Packages changed: cockpit-tukit (0.1.2~git0.647b3e3 -> 0.1.3~git0.41f9fbc) dhcp glib2-branding-openSUSE kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k (20250227 -> 20250424) kernel-firmware-ath12k (20250206 -> 20250424) kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi (20250312 -> 20250423) kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media (20250422 -> 20250424) kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network libssh libzip lilv lua54 open-vm-tools openssh (9.9p2 -> 10.0p2) openssh-askpass-gnome (9.9p2 -> 10.0p2) python313 (3.13.2 -> 3.13.3) python313-core (3.13.2 -> 3.13.3) sdbootutil (1+git20250423.61ca94f -> 1+git20250425.25d659b) ucode-amd === Details === ==== cockpit-tukit ==== Version update (0.1.2~git0.647b3e3 -> 0.1.3~git0.41f9fbc) - Update to version 0.1.3~git0.41f9fbc: * FEAT: add ci * FEAT: drop rome and use styelint and eslint * FIX: update makefile to support updated translation utils * FEAT: explicitly specify cockpit-tukit is only supported on transacional systems * use typescript types provided by upstream * drop 38.patch ==== dhcp ==== Subpackages: dhcp-client - Add compile option '-std=gnu17' to fix build with gcc15. [bsc#1241472] ==== glib2-branding-openSUSE ==== - Update defaults to match current situation: + Remove banshee preference: banshee has not been shipped since 2016. + Add Loupe to the preferred applications for images + Do not use Eog by default. As it's alphabetically before Loupe, Eog would always win the way it was listed (when installed). + Explicitly set image/tiff to org.gnome.Loupe as Eog is no longer part of the default installations. ==== kernel-firmware-amdgpu ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ath10k ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ath11k ==== Version update (20250227 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01300-QCAHKSWPL_SILICONZ-1 ==== kernel-firmware-ath12k ==== Version update (20250206 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * ath12k: WCN7850 hw2.0: update to WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 * ath12k: QCN9274 hw2.0: update board-2.bin ==== kernel-firmware-atheros ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-bluetooth ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-bnx2 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-brcm ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-chelsio ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-dpaa2 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-i915 ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-intel ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-iwlwifi ==== Version update (20250312 -> 20250423) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250423 (git commit c67433231cbd): * iwlwifi: add Bz/gl FW for core95-82 release * iwlwifi: update ty/So/Ma firmwares for core95-82 release * iwlwifi: update cc/Qu/QuZ firmwares for core95-82 release - Update to version 20250422 (git commit 32f3227b67c0): * iwlwifi: add Bz-hr FW for core93-123 release ==== kernel-firmware-liquidio ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-marvell ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-media ==== Version update (20250422 -> 20250424) - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. - Update to version 20250424 (git commit c8af472e05cb): * qcom: vpu: update video firmware binary for SA8775p ==== kernel-firmware-mediatek ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-mellanox ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-mwifiex ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-network ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-nfp ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-nvidia ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-platform ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-prestera ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-qcom ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-qlogic ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-radeon ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-realtek ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-serial ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-sound ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ti ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-ueagle ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== kernel-firmware-usb-network ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case. ==== libssh ==== Subpackages: libssh-config libssh4 - Fix build and tests with OpenSSH >= 10.0 * Use %make_build instead of naked make * Add patches: - libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch - libssh-misc-Fix-OpenSSH-banner-parsing.patch ==== libzip ==== - Fix libzip-devel dependencies. libzip-targets*.cmake create CMake targets for zipcmp, zipmerge and ziptool. ==== lilv ==== - Rework the way the preferred python flavor is used as prefix so it also works with Slowroll - Add BuildRequires for pkgconfig(zix) which was pulled in indirectly but is actually required since 0.24.22. - Generate the python subpackage with the python flavored prefix it's being used instead of always using python3 ==== lua54 ==== - Fix license: it is MIT, not GPL-3.0-or-later. ==== open-vm-tools ==== Subpackages: libvmtools0 - (bsc#1237147): Newer version of containerd do not have the directory /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/api. Update detect-suse-location.patch to point to the directory /usr/share/go/1.x/contrib/src/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api to find the needed files and update the tasks.proto file to import from github.com/containerd/containerd/vendor/github.com/containerd/containerd/api ==== openssh ==== Version update (9.9p2 -> 10.0p2) Subpackages: openssh-clients openssh-common openssh-server - Add openssh-send-extra-term-env.patch, which appends a few environment variables useful for terminal identification to the default send and accept lists. - "Update" to openssh 10.0p2: - There was an issue during the packaging of 10.0p1 which made it identify itself as 10.0p2 so 10.0p1 is now considered identical to 10.0p2 and upstream won't release a separate 10.0p2 package. - Update to openssh 10.0p1: = Potentially-incompatible changes * This release removes support for the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months. * scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by scp & sftp. This disables implicit session creation by these tools when ControlMaster was set to yes/auto by configuration, which some users found surprising. This change will not prevent scp/sftp from using an existing multiplexing session if one had already been created. GHPR557 * This release has the version number 10.0 and announces itself as "SSH-2.0-OpenSSH_10.0". Software that naively matches versions using patterns like "OpenSSH_1*" may be confused by this. * sshd(8): this release removes the code responsible for the user authentication phase of the protocol from the per- connection sshd-session binary to a new sshd-auth binary. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after the authentication phase completes. This change should be largely invisible to users, though some log messages may now come from "sshd-auth" instead of "sshd-session". Downstream distributors of OpenSSH will need to package the sshd-auth binary. * sshd(8): this release disables finite field (a.k.a modp) Diffie-Hellman key exchange in sshd by default. Specifically, this removes the "diffie-hellman-group*" and "diffie-hellman-group-exchange-*" methods from the default KEXAlgorithms list. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. * sshd(8): this release removes the implicit fallback to compiled-in groups for Diffie-Hellman Group Exchange KEX when the moduli file exists but does not contain moduli within the client-requested range. The fallback behaviour remains for the case where the moduli file does not exist at all. This allows administrators more explicit control over which DH groups will be selected, but can lead to connection failures if the moduli file is edited incorrectly. bz#2793 = Security * sshd(8): fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented. X11 forwarding is disabled by default in the server and agent forwarding is off by default in the client. = New features * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous default. * ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher for the connection. The default cipher preference list is now Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR (128/192/256). * ssh(1): add %-token and environment variable expansion to the ssh_config SetEnv directive. * ssh(1): allow %-token and environment variable expansion in the ssh_config User directive, with the exception of %r and %C which would be self-referential. bz#3477 * ssh(1), sshd(8): add "Match version" support to ssh_config and sshd_config. Allows matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*". * ssh(1): add support for "Match sessiontype" to ssh_config. Allows matching on the type of session initially requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. * ssh(1): add support for "Match command ..." support to ssh_config, allowing matching on the remote command as specified on the command-line. * ssh(1): allow 'Match tagged ""' and 'Match command ""' to match empty tag and command values respectively. * sshd(8): allow glob(3) patterns to be used in sshd_config AuthorizedKeysFile and AuthorizedPrincipalsFile directives. bz2755 * sshd(1): support the VersionAddendum in the client, mirroring the option of the same name in the server; bz2745 * ssh-agent(1): the agent will now delete all loaded keys when signaled with SIGUSR1. This allows deletion of keys without having access to $SSH_AUTH_SOCK. * Portable OpenSSH, ssh-agent(1): support systemd-style socket activation in ssh-agent using the LISTEN_PID/LISTEN_FDS mechanism. Activated when these environment variables are set, ... changelog too long, skipping 116 lines ... * fix-nopie-flag.patch ==== openssh-askpass-gnome ==== Version update (9.9p2 -> 10.0p2) - "Update" to openssh 10.0p2: * No changes for askpass, see main package changelog for details. - Update to openssh 10.0p1: * No changes for askpass, see main package changelog for details. ==== python313 ==== Version update (3.13.2 -> 3.13.3) - Update to 3.13.3: - Tools/Demos - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references. - Tests - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership. - gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations). - gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment. - gh-126332: Add unit tests for pyrepl. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses. - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn(). - gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan. - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names. - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses. - gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel. - gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio. - gh-129843: Fix incorrect argument passing in warnings.warn_explicit(). - gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff. - gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS. - gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag. - gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny. - gh-130637: Add validation for numeric response data in poplib.POP3.stat() method - gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions. - gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory. - gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0). - gh-130250: Fix regression in traceback.print_last(). - gh-130230: Fix crash in pow() with only Decimal third argument. - gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during ... changelog too long, skipping 175 lines ... (gh#python/cpython#132535). ==== python313-core ==== Version update (3.13.2 -> 3.13.3) Subpackages: libpython3_13-1_0 python313-base - Update to 3.13.3: - Tools/Demos - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references. - Tests - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership. - gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations). - gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment. - gh-126332: Add unit tests for pyrepl. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses. - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn(). - gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan. - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names. - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses. - gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel. - gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio. - gh-129843: Fix incorrect argument passing in warnings.warn_explicit(). - gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff. - gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS. - gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag. - gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny. - gh-130637: Add validation for numeric response data in poplib.POP3.stat() method - gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions. - gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory. - gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0). - gh-130250: Fix regression in traceback.print_last(). - gh-130230: Fix crash in pow() with only Decimal third argument. - gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during ... changelog too long, skipping 175 lines ... (gh#python/cpython#132535). ==== sdbootutil ==== Version update (1+git20250423.61ca94f -> 1+git20250425.25d659b) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250425.25d659b: * get-timeout for sd-boot return unsigned value * jeos-firstboot-enroll: drop unused variable * jeos-firstboot-enroll: continue if no enrollment (bsc#1236583) * jeos-firstboot-enroll: hide keyctl output * jeos-firstboot-enroll: add title and description ==== ucode-amd ==== - Change conflicts filesystem < 84 to conflicts filesystem without may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE 16 uses Version 16; yet we need to ensure we get an up-to-date version of filesystem. Relying on the recently introduced provides instructing zypp about the usrmerge is perfect for this use case.