* Tue Aug 20 2019 rhafer@suse.com
- Add 0001-Illustrate-fix-for-4481-in-terms-of-a-1.2-patch.patch
(bsc#1124593, CVE-2019-7164, CVE-2019-7548)
* Mon Nov 12 2018 arun@gmx.de
- update to version 1.2.14:
* orm
+ [orm] [bug] Fixed bug in Session.bulk_update_mappings() where
alternate mapped attribute names would result in the primary key
column of the UPDATE statement being included in the SET clause,
as well as the WHERE clause; while usually harmless, for SQL
Server this can raise an error due to the IDENTITY column. This
is a continuation of the same bug that was fixed in #3849, where
testing was insufficient to catch this additional flaw.
References: #4357
+ [orm] [bug] Fixed a minor performance issue which could in some
cases add unnecessary overhead to result fetching, involving the
use of ORM columns and entities that include those same columns
at the same time within a query. The issue has to do with hash /
eq overhead when referring to the column in different ways.
References: #4347
* mysql
+ [mysql] [bug] Fixed regression caused by #4344 released in
1.2.13, where the fix for MySQL 8.0?s case sensitivity problem
with referenced column names when reflecting foreign key
referents is worked around using the information_schema.columns
view. The workaround was failing on OSX /
lower_case_table_names=2 which produces non-matching casing for
the information_schema.columns vs. that of SHOW CREATE TABLE, so
in case-insensitive SQL modes case-insensitive matching is now
used. References: #4361
* Thu Nov 01 2018 arun@gmx.de
- update to version 1.2.13:
* orm
+ [orm] [bug] Fixed bug where ?dynamic? loader needs to explicitly
set the ?secondary? table in the FROM clause of the query, to
suit the case where the secondary is a join object that is
otherwise not pulled into the query from its columns alone.
References: #4349
* orm declarative
+ [bug] [declarative] [orm] Fixed regression caused by #4326 in
version 1.2.12 where using declared_attr with a mixin in
conjunction with orm.synonym() would fail to map the synonym
properly to an inherited subclass. References: #4350
+ [bug] [declarative] [orm] The column conflict resolution
technique discussed at Resolving Column Conflicts is now
functional for a Column that is also a primary key
column. Previously, a check for primary key columns declared on
a single-inheritance subclass would occur before the column copy
were allowed to pass. References: #4352
* sql
+ [sql] [feature] Refactored SQLCompiler to expose a
SQLCompiler.group_by_clause() method similar to the
SQLCompiler.order_by_clause() and SQLCompiler.limit_clause()
methods, which can be overridden by dialects to customize how
GROUP BY renders. Pull request courtesy Samuel Chou.
+ [sql] [bug] Fixed bug where the Enum.create_constraint flag on
the Enum datatype would not be propagated to copies of the type,
which affects use cases such as declarative mixins and abstract
bases. References: #4341
* postgresql
+ [postgresql] [bug] Added support for the aggregate_order_by
function to receive multiple ORDER BY elements, previously only
a single element was accepted. References: #4337
* mysql
+ [mysql] [bug] Added word function to the list of reserved words
for MySQL, which is now a keyword in MySQL 8.0 References: #4348
+ [mysql] [bug] Added a workaround for a MySQL bug #88718
introduced in the 8.0 series, where the reflection of a foreign
key constraint is not reporting the correct case sensitivity for
the referred column, leading to errors during use of the
reflected constraint such as when using the automap
extension. The workaround emits an additional query to the
information_schema tables in order to retrieve the correct case
sensitive name. References: #4344
* misc
+ [misc] [bug] Fixed issue where part of the utility language
helper internals was passing the wrong kind of argument to the
Python __import__ builtin as the list of modules to be
imported. The issue produced no symptoms within the core library
but could cause issues with external applications that redefine
the __import__ builtin or otherwise instrument it. Pull request
courtesy Joe Urciuoli.
+ [misc] [bug] [py3k] Fixed additional warnings generated by
Python 3.7 due to changes in the organization of the Python
collections and collections.abc packages. Previous collections
warnings were fixed in version 1.2.11. Pull request courtesy
xtreak. References: #4339
+ [bug] [ext] Added missing .index() method to list-based
association collections in the association proxy extension.
* Sat Sep 22 2018 arun@gmx.de
- update to version 1.2.12:
* orm
+ [orm] [bug] Added a check within the weakref cleanup for the
InstanceState object to check for the presence of the dict
builtin, in an effort to reduce error messages generated when
these cleanups occur during interpreter shutdown. Pull request
courtesy Romuald Brunet.
+ [orm] [bug] Fixed bug where use of Lateral construct in
conjunction with Query.join() as well as
Query.select_entity_from() would not apply clause adaption to
the right side of the join. ?lateral? introduces the use case of
the right side of a join being correlatable. Previously,
adaptation of this clause wasn?t considered. Note that in 1.2
only, a selectable introduced by Query.subquery() is still not
adapted due to #4304; the selectable needs to be produced by the
select() function to be the right side of the ?lateral? join.
References: #4334
+ [orm] [bug] Fixed 1.2 regression caused by #3472 where the
handling of an ?updated_at? style column within the context of a
post-update operation would also occur for a row that is to be
deleted following the update, meaning both that a column with a
Python-side value generator would show the now-deleted value
that was emitted for the UPDATE before the DELETE (which was not
the previous behavor), as well as that a SQL- emitted value
generator would have the attribute expired, meaning the previous
value would be unreachable due to the row having been deleted
and the object detached from the session.The ?postfetch? logic
that was added as part of #3472 is now skipped entirely for an
object that ultimately is to be deleted. References: #4327
* orm declarative
+ [bug] [declarative] [orm] Fixed bug where the declarative scan
for attributes would receive the expression proxy delivered by a
hybrid attribute at the class level, and not the hybrid
attribute itself, when receiving the descriptor via the
@declared_attr callable on a subclass of an already-mapped
class. This would lead to an attribute that did not report
itself as a hybrid when viewed within
Mapper.all_orm_descriptors. References: #4326
* postgresql
+ [postgresql] [bug] Fixed bug in PostgreSQL dialect where
compiler keyword arguments such as literal_binds=True were not
being propagated to a DISTINCT ON expression. References: #4325
+ [postgresql] [bug] Fixed the postgresql.array_agg() function,
which is a slightly altered version of the usual
functions.array_agg() function, to also accept an incoming
?type? argument without forcing an ARRAY around it, essentially
the same thing that was fixed for the generic function in 1.1 in
[#4107]. References: #4324
+ [postgresql] [bug] Fixed bug in PostgreSQL ENUM reflection where
a case-sensitive, quoted name would be reported by the query
including quotes, which would not match a target column during
table reflection as the quotes needed to be stripped off.
References: #4323
* oracle
+ [oracle] [bug] Fixed issue for cx_Oracle 7.0 where the behavior
of Oracle param.getvalue() now returns a list, rather than a
single scalar value, breaking autoincrement logic throughout the
Core and ORM. The dml_ret_array_val compatibility flag is used
for cx_Oracle 6.3 and 6.4 to establish compatible behavior with
7.0 and forward, for cx_Oracle 6.2.1 and prior a version number
check falls back to the old logic. References: #4335
* misc
+ [bug] [ext] Fixed issue where BakedQuery did not include the
specific query class used by the Session as part of the cache
key, leading to incompatibilities when using custom query
classes, in particular the ShardedQuery which has some different
argument signatures. References: #4328
* Sat Aug 25 2018 arun@gmx.de
- update to version 1.2.11:
* orm declarative
+ [bug] [declarative] [orm] Fixed issue in previously untested use
case, allowing a declarative mapped class to inherit from a
classically-mapped class outside of the declarative base,
including that it accommodates for unmapped intermediate
classes. An unmapped intermediate class may specify
__abstract__, which is now interpreted correctly, or the
intermediate class can remain unmarked, and the classically
mapped base class will be detected within the hierarchy
regardless. In order to anticipate existing scenarios which may
be mixing in classical mappings into existing declarative
hierarchies, an error is now raised if multiple mapped bases are
detected for a given class. References: #4321
* sql
+ [sql] [bug] Fixed issue that is closely related to #3639 where
an expression rendered in a boolean context on a non-native
boolean backend would be compared to 1/0 even though it is
already an implcitly boolean expression, when
ColumnElement.self_group() were used. While this does not affect
the user-friendly backends (MySQL, SQLite) it was not handled by
Oracle (and possibly SQL Server). Whether or not the expression
is implicitly boolean on any database is now determined up front
as an additional check to not generate the integer comparison
within the compliation of the statement. References: #4320
+ [sql] [bug] Added missing window function parameters
WithinGroup.over.range_ and WithinGroup.over.rows parameters to
the WithinGroup.over() and FunctionFilter.over() methods, to
correspond to the range/rows feature added to the ?over? method
of SQL functions as part of #3049 in version 1.1. References:
[#4322]
+ [sql] [bug] Fixed bug where the multi-table support for UPDATE
and DELETE statements did not consider the additional FROM
elements as targets for correlation, when a correlated SELECT
were also combined with the statement. This change now includes
that a SELECT statement in the WHERE clause for such a statement
will try to auto-correlate back to these additional tables in
the parent UPDATE/DELETE or unconditionally correlate if
Select.correlate() is used. Note that auto-correlation raises an
error if the SELECT statement would have no FROM clauses as a
result, which can now occur if the parent UPDATE/DELETE
specifies the same tables in its additional set of tables;
specify Select.correlate() explicitly to resolve. References:
[#4313]
* oracle
+ [oracle] [bug] For cx_Oracle, Integer datatypes will now be
bound to ?int?, per advice from the cx_Oracle
developers. Previously, using cx_Oracle.NUMBER caused a loss in
precision within the cx_Oracle 6.x series. References: #4309
* misc
+ [bug] [py3k] Started importing ?collections? from
?collections.abc? under Python 3.3 and greater for Python 3.8
compatibility. Pull request courtesy Nathaniel Knight.
+ Fixed issue where the ?schema? name used for a SQLite database
within table reflection would not quote the schema name
correctly. Pull request courtesy Phillip Cloud.
* Sat Jul 14 2018 arun@gmx.de
- update to version 1.2.10:
* orm
+ [orm] [bug] Fixed bug in Bundle construct where placing two
columns of the same name would be de-duplicated, when the Bundle
were used as part of the rendered SQL, such as in the ORDER BY
or GROUP BY of the statement. References: #4295
+ [orm] [bug] Fixed regression in 1.2.9 due to #4287 where using a
Load option in conjunction with a string wildcard would result
in a TypeError. References: #4298
* sql
+ [sql] [bug] Fixed bug where a Sequence would be dropped
explicitly before any Table that refers to it, which breaks in
the case when the sequence is also involved in a server-side
default for that table, when using MetaData.drop_all(). The step
which processes sequences to be dropped via non server-side
column default functions is now invoked after the table itself
is dropped. References: #4300
* Sun Jul 01 2018 arun@gmx.de
- removed patch fix_test_reflection.patch (included upstream)
- update to version 1.2.9:
* orm
+ [orm] [bug] Fixed issue where chaining multiple join elements
inside of Query.join() might not correctly adapt to the previous
left-hand side, when chaining joined inheritance classes that
share the same base class.
References: #3505
+ [orm] [bug] Fixed bug in cache key generation for baked queries
which could cause a too-short cache key to be generated for the
case of eager loads across subclasses. This could in turn cause
the eagerload query to be cached in place of a non-eagerload
query, or vice versa, for a polymorhic ?selectin? load, or
possibly for lazy loads or selectin loads as well.
References: #4287
+ [orm] [bug] Fixed bug in new polymorphic selectin loading where
the BakedQuery used internally would be mutated by the given
loader options, which would both inappropriately mutate the
subclass query as well as carry over the effect to subsequent
queries.
References: #4286
+ [orm] [bug] Fixed regression caused by #4256 (itself a
regression fix for #4228) which breaks an undocumented behavior
which converted for a non-sequence of entities passed directly
to the Query constructor into a single-element sequence. While
this behavior was never supported or documented, it?s already in
use so has been added as a behavioral contract to Query.
References: #4269
+ [orm] [bug] Fixed an issue that was both a performance
regression in 1.2 as well as an incorrect result regarding the
?baked? lazy loader, involving the generation of cache keys from
the original Query object?s loader options. If the loader
options were built up in a ?branched? style using common base
elements for multiple options, the same options would be
rendered into the cache key repeatedly, causing both a
performance issue as well as generating the wrong cache
key. This is fixed, along with a performance improvement when
such ?branched? options are applied via Query.options() to
prevent the same option objects from being applied repeatedly.
References: #4270
* sql
+ [sql] [bug] Fixed regression in 1.2 due to #4147 where a Table
that has had some of its indexed columns redefined with new
ones, as would occur when overriding columns during reflection
or when using Table.extend_existing, such that the
Table.tometadata() method would fail when attempting to copy
those indexes as they still referred to the replaced column. The
copy logic now accommodates for this condition.
References: #4279
* mysql
+ [mysql] [bug] Fixed percent-sign doubling in
mysql-connector-python dialect, which does not require
de-doubling of percent signs. Additionally, the mysql-
connector-python driver is inconsistent in how it passes the
column names in cursor.description, so a workaround decoder has
been added to conditionally decode these
randomly-sometimes-bytes values to unicode only if needed. Also
improved test support for mysql-connector-python, however it
should be noted that this driver still has issues with unicode
that continue to be unresolved as of yet.
+ [mysql] [bug] Fixed bug in index reflection where on MySQL 8.0
an index that includes ASC or DESC in an indexed column
specfication would not be correctly reflected, as MySQL 8.0
introduces support for returning this information in a table
definition string.
References: #4293
+ [mysql] [bug] Fixed bug in MySQLdb dialect and variants such as
PyMySQL where an additional ?unicode returns? check upon
connection makes explicit use of the ?utf8? character set, which
in MySQL 8.0 emits a warning that utf8mb4 should be used. This
is now replaced with a utf8mb4 equivalent. Documentation is also
updated for the MySQL dialect to specify utf8mb4 in all
examples. Additional changes have been made to the test suite to
use utf8mb3 charsets and databases (there seem to be collation
issues in some edge cases with utf8mb4), and to support
configuration default changes made in MySQL 8.0 such as
explicit_defaults_for_timestamp as well as new errors raised for
invalid MyISAM indexes.
References: #4283
+ [mysql] [bug] The Update construct now accommodates a Join
object as supported by MySQL for UPDATE..FROM. As the construct
already accepted an alias object for a similar purpose, the
feature of UPDATE against a non-table was already implied so
this has been added.
References: #3645
* sqlite
+ [sqlite] [bug] Fixed issue in test suite where SQLite 3.24 added
a new reserved word that conflicted with a usage in
TypeReflectionTest. Pull request courtesy Nils Philippsen.
* mssql
+ [mssql] [bug] Fixed bug in MSSQL reflection where when two
same-named tables in different schemas had same-named primary
key constraints, foreign key constraints referring to one of the
tables would have their columns doubled, causing errors. Pull
request courtesy Sean Dunn.
References: #4228
+ [mssql] [bug] [py3k] Fixed issue within the SQL Server dialect
under Python 3 where when running against a non-standard SQL
server database that does not contain either the
?sys.dm_exec_sessions? or ?sys.dm_pdw_nodes_exec_sessions?
views, leading to a failure to fetch the isolation level, the
error raise would fail due to an UnboundLocalError.
References: #4273
* oracle
+ [oracle] [feature] Added a new event currently used only by the
cx_Oracle dialect, DialectEvents.setiputsizes(). The event
passes a dictionary of BindParameter objects to DBAPI-specific
type objects that will be passed, after conversion to parameter
names, to the cx_Oracle cursor.setinputsizes() method. This
allows both visibility into the setinputsizes process as well as
the ability to alter the behavior of what datatypes are passed
to this method.
See als Fine grained control over cx_Oracle data binding and performance with setinputsizes
References: #4290
+ [oracle] [bug] [mysql] Fixed INSERT FROM SELECT with CTEs for
the Oracle and MySQL dialects, where the CTE was being placed
above the entire statement as is typical with other databases,
however Oracle and MariaDB 10.2 wants the CTE underneath the
?INSERT? segment. Note that the Oracle and MySQL dialects don?t
yet work when a CTE is applied to a subquery inside of an UPDATE
or DELETE statement, as the CTE is still applied to the top
rather than inside the subquery.
References: #4275
* misc
+ [feature] [ext] Added new attribute Query.lazy_loaded_from which
is populated with an InstanceState that is using this Query in
order to lazy load a relationship. The rationale for this is
that it serves as a hint for the horizontal sharding feature to
use, such that the identity token of the state can be used as
the default identity token to use for the query within
id_chooser().
References: #4243
+ [bug] [py3k] Replaced the usage of inspect.formatargspec() with
a vendored version copied from the Python standard library, as
inspect.formatargspec() is deprecated and as of Python 3.7.0 is
emitting a warning.
References: #4291
* Tue Jun 26 2018 mimi.vx@gmail.com
- add upstream fix_test_reflection.patch to fix tests with new sqlite
* Thu Jun 21 2018 hpj@urpla.net
- update to version 1.2.8:
* orm
+ [orm] [bug] Fixed regression in 1.2.7 caused by #4228, which
itself was fixing a 1.2-level regression, where the query_cls
callable passed to a Session was assumed to be a subclass of
Query with class method availability, as opposed to an
arbitrary callable. In particular, the dogpile caching example
illustrates query_cls as a function and not a Query subclass.
References: #4256
+ [orm] [bug] Fixed a long-standing regression that occurred in
version 1.0, which prevented the use of a custom MapperOption
that alters the _params of a Query object for a lazy load,
since the lazy loader itself would overwrite those parameters.
This applies to the ?temporal range? example on the wiki. Note
however that the Query.populate_existing() method is now
required in order to rewrite the mapper options associated with
an object already loaded in the identity map.
As part of this change, a custom defined MapperOption will now
cause lazy loaders related to the target object to use a non-
baked query by default unless the
MapperOption._generate_cache_key() method is implemented. In
particular, this repairs one regression which occured when
using the dogpile.cache ?advanced? example, which was not
returning cached results and instead emitting SQL due to an
incompatibility with the baked query loader; with the change,
the RelationshipCache option included for many releases in the
dogpile example will disable the ?baked? query altogether. Note
that the dogpile example is also modernized to avoid both of
these issues as part of issue #4258. References: #4128
+ [orm] [bug] Fixed bug where the new
baked.Result.with_post_criteria() method would not interact
with a subquery-eager loader correctly, in that the ?post
criteria? would not be applied to embedded subquery
eager loaders. This is related to #4128 in that the post
criteria feature is now used by the lazy loader.
+ [orm] [bug] Updated the dogpile.caching example to include new
structures that accommodate for the ?baked? query system, which
is used by default within lazy loaders and some eager
relationship loaders. The dogpile.caching ?relationship_caching?
and ?advanced? examples were also broken due to #4256. The
issue here is also worked-around by the fix in #4128.
References: #4258
* engine
+ [engine] [bug] Fixed connection pool issue whereby if a
disconnection error were raised during the connection pool?s
?reset on return? sequence in conjunction with an explicit
transaction opened against the enclosing Connection object
(such as from calling Session.close() without a rollback or
commit, or calling Connection.close() without first closing a
transaction declared with Connection.begin()), a double-checkin
would result, which could then lead towards concurrent
checkouts of the same connection. The double-checkin condition
is now prevented overall by an assertion, as well as the
specific double-checkin scenario has been fixed.
References: #4252
+ [engine] [bug] Fixed a reference leak issue where the values of
the parameter dictionary used in a statement execution would
remain referenced by the ?compiled cache?, as a result of
storing the key view used by Python 3 dictionary keys(). Pull
request courtesy Olivier Grisel.
* sql
+ [sql] [bug] Fixed issue where the ?ambiguous literal? error
message used when interpreting literal values as SQL expression
values would encounter a tuple value, and fail to format the
message properly. Pull request courtesy Miguel Ventura.
* mssql
+ [mssql] [bug] Fixed a 1.2 regression caused by #4061 where the
SQL Server ?BIT? type would be considered to be ?native
boolean?. The goal here was to avoid creating a CHECK
constraint on the column, however the bigger issue is that the
BIT value does not behave like a true/false constant and cannot
be interpreted as a standalone expression, e.g. ?WHERE
<column>?. The SQL Server dialect now goes back to being non-
native boolean, but with an extra flag that still avoids
creating the CHECK constraint. References: #4250
* oracle
+ [oracle] [bug] The Oracle BINARY_FLOAT and BINARY_DOUBLE
datatypes now participate within cx_Oracle.setinputsizes(),
passing along NATIVE_FLOAT, so as to support the NaN value.
Additionally, oracle.BINARY_FLOAT, oracle.BINARY_DOUBLE and
oracle.DOUBLE_PRECISION now subclass Float, since these are
floating point datatypes, not decimal. These datatypes were
already defaulting the Float.asdecimal flag to False in line
with what Float already does. References: #4264
+ [oracle] [bug] Added reflection capabilities for the
oracle.BINARY_FLOAT, oracle.BINARY_DOUBLE datatypes.
+ [oracle] [bug] Altered the Oracle dialect such that when an
Integer type is in use, the cx_Oracle.NUMERIC type is set up
for setinputsizes(). In SQLAlchemy 1.1 and earlier,
cx_Oracle.NUMERIC was passed for all numeric types
unconditionally, and in 1.2 this was removed to allow for
better numeric precision. However, for integers, some
database/client setups will fail to coerce boolean values
True/False into integers which introduces regressive behavior
when using SQLAlchemy 1.2. Overall, the setinputsizes logic
seems like it will need a lot more flexibility going forward so
this is a start for that. References: #4259
* misc
+ [bug] [ext] The horizontal sharding extension now makes use of
the identity token added to ORM identity keys as part of #4137,
when an object refresh or column-based deferred load or
unexpiration operation occurs. Since we know the ?shard? that
the object originated from, we make use of this value when
refreshing, thereby avoiding queries against other shards that
don?t match this object?s identity in any case.
References: #4247
+ [bug] [ext] Fixed a race condition which could occur if automap
AutomapBase.prepare() were used within a multi-threaded context
against other threads which may call configure_mappers() as a
result of use of other mappers. The unfinished mapping work of
automap is particularly sensitive to being pulled in by a
configure_mappers() step leading to errors. References: #4266
+ [bug] [tests] Fixed a bug in the test suite where if an
external dialect returned None for server_version_info, the
exclusion logic would raise an AttributeError.
References: #4249