Fixed a failure in test_tk.test_widgets.ScaleTest happening
+    when executing the test with Tk 8.6.10.
+  Build
+  - Fix a race condition in “make regen-all” when make -jN option
+    is used to run jobs in parallel. The clinic.py script now
+    only use atomic write to write files. Moveover, generated
+    files are now left unchanged if the content does not change,
+    to not change the file modification time.
+  - Update Py_UNREACHABLE to use __builtin_unreachable() if only
+    the compiler is able to use it. Patch by Dong-hee Na.
+  - Addressed three compiler warnings found by undefined behavior
+    sanitizer (ubsan).
+  IDLE
+  - Fix reporting offset of the RE error in searchengine.
+  - Get docstrings for IDLE calltips more often by using
+    inspect.getdoc.
+  - Mostly finish using ttk widgets, mainly for editor, settings,
+    and searches. Some patches by Mark Roseman.
+  - Use ‘IDLE Shell’ as shell title
+  - Rewrite the Calltips doc section.
+  - In calltips, stop reminding that ‘/’ marks the end of
+    positional-only arguments.
+  - Typing opening and closing parentheses inside the parentheses
+    of a function call will no longer cause unnecessary
+    “flashing” off and on of an existing open call-tip, e.g. when
+    typed in a string literal.
+  C API
+  - Fix potential crash in deallocating method objects when
+    dynamically allocated PyMethodDef’s lifetime is managed
+    through the self argument of a PyCFunction.
+  - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
+    available again in limited API.
+- Readjustet and reapplied patches:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - skip_random_failing_tests.patch
+  - sphinx-update-removed-function.patch
+
python39:base
+- Update to 3.9.4:
+  - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
+    as it changed the PyThreadState struct size and broke the 3.9.x ABI
+    in the 3.9.3 release (visible on 32-bit platforms using binaries
+    compiled using an earlier version of Python 3.9.x headers).
+  - bpo#26053: Fixed bug where the pdb interactive run command echoed
+    the args from the shell command line, even if those have been
+    overridden at the pdb prompt.
+  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
+    feature of the pydoc module which could be abused to read
+    arbitrary files on the disk (directory traversal
+    vulnerability). Moreover, even source code of Python modules
+    can contain sensitive data like passwords. Vulnerability
+    reported by David SchwĂśrer.
+  - bpo#43285: ftplib no longer trusts the IP address value
+    returned from the server in response to the PASV command by
+    default. This prevents a malicious FTP server from using the
+    response to probe IPv4 address and port combinations on the
+    client network. Code that requires the former vulnerable
+    behavior may set a trust_server_pasv_ipv4_address attribute
+    on their ftplib.FTP instances to True to re-enable it.
+  - bpo#43439: Add audit hooks for gc.get_objects(),
+    gc.get_referrers() and gc.get_referents(). Patch by Pablo
+    Galindo.
+  - bpo#43660: Fix crash that happens when replacing sys.stderr
+    with a callable that can remove the object while an exception
+    is being printed. Patch by Pablo Galindo.
+  - bpo#43555: Report the column offset for SyntaxError for
+    invalid line continuation characters. Patch by Pablo Galindo.
+  - bpo#43517: Fix misdetection of circular imports when using
+    from pkg.mod import attr, which caused false positives in
+    non-trivial multi-threaded code.
+  - bpo#35883: Python no longer fails at startup with a fatal
+    error if a command line argument contains an invalid Unicode
+    character. The Py_DecodeLocale() function now escapes byte
+    sequences which would be decoded as Unicode characters
+    outside the [U+0000; U+10ffff] range.
+  - bpo#43406: Fix a possible race condition where
+    PyErr_CheckSignals tries to execute a non-Python signal
+    handler.
+  - bpo#42500: Improve handling of exceptions near recursion
+    limit. Converts a number of Fatal Errors in RecursionErrors.
+  - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
+    and fragment in the URL of the server.
+  - bpo#35930: Raising an exception raised in a “future” instance
+    will create reference cycles.
+  - bpo#43577: Fix deadlock when using ssl.SSLContext debug
+    callback with ssl.SSLContext.sni_callback().
+  - bpo#43521: ast.unparse can now render NaNs and empty sets.
+  - bpo#43423: subprocess.communicate() no longer raises an
+    IndexError when there is an empty stdout or stderr IO buffer
+    during a timeout on Windows.
+  - bpo#27820: Fixed long-standing bug of smtplib.SMTP where
+    doing AUTH LOGIN with initial_response_ok=False will fail.
+    The cause is that SMTP.auth_login _always_ returns a password
+    if provided with a challenge string, thus non-compliant with
+    the standard for AUTH LOGIN. Also fixes bug with the test for
+    smtpd.
+  - bpo#43332: Improves the networking efficiency of http.client
+    when using a proxy via set_tunnel(). Fewer small send calls
+    are made during connection setup.
+  - bpo#43399: Fix ElementTree.extend not working on iterators
+    when using the Python implementation
+  - bpo#43316: The python -m gzip command line application now
+    properly fails when detecting an unsupported extension. It
+    exits with a non-zero exit code and prints an error message
+    to stderr.
+  - bpo#43260: Fix TextIOWrapper can not flush internal buffer
+    forever after very large text is written.
+  - bpo#42782: Fail fast in shutil.move() to avoid creating
+    destination directories on failure.
+  - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
+    introduced in Python 3.7.
+  - bpo#43199: Answer “Why is there no goto?” in the Design and
+    History FAQ.
+  - bpo#43407: Clarified that a result from time.monotonic(),
+    time.perf_counter(), time.process_time(), or
+    time.thread_time() can be compared with the result from any
+    following call to the same function - not just the next
+    immediate call.
+  - bpo#27646: Clarify that ‘yield from <expr>’ works with any
+    iterable, not just iterators.
+  - bpo#36346: Update some deprecated unicode APIs which are
+    documented as “will be removed in 4.0” to “3.12”. See PEP 623
+    for detail.
+  - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
+    skip the test if setlocale() fails. Patch by Victor Stinner.
+  - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
+    security level policy.
+  - bpo#43288: Fix test_importlib to correctly skip Unicode file
+    tests if the fileystem does not support them.
+  - bpo#43617: Improve configure.ac: Check for presence of
+    autoconf-archive package and remove our copies of M4 macros.
+  - bpo#42225: Document that IDLE can fail on Unix either from
+    misconfigured IP masquerage rules or failure displaying
+    complex colored (non-ascii) characters.
+  - bpo#43283: Document why printing to IDLE’s Shell is often
+    slower than printing to a system terminal and that it can be
+    made faster by pre-formatting a single string before
+    printing.
+
+- Update to 3.9.2:
+  - bpo#42938 (bsc#1181126): Avoid static buffers when computing
+    the repr of ctypes.c_double and ctypes.c_longdouble
+    values. This issue was assigned CVE-2021-3177.
+  - bpo#42967 (bsc#1182379): Fix web cache poisoning
+    vulnerability by defaulting the query args separator to &,
+    and allowing the user to choose a custom separator. This
+    issue was assigned CVE-2021-23336.
+- Upstreamed patches were removed:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bsc1167501-invalid-alignment.patch
+  - skip_random_failing_tests.patch
+  - CVE-2019-5010-null-defer-x509-cert-DOS.patch
+
+- Add Obsoletes for python3-base when primary interpreter is set to
+  properly replace it during upgrades.  (bsc#1181324)
+
+- Update to 3.9.1:
+  Security bugs:
+  - Prevented potential DoS attack via CPU and RAM exhaustion
+    when processing malformed Apple Property List files in binary
+    format.
+  - The plistlib module no longer accepts entity declarations in
+    XML plist files to avoid XML vulnerabilities. This should not
+    affect users as entity declarations are not used in regular
+    plist files.
+  - Add volatile to the accumulator variable in
+    hmac.compare_digest, making constant-time-defeating
+    optimizations less likely.
+  Core and Builtins
+  - Allow assignment expressions in set literals and set
+    comprehensions as per PEP 572. Patch by Pablo Galindo.
+  - Fix a regression introduced by the new parser, where an
+    unparenthesized walrus operator was not allowed within
+    generator expressions.
+  - types.GenericAlias objects can now be the targets of
+    weakrefs.
+  - Fixed a bug in the PEG parser that was causing crashes in
+    debug mode. Now errors are checked in left-recursive rules to
+    avoid cases where such errors do not get handled in time and
+    appear as long-distance crashes in other places.
+  - Fixed a possible crash in the PEG parser when checking for
+    the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
+    Galindo.
+  - Fix handling of errors during creation of PyFunctionObject,
+    which resulted in operations on uninitialized memory. Patch
+    by Yonatan Goldschmidt.
+  - Fix a bug in the parser, where a curly brace following
+    a primary didn’t fail immediately. This led to invalid
+    expressions like a {b} to throw a SyntaxError with a wrong
+    offset, or invalid expressions ending with a curly brace like
+    a { to not fail immediately in the REPL.
+  - Fix possible buffer overflow in the new parser when checking
+    for continuation lines. Patch by Pablo Galindo.
+  - Run the parser two times. On the first run, disable all the
+    rules that only generate better error messages to gain
+    performance. If there’s a parse failure, run the parser
+    a second time with those enabled.
+  - Document the default implementation of object.__eq__.
+  - Fix peephole optimizer misoptimize conditional jump
+    + JUMP_IF_NOT_EXC_MATCH pair.
+  - The garbage collector now tracks all user-defined classes.
+    Patch by Brandt Bucher.
+  - Fixed potential issues with removing not completely
+    initialized module from sys.modules when import fails.
+  - Star-unpacking is now allowed for with item’s targets in the
+    PEG parser.
+  - Fixed stack overflow in issubclass() and isinstance() when
+    getting the __bases__ attribute leads to infinite recursion.
+  - When loading a native module and a load failure occurs,
+    prevent a possible UnicodeDecodeError when not running in
+    a UTF-8 locale by decoding the load error message using the
+    current locale’s encoding.
+  - Correctly count control blocks in ‘except’ in compiler.
+    Ensures that a syntax error, rather a fatal error, occurs for
+    deeply nested, named exception handlers.
+  Library
+  - types.GenericAlias will now raise a TypeError when attempting
+    to initialize with a keyword argument. Previously, this would
+    cause the interpreter to crash if the interpreter was
+    compiled with debug symbols. This does not affect
+    interpreters compiled for release. Patch by Ken Jin.
+  - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
+    parsed. Replace the special purpose getallmatchingheaders
+    with generic get_all method and add relevant tests.
+  - inspect.findsource() now raises OSError instead of IndexError
+    when co_lineno of a code object is greater than the file
+    length. This can happen, for example, when a file is edited
+    after it was imported. PR by Irit Katriel.
+  - Fix handling of trailing comments by inspect.getsource().
+  - ChainMap.__iter__ no longer calls __getitem__ on underlying
+    maps
+  - TracebackException no longer holds a reference to the
+    exception’s traceback object. Consequently, instances of
+    TracebackException for equivalent but non-equal exceptions
+    now compare as equal.
+  - We fixed an issue in pickle.whichmodule in which importing
+    multiprocessing could change the how pickle identifies which
+    module an object belongs to, potentially breaking the
+    unpickling of those objects.
+  - Clarify the error message for asyncio.IncompleteReadError
+    when expected is None.
+  - Extracting a symlink from a tarball should succeed and
+    overwrite the symlink if it already exists. The fix is to
+    remove the existing file or symlink before extraction. Based
+    on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
+    Kumaran.
+  - Fixed tkinter.ttk.Style.map(). The function accepts now the
+    representation of the default state as empty sequence (as
+    returned by Style.map()). The structure of the result is now
+    the same on all platform and does not depend on the value of
+    wantobjects.
+  - Fix various issues with typing.Literal parameter handling
+    (flatten, deduplicate, use type to cache key). Patch provided
+    by Yurii Karabas.
+  - Fix the threading.Thread class at fork: do nothing if the
+    thread is already stopped (ex: fork called at Python exit).
+    Previously, an error was logged in the child process.
+  - The onerror callback from shutil.rmtree now receives correct
+    function when os.open fails.
+  - Fix os.sendfile() on illumos.
+  - Fixed writing binary Plist files larger than 4 GiB.
+  - The repr() of typing types containing Generic Alias Types
+    previously did not show the parameterized types in the
+    GenericAlias. They have now been changed to do so.
+  - webbrowser: Ignore NotADirectoryError when calling
+    xdg-settings.
+  - binhex.binhex() consisently writes macOS 9 line endings.
+  - Fix a stack overflow error for asyncio Task or Future repr().
+  - The overflow occurs under some circumstances when a Task or
+    Future recursively returns itself.
+  - Fix memory leak in subprocess.Popen() in case an uid (gid)
+    specified in user (group, extra_groups) overflows uid_t
+    (gid_t).
+  - Improve asyncio.wait function to create the futures set just
+    one time.
+  - InvalidFileException and RecursionError are now the only
+    errors caused by loading malformed binary Plist file
+    (previously ValueError and TypeError could be raised in some
+    specific cases).
+  - Pickling heap types implemented in C with protocols 0 and
+    1 raises now an error instead of producing incorrect data.
+  - plistlib: fix parsing XML plists with hexadecimal integer
+    values
+  - Fix an incorrectly formatted error from
+    _codecs.charmap_decode() when called with a mapped value
+    outside the range of valid Unicode code points. PR by Max
+    Bernstein.
+  - Fix pickling pure Python datetime.time subclasses. Patch by
+    Dean Inwood.
+  - Fixed a bug that was causing ctypes.util.find_library() to
+    return None when triying to locate a library in an
+    environment when gcc>=9 is available and ldconfig is not.
+    Patch by Pablo Galindo
+  - C14N 2.0 serialisation in xml.etree.ElementTree failed for
+    unprefixed attributes when a default namespace was defined.
+  - Fix a bug in the symtable module that was causing
+    module-scope global variables to not be reported as both
+    local and global. Patch by Pablo Galindo.
+  - str() for the type attribute of the tkinter.Event object
+    always returns now the numeric code returned by Tk instead of
+    the name of the event type.
+  - fix tkinter.EventType Enum so all members are strings, and
+    none are tuples
+  - Fix SQLite3 segfault when backing up closed database. Patch
+    contributed by Peter David McCormick.
+  - Fix the tarfile module to write only basename of TAR file to
+    GZIP compression header.
+  - Allow ctypes.wintypes to be imported on non-Windows systems.
+  - shutil.which() now ignores empty entries in PATHEXT instead
+    of treating them as a match.
+  - Fix time-of-check/time-of-action issue in
+    subprocess.Popen.send_signal.
+  - Fix --outfile for cProfile / profile not writing the output
+    file in the original directory when the program being
+    profiled changes the working directory. PR by Anthony
+    Sottile.
+  - ZipFile truncates files to avoid corruption when a shorter
+    comment is provided in append (“a”) mode. Patch by Jan Mazur.
+  - Fixed KeyError exception when flattening an email to a string
+    attempts to replace a non-existent Content-Transfer-Encoding
+    header.
+  Documentation
+  - Fix the URL for the IMAP protocol documents.
+  - Document __format__ functionality for IP addresses.
+  - Clarify that subscription expressions are also valid for
+    certain classes and types in the standard library, and for
+    user-defined classes and types if the classmethod
+    __class_getitem__() is provided.
+  - Documented generic alias type and types.GenericAlias. Also
+    added an entry in glossary for generic types.
+  - In Programming FAQ “Sequences (Tuples/Lists)” section, add
+    “How do you remove multiple items from a list”.
+  - Fix RemovedInSphinx40Warning when building the documentation.
+    Patch by Dong-hee Na.
+  - Update the refcounts info of PyType_FromModuleAndSpec.
+  - Fix tarfile’s extractfile documentation
+  - Document some restrictions on the default string
+    representations of numeric classes.
+  Tests
+  - Reenable test_gdb on gdb 9.2 and newer:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
+    fixed in gdb 10.1.
+  - Fix test_asyncio.test_call_later() race condition: don’t
+    measure asyncio performance in the call_later() unit test.
+    The test failed randomly on the CI.
+  - Include _testinternalcapi module in Windows installer for
+    test suite
+  - Fix test_logging.test_race_between_set_target_and_flush():
+    the test now waits until all threads complete to avoid
+    leaking running threads.
+  - Avoid a test failure in test_lib2to3 if the module has
+    already imported at the time the test executes. Patch by
+    Pablo Galindo.
+  - Tests for CJK codecs no longer call eval() on content
+    received via HTTP.
+  - Fix test_site.test_license_exists_at_url(): call
+    urllib.request.urlcleanup() to reset the global
+    urllib.request._opener. Patch by Victor Stinner.
+  - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
+    not available
+  - Add tests for SIGINT handling in the runpy module.
+  - Fixed a failure in test_tk.test_widgets.ScaleTest happening
+    when executing the test with Tk 8.6.10.
+  Build
+  - Fix a race condition in “make regen-all” when make -jN option
+    is used to run jobs in parallel. The clinic.py script now
+    only use atomic write to write files. Moveover, generated
+    files are now left unchanged if the content does not change,
+    to not change the file modification time.
+  - Update Py_UNREACHABLE to use __builtin_unreachable() if only
+    the compiler is able to use it. Patch by Dong-hee Na.
+  - Addressed three compiler warnings found by undefined behavior
+    sanitizer (ubsan).
+  IDLE
+  - Fix reporting offset of the RE error in searchengine.
+  - Get docstrings for IDLE calltips more often by using
+    inspect.getdoc.
+  - Mostly finish using ttk widgets, mainly for editor, settings,
+    and searches. Some patches by Mark Roseman.
+  - Use ‘IDLE Shell’ as shell title
+  - Rewrite the Calltips doc section.
+  - In calltips, stop reminding that ‘/’ marks the end of
+    positional-only arguments.
+  - Typing opening and closing parentheses inside the parentheses
+    of a function call will no longer cause unnecessary
+    “flashing” off and on of an existing open call-tip, e.g. when
+    typed in a string literal.
+  C API
+  - Fix potential crash in deallocating method objects when
+    dynamically allocated PyMethodDef’s lifetime is managed
+    through the self argument of a PyCFunction.
+  - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
+    available again in limited API.
+- Readjustet and reapplied patches:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - skip_random_failing_tests.patch
+  - sphinx-update-removed-function.patch
+
python39:doc
+- Update to 3.9.4:
+  - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
+    as it changed the PyThreadState struct size and broke the 3.9.x ABI
+    in the 3.9.3 release (visible on 32-bit platforms using binaries
+    compiled using an earlier version of Python 3.9.x headers).
+  - bpo#26053: Fixed bug where the pdb interactive run command echoed
+    the args from the shell command line, even if those have been
+    overridden at the pdb prompt.
+  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
+    feature of the pydoc module which could be abused to read
+    arbitrary files on the disk (directory traversal
+    vulnerability). Moreover, even source code of Python modules
+    can contain sensitive data like passwords. Vulnerability
+    reported by David SchwĂśrer.
+  - bpo#43285: ftplib no longer trusts the IP address value
+    returned from the server in response to the PASV command by
+    default. This prevents a malicious FTP server from using the
+    response to probe IPv4 address and port combinations on the
+    client network. Code that requires the former vulnerable
+    behavior may set a trust_server_pasv_ipv4_address attribute
+    on their ftplib.FTP instances to True to re-enable it.
+  - bpo#43439: Add audit hooks for gc.get_objects(),
+    gc.get_referrers() and gc.get_referents(). Patch by Pablo
+    Galindo.
+  - bpo#43660: Fix crash that happens when replacing sys.stderr
+    with a callable that can remove the object while an exception
+    is being printed. Patch by Pablo Galindo.
+  - bpo#43555: Report the column offset for SyntaxError for
+    invalid line continuation characters. Patch by Pablo Galindo.
+  - bpo#43517: Fix misdetection of circular imports when using
+    from pkg.mod import attr, which caused false positives in
+    non-trivial multi-threaded code.
+  - bpo#35883: Python no longer fails at startup with a fatal
+    error if a command line argument contains an invalid Unicode
+    character. The Py_DecodeLocale() function now escapes byte
+    sequences which would be decoded as Unicode characters
+    outside the [U+0000; U+10ffff] range.
+  - bpo#43406: Fix a possible race condition where
+    PyErr_CheckSignals tries to execute a non-Python signal
+    handler.
+  - bpo#42500: Improve handling of exceptions near recursion
+    limit. Converts a number of Fatal Errors in RecursionErrors.
+  - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
+    and fragment in the URL of the server.
+  - bpo#35930: Raising an exception raised in a “future” instance
+    will create reference cycles.
+  - bpo#43577: Fix deadlock when using ssl.SSLContext debug
+    callback with ssl.SSLContext.sni_callback().
+  - bpo#43521: ast.unparse can now render NaNs and empty sets.
+  - bpo#43423: subprocess.communicate() no longer raises an
+    IndexError when there is an empty stdout or stderr IO buffer
+    during a timeout on Windows.
+  - bpo#27820: Fixed long-standing bug of smtplib.SMTP where
+    doing AUTH LOGIN with initial_response_ok=False will fail.
+    The cause is that SMTP.auth_login _always_ returns a password
+    if provided with a challenge string, thus non-compliant with
+    the standard for AUTH LOGIN. Also fixes bug with the test for
+    smtpd.
+  - bpo#43332: Improves the networking efficiency of http.client
+    when using a proxy via set_tunnel(). Fewer small send calls
+    are made during connection setup.
+  - bpo#43399: Fix ElementTree.extend not working on iterators
+    when using the Python implementation
+  - bpo#43316: The python -m gzip command line application now
+    properly fails when detecting an unsupported extension. It
+    exits with a non-zero exit code and prints an error message
+    to stderr.
+  - bpo#43260: Fix TextIOWrapper can not flush internal buffer
+    forever after very large text is written.
+  - bpo#42782: Fail fast in shutil.move() to avoid creating
+    destination directories on failure.
+  - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
+    introduced in Python 3.7.
+  - bpo#43199: Answer “Why is there no goto?” in the Design and
+    History FAQ.
+  - bpo#43407: Clarified that a result from time.monotonic(),
+    time.perf_counter(), time.process_time(), or
+    time.thread_time() can be compared with the result from any
+    following call to the same function - not just the next
+    immediate call.
+  - bpo#27646: Clarify that ‘yield from <expr>’ works with any
+    iterable, not just iterators.
+  - bpo#36346: Update some deprecated unicode APIs which are
+    documented as “will be removed in 4.0” to “3.12”. See PEP 623
+    for detail.
+  - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
+    skip the test if setlocale() fails. Patch by Victor Stinner.
+  - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
+    security level policy.
+  - bpo#43288: Fix test_importlib to correctly skip Unicode file
+    tests if the fileystem does not support them.
+  - bpo#43617: Improve configure.ac: Check for presence of
+    autoconf-archive package and remove our copies of M4 macros.
+  - bpo#42225: Document that IDLE can fail on Unix either from
+    misconfigured IP masquerage rules or failure displaying
+    complex colored (non-ascii) characters.
+  - bpo#43283: Document why printing to IDLE’s Shell is often
+    slower than printing to a system terminal and that it can be
+    made faster by pre-formatting a single string before
+    printing.
+
+- Update to 3.9.2:
+  - bpo#42938 (bsc#1181126): Avoid static buffers when computing
+    the repr of ctypes.c_double and ctypes.c_longdouble
+    values. This issue was assigned CVE-2021-3177.
+  - bpo#42967 (bsc#1182379): Fix web cache poisoning
+    vulnerability by defaulting the query args separator to &,
+    and allowing the user to choose a custom separator. This
+    issue was assigned CVE-2021-23336.
+- Upstreamed patches were removed:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bsc1167501-invalid-alignment.patch
+  - skip_random_failing_tests.patch
+  - CVE-2019-5010-null-defer-x509-cert-DOS.patch
+
+- Add Obsoletes for python3-base when primary interpreter is set to
+  properly replace it during upgrades.  (bsc#1181324)
+
+- Update to 3.9.1:
+  Security bugs:
+  - Prevented potential DoS attack via CPU and RAM exhaustion
+    when processing malformed Apple Property List files in binary
+    format.
+  - The plistlib module no longer accepts entity declarations in
+    XML plist files to avoid XML vulnerabilities. This should not
+    affect users as entity declarations are not used in regular
+    plist files.
+  - Add volatile to the accumulator variable in
+    hmac.compare_digest, making constant-time-defeating
+    optimizations less likely.
+  Core and Builtins
+  - Allow assignment expressions in set literals and set
+    comprehensions as per PEP 572. Patch by Pablo Galindo.
+  - Fix a regression introduced by the new parser, where an
+    unparenthesized walrus operator was not allowed within
+    generator expressions.
+  - types.GenericAlias objects can now be the targets of
+    weakrefs.
+  - Fixed a bug in the PEG parser that was causing crashes in
+    debug mode. Now errors are checked in left-recursive rules to
+    avoid cases where such errors do not get handled in time and
+    appear as long-distance crashes in other places.
+  - Fixed a possible crash in the PEG parser when checking for
+    the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
+    Galindo.
+  - Fix handling of errors during creation of PyFunctionObject,
+    which resulted in operations on uninitialized memory. Patch
+    by Yonatan Goldschmidt.
+  - Fix a bug in the parser, where a curly brace following
+    a primary didn’t fail immediately. This led to invalid
+    expressions like a {b} to throw a SyntaxError with a wrong
+    offset, or invalid expressions ending with a curly brace like
+    a { to not fail immediately in the REPL.
+  - Fix possible buffer overflow in the new parser when checking
+    for continuation lines. Patch by Pablo Galindo.
+  - Run the parser two times. On the first run, disable all the
+    rules that only generate better error messages to gain
+    performance. If there’s a parse failure, run the parser
+    a second time with those enabled.
+  - Document the default implementation of object.__eq__.
+  - Fix peephole optimizer misoptimize conditional jump
+    + JUMP_IF_NOT_EXC_MATCH pair.
+  - The garbage collector now tracks all user-defined classes.
+    Patch by Brandt Bucher.
+  - Fixed potential issues with removing not completely
+    initialized module from sys.modules when import fails.
+  - Star-unpacking is now allowed for with item’s targets in the
+    PEG parser.
+  - Fixed stack overflow in issubclass() and isinstance() when
+    getting the __bases__ attribute leads to infinite recursion.
+  - When loading a native module and a load failure occurs,
+    prevent a possible UnicodeDecodeError when not running in
+    a UTF-8 locale by decoding the load error message using the
+    current locale’s encoding.
+  - Correctly count control blocks in ‘except’ in compiler.
+    Ensures that a syntax error, rather a fatal error, occurs for
+    deeply nested, named exception handlers.
+  Library
+  - types.GenericAlias will now raise a TypeError when attempting
+    to initialize with a keyword argument. Previously, this would
+    cause the interpreter to crash if the interpreter was
+    compiled with debug symbols. This does not affect
+    interpreters compiled for release. Patch by Ken Jin.
+  - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
+    parsed. Replace the special purpose getallmatchingheaders
+    with generic get_all method and add relevant tests.
+  - inspect.findsource() now raises OSError instead of IndexError
+    when co_lineno of a code object is greater than the file
+    length. This can happen, for example, when a file is edited
+    after it was imported. PR by Irit Katriel.
+  - Fix handling of trailing comments by inspect.getsource().
+  - ChainMap.__iter__ no longer calls __getitem__ on underlying
+    maps
+  - TracebackException no longer holds a reference to the
+    exception’s traceback object. Consequently, instances of
+    TracebackException for equivalent but non-equal exceptions
+    now compare as equal.
+  - We fixed an issue in pickle.whichmodule in which importing
+    multiprocessing could change the how pickle identifies which
+    module an object belongs to, potentially breaking the
+    unpickling of those objects.
+  - Clarify the error message for asyncio.IncompleteReadError
+    when expected is None.
+  - Extracting a symlink from a tarball should succeed and
+    overwrite the symlink if it already exists. The fix is to
+    remove the existing file or symlink before extraction. Based
+    on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
+    Kumaran.
+  - Fixed tkinter.ttk.Style.map(). The function accepts now the
+    representation of the default state as empty sequence (as
+    returned by Style.map()). The structure of the result is now
+    the same on all platform and does not depend on the value of
+    wantobjects.
+  - Fix various issues with typing.Literal parameter handling
+    (flatten, deduplicate, use type to cache key). Patch provided
+    by Yurii Karabas.
+  - Fix the threading.Thread class at fork: do nothing if the
+    thread is already stopped (ex: fork called at Python exit).
+    Previously, an error was logged in the child process.
+  - The onerror callback from shutil.rmtree now receives correct
+    function when os.open fails.
+  - Fix os.sendfile() on illumos.
+  - Fixed writing binary Plist files larger than 4 GiB.
+  - The repr() of typing types containing Generic Alias Types
+    previously did not show the parameterized types in the
+    GenericAlias. They have now been changed to do so.
+  - webbrowser: Ignore NotADirectoryError when calling
+    xdg-settings.
+  - binhex.binhex() consisently writes macOS 9 line endings.
+  - Fix a stack overflow error for asyncio Task or Future repr().
+  - The overflow occurs under some circumstances when a Task or
+    Future recursively returns itself.
+  - Fix memory leak in subprocess.Popen() in case an uid (gid)
+    specified in user (group, extra_groups) overflows uid_t
+    (gid_t).
+  - Improve asyncio.wait function to create the futures set just
+    one time.
+  - InvalidFileException and RecursionError are now the only
+    errors caused by loading malformed binary Plist file
+    (previously ValueError and TypeError could be raised in some
+    specific cases).
+  - Pickling heap types implemented in C with protocols 0 and
+    1 raises now an error instead of producing incorrect data.
+  - plistlib: fix parsing XML plists with hexadecimal integer
+    values
+  - Fix an incorrectly formatted error from
+    _codecs.charmap_decode() when called with a mapped value
+    outside the range of valid Unicode code points. PR by Max
+    Bernstein.
+  - Fix pickling pure Python datetime.time subclasses. Patch by
+    Dean Inwood.
+  - Fixed a bug that was causing ctypes.util.find_library() to
+    return None when triying to locate a library in an
+    environment when gcc>=9 is available and ldconfig is not.
+    Patch by Pablo Galindo
+  - C14N 2.0 serialisation in xml.etree.ElementTree failed for
+    unprefixed attributes when a default namespace was defined.
+  - Fix a bug in the symtable module that was causing
+    module-scope global variables to not be reported as both
+    local and global. Patch by Pablo Galindo.
+  - str() for the type attribute of the tkinter.Event object
+    always returns now the numeric code returned by Tk instead of
+    the name of the event type.
+  - fix tkinter.EventType Enum so all members are strings, and
+    none are tuples
+  - Fix SQLite3 segfault when backing up closed database. Patch
+    contributed by Peter David McCormick.
+  - Fix the tarfile module to write only basename of TAR file to
+    GZIP compression header.
+  - Allow ctypes.wintypes to be imported on non-Windows systems.
+  - shutil.which() now ignores empty entries in PATHEXT instead
+    of treating them as a match.
+  - Fix time-of-check/time-of-action issue in
+    subprocess.Popen.send_signal.
+  - Fix --outfile for cProfile / profile not writing the output
+    file in the original directory when the program being
+    profiled changes the working directory. PR by Anthony
+    Sottile.
+  - ZipFile truncates files to avoid corruption when a shorter
+    comment is provided in append (“a”) mode. Patch by Jan Mazur.
+  - Fixed KeyError exception when flattening an email to a string
+    attempts to replace a non-existent Content-Transfer-Encoding
+    header.
+  Documentation
+  - Fix the URL for the IMAP protocol documents.
+  - Document __format__ functionality for IP addresses.
+  - Clarify that subscription expressions are also valid for
+    certain classes and types in the standard library, and for
+    user-defined classes and types if the classmethod
+    __class_getitem__() is provided.
+  - Documented generic alias type and types.GenericAlias. Also
+    added an entry in glossary for generic types.
+  - In Programming FAQ “Sequences (Tuples/Lists)” section, add
+    “How do you remove multiple items from a list”.
+  - Fix RemovedInSphinx40Warning when building the documentation.
+    Patch by Dong-hee Na.
+  - Update the refcounts info of PyType_FromModuleAndSpec.
+  - Fix tarfile’s extractfile documentation
+  - Document some restrictions on the default string
+    representations of numeric classes.
+  Tests
+  - Reenable test_gdb on gdb 9.2 and newer:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
+    fixed in gdb 10.1.
+  - Fix test_asyncio.test_call_later() race condition: don’t
+    measure asyncio performance in the call_later() unit test.
+    The test failed randomly on the CI.
+  - Include _testinternalcapi module in Windows installer for
+    test suite
+  - Fix test_logging.test_race_between_set_target_and_flush():
+    the test now waits until all threads complete to avoid
+    leaking running threads.
+  - Avoid a test failure in test_lib2to3 if the module has
+    already imported at the time the test executes. Patch by
+    Pablo Galindo.
+  - Tests for CJK codecs no longer call eval() on content
+    received via HTTP.
+  - Fix test_site.test_license_exists_at_url(): call
+    urllib.request.urlcleanup() to reset the global
+    urllib.request._opener. Patch by Victor Stinner.
+  - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
+    not available
+  - Add tests for SIGINT handling in the runpy module.
+  - Fixed a failure in test_tk.test_widgets.ScaleTest happening
+    when executing the test with Tk 8.6.10.
+  Build
+  - Fix a race condition in “make regen-all” when make -jN option
+    is used to run jobs in parallel. The clinic.py script now
+    only use atomic write to write files. Moveover, generated
+    files are now left unchanged if the content does not change,
+    to not change the file modification time.
+  - Update Py_UNREACHABLE to use __builtin_unreachable() if only
+    the compiler is able to use it. Patch by Dong-hee Na.
+  - Addressed three compiler warnings found by undefined behavior
+    sanitizer (ubsan).
+  IDLE
+  - Fix reporting offset of the RE error in searchengine.
+  - Get docstrings for IDLE calltips more often by using
+    inspect.getdoc.
+  - Mostly finish using ttk widgets, mainly for editor, settings,
+    and searches. Some patches by Mark Roseman.
+  - Use ‘IDLE Shell’ as shell title
+  - Rewrite the Calltips doc section.
+  - In calltips, stop reminding that ‘/’ marks the end of
+    positional-only arguments.
+  - Typing opening and closing parentheses inside the parentheses
+    of a function call will no longer cause unnecessary
+    “flashing” off and on of an existing open call-tip, e.g. when
+    typed in a string literal.
+  C API
+  - Fix potential crash in deallocating method objects when
+    dynamically allocated PyMethodDef’s lifetime is managed
+    through the self argument of a PyCFunction.
+  - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
+    available again in limited API.
+- Readjustet and reapplied patches:
+  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+  - skip_random_failing_tests.patch
+  - sphinx-update-removed-function.patch
+
usbmuxd
+- Add usbmuxd-add-socket-option.patch: allow socket to be
+  specified via the command line. Backported from upstream.
+- Add usbmuxd-add-pid-option.patch: allow the pid file to be
+  specified via the command line. Taken from upstream.
+- Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for
+  the socket and pid file (bsc#1185186).
+
-- remove _service, too fragile
-
-- Add 32bit compatibility libraries
-
-- Create and use "usbmux" user in %pre to fix bno#679159
-
-- Update to version 1.0.7
-  * Detect iPad 2 and upcoming next generation iPhone devices
-  * Fix support for ancient devices running iOS 1.x
-  * Optionally use inotify instead of polling to safe energy
-
-- Fix -devel package dependencies, libusb is only required at
-  runtime.
-- disable static library creation instead of removing it.
-
-- ran spec-cleaner
-
-- Update to version 1.0.6
-  * Bump udev rules to 0-9a-f, should last for a few device iterations
-  * Fix potential issue with USB transactions >=32k multiples of 16k
-- remove patch no longer necessary
-
-- Update to version 1.0.5
-  * Protocol version 1 support. Enables libusbmuxd to talk to
-    Apple's official usbmuxd on Windows and OSX
-  * Recovery mode support for idevicerestore firmware restores
-  * Detach kernel USB drivers to avoid USB issues
-  * Win32 support for libusbmuxd
-  * FreeBSD support
-  * Basic C++ support
-  * Fixes crasher bugs
-- Added libplist dependancy
-- Remove upstreamed patch
-
-- Fixed incorrect summary and description see bnc#611595
-
-- Update to version 1.0.4
-  * Fix aborts due to transmit window overflow
-  * libusbmuxd: close connection after enumerating devices
-  * Ignore SIGPIPE, otherwise usbmuxd might shut down
-  * OSX: add workaround for missing ppoll system call
-  * Detect the iPad and let usbmuxd talk to it
-  * libusbmuxd: support shorter device info record messages
-
-- Update to version 1.0.3
-  * Set USBMUX_SUPPORTED in udev rules for user space to be
-    able to recognize devices supporting the usbmux protocol.
-
-- Update to version 1.0.2
-  * Change documentation to mention libimobiledevice, add a
-    trademark notice, and make things more consistent
-  * Security fix: fix a potential buffer overflow that could
-    be triggered by a rogue device
-  * Fixed a crash when we get unexpected TCP packets early
-    (e.g. reconnected device).
-  * usbmuxd will not 'drop' privileges to root (-U root is
-    now a no-op)
-  * Made -U require an argument. The optional argument behavior
-    was causing some confusion (since -U <name> didn't work,
-    it had to be -U<name>), so now the argument is required.
-    Please make sure that you specify an explicit name from now
-    on ('-U' will not work).
-  * Removed debugging printfs in libusbmuxd
-  * Cleaned up and improved CMakeLists. Now it should honor the
-    CFLAGS environment variable if it is present and nonempty
-  * Add a missing <pthread.h> include to libusbmuxd
-
-- Update to version 1.0.0
-  * Workaround udev bug; fixes not reacting to signals
-  * Do not try to claim all Apple devices
-  * Fix libusbmuxd cleanup when usbmuxd shuts down
-- Remove upstreamed patches
-
-- Update to version 1.0.0-rc2
-  * Improved documentation
-  * Fix install target for 64bit architectures
-  * Fix underlinking of libusbmuxd
-
-- Update to version 1.0.0-rc1
-  * completly new implementation
-  * uses cmake build system
-  * improved libusbmuxd API with device hotplug callbacks
-  * better performance and lower cpu usage
-
-- Update to version 0.1.4
-  * udev operation mode
-  * better udev rules for non-Debian distributions
-  * debugging output refined with a mutex to prevent garbled output
-  * smaller buffer size in usbmuxd_client_handler_thread to fix
-    connection resets
-
-- Update to version 0.1.3
-  * Proper fix for USB communication issue using wMaxPacketSize
-
-- Update to version 0.1.1
-  * Fix USB communication issue with packet sizes of N*128 or N*512
-
-- Update to version 0.1.0
-  * First official release
-  * Adds iPhone 3GS support and exposes new tethering USB interface
-  * Fix race condition using multiple clients simultaneously
-  * Fix various usbmux protocol bugs
-
-- Initial package created
-
virtualbox
+- Version bump to (released April 20 2021 by Oracle)
+  This is a maintenance release. The following items were fixed and/or added:
+  VMM: Fixed extremely poor VM performance depending on the timing of various actions (regression in 6.1.0)
+  VMM: Fixed guest OS hanging under certain circumstances when Hyper-V is present (bug #20141)
+  VMM: Fixed Guru Meditation error when using a nested hypervisor under certain circumstances (bug #20175)
+  VMM: Fixed a SMAP related host panic affecting Solaris 11.4 systems with Intel Haswell CPUs or later (bug #16068)
+  OCI: Add cloud-init support for export to OCI and for OCI instance creation
+  GUI: Fixed "Delete all files" leaving behind Logs/VBoxUI.log (bug #20235)
+  Audio: Multiple fixes and enhancements
+  Audio: Fixed detection of duplex audio devices on macOS (5.0 regression; bug #20171)
+  Network: Fixed link status reporting for "not attached" adapters
+  Network: Fixed connectivity issues with e1000 in OS/2 guests (6.1.18 regression; bug #20148)
+  Network: Fixed VxWorks e1000 driver compatibility issue (bug #20182)
+  Network: Fixed GUI checks for port forwarding rules rejecting IPv6 with "Nat Network" (bug #14847)
+  DHCP: Don't crash in the presence of fixed address assignments (bug #20128)
+  Serial: Fixed possible VM hang when using the a serial port in disconnected mode (bug #19854)
+  Webcam: Fixed interoperability with v4l2loopback and fixed a crash under certain circumstances (bug #20176)
+  NVMe: Fixed sporadic Windows VM hang or reboot on high CPU load
+  VBoxManage: Allow changing network adapter attachment of a saved VM with "modifyvm"
+  vboximg-mount: Fix for argument processing to honor the '--root' option (6.0 regression; bug #20073)
+  Linux host and guest: Support kernel versions 5.11 (bug #20198) and 5.12
+  Linux host: Maximum MTU size increased to 16110 for host-only adapters on Linux kernels 4.10+ (bug #19122)
+  Linux Guest Additions: Fix vboxvideo module compilation for kernel version 5.10.x
+  Linux Guest Additions: Fixed kernel module build for RHEL 8.4 beta and CentOS Stream (bug #20289)
+  File "fixes-for-5.11.patch" is deleted. The issue is fixed upstream.
+  File "vboxautostart.sh" is replaced by "vboxautostart-service.sh"
+  File "vboxautostart.service" is replaced by "vboxautostart-service.service"
+  Fixes boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM"
+  Fixes boo#1183125 "Leap 15.3 installation in Virtualbox without VBox integration"
+  Fixes CVE-2021-2264 and boo#1184542. The directory for the <user>.start files for
+    autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart
+    service is hardened (by Oracle).
+
virtualbox:kmp
+- Version bump to (released April 20 2021 by Oracle)
+  This is a maintenance release. The following items were fixed and/or added:
+  VMM: Fixed extremely poor VM performance depending on the timing of various actions (regression in 6.1.0)
+  VMM: Fixed guest OS hanging under certain circumstances when Hyper-V is present (bug #20141)
+  VMM: Fixed Guru Meditation error when using a nested hypervisor under certain circumstances (bug #20175)
+  VMM: Fixed a SMAP related host panic affecting Solaris 11.4 systems with Intel Haswell CPUs or later (bug #16068)
+  OCI: Add cloud-init support for export to OCI and for OCI instance creation
+  GUI: Fixed "Delete all files" leaving behind Logs/VBoxUI.log (bug #20235)
+  Audio: Multiple fixes and enhancements
+  Audio: Fixed detection of duplex audio devices on macOS (5.0 regression; bug #20171)
+  Network: Fixed link status reporting for "not attached" adapters
+  Network: Fixed connectivity issues with e1000 in OS/2 guests (6.1.18 regression; bug #20148)
+  Network: Fixed VxWorks e1000 driver compatibility issue (bug #20182)
+  Network: Fixed GUI checks for port forwarding rules rejecting IPv6 with "Nat Network" (bug #14847)
+  DHCP: Don't crash in the presence of fixed address assignments (bug #20128)
+  Serial: Fixed possible VM hang when using the a serial port in disconnected mode (bug #19854)
+  Webcam: Fixed interoperability with v4l2loopback and fixed a crash under certain circumstances (bug #20176)
+  NVMe: Fixed sporadic Windows VM hang or reboot on high CPU load
+  VBoxManage: Allow changing network adapter attachment of a saved VM with "modifyvm"
+  vboximg-mount: Fix for argument processing to honor the '--root' option (6.0 regression; bug #20073)
+  Linux host and guest: Support kernel versions 5.11 (bug #20198) and 5.12
+  Linux host: Maximum MTU size increased to 16110 for host-only adapters on Linux kernels 4.10+ (bug #19122)
+  Linux Guest Additions: Fix vboxvideo module compilation for kernel version 5.10.x
+  Linux Guest Additions: Fixed kernel module build for RHEL 8.4 beta and CentOS Stream (bug #20289)
+  File "fixes-for-5.11.patch" is deleted. The issue is fixed upstream.
+  File "vboxautostart.sh" is replaced by "vboxautostart-service.sh"
+  File "vboxautostart.service" is replaced by "vboxautostart-service.service"
+  Fixes boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM"
+  Fixes boo#1183125 "Leap 15.3 installation in Virtualbox without VBox integration"
+  Fixes CVE-2021-2264 and boo#1184542. The directory for the <user>.start files for
+    autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart
+    service is hardened (by Oracle).
+
yast2-network
+- Omit hidden networks from the list of wireless networks to be
+  selected preventing the dialog to crash (bsc#1185372)
+- 4.3.67
+
+- Do not crash when the BOOTPROTO or STARTMODE ar missing or
+  invalid (bsc#1181295).
+- 4.3.66
+
+- Do not require a MAC address when activating a qeth device
+  with layer2 support (bsc#1184474).
+- 4.3.65
+
yast2-pkg-bindings
+- Pkg.ProvidePackage() - download the latest package version from
+  the repository, this ensures that the installer is updated with
+  the latest packages from the installer updates repository
+  (bsc#1185240)
+- 4.3.11
+
yast2-trans
+- Update to version 84.87.20210425.616915ed60:
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Translated using Weblate (Portuguese)
+  * Added translation using Weblate (Portuguese)
+  * Added translation using Weblate (Portuguese)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Slovak)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Japanese)
+  * New POT for text domain 'packager'.
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * New POT for text domain 'ldap'.
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Hindi)
+  * Translated using Weblate (Slovak)
+  * New POT for text domain 'bootloader'.
+  * Translated using Weblate (Japanese)
+  * Translated using Weblate (Dutch)
+  * Translated using Weblate (Catalan)
+  * New POT for text domain 'base'.
+  * Translated using Weblate (Portuguese)
+