Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20220818 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: coreutils elfutils-debuginfod gcc12 (12.1.1+git287 -> 12.1.1+git372) inxi (3.3.19 -> 3.3.20) less metamail ncurses (6.3.20220806 -> 6.3.20220813) openal-soft (1.21.1 -> 1.22.2) openssh polkit (0.120 -> 121) python-SQLAlchemy (1.4.39 -> 1.4.40) python-black (22.3.0 -> 22.6.0) python-pyzmq (23.2.0 -> 23.2.1) rsync (3.2.4 -> 3.2.5) timezone (2022a -> 2022c) timezone-java (2022a -> 2022c) xz (5.2.5 -> 5.2.6) === Details === ==== coreutils ==== Subpackages: coreutils-lang - refresh coreutils-i18n.patch from Fedora to make expand and unexpand more similar - Remove python2 from buildrequires - appears to be a left over ==== elfutils-debuginfod ==== - Use %ghost for debuginfod.sqlite file. - Add support-nullglob-in-profile.-.in-files.patch fixes boo#1202440. - Add PR29474-debuginfod.patch in order to fix PR29474. - Add Recommends for libdebuginfod1 so that debuginfod-profile sets the DEBUGINFOD_URLS. ==== gcc12 ==== Version update (12.1.1+git287 -> 12.1.1+git372) Subpackages: cpp12 gcc12-info gcc12-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc12 libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 - Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372 * includes release candidate for GCC 12.2 - Remove workaround for obs-service-format_spec_file. ==== inxi ==== Version update (3.3.19 -> 3.3.20) - update to 3.3.20: 1a. More or less completed verification of AMD cpu microarch/built/process, and added more accurate fallback cases for stray model IDs. 1b. Extended Intel cpu data a bit more as well. Thanks linuxdaddy from slackware for the research help there. 2. Tentative support for finit init system (fast init). Runs in /proc/1/comm, uses initctl, which may have been revived from its upstart days, not sure. Added potential support for nosh, linux only, don't know how to detect other bsd init system. 3. Added amd/intel gpu product IDs. 4. Added shortcut --filter-all/--za, activates all filters: -z, --zl, --zu, - -zv. Why not? 5. Added support for dm types kdmctl and xdmctl, opensuse and maybe redhat use the latter to start the actual dm running the desktop/wm. You want to see that because you need to do systemctl restart xdm to restart the actual dm. Thanks mrmazda for pointing out this one. 6. Added AlmaLinux, RockyLinux, CentosStream to system base (RHEL derived). 7. Basic Raptor Lake gpu/apu support added, with patterns to detect since few product ids yet. Same applies to Arctic and Alchemist, which still have no product IDs. 8. More disk vendors and disk vendor ids, never stops - the waters flow on, the rain falls, then the sun comes out. Until one day it doesn't. * /usr/share/doc/packages/inxi/inxi.changelog. ==== less ==== - Which need one /usr/bin/which, not the package which ==== metamail ==== - Update ot mimelang-0.3 * Avoid to run on NULL if no UTF-8 marker is found ==== ncurses ==== Version update (6.3.20220806 -> 6.3.20220813) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20220813 + modify delscreen to more effectively delete all windows on the given screen. + amend portability note for delwin in manual page. + adapt test/test_delwin.c from example by Bill Gray. + account for prescreen data if freeing leaks in pthread-configuration + split-out _nc_set_read_thread(), to reduce compiler warnings about pthread_self(), which may/may not be a weak symbol. + improve pthread-configuration for test/worm.c ==== openal-soft ==== Version update (1.21.1 -> 1.22.2) Subpackages: libopenal1 openal-soft-data - disable pipewire backend to avoid buildcycle ffmpeg-4, libopenmpt, mpg123, openal-soft, pipewire - update to 1.22.2: * Fixed PipeWire version check. * Fixed building with PipeWire versions before 0.3.33. * Fixed CoreAudio capture. * Fixed air absorption strength. * Fixed ALSA not being used on some systems without PipeWire and PulseAudio. * Fixed OpenSL capturing noise. * Fixed Oboe capture failing with some buffer sizes. * Added checks for the runtime PipeWire version. * The same or newer version than is used for building will be needed at runtime for the backend to work. * Separated 3D7.1 into its own speaker configuration. * Implemented the ALC_SOFT_reopen_device extension. * This allows for moving devices to different outputs without losing object state. * Implemented the ALC_SOFT_output_mode extension. * Implemented the AL_SOFT_callback_buffer extension. * Implemented the AL_SOFT_UHJ extension. * This supports native UHJ buffer formats and Super Stereo processing. * Implemented the legacy EAX extensions. * Enabled by default only on Windows. * Improved sound positioning stability when a source is near the listener. * Improved the default 5.1 output decoder. * Improved the high frequency response for the HRTF second-order ambisonic decoder. * Improved SoundIO capture behavior. * Fixed UHJ output on NEON-capable CPUs. * Fixed redundant effect updates when setting an effect property to the current value. * Fixed WASAPI capture using really low sample rates, and sources with very high pitch shifts when using a bsinc resampler. * Added a PipeWire backend. * Added enumeration for the JACK and CoreAudio backends. * Added optional support for RTKit to get real-time priority. * Added an option for JACK playback to render directly in the real-time processing callback. * Added an option for custom JACK devices. * Added utilities to encode and decode UHJ audio files. * Added an in-progress extension to hold sources in a playing state when a device disconnects. * Lowered the priority of the JACK backend. - drop openal-soft-gcc11.diff (obsolete) ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - openssh-8.4p1-ssh_config_d.patch: admin overrides should take priority (listed first) over package defaults ==== polkit ==== Version update (0.120 -> 121) Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - Update to version 121: + Addition of duktape as a JS engine backend. + Other small fixes and improvements. For more details, visit: gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md + Updated translations. - Drop merged-upstream patches: + CVE-2021-4034-pkexec-fix.patch; + 0001-CVE-2021-4115-GHSL-2021-077-fix.patch; + duktape-support.patch; + pkexec.patch. - Replace Intltool with Gettext as a build requirement following the migration from last release (0.120). - Add Meson as a build requirement while dropping Libtool and replace all Autotools macros with Meson ones. And pass the following options to Meson: session_tracking=libsystemd-login; systemdsystemunitdir=%{_unitdir}; os_type=suse; pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir}; examples=true; tests=true; gtk_doc=true; man=true and js_engine=duktape. - Drop no longer needed Libtool as a build requirement, following Autotools replacement. - Add explicit pkgconfig module build requirements for glib-2.0 and gobject-2.0 that are searched by the build scripts. They were already being pulled by their siblings [pkgconfig(gio-2.0) and pkgconfig(gio-unix-2.0)]. - Drop conditional macro, which was wrapping "BuildArch: noarch" for the doc subpackage, based on long gone EOLed (open)SUSE release (11.2). - Add missing 'Requires(post): permissions' for the pkexec subpackage. - Add python3-dbus-python and python3-python-dbusmock as build requirements in order to run test in the check section. - Add polkit-fix-pam-prefix.patch to use the value of pam_prefix Meson option, like it was designed to, rather than hard-coded path for pam configuration files. - Remove unneeded executable bit from 50-default.rules file. ==== python-SQLAlchemy ==== Version update (1.4.39 -> 1.4.40) - update to version 1.4.40: * orm + [orm] [bug] Fixed issue where referencing a CTE multiple times in conjunction with a polymorphic SELECT could result in multiple âclonesâ of the same CTE being constructed, which would then trigger these two CTEs as duplicates. To resolve, the two CTEs are deep-compared when this occurs to ensure that they are equivalent, then are treated as equivalent. References: #8357 + [orm] [bug] A select() construct that is passed a sole â*â argument for SELECT *, either via string, text(), or literal_column(), will be interpreted as a Core-level SQL statement rather than as an ORM level statement. This is so that the *, when expanded to match any number of columns, will result in all columns returned in the result. the ORM- level interpretation of select() needs to know the names and types of all ORM columns up front which canât be achieved when '*' is used. If '* is used amongst other expressions simultaneously with an ORM statement, an error is raised as this canât be interpreted correctly by the ORM. References: #8235 * orm declarative + [orm] [declarative] [bug] Fixed issue where a hierarchy of classes set up as an abstract or mixin declarative classes could not declare standalone columns on a superclass that would then be copied correctly to a declared_attr callable that wanted to make use of them on a descendant class. References: #8190 * engine + [engine] [usecase] Implemented new Connection.execution_options.yield_per execution option for Connection in Core, to mirror that of the same yield_per option available in the ORM. The option sets both the Connection.execution_options.stream_results option at the same time as invoking Result.yield_per(), to provide the most common streaming result configuration which also mirrors that of the ORM use case in its usage pattern. See also: Using Server Side Cursors (a.k.a. stream results) - revised documentation + [engine] [bug] Fixed bug in Result where the usage of a buffered result strategy would not be used if the dialect in use did not support an explicit âserver side cursorâ setting, when using Connection.execution_options.stream_results. This is in error as DBAPIs such as that of SQLite and Oracle already use a non-buffered result fetching scheme, which still benefits from usage of partial result fetching. The âbufferedâ strategy is now used in all cases where Connection.execution_options.stream_results is set. + [engine] [bug] Added FilterResult.yield_per() so that result implementations such as MappingResult, ScalarResult and AsyncResult have access to this method. References: #8199 * sql + [sql] [bug] Adjusted the SQL compilation for string containment functions .contains(), .startswith(), .endswith() to force the use of the string concatenation operator, rather than relying upon the overload of the addition operator, so that non-standard use of these operators with for example bytestrings still produces string concatenation operators. References: #8253 * mypy + [mypy] [bug] Fixed a crash of the mypy plugin when using a lambda as a Column default. Pull request curtesy of tchapi. References: #8196 * asyncio + [asyncio] [bug] Added asyncio.shield() to the connection and session release process specifically within the __aexit__() context manager exit, when using AsyncConnection or AsyncSession as a context manager that releases the object when the context manager is complete. This appears to help with task cancellation when using alternate concurrency libraries such as anyio, uvloop that otherwise donât provide an async context for the connection pool to release the connection properly during task cancellation. References: #8145 * postgresql + [postgresql] [bug] Fixed issue in psycopg2 dialect where the âmultiple hostsâ feature implemented for #4392, where multiple host:port pairs could be passed in the query string as ?host=host1:port1&host=host2:port2&host=host3:port3 was not implemented correctly, as it did not propagate the âportâ parameter appropriately. Connections that didnât use a different âportâ likely worked without issue, and connections that had âportâ for some of the entries may have incorrectly passed on that hostname. The format is now corrected to pass hosts/ports appropriately. As part of this change, maintained support for another multihost style that worked unintentionally, which is comma-separated ?host=h1,h2,h3&port=p1,p2,p3. This format is more consistent with libpqâs query-string format, whereas the previous format is inspired by a different aspect of libpqâs URI format but is not quite the same thing. If the two styles are mixed together, an error is raised as this is ambiguous. References: #4392 * mssql + [mssql] [bug] Fixed issues that prevented the new usage patterns for using DML with ORM objects presented at Using INSERT, UPDATE and ON CONFLICT (i.e. upsert) to return ORM Objects from working correctly with the SQL Server pyodbc dialect. References: #8210 + [mssql] [bug] Fixed issue where the SQL Server dialectâs query for the current isolation level would fail on Azure Synapse Analytics, due to the way in which this database handles transaction rollbacks after an error has occurred. The initial query has been modified to no longer rely upon catching an error when attempting to detect the appropriate system view. Additionally, to better support this databaseâs very specific ârollbackâ behavior, implemented new parameter ... changelog too long, skipping 10 lines ... ARRAY datatype, without explicit workarounds. References: #7249 ==== python-black ==== Version update (22.3.0 -> 22.6.0) - update to version 22.6.0: * Style + Fix unstable formatting involving #fmt: skip and # fmt:skip comments (notice the lack of spaces) (#2970) * Preview style + Docstring quotes are no longer moved if it would violate the line length limit (#3044) + Parentheses around return annotations are now managed (#2990) + Remove unnecessary parentheses around awaited objects (#2991) + Remove unnecessary parentheses in with statements (#2926) + Remove trailing newlines after code block open (#3035) * Integrations + Add scripts/migrate-black.py script to ease introduction of Black to a Git project (#3038) * Output + Output Python version and implementation as part of --version flag (#2997) * Packaging + Use tomli instead of tomllib on Python 3.11 builds where tomllib is not available (#2987) * Parser + PEP 654 syntax (for example, except *ExceptionGroup:) is now supported (#3016) + PEP 646 syntax (for example, Array[Batch, *Shape] or def fn(*args: *T) -> None) is now supported (#3071) * Vim Plugin + Fix strtobool function. It didn't parse true/on/false/off. (#3025) ==== python-pyzmq ==== Version update (23.2.0 -> 23.2.1) - update to version 23.2.1: * Improvements: + First release with wheels for Python 3.11 (thanks cibuildwheel!). + linux aarch64 wheels now bundle the same libzmq (4.3.4) as all other builds, thanks to switching to native arm builds on CircleCI. * Fixes: + Some type annotation fixes in devices. ==== rsync ==== Version update (3.2.4 -> 3.2.5) - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). * PACKAGING RELATED: - A note to those wanting to patch older rsync versions: the changes in this release requires the quoted argument change from 3.2.4. Then, you'll want every single code change from 3.2.5 since there is no fluff in this release. - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date. * DEVELOPER RELATED: - Configure now defaults GETGROUPS_T to gid_t when cross compiling. - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. ==== timezone ==== Version update (2022a -> 2022c) - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' ==== timezone-java ==== Version update (2022a -> 2022c) - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' - switch to _multibuild - refresh keyring, enable keyring validation ==== xz ==== Version update (5.2.5 -> 5.2.6) Subpackages: liblzma5 liblzma5-32bit xz-lang - update to 5.2.6 (CVE-2022-1271, bsc#1198062): * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. * xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or *BSD grep, a new faster method is now used that doesn't use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn't make xzgrep exit when it clearly should have. It's possible that the signal handling still isn't quite perfect but hopefully it's good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn't correctly split into -F -e. - Added zstd support. * xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support. * xzless: - Fix less(1) version detection. It failed if the version number from "less -V" contained a dot.