Packages changed: MicroOS-release (20250205 -> 20250206) apparmor distribution-logos-openSUSE (20241022 -> 20250203) krb5 libapparmor python-cryptography (43.0.3 -> 44.0.0) sssd (2.10.1 -> 2.10.2) tiff === Details === ==== MicroOS-release ==== Version update (20250205 -> 20250206) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add python313.patch to fix build with python 3.13 ==== distribution-logos-openSUSE ==== Version update (20241022 -> 20250203) Subpackages: distribution-logos-openSUSE-MicroOS distribution-logos-openSUSE-icons - Update to version 20250203: * Kalpa: Add Distribution Logos ==== krb5 ==== - Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; (CVE-2025-24528); (bsc#1236619). - Add patch 0010-CVE-2025-24528.patch ==== libapparmor ==== - add python313.patch to fix build with python 3.13 ==== python-cryptography ==== Version update (43.0.3 -> 44.0.0) - Update to version 44.0.0: * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9. * Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0. * macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves. * Enforce the RFC 5280 requirement that extended key usage extensions must not be empty. * Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class. * Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by RFC 5280 but forbidden by the CA/Browser BRs. * Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using OpenSSL 3.2.0+. * Added support for the :class:`~cryptography.x509.Admissions` certificate extension. * Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`, :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`. - Update specfile to accommodate new project structure at version 44.0.0 - Update no-pytest_benchmark.patch ==== sssd ==== Version update (2.10.1 -> 2.10.2) Subpackages: libsss_certmap0 libsss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.10.2 * If the ssh responder is not running, sss_ssh_knownhosts will not fail (but it will not return the keys). * SSSD is now capable of handling multiple services associated with the same port. * sssd_pam, being a privileged binary, now clears the environment and does not allow configuration of the PR_SET_DUMPABLE flag as a precaution. ==== tiff ==== - Update test/test_directory.c not to fail on big-endian machines. * Add tiff-4.7.0-test_directory.patch Fix memory leaks (fixes issue #652) * Resolves bsc#1236834 fix build fail on s390x