Packages changed:
  coreutils
  elfutils-debuginfod
  gcc12 (12.1.1+git287 -> 12.1.1+git372)
  inxi (3.3.19 -> 3.3.20)
  less
  metamail
  ncurses (6.3.20220806 -> 6.3.20220813)
  openal-soft (1.21.1 -> 1.22.2)
  openssh
  polkit (0.120 -> 121)
  python-SQLAlchemy (1.4.39 -> 1.4.40)
  python-black (22.3.0 -> 22.6.0)
  python-pyzmq (23.2.0 -> 23.2.1)
  rsync (3.2.4 -> 3.2.5)
  timezone (2022a -> 2022c)
  timezone-java (2022a -> 2022c)
  xz (5.2.5 -> 5.2.6)

=== Details ===

==== coreutils ====
Subpackages: coreutils-lang

- refresh coreutils-i18n.patch from Fedora to make expand and unexpand
  more similar
- Remove python2 from buildrequires - appears to be a left over

==== elfutils-debuginfod ====

- Use %ghost for debuginfod.sqlite file.
- Add support-nullglob-in-profile.-.in-files.patch
  fixes boo#1202440.
- Add PR29474-debuginfod.patch in order to fix PR29474.
- Add Recommends for libdebuginfod1 so that debuginfod-profile
  sets the DEBUGINFOD_URLS.

==== gcc12 ====
Version update (12.1.1+git287 -> 12.1.1+git372)
Subpackages: cpp12 gcc12-info gcc12-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc12 libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1

- Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372
  * includes release candidate for GCC 12.2
- Remove workaround for obs-service-format_spec_file.

==== inxi ====
Version update (3.3.19 -> 3.3.20)

- update to 3.3.20:
  1a. More or less completed verification of AMD cpu microarch/built/process, and
  added more accurate fallback cases for stray model IDs.
  1b. Extended Intel cpu data a bit more as well. Thanks linuxdaddy from slackware
  for the research help there.
  2. Tentative support for finit init system (fast init). Runs in /proc/1/comm,
  uses initctl, which may have been revived from its upstart days, not sure. Added
  potential support for nosh, linux only, don't know how to detect other bsd init
  system.
  3. Added amd/intel gpu product IDs.
  4. Added shortcut --filter-all/--za, activates all filters: -z, --zl, --zu,
  - -zv. Why not?
  5. Added support for dm types kdmctl and xdmctl, opensuse and maybe redhat use
  the latter to start the actual dm running the desktop/wm. You want to see that
  because you need to do systemctl restart xdm to restart the actual dm. Thanks
  mrmazda for pointing out this one.
  6. Added AlmaLinux, RockyLinux, CentosStream to system base (RHEL derived).
  7. Basic Raptor Lake gpu/apu support added, with patterns to detect since few
  product ids yet. Same applies to Arctic and Alchemist, which still have no
  product IDs.
  8. More disk vendors and disk vendor ids, never stops - the waters flow on, the
  rain falls, then the sun comes out. Until one day it doesn't.
  * /usr/share/doc/packages/inxi/inxi.changelog.

==== less ====

- Which need one /usr/bin/which, not the package which

==== metamail ====

- Update ot mimelang-0.3
  * Avoid to run on NULL if no UTF-8 marker is found

==== ncurses ====
Version update (6.3.20220806 -> 6.3.20220813)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20220813
  + modify delscreen to more effectively delete all windows on the given
    screen.
  + amend portability note for delwin in manual page.
  + adapt test/test_delwin.c from example by Bill Gray.
  + account for prescreen data if freeing leaks in pthread-configuration
  + split-out _nc_set_read_thread(), to reduce compiler warnings about
    pthread_self(), which may/may not be a weak symbol.
  + improve pthread-configuration for test/worm.c

==== openal-soft ====
Version update (1.21.1 -> 1.22.2)
Subpackages: libopenal1 openal-soft-data

- disable pipewire backend to avoid buildcycle
  ffmpeg-4, libopenmpt, mpg123, openal-soft, pipewire
- update to 1.22.2:
  * Fixed PipeWire version check.
  * Fixed building with PipeWire versions before 0.3.33.
  * Fixed CoreAudio capture.
  * Fixed air absorption strength.
  * Fixed ALSA not being used on some systems without PipeWire and PulseAudio.
  * Fixed OpenSL capturing noise.
  * Fixed Oboe capture failing with some buffer sizes.
  * Added checks for the runtime PipeWire version.
  * The same or newer version than is used for building will be needed at
    runtime for the backend to work.
  * Separated 3D7.1 into its own speaker configuration.
  * Implemented the ALC_SOFT_reopen_device extension.
  * This allows for moving devices to different outputs without losing object state.
  * Implemented the ALC_SOFT_output_mode extension.
  * Implemented the AL_SOFT_callback_buffer extension.
  * Implemented the AL_SOFT_UHJ extension.
  * This supports native UHJ buffer formats and Super Stereo processing.
  * Implemented the legacy EAX extensions.
  * Enabled by default only on Windows.
  * Improved sound positioning stability when a source is near the listener.
  * Improved the default 5.1 output decoder.
  * Improved the high frequency response for the HRTF second-order ambisonic decoder.
  * Improved SoundIO capture behavior.
  * Fixed UHJ output on NEON-capable CPUs.
  * Fixed redundant effect updates when setting an effect property to the current value.
  * Fixed WASAPI capture using really low sample rates, and sources with very
    high pitch shifts when using a bsinc resampler.
  * Added a PipeWire backend.
  * Added enumeration for the JACK and CoreAudio backends.
  * Added optional support for RTKit to get real-time priority.
  * Added an option for JACK playback to render directly in the real-time processing callback.
  * Added an option for custom JACK devices.
  * Added utilities to encode and decode UHJ audio files.
  * Added an in-progress extension to hold sources in a playing state when a device disconnects.
  * Lowered the priority of the JACK backend.
- drop openal-soft-gcc11.diff (obsolete)

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- openssh-8.4p1-ssh_config_d.patch: admin overrides should take
  priority (listed first) over package defaults

==== polkit ====
Version update (0.120 -> 121)
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0

- Update to version 121:
  + Addition of duktape as a JS engine backend.
  + Other small fixes and improvements. For more details, visit:
    gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md
  + Updated translations.
- Drop merged-upstream patches:
  + CVE-2021-4034-pkexec-fix.patch;
  + 0001-CVE-2021-4115-GHSL-2021-077-fix.patch;
  + duktape-support.patch;
  + pkexec.patch.
- Replace Intltool with Gettext as a build requirement following
  the migration from last release (0.120).
- Add Meson as a build requirement while dropping Libtool and
  replace all Autotools macros with Meson ones. And pass the
  following options to Meson: session_tracking=libsystemd-login;
  systemdsystemunitdir=%{_unitdir}; os_type=suse;
  pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir};
  examples=true; tests=true; gtk_doc=true; man=true and
  js_engine=duktape.
- Drop no longer needed Libtool as a build requirement, following
  Autotools replacement.
- Add explicit pkgconfig module build requirements for glib-2.0 and
  gobject-2.0 that are searched by the build scripts. They were
  already being pulled by their siblings [pkgconfig(gio-2.0) and
  pkgconfig(gio-unix-2.0)].
- Drop conditional macro, which was wrapping "BuildArch: noarch"
  for the doc subpackage, based on long gone EOLed (open)SUSE
  release (11.2).
- Add missing 'Requires(post): permissions' for the pkexec
  subpackage.
- Add python3-dbus-python and python3-python-dbusmock as build
  requirements in order to run test in the check section.
- Add polkit-fix-pam-prefix.patch to use the value of pam_prefix
  Meson option, like it was designed to, rather than hard-coded
  path for pam configuration files.
- Remove unneeded executable bit from 50-default.rules file.

==== python-SQLAlchemy ====
Version update (1.4.39 -> 1.4.40)

- update to version 1.4.40:
  * orm
    + [orm] [bug] Fixed issue where referencing a CTE multiple times
    in conjunction with a polymorphic SELECT could result in
    multiple “clones” of the same CTE being constructed, which would
    then trigger these two CTEs as duplicates. To resolve, the two
    CTEs are deep-compared when this occurs to ensure that they are
    equivalent, then are treated as equivalent.  References: #8357
    + [orm] [bug] A select() construct that is passed a sole ‘*’
    argument for SELECT *, either via string, text(), or
    literal_column(), will be interpreted as a Core-level SQL
    statement rather than as an ORM level statement. This is so that
    the *, when expanded to match any number of columns, will result
    in all columns returned in the result. the ORM- level
    interpretation of select() needs to know the names and types of
    all ORM columns up front which can’t be achieved when '*' is
    used.  If '* is used amongst other expressions simultaneously
    with an ORM statement, an error is raised as this can’t be
    interpreted correctly by the ORM.  References: #8235
  * orm declarative
    + [orm] [declarative] [bug] Fixed issue where a hierarchy of
    classes set up as an abstract or mixin declarative classes could
    not declare standalone columns on a superclass that would then
    be copied correctly to a declared_attr callable that wanted to
    make use of them on a descendant class.  References: #8190
  * engine
    + [engine] [usecase] Implemented new
    Connection.execution_options.yield_per execution option for
    Connection in Core, to mirror that of the same yield_per option
    available in the ORM. The option sets both the
    Connection.execution_options.stream_results option at the same
    time as invoking Result.yield_per(), to provide the most common
    streaming result configuration which also mirrors that of the
    ORM use case in its usage pattern.  See also: Using Server Side
    Cursors (a.k.a. stream results) - revised documentation
    + [engine] [bug] Fixed bug in Result where the usage of a buffered
    result strategy would not be used if the dialect in use did not
    support an explicit “server side cursor” setting, when using
    Connection.execution_options.stream_results. This is in error as
    DBAPIs such as that of SQLite and Oracle already use a
    non-buffered result fetching scheme, which still benefits from
    usage of partial result fetching. The “buffered” strategy is now
    used in all cases where
    Connection.execution_options.stream_results is set.
    + [engine] [bug] Added FilterResult.yield_per() so that result
    implementations such as MappingResult, ScalarResult and
    AsyncResult have access to this method.  References: #8199
  * sql
    + [sql] [bug] Adjusted the SQL compilation for string containment
    functions .contains(), .startswith(), .endswith() to force the
    use of the string concatenation operator, rather than relying
    upon the overload of the addition operator, so that non-standard
    use of these operators with for example bytestrings still
    produces string concatenation operators.  References: #8253
  * mypy
    + [mypy] [bug] Fixed a crash of the mypy plugin when using a
    lambda as a Column default. Pull request curtesy of tchapi.
    References: #8196
  * asyncio
    + [asyncio] [bug] Added asyncio.shield() to the connection and
    session release process specifically within the __aexit__()
    context manager exit, when using AsyncConnection or AsyncSession
    as a context manager that releases the object when the context
    manager is complete. This appears to help with task cancellation
    when using alternate concurrency libraries such as anyio, uvloop
    that otherwise don’t provide an async context for the connection
    pool to release the connection properly during task
    cancellation.  References: #8145
  * postgresql
    + [postgresql] [bug] Fixed issue in psycopg2 dialect where the
    “multiple hosts” feature implemented for #4392, where multiple
    host:port pairs could be passed in the query string as
    ?host=host1:port1&host=host2:port2&host=host3:port3 was not
    implemented correctly, as it did not propagate the “port”
    parameter appropriately. Connections that didn’t use a different
    “port” likely worked without issue, and connections that had
    “port” for some of the entries may have incorrectly passed on
    that hostname. The format is now corrected to pass hosts/ports
    appropriately.  As part of this change, maintained support for
    another multihost style that worked unintentionally, which is
    comma-separated ?host=h1,h2,h3&port=p1,p2,p3. This format is
    more consistent with libpq’s query-string format, whereas the
    previous format is inspired by a different aspect of libpq’s URI
    format but is not quite the same thing.  If the two styles are
    mixed together, an error is raised as this is ambiguous.
    References: #4392
  * mssql
    + [mssql] [bug] Fixed issues that prevented the new usage patterns
    for using DML with ORM objects presented at Using INSERT, UPDATE
    and ON CONFLICT (i.e. upsert) to return ORM Objects from working
    correctly with the SQL Server pyodbc dialect.  References: #8210
    + [mssql] [bug] Fixed issue where the SQL Server dialect’s query
    for the current isolation level would fail on Azure Synapse
    Analytics, due to the way in which this database handles
    transaction rollbacks after an error has occurred. The initial
    query has been modified to no longer rely upon catching an error
    when attempting to detect the appropriate system
    view. Additionally, to better support this database’s very
    specific “rollback” behavior, implemented new parameter
    ... changelog too long, skipping 10 lines ...
    ARRAY datatype, without explicit workarounds.  References: #7249

==== python-black ====
Version update (22.3.0 -> 22.6.0)

- update to version 22.6.0:
  * Style
    + Fix unstable formatting involving #fmt: skip and # fmt:skip
    comments (notice the lack of spaces) (#2970)
  * Preview style
    + Docstring quotes are no longer moved if it would violate the
    line length limit (#3044)
    + Parentheses around return annotations are now managed (#2990)
    + Remove unnecessary parentheses around awaited objects (#2991)
    + Remove unnecessary parentheses in with statements (#2926)
    + Remove trailing newlines after code block open (#3035)
  * Integrations
    + Add scripts/migrate-black.py script to ease introduction of
    Black to a Git project (#3038)
  * Output
    + Output Python version and implementation as part of --version
    flag (#2997)
  * Packaging
    + Use tomli instead of tomllib on Python 3.11 builds where tomllib
    is not available (#2987)
  * Parser
    + PEP 654 syntax (for example, except *ExceptionGroup:) is now
    supported (#3016)
    + PEP 646 syntax (for example, Array[Batch, *Shape] or def
    fn(*args: *T) -> None) is now supported (#3071)
  * Vim Plugin
    + Fix strtobool function. It didn't parse
    true/on/false/off. (#3025)

==== python-pyzmq ====
Version update (23.2.0 -> 23.2.1)

- update to version 23.2.1:
  * Improvements:
    + First release with wheels for Python 3.11 (thanks
    cibuildwheel!).
    + linux aarch64 wheels now bundle the same libzmq (4.3.4) as all
    other builds, thanks to switching to native arm builds on
    CircleCI.
  * Fixes:
    + Some type annotation fixes in devices.

==== rsync ====
Version update (3.2.4 -> 3.2.5)

- Add upstream patch rsync-3.2.5-slp.patch, as the one included in
  the released tarball doesn't fully apply.
- Drop patch rsync-CVE-2022-29154.patch, already included upstream.
- Update to 3.2.5
  * SECURITY FIXES:
  - Added some file-list safety checking that helps to ensure that a rogue
    sending rsync can't add unrequested top-level names and/or include recursive
    names that should have been excluded by the sender.  These extra safety
    checks only require the receiver rsync to be updated.  When dealing with an
    untrusted sending host, it is safest to copy into a dedicated destination
    directory for the remote content (i.e. don't copy into a destination
    directory that contains files that aren't from the remote host unless you
    trust the remote host). Fixes CVE-2022-29154.
  - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
  * BUG FIXES:
  - Fixed the handling of filenames specified with backslash-quoted wildcards
    when the default remote-arg-escaping is enabled.
  - Fixed the configure check for signed char that was causing a host that
    defaults to unsigned characters to generate bogus rolling checksums. This
    made rsync send mostly literal data for a copy instead of finding matching
    data in the receiver's basis file (for a file that contains high-bit
    characters).
  - Lots of manpage improvements, including an attempt to better describe how
    include/exclude filters work.
  - If rsync is compiled with an xxhash 0.8 library and then moved to a system
    with a dynamically linked xxhash 0.7 library, we now detect this and disable
    the XX3 hashes (since these routines didn't stabilize until 0.8).
  * ENHANCEMENTS:
  - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
    extra file-list safety checking (should that be required).
  * PACKAGING RELATED:
  - A note to those wanting to patch older rsync versions: the changes in this
    release requires the quoted argument change from 3.2.4. Then, you'll want
    every single code change from 3.2.5 since there is no fluff in this release.
  - The build date that goes into the manpages is now based on the developer's
    release date, not on the build's local-timezone interpretation of the date.
  * DEVELOPER RELATED:
  - Configure now defaults GETGROUPS_T to gid_t when cross compiling.
  - Configure now looks for the bsd/string.h include file in order to fix the
    build on a host that has strlcpy() in the main libc but not defined in the
    main string.h file.

==== timezone ====
Version update (2022a -> 2022c)

- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'

==== timezone-java ====
Version update (2022a -> 2022c)

- timezone update 2022c:
  * Work around awk bug
  * Improve tzselect on intercontinental Zones
- timezone update 2022b:
  * Chile's DST is delayed by a week in September 2022 boo#1202324
  * Iran no longer observes DST after 2022
  * Rename Europe/Kiev to Europe/Kyiv
  * New zic -R option
  * Vanguard form now uses %z
  * Finish moving duplicate-since-1970 zones to 'backzone'
- switch to _multibuild
- refresh keyring, enable keyring validation

==== xz ====
Version update (5.2.5 -> 5.2.6)
Subpackages: liblzma5 liblzma5-32bit xz-lang

- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
  * xz:
  - The --keep option now accepts symlinks, hardlinks, and
    setuid, setgid, and sticky files.
  - When copying metadata from the source file to the destination
    file, don't try to set the group (GID) if it is already set
    correctly. This avoids a failure on OpenBSD (and possibly on
    a few other OSes) where files may get created so that their
    group doesn't belong to the user, and fchown(2) can fail even
    if it needs to do nothing.
  - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
    MIPS32 because on MIPS32 userspace processes are limited
    to 2 GiB of address space.
  * liblzma:
  - Fixed a missing error-check in the threaded encoder. If a
    small memory allocation fails, a .xz file with an invalid
    Index field would be created. Decompressing such a file would
    produce the correct output but result in an error at the end.
    Thus this is a "mild" data corruption bug. Note that while
    a failed memory allocation can trigger the bug, it cannot
    cause invalid memory access.
  - The decoder for .lzma files now supports files that have
    uncompressed size stored in the header and still use the
    end of payload marker (end of stream marker) at the end
    of the LZMA stream. Such files are rare but, according to
    the documentation in LZMA SDK, they are valid.
    doc/lzma-file-format.txt was updated too.
  - Improved 32-bit x86 assembly files:
  * Support Intel Control-flow Enforcement Technology (CET)
  * Use non-executable stack on FreeBSD.
  * xzgrep:
  - Fixed arbitrary command injection via a malicious filename
    (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
    this was released to the public on 2022-04-07. A slight
    robustness improvement has been made since then and, if
    using GNU or *BSD grep, a new faster method is now used
    that doesn't use the old sed-based construct at all. This
    also fixes bad output with GNU grep >= 3.5 (2020-09-27)
    when xzgrepping binary files.
  - Fixed detection of corrupt .bz2 files.
  - Improved error handling to fix exit status in some situations
    and to fix handling of signals: in some situations a signal
    didn't make xzgrep exit when it clearly should have. It's
    possible that the signal handling still isn't quite perfect
    but hopefully it's good enough.
  - Documented exit statuses on the man page.
  - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
    of the deprecated egrep and fgrep commands.
  - Fixed parsing of the options -E, -F, -G, -P, and -X. The
    problem occurred when multiple options were specied in
    a single argument, for example,
    echo foo | xzgrep -Fe foo
    treated foo as a filename because -Fe wasn't correctly
    split into -F -e.
  - Added zstd support.
  * xzdiff/xzcmp:
  - Fixed wrong exit status. Exit status could be 2 when the
    correct value is 1.
  - Documented on the man page that exit status of 2 is used
    for decompression errors.
  - Added zstd support.
  * xzless:
  - Fix less(1) version detection. It failed if the version number
    from "less -V" contained a dot.