Packages changed: createrepo_c dos2unix (7.4.4 -> 7.5.0) librdkafka (2.1.0 -> 2.1.1) llvm16 (16.0.3 -> 16.0.4) nghttp2 (1.52.0 -> 1.53.0) pipewire (0.3.70 -> 0.3.71) poppler (23.04.0 -> 23.05.0) poppler-qt5 (23.04.0 -> 23.05.0) python-anyio python-attrs (22.2.0 -> 23.1.0) python-httpcore (0.16.3 -> 0.17.0) python-requests (2.28.2 -> 2.30.0) python-urllib3 (1.26.15 -> 2.0.2) rubygem-packaging_rake_tasks (1.5.1 -> 1.5.3) tracker (3.5.1 -> 3.5.2) tracker-miners (3.5.1 -> 3.5.2) yast2-storage-ng (4.6.8 -> 4.6.9) === Details === ==== createrepo_c ==== Subpackages: libcreaterepo_c0 python3-createrepo_c - disable DeltaRPM for ALP ==== dos2unix ==== Version update (7.4.4 -> 7.5.0) - update to 7.5.0: * New option -e, --add-eol to add a line break to the last line if the isn't one * New option -O, --to-stdout to write to standard output ==== librdkafka ==== Version update (2.1.0 -> 2.1.1) - update to 2.1.1: * Avoid duplicate messages when a fetch response is received * in the middle of an offset validation request * Fix segmentation fault when subscribing to a non-existent topic and calling `rd_kafka_message_leader_epoch()` on the polled `rkmessage` * Fix a segmentation fault when fetching from follower and the partition lease expires while waiting for the result of a list offsets operation * Fix documentation for the admin request timeout, incorrectly stating -1 for infinite * timeout. That timeout can't be infinite. * Fix CMake pkg-config cURL require and use * pkg-config `Requires.private` field * Fixes certain cases where polling would not keep the consumer * in the group or make it rejoin it * Fix to the C++ set_leader_epoch method of TopicPartitionImpl, * that wasn't storing the passed value * Duplicate messages can be emitted when a fetch response is received in the middle of an offset validation request. Solved by avoiding a restart from last application offset when offset validation succeeds. * When fetching from follower, if the partition lease expires after 5 minutes, and a list offsets operation was requested to retrieve the earliest or latest offset, it resulted in segmentation fault. This was fixed by allowing threads different from the main one to call the `rd_kafka_toppar_set_fetch_state` function, given they hold the lock on the `rktp`. * In v2.1.0, a bug was fixed which caused polling any queue to reset the `max.poll.interval.ms`. Only certain functions were made to reset the timer, but it is possible for the user to obtain the queue with messages from the broker, skipping these functions. This was fixed by encoding information in a queue itself, that, whether polling, resets the timer. ==== llvm16 ==== Version update (16.0.3 -> 16.0.4) Subpackages: clang-tools clang16 libLLVM16 libclang-cpp16 libclang13 llvm16-gold - Update to version 16.0.4. * This release contains bug-fixes for the LLVM 16.0.0 release. This release is API and ABI compatible with 16.0.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-remove-clang-only-flags.patch ==== nghttp2 ==== Version update (1.52.0 -> 1.53.0) - Update to version 1.53.0: * https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/ ==== pipewire ==== Version update (0.3.70 -> 0.3.71) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.71: * Highlights - A new zero-latency jackdbus bridge was added. This works similar to what PulseAudio has to offer and creates a sink/source when jackdbus is started. It is however much more efficient and runs the complete PipeWire graph as a synchronous JACK client with no added latency. - Many performance improvements. Activation of remote nodes is more efficient, fewer eventfds are required on the clients, less callback overhead in performence critical paths and an optimized poll function was added. This was mainly driven by the jackdbus module to get the lowest possible overhead when running the graph. - The JACK notify callback implementation was reworked to emulate better what JACK does, improving compatibility with ardour7 and the JACK stress test. - More work on BAP devices. Device latency is now passed on to applications also for multi-device headsets, and channel allocation is handled better. - Many more improvements and bugfixes. * PipeWire - Remove the hardcoded limit on io_areas. This is used to link nodes together and exchange buffers, it was limited to 2048 but now dynamically scales based on requirements. - Rate and quantum changes are now applied correctly in more cases. (#3159) - Updates to client-node to more efficiently process the driver. - The profiler information was improved to be more accurate. It should now work better for remote drivers. - Some potential memory map errors were fixed in the protocol because in some case with large messages, some fds were closed too soon. - pw-filter now implements the pw_filter_set_active() method. - A potential out-of-buffers case was fixed in capture pw-streams where buffers were not moved to the recycle queue when the node suspended. - Nodes are now always woken up with the eventfd. Previously there were some optimiztions in the server to directly call into the node process function but that optimization is not necessary. Without this optimization it is now possible to run nodes in different threads. - pw-stream trigger is now implemented correctly in all cases. - Remote nodes now use one eventfd less because they get triggered with the node eventfd directly. - Monitor ports are now ignored in latency updates. - A potential race when reporting an error to a client was fixed. (#3192) - Fix a bug where always_process nodes would sometimes IDLE. (#3189) - Optimize peer activation. Nodes are now activated more efficiently and independent of the number of links. It also reduces the number of eventfds and memory in remote clients. - A bug in property serialization was fixed. Values with spaces would only serialize the first part of the value. * Modules - Correctly handle the echo-canceler plugin init method fallback. The samplerate was not correctly configured. This is only a regression for people that have external echo-canceler plugins. - RAOP sink now only sets the volume on the remote end when the stream is recording. (#3175) - RAOP discover now tries to deduplicate entries from the same host. - A new zero-latency jackdbus bridge was added. This works similar to what pulseaudio has to offer and creates a sink/source when jackdbus is started. It is however much more efficient and runs the complete PipeWire graph as a synchronous JACK client. - The access module uses a more secure way to check the application executable. - module-combine-stream now has configurable delay and latency for each stream. This can be used to align sinks/sources with different latencies. - A potential crash in module-pulse-tunnel was fixed when shutting down. (#3199) - Module-rt will now clamp the nice value to the min allowed value to avoid errors from rtkit. (#3186) - Fix a bug with the session counters in module-rtp-sap. Also use the right format for L24. Improve the AES67 example config. - Improve some warning and info messages in module-rt. (#3194) - module-rtp-session should now do something when started without arguments. - A potential crash in module-rtp-session was fixed. (#3217) - module-filter-chain has better error reporting when a convolver fails to load. (#3223) * SPA - Move some things around to avoid compiler warnings. (#3171) - Increase mixer ports. Reorganize some things and bump mixer input ports from 128 to 512. - Fix a potential crash when a node is scheduled before it completes the setup. - The JACK sink and source SPA plugins have seen some improvements. - Allow the peaks resampler still if we disabled resampling. - Perform more cleanup in audioadapter when in error. - An optimized non-cancellable loop implementation was added. - Callbacks were optimized with a _fast() varsion that doesn't ... changelog too long, skipping 47 lines ... - Document the PipeWire native protocol. ==== poppler ==== Version update (23.04.0 -> 23.05.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - update to 23.05.0: * Fix crash when filling some forms * Set SigFlags when signing unsigned signature * Add some infrastructure code to support multiple signing backends * Fix potential stack overflow in PostScriptFunction::parseCode * Fix some minor uninitialised memory reads ==== poppler-qt5 ==== Version update (23.04.0 -> 23.05.0) - update to 23.05.0: * Fix crash when filling some forms * Set SigFlags when signing unsigned signature * Add some infrastructure code to support multiple signing backends * Fix potential stack overflow in PostScriptFunction::parseCode * Fix some minor uninitialised memory reads ==== python-anyio ==== - Add patch fix-failing-tls-tests.patch: * Fix test failures with Python TLS changes. ==== python-attrs ==== Version update (22.2.0 -> 23.1.0) - Update to 23.1.0: [#] Backwards-incompatible Changes * Python 3.6 has been dropped and packaging switched to static package data using Hatch. #993 [#] Deprecations * The support for zope-interface via the attrs.validators.provides validator is now deprecated and will be removed in, or after, April 2024. * The presence of a C-based package in our developement dependencies has caused headaches and we're not under the impression it's used a lot. * Let us know if you're using it and we might publish it as a separate package. #1120 [#] Changes * attrs.filters.exclude() and attrs.filters.include() now support the passing of attribute names as strings. #1068 * attrs.has() and attrs.fields() now handle generic classes correctly. #1079 * Fix frozen exception classes when raised within e.g. contextlib.contextmanager, which mutates their __traceback__ attributes. #1081 * @frozen now works with type checkers that implement PEP-681 (ex. pyright). #1084 * Restored ability to unpickle instances pickled before 22.2.0. [#1085] * attrs.asdict()'s and attrs.astuple()'s type stubs now accept the attrs.AttrsInstance protocol. #1090 * Fix slots class cellvar updating closure in CPython 3.8+ even when __code__ introspection is unavailable. #1092 * attrs.resolve_types() can now pass include_extras to typing.get_type_hints() on Python 3.9+, and does so by default. [#1099] * Added instructions for pull request workflow to CONTRIBUTING.md. [#1105] * Added type parameter to attrs.field() function for use with attrs.make_class(). * Please note that type checkers ignore type metadata passed into make_class(), but it can be useful if you're wrapping attrs. #1107 * It is now possible for attrs.evolve() (and attr.evolve()) to change fields named inst if the instance is passed as a positional argument. * Passing the instance using the inst keyword argument is now deprecated and will be removed in, or after, April 2024. #1117 * attrs.validators.optional() now also accepts a tuple of validators (in addition to lists of validators). #1122 ==== python-httpcore ==== Version update (0.16.3 -> 0.17.0) - update to 0.17.0: * Add DEBUG level logging. (#648) * Respect HTTP/2 max concurrent streams when settings updates are sent by server. (#652) * Increase the allowable HTTP header size to 100kB. (#647) * Add `retries` option to SOCKS proxy classes. (#643) ==== python-requests ==== Version update (2.28.2 -> 2.30.0) - add sle15_python_module_pythons - Update to 2.30.0: * Added support for urllib3 2.0.  * Defer chunked requests to the urllib3 implementation to improve standardization. * Relax header component requirements to support bytes/str subclasses. ==== python-urllib3 ==== Version update (1.26.15 -> 2.0.2) - update to 2.0.2: * Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. - Update to 2.0.1: * Fixed a socket leak when fingerprint or hostname verifications fail. * Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. * Removed support for Python 2.7, 3.5, and 3.6. * Removed fallback on certificate commonName in match_hostname() function. * Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. * Removed support for OpenSSL versions earlier than 1.1.1. * Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment. * Changed ssl_version to instead set the corresponding SSLContext.minimum_version and SSLContext.maximum_version values. * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2 in line with Python 3.10. * Changed urllib3.util.create_urllib3_context to not override the system cipher suites with a default value. * Changed multipart/form-data header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. * Changed HTTPConnection.request() to always use lowercase chunk boundaries when sending requests with Transfer-Encoding: chunked. * Changed enforce_content_length default to True, preventing silent data loss when reading streamed responses. * Changed all parameters in the HTTPConnection and HTTPSConnection constructors to be keyword-only except host and port. * Changed HTTPConnection.getresponse() to set the socket timeout from HTTPConnection.timeout value before reading data from the socket. * Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX. * Changed TLS handshakes to use SSLContext.check_hostname when possible. * Changed the default blocksize to 16KB to match OpenSSL's default read amounts. * Changed HTTPResponse.read() to raise an error when calling with decode_content=False after using decode_content=True to prevent data loss. * Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress. * Fixed the default value of HTTPSConnection.socket_options to match HTTPConnection. * Fixed a socket leak if HTTPConnection.connect() fails. - Drop patch remove_mock.patch, included upstream. - Fiddle with {Build,}Requires as appropiate, six finally dropped. ==== rubygem-packaging_rake_tasks ==== Version update (1.5.1 -> 1.5.3) - Added support for multi build packages in "build_dependencies:*" rake tasks (related to bsc#1211319) - 1.5.3 - Stop using File.exists? which no longer works in Ruby 3.2 (bsc#1206419) - 1.5.2 ==== tracker ==== Version update (3.5.1 -> 3.5.2) Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0 - Update to version 3.5.2: + Fix several possible crashers. + Fix bashisms in doc generation scripts. + Fix ISO8601 date strings in cursors on Darwin. + Plug leak. - Add 63ea8f1a.patch: Revert build: Detect appropriate strftime() year modifier at build time. Revert upstream commit for now as it breaks build for i586. ==== tracker-miners ==== Version update (3.5.1 -> 3.5.2) Subpackages: tracker-miner-files tracker-miners-lang - Update to version 3.5.2: + Fix a number of potential crashers. + Fix possibly stuck extractor process. + Restore performance lost in 3.5.1 of extractor query to get unextracted items. + Plug memory leak. ==== yast2-storage-ng ==== Version update (4.6.8 -> 4.6.9) - GuidedProposal: allow Agama to configure exactly what to do with every existing partition (gh#yast/yast-storage-ng#1337). - 4.6.9