Packages changed: PackageKit-Qt6 (1.1.1 -> 1.1.2) augeas btrfsprogs crypto-policies ethtool gdb (15.2 -> 16.3) gnome-shell grub2 iptables java-21-openjdk (21.0.6.0 -> 21.0.7.0) libedit (20210910.3.1 -> 20250104.3.1) libgcrypt libraw (0.21.3 -> 0.21.4) nghttp2 (1.64.0 -> 1.65.0) openSUSE-release (20250423 -> 20250424) postfix (3.10.1 -> 3.10.2) python-hyperframe (6.0.1 -> 6.1.0) python311 python311-core sdbootutil (1+git20250421.7ffd25a -> 1+git20250423.61ca94f) === Details === ==== PackageKit-Qt6 ==== Version update (1.1.1 -> 1.1.2) - Update to 1.1.2 * offline: Make sure we allow for interactive authorization * Allow Transaction::setHints before the transaction has started * Fix check for PackageKit D-Bus specs * Add missing info enum values ==== augeas ==== Subpackages: augeas-bash-completion augeas-lenses libaugeas0 libfa1 - Add patch, fix for bsc#1239909 / CVE-2025-2588: * CVE-2025-2588.patch ==== btrfsprogs ==== Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - Fix name clash of parse_range between common/parse-utils.c and libblkid.a from util-linux-2.41 (btrfsprogs-libblkid-static-lib-clash.patch). ==== crypto-policies ==== Subpackages: crypto-policies-scripts - Update crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch ==== ethtool ==== Subpackages: ethtool-bash-completion - fix AppStream metainfo XML file * misc-fix-AppStream-metainfo-XML.patch ==== gdb ==== Version update (15.2 -> 16.3) - Mention fixup-gdb-6.5-gcore-buffer-limit-test.patch. - Mention changes in GDB 16: * GDB now supports watchpoints for tagged data pointers (see https://en.wikipedia.org/wiki/Tagged_pointer) on amd64, such as the one used by the Linear Address Masking (LAM) feature provided by Intel. * Debugging support for Intel MPX has been removed. This includes the removal of: * MPX register support * the commands "show/set mpx bound" (deprecated since GDB 15) * i386 and amd64 implementation of the hooks report_signal_info and get_siginfo_type. * GDB now supports printing of asynchronous events from the Intel Processor Trace during 'record instruction-history', 'record function-call-history' and all stepping commands. This can be controlled with the new "set record btrace pt event-tracing" command. * GDB now supports printing of ptwrite payloads from the Intel Processor Trace during 'record instruction-history', 'record function-call-history' and all stepping commands. The payload is also accessible in Python as a RecordAuxiliary object. Printing is customizable via a ptwrite filter function in Python. By default, the raw ptwrite payload is printed for each ptwrite that is encountered. * For breakpoints that are created in the 'pending' state, any 'thread' or 'task' keywords are parsed at the time the breakpoint is created, rather than at the time the breakpoint becomes non-pending. * Thread-specific breakpoints are only inserted into the program space in which the thread of interest is running. In most cases program spaces are unique for each inferior, so this means that thread-specific breakpoints will usually only be inserted for the inferior containing the thread of interest. The breakpoint will be hit no less than before. * For ARM targets, the offset of the pc in the jmp_buf has been fixed to match glibc 2.20 and later. This should only matter when not using libc probes. This may cause breakage when using an incompatible libc, like uclibc or newlib, or an older glibc. * MTE (Memory Tagging Extension) debugging is now supported on AArch64 baremetal targets. * In a record session, when a forward emulation reaches the end of the reverse history, the warning message has been changed to indicate that the end of the history has been reached. It also specifies that the forward execution can continue, and the recording will also continue. * The Ada 'Object_Size attribute is now supported. * New bash script gstack uses GDB to print stack traces of running processes. * Python API: * Added gdb.record.clear. Clears the trace data of the current recording. This forces re-decoding of the trace for successive commands. * Added the new event source gdb.tui_enabled. * New module gdb.missing_objfile that facilitates dealing with missing objfiles when opening a core-file. * New function gdb.missing_objfile.register_handler that can register an instance of a sub-class of gdb.missing_debug.MissingObjfileHandler as a handler for missing objfiles. * New class gdb.missing_objfile.MissingObjfileHandler which can be sub-classed to create handlers for missing objfiles. * The 'signed' argument to gdb.Architecture.integer_type() will no longer accept non-bool types. * The gdb.MICommand.installed property can only be set to True or False. * The 'qualified' argument to gdb.Breakpoint constructor will no longer accept non-bool types. * Added the gdb.Symbol.is_artificial attribute. * Debugger Adapter Protocol changes: * The "scopes" request will now return a scope holding global variables from the stack frame's compilation unit. * The "scopes" request will return a "returnValue" scope holding the return value from the latest "stepOut" command, when appropriate. * The "launch" and "attach" requests were rewritten in accordance with some clarifications to the spec. Now they can be sent at any time after the "initialized" event, but will not take effect (or send a response) until after the "configurationDone" request has been sent. * The "variables" request will not return artificial symbols. * New commands: * show jit-reader-directory Show the name of the directory that "jit-reader-load" uses for relative file names. * set style line-number foreground COLOR set style line-number background COLOR set style line-number intensity VALUE Control the styling of line numbers printed by GDB. * set style command foreground COLOR set style command background COLOR set style command intensity VALUE Control the styling of GDB commands when displayed by GDB. * set style title foreground COLOR set style title background COLOR set style title intensity VALUE This style now applies to the header line of lists, for example the first line of the output of "info breakpoints". Previous uses of this style have been replaced with the new ... changelog too long, skipping 120 lines ... * gdb-rhbz-818343-set-solib-absolute-prefix-testcase.patch ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang - Drop gnome-shell-executable-path-not-absolute.patch: The original patch did not work as expected, and assuming gsettings is in the bin dir of gnome-shell is not correct, so keep relative path (bsc#1241666). ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-bls grub2-x86_64-xen - Fix reading bls fragments in file-system dependent order that is not predictable (bsc#1241046) * 0001-blscfg-read-fragments-in-order.patch - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch ==== iptables ==== Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Remove legacy backend from SLES16 ==== java-21-openjdk ==== Version update (21.0.6.0 -> 21.0.7.0) Subpackages: java-21-openjdk-headless - Update to upstream tag jdk-21.0.7+6 (April 2025 CPU) * CVEs + CVE-2025-21587, bsc#1241274 + CVE-2025-30691, bsc#1241275 + CVE-2025-30698, bsc#1241276 * Changes + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/ /StressLoopback.java times out (aix) + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8227529: With malformed --app-image the error messages are awful + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295159: DSO created with -ffast-math breaks Java floating-point arithmetic + JDK-8302111: Serialization considerations + JDK-8304701: Request with timeout aborts later in-flight request on HTTP/1.1 cxn + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/ /TestDependencyOffsets.java fails on 512-bit SVE + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313905: Checked_cast assert in CDS compare_by_loader + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316627: JViewport Test headless failure + JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd does not inform about missing aggregate + JDK-8317283: jpackage tests run osx-specific checks on windows and linux + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8317808: HTTP/2 stream cancelImpl may leave subscriber registered + JDK-8317919: pthread_attr_init handle return value and destroy pthread_attr_t object + JDK-8319233: AArch64: Build failure with clang due to - Wformat-nonliteral warning + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320706: RuntimePackageTest.testUsrInstallDir test fails on Linux + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with "OutOfMemoryError: GC overhead limit exceeded" + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because "" is null' + JDK-8322983: Virtual Threads: exclude 2 tests + JDK-8324672: Update jdk/java/time/tck/java/time/ /TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8324838: test_nmt_locationprinting.cpp broken in the gcc windows build + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes "monitor end should be strictly below the frame ... changelog too long, skipping 347 lines ... + rediff ==== libedit ==== Version update (20210910.3.1 -> 20250104.3.1) - update to 20250104: * all: sync with upstream source * doc/Makefile.am: fix regression. Name all manpage links as el_* (e.g. el_history.3) to avoid conflicts. * src/chartype.c: Add missing stdint.h * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * src/sys.h: Add __sun guard around sys/types.h in sys.h - drop libedit-20180525-manpage-conflicts.patch and libedit-hidden-symbols.patch: upstreamed - no need for autoreconf and it's BuildRequires: ==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-x86-64-v3 - Differentiate use of SHA1 in the service level indicator [jsc#PED-12227] * Include upstream SLI revamp and fips certification fixes * Add patches: - libgcrypt-fips-Introduce-an-internal-API-for-FIPS-service-indicator.patch - libgcrypt-fips-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch - libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_hash_.patch - libgcrypt-fips-tests-Add-t-digest.patch - libgcrypt-fips-Change-the-internal-API-for-new-FIPS-service-indicator.patch - libgcrypt-fips-md-Implement-new-FIPS-service-indicator-for-gcry_md_open-API.patch - libgcrypt-fips-tests-Add-tests-for-md_open-write-read-close-for-t-digest.patch - libgcrypt-fips-mac-Implement-new-FIPS-service-indicator-for-gcry_mac_open.patch - libgcrypt-fips-cipher-Implement-new-FIPS-service-indicator-for-cipher_open.patch - libgcrypt-tests-fips-Add-gcry_mac_open-tests.patch - libgcrypt-tests-fips-Rename-t-fips-service-ind.patch - libgcrypt-tests-fips-Move-KDF-tests-to-t-fips-service-ind.patch - libgcrypt-tests-fips-Add-gcry_cipher_open-tests.patch - libgcrypt-fips-md-gcry_md_copy-should-care-about-FIPS-service-indicator.patch - libgcrypt-fips-cipher-Implement-FIPS-service-indicator-for-gcry_pk_hash_-API.patch - libgcrypt-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch - libgcrypt-Fix-the-previous-change.patch - libgcrypt-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-by-open-flags.patch - libgcrypt-fips-cipher-Add-behavior-not-to-reject-but-mark-non-compliant.patch - libgcrypt-fips-ecc-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch - libgcrypt-tests-Add-more-tests-to-tests-t-fips-service-ind.patch - libgcrypt-fips-ecc-Check-DATA-in-gcry_pk_sign-verify-in-FIPS-mode.patch - libgcrypt-fips-cipher-Fix-memory-leak-for-gcry_pk_hash_sign.patch - libgcrypt-build-Improve-__thread-specifier-check.patch - libgcrypt-cipher-Check-and-mark-non-compliant-cipher-modes-in-the-SLI.patch - libgcrypt-cipher-Rename-_gcry_cipher_is_mode_fips_compliant.patch - libgcrypt-cipher-Don-t-differentiate-GCRY_CIPHER_MODE_CMAC-in-FIPS-mode.patch - libgcrypt-cipher-rsa-Mark-reject-SHA1-unknown-with-RSA-signature-generation.patch - libgcrypt-md-Fix-gcry_md_algo_info-to-mark-reject-under-FIPS-mode.patch - libgcrypt-md-Use-check_digest_algo_spec-in-_gcry_md_selftest.patch - libgcrypt-tests-Update-t-fips-service-ind-using-GCRY_MD_SHA256-for-KDF-tests.patch - libgcrypt-fips-cipher-Do-the-computation-when-marking-non-compliant.patch - libgcrypt-tests-Allow-tests-with-USE_RSA.patch - libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch - libgcrypt-cipher-Differentiate-use-of-label-K-in-the-SLI.patch - libgcrypt-cipher-Differentiate-igninvflag-in-the-SLI.patch - libgcrypt-cipher-Differentiate-no-blinding-flag-in-the-SLI.patch - libgcrypt-fips-cipher-Add-GCRY_FIPS_FLAG_REJECT_PK_FLAGS.patch - libgcrypt-cipher-ecc-Fix-for-supplied-K.patch - libgcrypt-cipher-visibility-Differentiate-use-of-random-override-in-the-SLI.patch - libgcrypt-cipher-fips-Fix-for-random-override.patch - libgcrypt-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch - libgcrypt-fips-Fix-GCRY_FIPS_FLAG_REJECT_MD.patch - libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch - libgcrypt-doc-Fix-syntax-error.patch * Rebase patches: - libgcrypt-FIPS-SLI-kdf-leylength.patch ==== libraw ==== Version update (0.21.3 -> 0.21.4) - version update to 0.21.4 * additional checks in PhaseOne correction tag 0x412 processing * Do not apply canon metadata crop to DNG files * Make sure the profile_length is the same size as the allocated memory. * fix: remove duplicated supported camera * check split_col/split_row values in phase_one_correct * Prevent out-of-bounds read in fuji 0xf00c tag parser * prevent OOB reads in phase_one_correct - modified sources % baselibs.conf - fixes: * CVE-2025-43964 [bsc#1241584] * CVE-2025-43962 [bsc#1241585] * CVE-2025-43961 [bsc#1241643] * CVE-2025-43963 [bsc#1241642] ==== nghttp2 ==== Version update (1.64.0 -> 1.65.0) - version update to 1.65.0 * Change clang-format options by @tatsuhiro-t in #2240 * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243 * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244 * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245 * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248 * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252 * fix race condition on h1 connection close by @TuxInvader in #2249 * Gha ubuntu 24.04 by @tatsuhiro-t in #2254 * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255 * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256 * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258 * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259 * Remove extra semicolons by @tatsuhiro-t in #2260 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261 * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262 * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263 * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264 * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265 ==== openSUSE-release ==== Version update (20250423 -> 20250424) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== postfix ==== Version update (3.10.1 -> 3.10.2) - update to 3.10.2 * Bugfix (defect introduced: date 19991116): when appending a setting to a main.cf or master.cf file that did not end in a newline character, the "postconf -e" command did not add an extra newline character before appending the new setting, causing information to become garbled. * Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not attempt to create a new connection after an I/O error on an existing connection. * Improved and corrected error messages when converting (host or service) information to (symbolic text, numerical text, or binary) form. * Documentation: updated link to Dovecot documentation. ==== python-hyperframe ==== Version update (6.0.1 -> 6.1.0) Subpackages: python311-hyperframe python313-hyperframe - Update to 6.1.0 * API Changes (Backward Incompatible) * Support for Python 3.6 has been removed. * Support for Python 3.7 has been removed. * Support for Python 3.8 has been removed. * API Changes (Backward Compatible) * Support for Python 3.10 has been added. * Support for Python 3.11 has been added. * Support for Python 3.12 has been added. * Support for Python 3.13 has been added. * Updated packaging and testing infrastructure. * Code cleanup and linting. * Improved type hints. ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Update to 3.11.12: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing. - gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError. - gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. - gh-106883: Disable GC during the _PyThread_CurrentFrames() and _PyThread_CurrentExceptions() calls to avoid the interpreter to deadlock. - Remove upstreamed patch: - CVE-2025-0938-sq-brackets-domain-names.patch - Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch which makes test_ssl not to stop ThreadedEchoServer on OSError, which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, gh#python/cpython!126572) ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Update to 3.11.12: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing. - gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError. - gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. - gh-106883: Disable GC during the _PyThread_CurrentFrames() and _PyThread_CurrentExceptions() calls to avoid the interpreter to deadlock. - Remove upstreamed patch: - CVE-2025-0938-sq-brackets-domain-names.patch - Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch which makes test_ssl not to stop ThreadedEchoServer on OSError, which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, gh#python/cpython!126572) ==== sdbootutil ==== Version update (1+git20250421.7ffd25a -> 1+git20250423.61ca94f) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper - Update to version 1+git20250423.61ca94f: * Revert "Use filesystem order in grub2-bls" (bsc#1241046) - Update to version 1+git20250423.7e34390: * Check if TPM2 is in lockout (bsc#1241168) * Retry password when mismatch