Packages changed:
  SDL
  SDL2 (2.0.9 -> 2.0.10)
  alpine
  attr
  bison
  dhcp
  drbd-utils
  exiv2 (0.27.1 -> 0.27.2)
  fltk
  gamin-devel
  hwinfo
  iproute2 (5.1 -> 5.2)
  kdevelop5 (5.4.1 -> 5.4.2)
  lapack
  libpcap
  libtool
  libyajl
  libzio
  lua51
  lua53
  mozilla-nspr
  mozilla-nss (3.44.1 -> 3.45)
  mpc
  nagios
  ncurses
  newt
  openldap2
  opie
  package-update-indicator (4 -> 5)
  pcre
  plasma-browser-integration (5.16.4 -> 5.16.5)
  postgresql10 (10.9 -> 10.10)
  postgresql11 (11.4 -> 11.5)
  postgresql11-libs (11.4 -> 11.5)
  readline
  sbc
  suitesparse
  sysprof
  tcpd
  virt-manager
  webrtc-audio-processing
  xdg-desktop-portal-kde (5.16.4 -> 5.16.5)
  xz

=== Details ===

==== SDL ====

- Actually apply CVE-2019-7637.patch.
- Add patches for several heap-based buffer overreads:
  * CVE-2019-7577.patch (boo#1124800 CVE-2019-7577)
  * CVE-2019-7575.patch (boo#1124806 CVE-2019-7575)
  * CVE-2019-7574.patch (boo#1124803 CVE-2019-7574)
  * CVE-2019-7572.patch (boo#1124806 CVE-2019-7572)
  * CVE-2019-7637.patch (boo#1124825 CVE-2019-7637)
  * CVE-2019-7578.patch (boo#1125099 boo#1124799 CVE-2019-7578
    CVE-2019-7573)
  * CVE-2019-7635.patch (boo#1124827 CVE-2019-7635)
  * CVE-2019-7636.patch (boo#1124826 boo#1124824 CVE-2019-7636
    CVE-2019-7638)
  * CVE-2019-13616.patch (boo#1141844 CVE-2019-13616)
- Do not provide an empty static archive.

==== SDL2 ====
Version update (2.0.9 -> 2.0.10)

- Update sdl2-symvers.patch for SDL 2.0.9/2.0.10.
- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
  a crafted bmp file (boo#1141844 CVE-2019-13616).
- Drop libSDL2main.a from libSDL-2_0-devel. It is only used
  during build.
- Use FAT LTO objects in order to provide proper static library.
- Update to version 2.0.10
  * The SDL_RW* macros have been turned into functions that are
    available only in 2.0.10 and onward
  * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and
    SDL_SIMDFree(), to allocate memory aligned for SIMD
    operations for the current CPU
  * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(),
    SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(),
    SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(),
    SDL_RenderFillRectF(), SDL_RenderFillRectsF(),
    SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating
    point precision in the SDL rendering API.
  * Added SDL_GetTouchDeviceType() to get the type of a touch
    device, which can be a touch screen or a trackpad in relative
    or absolute coordinate mode.
  * The SDL rendering API now uses batched rendering by default,
    for improved performance
  * Added SDL_RenderFlush() to force batched render commands to
    execute, if you're going to mix SDL rendering with native
    rendering
  * Added the hint SDL_HINT_RENDER_BATCHING to control whether
    batching should be used for the rendering API. This defaults
    to "1" if you don't specify what rendering driver to use when
    creating the renderer.
  * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of
    SDL events for debugging purposes
  * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify
    a file that will be loaded at joystick initialization with
    game controller bindings
  * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control
    whether SDL will synthesize touch events from mouse events
  * Improved handling of malformed WAVE and BMP files, fixing
    potential security exploits (boo#1142031 CVE-2019-13626)
  * Removed the Mir video driver in favor of Wayland
- Refreshed sdl2-symvers.patch

==== alpine ====
Subpackages: pico

- Add return-values.diff to unbreak build.
- Use more macros for standard dirs in the build recipe.

==== attr ====
Subpackages: libattr1

- Use FAT LTO objects in order to provide proper static library.

==== bison ====
Subpackages: bison-lang

- Use FAT LTO objects in order to provide proper static library.

==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server

- dhclient-script: replace host(1) with getent, which is more
  lightweight (part of glibc and does not pull in bind-utils)
- Use FAT LTO objects in order to provide proper static library.

==== drbd-utils ====

- In our effort to make /etc fully admin controlled, move /etc/xen/scripts
  to libexec/xen/scripts

==== exiv2 ====
Version update (0.27.1 -> 0.27.2)

- Use FAT LTO objects in order to provide proper static library.
- Update to 0.27.2
  * Bug and security fixes
  * Support for Nikon/AutoFocus and Sony/FocusPosition Metadata
  * Documentation and man page revisions
  * Updated Catalan Localisation
  * Using mergify to sync select PRs between 0.27-maintenance and 0.28
  * Monitoring API changes for v0.27 dot releases
  * Prelinary Dutch Localisation
  * Prelinary Support for Unix (FreeBSD and NetBSD)
  * Better Build Bundle Dependency handling
- Update exiv2-build-date.patch to new source tarball
- Enable testsuite run in %check on x86_64 for Leap >= 15.0, SLE >= 15 and
  Tumbleweed
- Use libcurl for HTTP
- Enable webready (webp image support)
- Add licenses to %license & add BSD 3 clause license (used for some CMake
  scripts)

==== fltk ====

- Use FAT LTO objects in order to provide proper static library.

==== gamin-devel ====
Subpackages: libfam0-gamin libfam0-gamin-32bit

- Use FAT LTO objects in order to provide proper static library.

==== hwinfo ====

- Use FAT LTO objects in order to provide proper static library.

==== iproute2 ====
Version update (5.1 -> 5.2)

- Use FAT LTO objects in order to provide proper static library.
- Use %make_build.
- Update to new upstream release 5.2
  * devlink: increase column size for larger shared buffers
  * ip: reset netns after each command in batch mode
  * ip addr: do not set IPv6 specific options for IPv4 addresses
  * ip fou: support binding FOU ports
  * ip link: support bridge vlan_stats_per_port
  * ip link: support vlan bridge binding flag
  * ip macsec: supporet gcm-aes-256 cipher type
  * ip monitor: display interfaces from all groups
  * ip neigh: show neighbor offload indication
  * rdma: add link add/delete
  * rdma: update node type strings
  * ss: add option for single line output
  * ss: show raw numbers for data rates with --numeric
  * tc: support for plug qdisc
  * tc: taprio: support for changing schedules
  * tc: taprio: support cycle_time and cycle_time_extensions
  * tipc: support for link broadcast method and ratio
  * update documentation

==== kdevelop5 ====
Version update (5.4.1 -> 5.4.2)
Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform54

- Update to 5.4.2
  * All debuggers: fix VariableCollection to unregister as
    texthinter provider (kde#411371)
  * Contextbrowser: register as texthint provider to existing views
    on creation
  * Fix crash on text hint being triggered after disabling code
    browser plugin (kde#411371)
  * Avoid possible dereference of an invalid iterator (kde#411323)
  * Kdevplatform/shell: fix outdated window title once project of
    document loaded
  * Kdevplatform/shell: work-around for Qt 5.9/macOS bug showing
    modified indicator
  * Kdevplatform/shell: restore document modified flag in
    mainwindow title
  * Kdevplatform/shell: do not repeat query & differently for
    current document
  * Indicate appstream the ps desktop file isn't a separate
    application (kde#410687)
  * Clang: fix tooltip missing closing bracket with default
    argument calls
  * Include more hidden files in projectfilter plugin (CI, Lint
    configs...)

==== lapack ====
Subpackages: libblas3 liblapack3

- Use FAT LTO objects in order to provide proper static library.

==== libpcap ====

- Use FAT LTO objects in order to provide proper static library.

==== libtool ====
Subpackages: libltdl7 libltdl7-32bit

- Use FAT LTO objects in order to provide proper static library.

==== libyajl ====

- Use FAT LTO objects in order to provide proper static library.

==== libzio ====

- Use FAT LTO objects in order to provide proper static library

==== lua51 ====

- Use FAT LTO objects in order to provide proper static library.

==== lua53 ====
Subpackages: liblua5_3-5

- Use FAT LTO objects in order to provide proper static library.

==== mozilla-nspr ====

- Use FAT LTO objects in order to provide proper static library.

==== mozilla-nss ====
Version update (3.44.1 -> 3.45)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.45 (bsc#1141322)
  * required by Firefox 69.0
  New functions
  * PK11_FindRawCertsWithSubject - Finds all certificates on the
    given slot with the given subject distinguished name and returns
    them as DER bytes. If no such certificates can be found, returns
    SECSuccess and sets *results to NULL. If a failure is encountered
    while fetching any of the matching certificates, SECFailure is
    returned and *results will be NULL.
  Notable changes
  * bmo#1540403 - Implement Delegated Credentials
  * bmo#1550579 - Replace ARM32 Curve25519 implementation with one
    from fiat-crypto
  * bmo#1551129 - Support static linking on Windows
  * bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for
    finding certificates with a given subject on a given slot
  * bmo#1546229 - Add IPSEC IKE support to softoken
  * bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23)
  * bmo#1543874 - Expose an external clock for SSL
  * bmo#1546477 - Various changes in response to the ongoing FIPS review
  Certificate Authority Changes
  * The following CA certificates were Removed:
    bmo#1552374 - CN = Certinomis - Root CA
  Bugs fixed
  * bmo#1540541 - Don't unnecessarily strip leading 0's from key material
    during PKCS11 import (CVE-2019-11719)
  * bmo#1515342 - More thorough input checking (CVE-2019-11729)
  * bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in
    TLS 1.3 (CVE-2019-11727)
  * bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed
    from lib/freebl/pqg.c (static analysis)
  * bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams
    from lib/freebl/pqg.c  (static analysis)
  * bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong
  * bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where
    tags could be faked. Only relevant for clients that might have copied
    the unit test code verbatim
  * bmo#1550022 - Ensure nssutil3 gets built on Android
  * bmo#1528174 - ChaCha20Poly1305 should no longer modify output
    length on failure
  * bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo()
    returns error
  * bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures
  * bmo#1554659 - Add versioning to OpenBSD builds to fix link time
    errors using NSS
  * bmo#1553443 - Send session ticket only after handshake is marked
    as finished
  * bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so
    builds
  * bmo#1554336 - Optimize away unneeded loop in mpi.c
  * bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
    specific mechanism
  * bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
  * bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
  * bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey
  * bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data
  * bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work
  * bmo#1561523 - Add a string for the new-ish error
    SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
- split hmac subpackages to match SLE's packaging
- Use -ffat-lto-objects in order to provide assembly for static libs.

==== mpc ====

- Use FAT LTO objects in order to provide proper static library.

==== nagios ====
Subpackages: nagios-www

- Add /etc/cron.weekly to filelist, as this is now part of cron,
  which we don't want to require

==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen

- Add ncurses patch 20190810
  + fix a few more coverity warnings.
- Add ncurses patch 20190803
  + improve loop limits in _nc_scroll_window() to handle a case where
    the scrolled data is a pad which is taller than the window (patch
    by Rob King).
  + amend the change to screen, because tmux relies upon that entry
    and does not support that feature (Debian #933572) -TD
  + updated ms-terminal entry & notes -TD
  + updated kitty entry & notes -TD
  + updated alacritty+common entry & notes -TD
  + use xterm+sl-twm for consistency -TD
- Add ncurses patch 20190728
  + fix a few more coverity warnings.
  + more documentation updates based on tctest.
- Add ncurses patch 20190727
  + fix a few coverity warnings.
  + documentation updates based on tctest.
- Add ncurses patch 20190720
  + fix a few warnings for gcc 4.x
  + add some portability/historical details to the tic, toe and infocmp
    manual pages.
  + correct fix for broken link from terminfo(5) to tabs(1) manpage
    (report by Sven Joachim).
- Use FAT LTO objects in order to provide proper static library.

==== newt ====

- Use FAT LTO objects in order to provide proper static library.

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel

- Use FAT LTO objects in order to provide proper static library.

==== opie ====
Subpackages: opie-32bit

- Use FAT LTO objects in order to provide proper static library.

==== package-update-indicator ====
Version update (4 -> 5)
Subpackages: package-update-indicator-lang

- update to version 5:
  * Reduce delay before checking for updates after an "updates-
    changed" signal
  * Fix continuos loop of update checks if the refresh cache
    interval is 0
  * Add fallback icons for KDE-based themes

==== pcre ====
Subpackages: libpcre1 libpcre1-32bit libpcreposix0

- Use FAT LTO objects in order to provide proper static library.

==== plasma-browser-integration ====
Version update (5.16.4 -> 5.16.5)
Subpackages: plasma-browser-integration-lang

- Update to 5.16.5
  * New bugfix release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== postgresql10 ====
Version update (10.9 -> 10.10)
Subpackages: postgresql10-contrib postgresql10-devel postgresql10-server

- Update to 10.10:
  * https://www.postgresql.org/about/news/1960/
  * https://www.postgresql.org/docs/10/release-10-10.html
  * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary
    SQL during SECURITY DEFINER execution.
- Use FAT LTO objects in order to provide proper static library.

==== postgresql11 ====
Version update (11.4 -> 11.5)
Subpackages: postgresql11-contrib postgresql11-docs postgresql11-server

- Update to 11.5:
  * https://www.postgresql.org/about/news/1960/
  * https://www.postgresql.org/docs/11/release-11-5.html
  * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary
    SQL during SECURITY DEFINER execution.
  * CVE-2019-10209, bsc#1145091: Memory disclosure in cross-type
    comparison for hashed subplan.
- Use FAT LTO objects in order to provide proper static library.

==== postgresql11-libs ====
Version update (11.4 -> 11.5)
Subpackages: libecpg6 libpq5 postgresql11-devel

- Update to 11.5:
  * https://www.postgresql.org/about/news/1960/
  * https://www.postgresql.org/docs/11/release-11-5.html
  * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary
    SQL during SECURITY DEFINER execution.
  * CVE-2019-10209, bsc#1145091: Memory disclosure in cross-type
    comparison for hashed subplan.
- Use FAT LTO objects in order to provide proper static library.

==== readline ====
Subpackages: libreadline8 readline-devel readline-doc

- Rework patch readline-7.0-screen.patch again for bug boo#1143055
  * Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as
    map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm"
- Add official patch readline80-001
  The history file reading code doesn't close the file descriptor open to
  the history file when it encounters a zero-length file.
- Use FAT LTO objects in order to provide proper static library.

==== sbc ====
Subpackages: libsbc1

- Use FAT LTO objects in order to provide proper static library.

==== suitesparse ====
Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5

- Use FAT LTO objects in order to provide proper static library.

==== sysprof ====
Subpackages: sysprof-lang

- Use FAT LTO objects in order to provide proper static library.

==== tcpd ====

- Use FAT LTO objects in order to provide proper static library.

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- Upstream bug fixes (bsc#1027942)
  0c223ab2-guest-Dont-set-default-uefi-if-firmware-is-set.patch
  414ffa5e-virt-install-Use-minutes-instead-of-seconds-on-get_time_string.patch
  53245827-urlfetcher-Force-a-flush-after-writing-to-a-file.patch
  3009888a-urlfetcher-Dont-override-fullurl-when-its-explicitly-set.patch

==== webrtc-audio-processing ====

- Use FAT LTO objects in order to provide proper static library.

==== xdg-desktop-portal-kde ====
Version update (5.16.4 -> 5.16.5)
Subpackages: xdg-desktop-portal-kde-lang

- Update to 5.16.5
  * New bugfix release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== xz ====
Subpackages: liblzma5 liblzma5-32bit xz-devel xz-lang

- Use FAT LTO objects in order to provide proper static library.