Packages changed: autoyast2 (3.1.131 -> 3.1.136) cups kernel-firmware (20160609 -> 20160628) kernel-source (4.6.2 -> 4.6.3) kismet (2016_01_R1 -> 2016_07_R1) libgxps (0.2.3.2 -> 0.2.4) libreoffice pciutils-ids (20160607 -> 20160701) perl-XML-LibXML (2.0125 -> 2.0126) python (2.7.10 -> 2.7.12) python-base (2.7.10 -> 2.7.12) python-requests (2.10.0 -> 2.9.1) shotwell (0.23.0+git.20160425 -> 0.23.2) xerces-c (3.1.2 -> 3.1.4) xf86-video-intel (2.99.917.651_g34f63f2 -> 2.99.917.674_g9154dff) yast2 (3.1.194 -> 3.1.195) yast2-kdump (3.1.37 -> 3.1.38) yast2-packager (3.1.102 -> 3.1.107) yast2-ruby-bindings (3.1.48 -> 3.1.50) yast2-users (3.1.52 -> 3.1.53) ypbind === Details === ==== autoyast2 ==== Version update (3.1.131 -> 3.1.136) Subpackages: autoyast2-installation - While AutoYaST installation the user can change the path of the AutoYaST configuration file. Fix: This path will be updated in /etc/install.inf too. (bnc#963487) - 3.1.136 - System shutdown: Removed "autoyast" service shutdown. It does not exist anymore. (bnc#986798) - 3.1.135 - Speed up installation (bnc#986649) - 3.1.134 - Consider AutoYaST keep_install_network as set to 'true' if it's not specified (bsc#984146) - Restore the keep_install_network default behavior present in SLE 12 SP1 and openSUSE Leap 42.1 - 3.1.133 - Fixing typo while reporting not supported modules. (part of bnc#955878) - 3.1.132 ==== cups ==== Subpackages: cups-client cups-devel cups-libs cups-libs-32bit - Remove CUPS.desktop and pixmap * Obsoletes patch cups-1.3.9-desktop_file.patch ==== kernel-firmware ==== Version update (20160609 -> 20160628) Subpackages: ucode-amd - Update to version 20160628: * wl18xx: update firmware file * linux-firmware: intel: Update Skylake audio firmware * linux-firmware: Add firmware file for Intel Bluetooth 8265 * amdgpu: Update UVD firmware for Polaris * amdgpu: update polaris ucode ==== kernel-source ==== Version update (4.6.2 -> 4.6.3) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.6.3 (CVE-2016-4951 bsc#981058 bsc#983458). - Delete patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch. - Delete patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch. - commit d4bcf2a - KEYS: potential uninitialized variable (bsc#984755, CVE-2016-4470). - commit 96a29db - base: make module_create_drivers_dir race-free (bnc#983977). - commit 6cfe0b8 - rds: fix an infoleak in rds_inc_info_copy (bsc#983213 CVE-2016-5244). - commit 14295d6 ==== kismet ==== Version update (2016_01_R1 -> 2016_07_R1) - Kismet 2016-07-R1: * nl8011 support is fixed so finding the vif device works again * full 5GHz channel discovery works now * memory leaks in the drone are fixed * some ncurses compile bugs are resolved ==== libgxps ==== Version update (0.2.3.2 -> 0.2.4) - Update to version 0.2.4: + Fix the build with GCC >= 6 when tests are enabled. + Fix non-literal format string warning for clang (bgo#760177). + Correctly show translated messages for command line tools on some locales (bgo#760437). ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-calc-extensions libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-theme-breeze libreoffice-icon-theme-galaxy libreoffice-icon-theme-hicontrast libreoffice-icon-theme-oxygen libreoffice-icon-theme-sifr libreoffice-icon-theme-tango libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-ru libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreoffice-writer-extensions libreofficekit - change BuildRequire from pkgconfig(fbembed) to libfbembed-devel; this is a temporary workaround allowing build both before and after firebird is upgraded to version 3.0 in Factory; once 3.0 is there, this will be changed to pkgconfig(fbembed) or pkgconfig(fbclient), based on %suse_version - libreoffice-firebird3.patch: build against system libfbclient2 if Firebird 3 detected - libreoffice-firebird3-selftest.patch: fix failing selftest when built against Firebird 3 libraries; the failure is caused by database file format change, provide two versions of the test database and let the test select the one that matches Firebird version - firebird_integer_x64le_ods12.odb: rpmbuild doesn't support git patches adding binary files, add the ODS12 test database as a source instead ==== pciutils-ids ==== Version update (20160607 -> 20160701) - Update to 20160701 ==== perl-XML-LibXML ==== Version update (2.0125 -> 2.0126) - updated to 2.0126 see /usr/share/doc/packages/perl-XML-LibXML/Changes 2.0126 2016-06-24 - Workaround RT#114638: - 2.9.4 broke XSD Schema support. - https://rt.cpan.org/Public/Bug/Display.html?id=114638 - https://github.com/shlomif/libxml2-2.9.4-reader-schema-regression - https://bugzilla.gnome.org/show_bug.cgi?id=766834 - https://github.com/shlomif/perl-XML-LibXML/pull/1 - Thanks to Paul for the report and to RURBAN for a pull-req. - Add t/release-kwalitee.t for testing CPANTS Kwalitee. ==== python ==== Version update (2.7.10 -> 2.7.12) Subpackages: python-curses python-gdbm - update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) ==== python-base ==== Version update (2.7.10 -> 2.7.12) Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-devel python-xml - update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py ==== python-requests ==== Version update (2.10.0 -> 2.9.1) - update no-default-cacert.patch to simply pass empty CA path - urllib3-ssl-default-context.patch: patch bundled urllib3 to behave correctly with regard to empty CA path passed - change urllib3 fallback requirements to Recommends - use ca-certificates in SLE as well - recommend ca-certificates-mozilla to have a basic certificate set - Update to 2.9.1 (changes since 2.8.1): * The verify keyword argument now supports being passed a path to a directory of CA certificates, not just a single-file bundle. * Warnings are now emitted when sending files opened in text mode. * Added the 511 Network Authentication Required status code to the status code registry. * For file-like objects that are not seeked to the very beginning, we now send the content length for the number of bytes we will actually read, rather than the total size of the file, allowing partial file uploads. * When uploading file-like objects, if they are empty or have no obvious content length we set Transfer-Encoding: chunked rather than Content-Length: 0. * We correctly receive the response in buffered mode when uploading chunked bodies. * We now handle being passed a query string as a bytestring on Python 3, by decoding it as UTF-8. * Sessions are now closed in all cases (exceptional and not) when using the functional API rather than leaking and waiting for the garbage collector to clean them up. * Correctly handle digest auth headers with a malformed qop directive that contains no token, by treating it the same as if no qop directive was provided at all. * Minor performance improvements when removing specific cookies by name. * Fix errors when calculating cookie expiration dates in certain locales. * Update bundled urllib3 to 1.13.1. - Rebase no-default-cacert.patch. - Modify no-default-cacert.patch: output /etc/ssl/ca-bundle.pem instead of neither NULL nor /etc/ssl/certs/ as a path to cacerts bundle (boo#967128). - Don't apply no-default-cacert.patch on SLE. - Require ca-certificates package (but not on SLE). - Tests are being improperly started and actual ones require network connection, so fix and comment out. - Modify no-default-cacert + The call to set_default_verify_paths() is not necessary. The openSUSE and SLES Python has been patched to always use the system certs. Additionally this call breaks the use of python-requests on older systems, openSUSE_13.2 and original release of SLES 12 which fall back to the built in implementation of ssl which doe not implement this method - update to 2.8.1: - Update certificate bundle to match ``certifi`` 2015.9.6.2's weak certificate bundle. - Fix a bug in 2.8.0 where requests would raise ``ConnectTimeout`` instead of ``ConnectionError`` - When using the PreparedRequest flow, requests will now correctly respect the ``json`` parameter. Broken in 2.8.0. - When using the PreparedRequest flow, requests will now correctly handle a Unicode-string method name on Python 2. Broken in 2.8.0. - remove requests-do-not-use-bundle.patch (bsc#947357) - fix requires - Add python3-chardet to build requirements for tests. - Remove no-default-cacert-sles.patch as no-default-cacert.patch does basically the same. - Update to 2.8.0: * Requests now supports per-host proxies. This allows the proxies dictionary to have entries of the form {'://': ''}. Host-specific proxies will be used in preference to the previously-supported scheme-specific ones, but the previous syntax will continue to work. * Response.raise_for_status now prints the URL that failed as part of the exception message. * requests.utils.get_netrc_auth now takes an raise_errors kwarg, defaulting to False. When True, errors parsing .netrc files cause exceptions to be thrown. * Change to bundled projects import logic to make it easier to unbundle requests downstream. * Change the default User-Agent string to avoid leaking data on Linux: now contains only the requests version. * The json parameter to post() and friends will now only be used if neither data nor files are present, consistent with the documentation. * We now ignore empty fields in the NO_PROXY enviroment variable. * Fix problem where httplib.BadStatusLine would get raised if combining stream=True with contextlib.closing. * Prevent bugs where we would attempt to return the same connection back to the connection pool twice when sending a Chunked body. * Miscellaneous minor internal changes. * Digest Auth support is now thread safe. - Apply no-default-cacert-sles.patch on SLE 12. - Apply Arun Persaud's changes to requests-do-not-use-bundle.patch (update to 2.8.0). - Enable tests. - Small spec cleanup. - Fixed requests-do-not-use-bundle.patch - Unbundle python-chardet and python-urllib3 (boo#947357) requests-do-not-use-bundle.patch - Disable testsuite. Tests were never executed (bsc#945455) but enabling the testsuite doesn't work because the suite needs network access. - fix version condition to allow RHEL/CentOS 7 builds - Update to 2.7.0 - resolving several bugs involving chunked transfer encoding and response framing. - Remove VendorAlias import - Simplify the PreparedRequest.prepare API - Handle UnicodeDecodeErrors - Copy a PreparedRequest's CookieJar more reliably - update no-default-cacert.patch to not hardcode a ca cert location - Update to 2.6.0 (bsc#922448, CVE-2015-2296): - Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. This was disclosed privately by Matthew Daley of `BugFuzz `_. An CVE identifier has not yet been assigned for this. This affects all versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends). - Fix error when requests is an ``install_requires`` dependency and ``python setup.py test`` is run. (#2462) - Fix error when urllib3 is unbundled and requests continues to use the vendored import location. - Include fixes to ``urllib3``'s header handling. - Requests' handling of unvendored dependencies is now more restrictive. - Support bytearrays when passed as parameters in the ``files`` argument. (#2468) - Avoid data duplication when creating a request with ``str``, ``bytes``, or ``bytearray`` input to the ``files`` argument. - Revert changes to our vendored certificate bundle. For more context see (#2455, #2456, and http://bugs.python.org/issue23476) - update to 2.5.2 (bsc#929736): * Update HISTORY and version for v2.5.2 * Update urllib3 to 29aa09bde9c42cc9a8d79aac47ee3d362b438cca * document combination of repeated response headers * Update README to use Shields badges * Upgrade urllib3 to 490d3a227fadb626cd54a240b9d0922f849914b4 * Update certificate bundle. * Update to use readthedocs.org instead of rtfd.org * add a timeout value to connection_error_invalid_port test to accelerate failure * split test_connection_error into two distinct tests, and changed "unknown url" test URL since fooobarbangbazbing.httpbin.org currently gives a valid response. * quickstart: using a list as a value in query params * HISTORY: replace n-dash to workaround pip bug * Check that a filename is a basestring instance * Move noncebit to the only place it is used * Remove entirely unnecessary and unused bits from requests.compat * Attempt to quote anyway if unquoting fails * Update urllib3 to a27758625e4169330fcf965652b1093faf5aaaa2 * drawn towards it rather than pushed away * certifi * simpler button * cleanups * Requests Pro * javascripts * Changing year in all copyright information * Enhance documentation for clarity. * Clean up cookie docs and display them. * Bump version to 2.5.1 * Add release notes for 2.5.1 * Fix bug in renegotiating a nonce with the server * Fix error handling on Python 3 * catch exception more specifically in Response.ok * Uncommented test in test_requests.py * Fix a typo in a comment * Give proper attribution to pip * utils.guess_filename fails if the given parameter looks like a file object but has a non-string name attribute * Copy pip's import machinery wholesale * Updated the broken link to twitter streaming API documentation * Enable GitHub syntax highlighting on README * Bump version to 2.5.0 * Add updates for 2.5.0 * Update tests to work offline * updatee chardet, urllib3 * url was already parsed, don't urlparse twice * Properly serialize RecentlyUsedContainers for cache * Changed ConnectionError to InvalidURL * Docs: Add more section labels for referencing * Partially addresses Issue #1572 * Update HTTPAdapter docstring * Add last few changes and add a quick test * Update urllib3 to df4ec5cce1 * Update how we handle retries to be consistent with documentation * Fix HTTPDigestAuth not to treat non-file as a file * Fixed. * Added test for overriding Content-Length. * Close sessions created in the functional API * Pass strict to urllib3. * Use to_native_string instead of builtin_str * Update documentation about max_retries to reflect code * Cap the redirect_cache size to prevent memory abuse * Add DeprecationWarnings to inform users of plans * Note about read timeout errors and max_retries * fix failing test "test_prepare_unicode_url" \(take 3\) * Revert "fix failing test "test_prepare_unicode_url"" * fix failing test "test_prepare_unicode_url" * Revert "fix failing test "test_prepare_unicode_url"" * update AUTHORS * fix failing test "test_prepare_unicode_url" * Changing parameter name `newline` ==> `delimiter`. * Clean up handle_redirect. * Adding a custom line delimiter to iter_lines() * Fix #2279. Update layout css * Fix #2288. Change urllib3 and chardet workflow * Update sidebarintro.html * Made more better * Add Release History to the sidebar * Fixed #2250 * Update utils.py * Clean up, support all redirects, fix potential endless 401 loop. * v2.4.3 * Re-order params for backwards compat * allow unicode URLs on Python 2 * requests v2.4.2 * fix documentation for utils.get_unicode_from_response() :) * v2.4.2 changelog * Remove timeout from __attrs__ * Fix a couple of issues I noticed * Support bytestring URLs on Python 3.x * A fix for #1979 repeat HTTP digest authentication after redirect. * remove unused import * fix #2247 * docs: Clarify how to pass a custom set of CAs * Correct redirection introduction * Avoid getting stuck in a loop * make StreamConsumedError doubly inherit * using the `StreamConsumedError` * add-in StreamConsumedError * rm `else` after `if` then `raise` block * raise RuntimeError when a single streamed request calls *iter methods than once * Remove invoke from requirements.txt, docs * Fixup the remaining references to timeline.json. * Moved multiple files upload example to advanced section. * Added example of how to send multiple files in one request. * Document skipping in PreparedRequest; followup to #2222 * Add more tests to `test_invalid_url` * lawl * mils * Fixes typo in test * Changes check on base and json. Fails on tests. * Adds review changes * Adds json parameter for POST requests - fix license (Apache-2.0 only) - Update to 2.4.1 (2014-09-09) - Now has a "security" package extras set, ``$ pip install requests[security]`` - Requests will now use Certifi if it is available. - Capture and re-raise urllib3 ProtocolError - Bugfix for responses that attempt to redirect to themselves forever (wtf?). - Update to 2.4.0 (2014-08-29) * Behavioral Changes - ``Connection: keep-alive`` header is now sent automatically. * Improvements - Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts. - Allow copying of PreparedRequests without headers/cookies. - Updated bundled urllib3 version. - Refactored settings loading from environment new `Session.merge_environment_settings`. - Handle socket errors in iter_content. - Update tarball to the one upstream is publishing. - Update to version 2.3.0 + New ``Response`` property ``is_redirect``, which is true when the library could have processed this response as a redirection (whether or not it actually did). + The ``timeout`` parameter now affects requests with both ``stream=True`` and ``stream=False`` equally. + The change in v2.0.0 to mandate explicit proxy schemes has been reverted. Proxy schemes now default to ``http://``. + The ``CaseInsensitiveDict`` used for HTTP headers now behaves like a normal dictionary when references as string or viewd in the interpreter. + No longer expose Authorization or Proxy-Authorization headers on redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively. + Authorization is re-evaluated each redirect. + On redirect, pass url as native strings. + Fall-back to autodetected encoding for JSON when Unicode detection fails. + Headers set to ``None`` on the ``Session`` are now correctly not sent. + Correctly honor ``decode_unicode`` even if it wasn't used earlier in the same response. + Stop advertising ``compress`` as a supported Content-Encoding. + The ``Response.history`` parameter is now always a list. + Many, many ``urllib3`` bugfixes.- Fixes incorrect parsing of proxy credentials that contain a literal or encoded '#' character. + Assorted urllib3 fixes. + New exception: ``ContentDecodingError``. Raised instead of ``urllib3`` ``DecodeError`` exceptions. + Avoid many many exceptions from the buggy implementation of ``proxy_bypass`` on OS X in Python 2.6. + Avoid crashing when attempting to get authentication credentials from ~/.netrc when running as a user without a home directory. + Use the correct pool size for pools of connections to proxies. + Fix iteration of ``CookieJar`` objects. + Ensure that cookies are persisted over redirect. + Switch back to using chardet, since it has merged with charade. + Cookies set on individual Requests through a ``Session`` (e.g. via ``Session.get()``) are no longer persisted to the ``Session``. + Clean up connections when we hit problems during chunked upload, rather than leaking them. + Return connections to the pool when a chunked upload is successful, rather than leaking it. + Match the HTTPbis recommendation for HTTP 301 redirects. + Prevent hanging when using streaming uploads and Digest Auth when a 401 is received. + Values of headers set by Requests are now always the native string type. + Fix previously broken SNI support. + Fix accessing HTTP proxies using proxy authentication. + Unencode HTTP Basic usernames and passwords extracted from URLs. + Support for IP address ranges for no_proxy environment variable + Parse headers correctly when users override the default ``Host:`` header. + Avoid munging the URL in case of case-sensitive servers. + Looser URL handling for non-HTTP/HTTPS urls. + Accept unicode methods in Python 2.6 and 2.7. + More resilient cookie handling. + Make ``Response`` objects pickleable. + Actually added MD5-sess to Digest Auth instead of pretending to like last time. + Updated internal urllib3. + Fixed @Lukasa's lack of taste. - Add no-default-cacert-sles.patch: use this patch when building for SLES, since python in SLES and openSUSE behave differently when it comes to SSL, and no-default-cacert.patch is wrong for SLES. - update to 2.0.1 - changes in 2.0.1: - Updated included CA Bundle with new mistrusts and automated process for the future - Added MD5-sess to Digest Auth - Accept per-file headers in multipart file POST messages. - Fixed: Don't send the full URL on CONNECT messages. - Fixed: Correctly lowercase a redirect scheme. - Fixed: Cookies not persisted when set via functional API. - Fixed: Translate urllib3 ProxyError into a requests ProxyError derived from ConnectionError. - Updated internal urllib3 and chardet. - changes in 2.0.0: - Keys in the Headers dictionary are now native strings on all Python versions, i.e. bytestrings on Python 2, unicode on Python 3. - Proxy URLs now *must* have an explicit scheme. A ``MissingSchema`` exception will be raised if they don't. - Timeouts now apply to read time if ``Stream=False``. - ``RequestException`` is now a subclass of ``IOError``, not ``RuntimeError``. - Added new method to ``PreparedRequest`` objects: ``PreparedRequest.copy()``. - Added new method to ``Session`` objects: ``Session.update_request()``. This method updates a ``Request`` object with the data (e.g. cookies) stored on the ``Session``. - Added new method to ``Session`` objects: ``Session.prepare_request()``. This method updates and prepares a ``Request`` object, and returns the corresponding ``PreparedRequest`` object. - Added new method to ``HTTPAdapter`` objects: ``HTTPAdapter.proxy_headers()``. This should not be called directly, but improves the subclass interface. - ``httplib.IncompleteRead`` exceptions caused by incorrect chunked encoding will now raise a Requests ``ChunkedEncodingError`` instead. - Invalid percent-escape sequences now cause a Requests ``InvalidURL`` exception to be raised. - HTTP 208 no longer uses reason phrase ``"im_used"``. Correctly uses ``"already_reported"``. - HTTP 226 reason added (``"im_used"``). - Vastly improved proxy support, including the CONNECT verb. Special thanks to the many contributors who worked towards this improvement. - Cookies are now properly managed when 401 authentication responses are received. - Chunked encoding fixes. - Support for mixed case schemes. - Better handling of streaming downloads. - Retrieve environment proxies from more locations. - Require python-setuptools instead of distribute (upstreams merged) - Add no-default-cacert.patch: completely ignore the internal CA bundle and point to /etc/ssl/certs/. This works because we patched python to do the right thing when a directory is used there instead of a file. - Manually remove requests/cacert.pem (better than doing that in the patch, since it's big) too. - update to 1.2.3: * Python 3.3.2 compatibility * Always percent-encode location headers * Fix connection adapter matching to be most-specific first * new argument to the default connection adapter for passing a block argument * prevent a KeyError when there's no link headers - update to 1.2.0: * Fixed cookies on sessions and on requests * Significantly change how hooks are dispatched - hooks now receive all the arguments specified by the user when making a request so hooks can make a secondary request with the same parameters. This is especially necessary for authentication handler authors * certifi support was removed * Fixed bug where using OAuth 1 with body ``signature_type`` sent no data * Major proxy work thanks to @Lukasa including parsing of proxy authentication from the proxy url * Fix DigestAuth handling too many 401s * Update vendored urllib3 to include SSL bug fixes * Allow keyword arguments to be passed to ``json.loads()`` via the ``Response.json()`` method * Don't send ``Content-Length`` header by default on ``GET`` or ``HEAD`` requests * Add ``elapsed`` attribute to ``Response`` objects to time how long a request took. * Fix ``RequestsCookieJar`` * Sessions and Adapters are now picklable, i.e., can be used with the mutiprocessing library Update charade to version 1.0.3 - Set license to "Apache-2.0 and LGPL-2.1+ and MIT", according to https://github.com/kennethreitz/requests/issues/1111, the base license is Apache-2.0 but requests ships two libraries (bnc#799119): + charade: LGPL-2.1+ + urllib3: MIT - Initial python3 support - Update to version 1.1.0: * CHUNKED REQUESTS * Support for iterable response bodies * Assume servers persist redirect params * Allow explicit content types to be specified for file data * Make merge_kwargs case-insensitive when looking up keys - Update to 0.14.2: * Improved mime-compatible JSON handling * Proxy fixes * Path hack fixes * Case-Insensistive Content-Encoding headers * Support for CJK parameters in form posts - Update to 0.14.1: * Python 3.3 Compatibility * Simply default accept-encoding * Bugfixes - 0.14.0 (2012-09-02) * No more iter_content errors if already downloaded. - 0.13.9 (2012-08-25) * Fix for OAuth + POSTs * Remove exception eating from dispatch_hook * General bugfixes - 0.13.8 (2012-08-21) * Incredible Link header support :) - 0.13.7 (2012-08-19) * Support for (key, value) lists everywhere. * Digest Authentication improvements. * Ensure proxy exclusions work properly. * Clearer UnicodeError exceptions. * Automatic casting of URLs to tsrings (fURL and such) * Bugfixes. - 0.13.6 (2012-08-06) * Long awaited fix for hanging connections! - 0.13.5 (2012-07-27) * Packaging fix - 0.13.4 (2012-07-27) * GSSAPI/Kerberos authentication! * App Engine 2.7 Fixes! * Fix leaking connections (from urllib3 update) * OAuthlib path hack fix * OAuthlib URL parameters fix. - 0.13.3 (2012-07-12) * Use simplejson if available. * Do not hide SSLErrors behind Timeouts. * Fixed param handling with urls containing fragments. * Significantly improved information in User Agent. * client certificates are ignored when verify=False - 0.13.2 (2012-06-28) * Zero dependencies (once again)! * New: Response.reason * Sign querystring parameters in OAuth 1.0 * Client certificates no longer ignored when verify=False * Add openSUSE certificate support - Removed certificate patch since it's now upstream - Removed dependencies that are no longer needed - Update to 0.13.1: + Removal of Requests.async in favor of grequests + Allow disabling of cookie persistiance. + New implimentation of safe_mode + cookies.get now supports default argument + Session cookies not saved when Session.request is called with return_response=False + Env: no_proxy support. + RequestsCookieJar improvements. + Various bug fixes. - Rebased patches - Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work for me as (my) Python ssl module doesn't support cert directories... - No need to check SUSE versions for python-certifi, it only is/was part of openSUSE:Factory for a brief period of time - Load directory-based cert store in openSUSE >= 12.2 - Update to 0.12.1 * New Response.json property * Ability to add string file uploads * Fix out-of-range issue with iter_lines * Fix iter_content default size * Fix POST redirects containing files - 0.12.0 (2012-05-02) * EXPERIMENTAL OAUTH SUPPORT! * Proper CookieJar-backed cookies interface with awesome dict-like interface. * Speed fix for non-iterated content chunks. * Move pre_request to a more usable place. * New pre_send hook. * Lazily encode data, params, files * Load system Certificate Bundle if certify isn't available. * Cleanups, fixes. - Add python-chardet and python-oauthlib requirements - Run test suite (added python-distribute build requirement to enable) - Update to 0.11.2 * Attempt to use the OS's certificate bundle if certifi isn't available. * Infinite digest auth redirect fix * Multi-part file upload improvements * Fix decoding of invalid %encodings in URLs * If there is no content in a response don't throw an error the second time that content is attempted to be read. * Upload data on redirects. - Update to 0.11.1: * POST redirects now break RFC to do what browsers do: Follow up with a GET. * New strict_mode configuration to disable new redirect behavior. - 0.11.0 (2012-03-14) * Private SSL Certificate support * Remove select.poll from Gevent monkeypatching * Remove redundant generator for chunked transfer encoding * Fix: Response.ok raises Timeout Exception in safe_mode - Update to version 0.10.8: * Generate chunked ValueError fix * Proxy configuration by environment variables * Simplification of iter_lines. * New trust_env configuration for disabling system/environment hints. * Suppress cookie errors. - Changes from version 0.10.7: * encode_uri = False - Update to 0.10.6 * Allow '=' in cookies. - 0.10.5 (2012-02-25) * Response body with 0 content-length fix. * New async.imap. * Don't fail on netrc. - Update to 0.10.4 * Honor netrc. - 0.10.3 (2012-02-20) * HEAD requests don't follow redirects anymore. * raise_for_status() doesn't raise for 3xx anymore. * Make Session objects picklable. * ValueError for invalid schema URLs. - 0.10.2 (2012-01-15) * Vastly improved URL quoting. * Additional allowed cookie key values. * Attempted fix for "Too many open files" Error * Replace unicode errors on first pass, no need for second pass. * Append '/' to bare-domain urls before query insertion. * Exceptions now inherit from RuntimeError. * Binary uploads + auth fix. * Bugfixes. - Add dependency on python-certifi - Update to 0.10.1: * PYTHON 3 SUPPORT! * Dropped 2.5 Support. (Backwards Incompatible) - 0.10.0 (2012-01-21) * Response.content is now bytes-only. (Backwards Incompatible) * New Response.text is unicode-only. * If no Response.encoding is specified and chardet is available, Respoonse.text will guess an encoding. * Default to ISO-8859-1 (Western) encoding for "text" subtypes. * Removal of decode_unicode. (Backwards Incompatible) * New multiple-hooks system. * New Response.register_hook for registering hooks within the pipeline. * Response.url is now Unicode. - Update to 0.9.3: * SSL verify=False bugfix (apparent on windows machines). - 0.9.2 (2012-01-18) * Asyncronous async.send method. * Support for proper chunk streams with boundaries. * session argument for Session classes. * Print entire hook tracebacks, not just exception instance. * Fix response.iter_lines from pending next line. * Fix but in HTTP-digest auth w/ URI having query strings. * Fix in Event Hooks section. * Urllib3 update. - Update to 0.9.1: * danger_mode for automatic Response.raise_for_status() * Response.iter_lines refator - 0.9.0 (2011-12-28) * verify ssl is default. - 0.8.9 (2011-12-28) * Packaging fix. - 0.8.8 (2011-12-28) * SSL CERT VERIFICATION! * Release of Cerifi: Mozilla's cert list. * New 'verify' argument for SSL requests. * Urllib3 update. - 0.8.7 (2011-12-24) * iter_lines last-line truncation fix * Force safe_mode for async requests * Handle safe_mode exceptions more consistently * Fix iteration on null responses in safe_mode - 0.8.6 (2011-12-18) * Socket timeout fixes. * Proxy Authorization support. - 0.8.5 (2011-12-14) * Response.iter_lines! - Update to 0.8.4: * Prefetch bugfix. * Added license to installed version. - Update to 0.8.3 * Converted auth system to use simpler callable objects. * New session parameter to API methods. * Display full URL while logging. - Update to 0.8.2 * New unicode decoding system, based on overridable Response.encoding. * Proper URL slash-quote handling. * Cookies with [, ], and _ allowed. - 0.8.1 (2011-11-15) * URL Request path fix * Proxy fix. * Timeouts fix. - 0.8.0 (2011-11-13) * Keep-alive support! * Complete removal of Urllib2 * Complete removal of Poster * Complete removal of CookieJars * New ConnectionError raising * Safe_mode for error catching * prefetch parameter for request methods * OPTION method * Async pool size throttling * File uploads send real names - 0.7.6 (2011-11-07) * Digest authentication bugfix (attach query data to path) - 0.7.5 (2011-11-04) * Response.content = None if there was an invalid repsonse. * Redirection auth handling. - 0.7.4 (2011-10-26) * Sesion Hooks fix. - 0.7.3 (2011-10-23) * Digest Auth fix. - 0.7.2 (2011-10-23) * PATCH Fix. - 0.7.1 (2011-10-23) * Move away from urllib2 authentication handling. * Fully Remove AuthManager, AuthObject, &c. * New tuple-based auth system with handler callbacks. - 0.7.0 (2011-10-22) * Sessions are now the primary interface. * Deprecated InvalidMethodException. * PATCH fix. * New config system (no more global settings). - 0.6.6 (2011-10-19) * Session parameter bugfix (params merging). - 0.6.5 (2011-10-18) * Offline (fast) test suite. * Session dictionary argument merging. - 0.6.4 (2011-10-13) * Automatic decoding of unicode, based on HTTP Headers. * New decode_unicode setting. * Removal of r.read/close methods. * New r.faw interface for advanced response usage.* * Automatic expansion of parameterized headers. - 0.6.3 (2011-10-13) * Beautiful requests.async module, for making async requests w/ gevent. - 0.6.2 (2011-10-09) * GET/HEAD obeys allow_redirects=False. - Update to version 0.6.1: * Enhanced status codes experience ``\o/`` * Set a maximum number of redirects (``settings.max_redirects``) * Full Unicode URL support * Support for protocol-less redirects. * Allow for arbitrary request types. * Bugfixes - Changes from version 0.6.0: * New callback hook system * New persistient sessions object and context manager * Transparent Dict-cookie handling * Status code reference object * Removed Response.cached * Added Response.request * All args are kwargs * Relative redirect support * HTTPError handling improvements * Improved https testing * Bugfixes - Update to 0.5.0 - PATCH Support - Support for Proxies - HTTPBin Test Suite - Redirect Fixes - settings.verbose stream writing - Querystrings for all methods - URLErrors (Connection Refused, Timeout, Invalid URLs) are treated as explicity raised r.requests.get('hwe://blah'); r.raise_for_status() - 0.4.1 (2011-05-22) - Improved Redirection Handling - New 'allow_redirects' param for following non-GET/HEAD Redirects - Settings module refactoring - Initial release ==== shotwell ==== Version update (0.23.0+git.20160425 -> 0.23.2) Subpackages: shotwell-lang - Update to version 0.23.2: + Use yelp-build to generate HTML docs. + Remove gphoto-2.4 support. + Fix background color drawing (bgo#766864). + Port GtkNotebook to GtkStack (bgo#744289). + Fix missing scroll bars in events (bgo#766864). + Fix URLs in manpage. + Clean up external functions. + Port librest's internal hmac_sha1 implementation to Vala. + Fix multiplication of symbols in plugins. + Request "popup" login in Facebook. + Update help regarding publishing permissions in Facebook (bgo#766919). + Add source SVG for new app icons. + Update logo for help. + Remove executable flag on images. + Piwigo: Let libsoup parse the cookie. + Remove string utility functions in publishing plugins. + Remove a libgee work-around, bump to 0.10 minimum version. + Make filter toolbar buttons contain text and image. + Move commonly used functions into shared library to prevent multiple definition of symbols. + Bugs fixed: bgo#744289, bgo#766864, bgo#766919, bgo#767042. + Updated translations. - Drop sourceservice, switch back to release tarballs now that we have an active working upstream again. - Package the new library, but not split it out as shotwell is the only consumer as of now. - Update to version 0.23.1+git.20160523: + Update Facebook application id. Facebook integration works again (bgo#748991). + Remove obsolete VAPIs. + Remove custom WEXITSTATUS implementation. + Fix an assert in file monitor caused by renaming a file (bgo#759403). + Rename "Yorba website" to "Shotwell website" in About dialog so it actually says what it does. + Change the way how shotwell checks whether it runs uninstalled to allow running with symlinks (bgo#747374). + Copyright was transferred from Yorba to SFC. + Do not block closing the viewer if there was an issue loading the photo (bgo#740436). + Remove remaining references to .gnome2 directory (bgo#766339). + Update icons to hires versions and add a symbolic one (bgo#717326). + If we can't find any pixbuf representation of the Photo, push an empty pixmap to force the display of the error message (bgo#766338). + Fix a critical when get_metadata returns null. + Remove deprecated calls to gtk_widget_render_icon() (bgo#719188). + Panic out if we cannot open the file in the viewer. + Make toolbar use GtkOverlay instead of implementing a custom pop-up to prevent all kinds of issues with overlaying other applications or toolboxes (bgo#756126). + Remove criticals caused by mouse hiding algorithm. + Updated translations. - Update Url to new home. ==== xerces-c ==== Version update (3.1.2 -> 3.1.4) - Version update to 3.1.4: * Fixes bnc#985860 CVE-2016-4463 * xerces-c-CVE-2016-2099.patch removed as it was included upstream - Use pkgconfig requires - Disable "pretty" make to make it bit faster - Fix the selfobsoleting provides/requires to silence rpmlint - Use valid group for the docs - Resolve rpmlint warnings of type "version-control-internal-file" - Update to 3.1.3 * bug fixes + memcpy used on overlapping memory regions causes sanity test failure + Typo in XMLUni::fgUnknownURIName constant + Buffer overruns in prolog parsing and error handling - Dropped xerces-c-CVE-2016-0729.patch, fixed upstream. - added xerces-c-CVE-2016-2099.patch Exception handling mistake causing use after free (bsc#979208, CVE-2016-2099) - xerces-c-CVE-2016-0729.patch Fix for mishandling certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. (bsc#966822, CVE-2016-0729) ==== xf86-video-intel ==== Version update (2.99.917.651_g34f63f2 -> 2.99.917.674_g9154dff) - Update to 2.99.917.674_g9154dff * Only shutdown secondary plances on CRTCs we own (boo#984747). * Do not force migration to GPU for very large object. * Skip wait_for_shadow when shadow is temprarily disabled. * Avoid Recursion by testing shadow.wait. * DRI3 is not supporteed by mesa/i915. * Various minor fixes. - Update to 2.99.917.666_g7b6e219: sna: Hide compiler warnings for change in uAPI defines sna/video: Create one XvAdapter for each sprite plane sna/video: Prepare for multiple sprite ports sna: Record all sprite planes reported by the kernel compat: Another day, another ABI change for OsBlockSGIO sna: Use physical output size from the kernel compat: Add OsBlockSIGIO/OsReleaseSIGIO wrappers sna: Restore TearFree operation after switching everything off sna/dri2: Avoid chaining swaps across a mode change sna: Display errno when SETCURSOR fails sna: Allow disconnected outputs to retain state without EDID checks sna: Confirm the EDID is the same after a hotplug before ignoring sna: Don't skip migration-to-GPU for TearFree sna: Track the minimum damage when doing CRTC-local TearFree sna: Fix increment of modeset serial after applying CRTC ==== yast2 ==== Version update (3.1.194 -> 3.1.195) - fix cyclic dependencies caused by split of firewall classes (bsc#987059) - 3.1.195 ==== yast2-kdump ==== Version update (3.1.37 -> 3.1.38) - Skip writing bootloader configuration in installation, as it will be written later by yast2-bootloader. This will speed up installation. (bnc#984649) - 3.1.38 ==== yast2-packager ==== Version update (3.1.102 -> 3.1.107) - Fix remaining estimation during installation (bsc#982138) - 3.1.107 - Fix remaining packages count during installation (bsc#987791 and bsc#987604) - 3.1.106 - optimize slide show size computing to improve installation performance (bnc#986649) - 3.1.105 - Restored back the InstURL#GetDevicesOption method which was accidentaly removed in the previous update (bsc#985593) - 3.1.104 - Allow installation via HTTPS using a self-signed certificate when "ssl_certs=0" boot option is used (bsc#982727) - Drop "is_network" method from InstURL module - 3.1.103 ==== yast2-ruby-bindings ==== Version update (3.1.48 -> 3.1.50) - Fix segfault when running rspec tests caused by added ruby profiler (bnc#986649 comment2) - 3.1.50 - Added support for running the Ruby profiler - Improve performance of code by specialized `caller` call (bnc#986649) - 3.1.49 ==== yast2-users ==== Version update (3.1.52 -> 3.1.53) - Fix creation of the first user account during installation (bsc#986542) - 3.1.53 ==== ypbind ==== - Remove syslog.target from ypbind.service file [bsc#983938]