==== cockpit-tukit ====
Version update (0.1.2~git0.647b3e3 -> 0.1.3~git0.41f9fbc)
- Update to version 0.1.3~git0.41f9fbc:
* FEAT: add ci
* FEAT: drop rome and use styelint and eslint
* FIX: update makefile to support updated translation utils
* FEAT: explicitly specify cockpit-tukit is only supported on transacional systems
* use typescript types provided by upstream
* drop 38.patch
==== dhcp ====
Subpackages: dhcp-client
- Add compile option '-std=gnu17' to fix build with gcc15.
[bsc#1241472]
==== glib2-branding-openSUSE ====
- Update defaults to match current situation:
+ Remove banshee preference: banshee has not been shipped since
2016.
+ Add Loupe to the preferred applications for images
+ Do not use Eog by default. As it's alphabetically before
Loupe, Eog would always win the way it was listed (when
installed).
+ Explicitly set image/tiff to org.gnome.Loupe as Eog is no
longer part of the default installations.
==== kernel-firmware-amdgpu ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-ath10k ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-ath11k ====
Version update (20250227 -> 20250424)
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
* ath11k: WCN6855 hw2.0: update board-2.bin
* ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01300-QCAHKSWPL_SILICONZ-1
==== kernel-firmware-ath12k ====
Version update (20250206 -> 20250424)
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
* ath12k: WCN7850 hw2.0: update to WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
* ath12k: QCN9274 hw2.0: update board-2.bin
==== kernel-firmware-atheros ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-bluetooth ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-bnx2 ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-brcm ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-chelsio ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-dpaa2 ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-i915 ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-intel ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-iwlwifi ====
Version update (20250312 -> 20250423)
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250423 (git commit c67433231cbd):
* iwlwifi: add Bz/gl FW for core95-82 release
* iwlwifi: update ty/So/Ma firmwares for core95-82 release
* iwlwifi: update cc/Qu/QuZ firmwares for core95-82 release
- Update to version 20250422 (git commit 32f3227b67c0):
* iwlwifi: add Bz-hr FW for core93-123 release
==== kernel-firmware-liquidio ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-marvell ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-media ====
Version update (20250422 -> 20250424)
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
- Update to version 20250424 (git commit c8af472e05cb):
* qcom: vpu: update video firmware binary for SA8775p
==== kernel-firmware-mediatek ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-mellanox ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-mwifiex ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-network ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-nfp ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-nvidia ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-platform ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-prestera ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-qcom ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-qlogic ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-radeon ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-realtek ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-serial ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-sound ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-ti ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-ueagle ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
==== kernel-firmware-usb-network ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
- Fix build and tests with OpenSSH >= 10.0
* Use %make_build instead of naked make
* Add patches:
- libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
- libssh-misc-Fix-OpenSSH-banner-parsing.patch
==== libzip ====
- Fix libzip-devel dependencies. libzip-targets*.cmake create
CMake targets for zipcmp, zipmerge and ziptool.
==== lilv ====
- Rework the way the preferred python flavor is used as prefix so
it also works with Slowroll
- Add BuildRequires for pkgconfig(zix) which was pulled in
indirectly but is actually required since 0.24.22.
- Generate the python subpackage with the python flavored prefix
it's being used instead of always using python3
==== lua54 ====
- Fix license: it is MIT, not GPL-3.0-or-later.
==== open-vm-tools ====
Subpackages: libvmtools0
- (bsc#1237147): Newer version of containerd do not have the directory
/usr/share/go/1.x/contrib/src/github.com/containerd/containerd/api.
Update detect-suse-location.patch to point to the directory
/usr/share/go/1.x/contrib/src/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api
to find the needed files and update the tasks.proto file to import from
github.com/containerd/containerd/vendor/github.com/containerd/containerd/api
- Add openssh-send-extra-term-env.patch, which appends a few
environment variables useful for terminal identification to the
default send and accept lists.
- "Update" to openssh 10.0p2:
- There was an issue during the packaging of 10.0p1 which made it
identify itself as 10.0p2 so 10.0p1 is now considered identical
to 10.0p2 and upstream won't release a separate 10.0p2 package.
- Update to openssh 10.0p1:
= Potentially-incompatible changes
* This release removes support for the weak DSA signature
algorithm, completing the deprecation process that began in
2015 (when DSA was disabled by default) and repeatedly warned
over the last 12 months.
* scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by
scp & sftp. This disables implicit session creation by these
tools when ControlMaster was set to yes/auto by configuration,
which some users found surprising. This change will not prevent
scp/sftp from using an existing multiplexing session if one had
already been created. GHPR557
* This release has the version number 10.0 and announces itself
as "SSH-2.0-OpenSSH_10.0". Software that naively matches
versions using patterns like "OpenSSH_1*" may be confused by
this.
* sshd(8): this release removes the code responsible for the
user authentication phase of the protocol from the per-
connection sshd-session binary to a new sshd-auth binary.
Splitting this code into a separate binary ensures that the
crucial pre-authentication attack surface has an entirely
disjoint address space from the code used for the rest of the
connection. It also yields a small runtime memory saving as the
authentication code will be unloaded after the authentication
phase completes. This change should be largely invisible to
users, though some log messages may now come from "sshd-auth"
instead of "sshd-session". Downstream distributors of OpenSSH
will need to package the sshd-auth binary.
* sshd(8): this release disables finite field (a.k.a modp)
Diffie-Hellman key exchange in sshd by default. Specifically,
this removes the "diffie-hellman-group*" and
"diffie-hellman-group-exchange-*" methods from the default
KEXAlgorithms list. The client is unchanged and continues to
support these methods by default. Finite field Diffie Hellman
is slow and computationally expensive for the same security
level as Elliptic Curve DH or PQ key agreement while offering
no redeeming advantages. ECDH has been specified for the SSH
protocol for 15 years and some form of ECDH has been the
default key exchange in OpenSSH for the last 14 years.
* sshd(8): this release removes the implicit fallback to
compiled-in groups for Diffie-Hellman Group Exchange KEX when
the moduli file exists but does not contain moduli within the
client-requested range. The fallback behaviour remains for the
case where the moduli file does not exist at all. This allows
administrators more explicit control over which DH groups will
be selected, but can lead to connection failures if the moduli
file is edited incorrectly. bz#2793
= Security
* sshd(8): fix the DisableForwarding directive, which was failing
to disable X11 forwarding and agent forwarding as documented.
X11 forwarding is disabled by default in the server and agent
forwarding is off by default in the client.
= New features
* ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
is now used by default for key agreement. This algorithm is
considered to be safe against attack by quantum computers,
is guaranteed to be no less strong than the popular
curve25519-sha256 algorithm, has been standardised by NIST
and is considerably faster than the previous default.
* ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher
for the connection. The default cipher preference list is now
Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR
(128/192/256).
* ssh(1): add %-token and environment variable expansion to the
ssh_config SetEnv directive.
* ssh(1): allow %-token and environment variable expansion in
the ssh_config User directive, with the exception of %r and %C
which would be self-referential. bz#3477
* ssh(1), sshd(8): add "Match version" support to ssh_config and
sshd_config. Allows matching on the local version of OpenSSH,
e.g. "Match version OpenSSH_10.*".
* ssh(1): add support for "Match sessiontype" to ssh_config.
Allows matching on the type of session initially requested,
either "shell" for interactive sessions, "exec" for command
execution sessions, "subsystem" for subsystem requests, such as
sftp, or "none" for transport/forwarding-only sessions.
* ssh(1): add support for "Match command ..." support to
ssh_config, allowing matching on the remote command as
specified on the command-line.
* ssh(1): allow 'Match tagged ""' and 'Match command ""' to match
empty tag and command values respectively.
* sshd(8): allow glob(3) patterns to be used in sshd_config
AuthorizedKeysFile and AuthorizedPrincipalsFile directives.
bz2755
* sshd(1): support the VersionAddendum in the client, mirroring
the option of the same name in the server; bz2745
* ssh-agent(1): the agent will now delete all loaded keys when
signaled with SIGUSR1. This allows deletion of keys without
having access to $SSH_AUTH_SOCK.
* Portable OpenSSH, ssh-agent(1): support systemd-style socket
activation in ssh-agent using the LISTEN_PID/LISTEN_FDS
mechanism. Activated when these environment variables are set,
... changelog too long, skipping 116 lines ...
* fix-nopie-flag.patch
==== openssh-askpass-gnome ====
Version update (9.9p2 -> 10.0p2)
- "Update" to openssh 10.0p2:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 10.0p1:
* No changes for askpass, see main package changelog for
details.
==== python313 ====
Version update (3.13.2 -> 3.13.3)
- Update to 3.13.3:
- Tools/Demos
- gh-131852: msgfmt no longer adds the POT-Creation-Date to
generated .mo files for consistency with GNU msgfmt.
- gh-85012: Correctly reset msgctxt when compiling messages
in msgfmt.
- gh-130025: The iOS testbed now correctly handles symlinks
used as Python framework references.
- Tests
- gh-131050: test_ssl.test_dh_params is skipped if the
underlying TLS library does not support finite-field
ephemeral Diffie-Hellman.
- gh-129200: Multiple iOS testbed runners can now be started
at the same time without introducing an ambiguity over
simulator ownership.
- gh-130292: The iOS testbed will now run successfully on a
machine that has not previously run Xcode tests (such as CI
configurations).
- gh-130293: The tests of terminal colorization are no longer
sensitive to the value of the TERM variable in the testing
environment.
- gh-126332: Add unit tests for pyrepl.
- Security
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-127371: Avoid unbounded buffering for
tempfile.SpooledTemporaryFile.writelines(). Previously,
disk spillover was only checked after the lines iterator
had been exhausted. This is now done after each line is
written.
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using
a carefully constructed encoded-word if the resulting
rendered email was transmitted or re-parsed.
- Library
- gh-132174: Fix function name in error message of
_interpreters.run_string.
- gh-132171: Fix crash of _interpreters.run_string on string
subclasses.
- gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN
environment variable knob in subprocess to control the use
of os.posix_spawn().
- gh-132159: Do not shadow user arguments in generated
__new__() by decorator warnings.deprecated. Patch by Xuehai
Pan.
- gh-132075: Fix possible use of socket address structures
with uninitialized members. Now all structure members are
initialized with zeroes by default.
- gh-132002: Fix crash when deallocating
contextvars.ContextVar with weird unahashable string names.
- gh-131668: socket: Fix code parsing AF_BLUETOOTH socket
addresses.
- gh-131492: Fix a resource leak when constructing a
gzip.GzipFile with a filename fails, for example when
passing an invalid compresslevel.
- gh-131325: Fix sendfile fallback implementation to drain
data after writing to transport in asyncio.
- gh-129843: Fix incorrect argument passing in
warnings.warn_explicit().
- gh-131204: Use monospace font from System Font Stack for
cross-platform support in difflib.HtmlDiff.
- gh-130940: The PyConfig.use_system_logger attribute,
introduced in Python 3.13.2, has been removed. The
introduction of this attribute inadvertently introduced an
ABI breakage on macOS and iOS. The use of the system logger
is now enabled by default on iOS, and disabled by default
on macOS.
- gh-131045: Fix issue with __contains__, values, and
pseudo-members for enum.Flag.
- gh-130959: Fix pure-Python implementation of
datetime.time.fromisoformat() to reject times with spaces
in fractional part (for example, 12:34:56.400 +02:00),
matching the C implementation. Patch by Michał Gorny.
- gh-130637: Add validation for numeric response data in
poplib.POP3.stat() method
- gh-130461: Remove .. index:: directives from the uuid
module documentation. These directives previously created
entries in the general index for getnode() as well as
the uuid1(), uuid3(), uuid4(), and uuid5() constructor
functions.
- gh-130379: The zipapp module now calculates the list of
files to be added to the archive before creating the
archive. This avoids accidentally including the target when
it is being created in the source directory.
- gh-130285: Fix corner case for random.sample() allowing the
counts parameter to specify an empty population. So now,
sample([], 0, counts=[]) and sample('abc', k=0, counts=[0,
0, 0]) both give the same result as sample([], 0).
- gh-130250: Fix regression in traceback.print_last().
- gh-130230: Fix crash in pow() with only Decimal third
argument.
- gh-118761: Reverts a change in the previous release
attempting to make some stdlib imports used within the
subprocess module lazy as this was causing errors during
... changelog too long, skipping 175 lines ...
(gh#python/cpython#132535).
- Update to 3.13.3:
- Tools/Demos
- gh-131852: msgfmt no longer adds the POT-Creation-Date to
generated .mo files for consistency with GNU msgfmt.
- gh-85012: Correctly reset msgctxt when compiling messages
in msgfmt.
- gh-130025: The iOS testbed now correctly handles symlinks
used as Python framework references.
- Tests
- gh-131050: test_ssl.test_dh_params is skipped if the
underlying TLS library does not support finite-field
ephemeral Diffie-Hellman.
- gh-129200: Multiple iOS testbed runners can now be started
at the same time without introducing an ambiguity over
simulator ownership.
- gh-130292: The iOS testbed will now run successfully on a
machine that has not previously run Xcode tests (such as CI
configurations).
- gh-130293: The tests of terminal colorization are no longer
sensitive to the value of the TERM variable in the testing
environment.
- gh-126332: Add unit tests for pyrepl.
- Security
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-127371: Avoid unbounded buffering for
tempfile.SpooledTemporaryFile.writelines(). Previously,
disk spillover was only checked after the lines iterator
had been exhausted. This is now done after each line is
written.
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using
a carefully constructed encoded-word if the resulting
rendered email was transmitted or re-parsed.
- Library
- gh-132174: Fix function name in error message of
_interpreters.run_string.
- gh-132171: Fix crash of _interpreters.run_string on string
subclasses.
- gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN
environment variable knob in subprocess to control the use
of os.posix_spawn().
- gh-132159: Do not shadow user arguments in generated
__new__() by decorator warnings.deprecated. Patch by Xuehai
Pan.
- gh-132075: Fix possible use of socket address structures
with uninitialized members. Now all structure members are
initialized with zeroes by default.
- gh-132002: Fix crash when deallocating
contextvars.ContextVar with weird unahashable string names.
- gh-131668: socket: Fix code parsing AF_BLUETOOTH socket
addresses.
- gh-131492: Fix a resource leak when constructing a
gzip.GzipFile with a filename fails, for example when
passing an invalid compresslevel.
- gh-131325: Fix sendfile fallback implementation to drain
data after writing to transport in asyncio.
- gh-129843: Fix incorrect argument passing in
warnings.warn_explicit().
- gh-131204: Use monospace font from System Font Stack for
cross-platform support in difflib.HtmlDiff.
- gh-130940: The PyConfig.use_system_logger attribute,
introduced in Python 3.13.2, has been removed. The
introduction of this attribute inadvertently introduced an
ABI breakage on macOS and iOS. The use of the system logger
is now enabled by default on iOS, and disabled by default
on macOS.
- gh-131045: Fix issue with __contains__, values, and
pseudo-members for enum.Flag.
- gh-130959: Fix pure-Python implementation of
datetime.time.fromisoformat() to reject times with spaces
in fractional part (for example, 12:34:56.400 +02:00),
matching the C implementation. Patch by Michał Gorny.
- gh-130637: Add validation for numeric response data in
poplib.POP3.stat() method
- gh-130461: Remove .. index:: directives from the uuid
module documentation. These directives previously created
entries in the general index for getnode() as well as
the uuid1(), uuid3(), uuid4(), and uuid5() constructor
functions.
- gh-130379: The zipapp module now calculates the list of
files to be added to the archive before creating the
archive. This avoids accidentally including the target when
it is being created in the source directory.
- gh-130285: Fix corner case for random.sample() allowing the
counts parameter to specify an empty population. So now,
sample([], 0, counts=[]) and sample('abc', k=0, counts=[0,
0, 0]) both give the same result as sample([], 0).
- gh-130250: Fix regression in traceback.print_last().
- gh-130230: Fix crash in pow() with only Decimal third
argument.
- gh-118761: Reverts a change in the previous release
attempting to make some stdlib imports used within the
subprocess module lazy as this was causing errors during
... changelog too long, skipping 175 lines ...
(gh#python/cpython#132535).
- Update to version 1+git20250425.25d659b:
* get-timeout for sd-boot return unsigned value
* jeos-firstboot-enroll: drop unused variable
* jeos-firstboot-enroll: continue if no enrollment (bsc#1236583)
* jeos-firstboot-enroll: hide keyctl output
* jeos-firstboot-enroll: add title and description
==== ucode-amd ====
- Change conflicts filesystem < 84 to conflicts filesystem without
may-perform-usrmerge. Version 84 is specific to Tumbleweed; CODE
16 uses Version 16; yet we need to ensure we get an up-to-date
version of filesystem. Relying on the recently introduced provides
instructing zypp about the usrmerge is perfect for this use case.
