Packages changed: MicroOS-release (20251006 -> 20251007) apparmor (4.1.1 -> 4.1.2) libapparmor (4.1.1 -> 4.1.2) mpg123 (1.33.2 -> 1.33.3) openjpeg2 (2.5.3 -> 2.5.4) selinux-policy (20250926 -> 20251006) === Details === ==== MicroOS-release ==== Version update (20251006 -> 20251007) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== apparmor ==== Version update (4.1.1 -> 4.1.2) - update to AppArmor 4.1.2 - several fixes (including boo#1246743) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - dovecot24.diff - xkeyboard.diff - add dovecot24-part2.diff: more dovecot 2.4 permissions (boo#1247470) ==== libapparmor ==== Version update (4.1.1 -> 4.1.2) - update to AppArmor 4.1.2 - several fixes (including boo#1246743) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - dovecot24.diff - xkeyboard.diff - add dovecot24-part2.diff: more dovecot 2.4 permissions (boo#1247470) ==== mpg123 ==== Version update (1.33.2 -> 1.33.3) - Update to version 1.33.3 libmpg123: * Consolidate and more consistently use .rodata switch in macro. ==== openjpeg2 ==== Version update (2.5.3 -> 2.5.4) - Update to 2.5.4: * No API/ABI break compared to v2.5.3 Bug fixes: * opj_jp2_read_header: Check for error after parsing header. #1573 * pkgconfig: drop unused libraries from Libs.private #1591 * Fix CMake warning: Compatibility with CMake < 3.10 will be removed #1580 * Fixed ICC profile copy failure on write #1574 ==== selinux-policy ==== Version update (20250926 -> 20251006) Subpackages: selinux-policy-targeted - Update to version 20251006: * Allow sshd_session_t write to wtmpdb * Support /usr/libexec/ssh as well as openssh folder * Set xenstored_use_store_type_domain boolean true(bsc#1247875) * Adjust guest and xguest users policy for sshd-session * Allow valkey-server create and use netlink_rdma_socket * Allow blueman get attributes of filesystems with extended attributes * Update files_search_base_file_types() * Allow geoclue get attributes of the /dev/shm filesystem * Allow apcupsd get attributes of the /dev/shm filesystem * Allow sshd-session read cockpit pid files * Allow nfs generator create and use netlink sockets * Conditionally allow virt guests to read certificates in user home directories * xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) * Allow nfs-generator create and use udp sockets * Allow kdump search kdumpctl_tmp_t directories * Allow init open and read user tmp files * Fix the systemd_logind_stream_connect() interface * Allow staff and sysadm execute iotop using sudo * Allow sudodomains connect to systemd-logind over a unix socket * /boot/efi is dosfs_t and kdump needs to access it (bsc#1249370) * Add default contexts for sshd-seesion * Define types for new openssh executables * Fix systemd_manage_unit_symlinks() interface definition * Support coreos installation methods * Add a new type for systemd-ssh-issue PID files * Allow gnome-remote-desktop connect to unreserved ports * Allow mdadm the CAP_SYS_PTRACE capability * Allow iptables manage its private fifo_files in /tmp * Allow auditd manage its private run dirs * Revert "Allow virt_domain write to virt_image_t files" - Syncing with upstream rawhide selinux-policy up to: * 415b33792f9ea17d816a9e2602cddf21c16e7255 - Update embedded container-selinux version to commit: * edfbda465d37deb2a831330a2c3c65b557e6dff5 (version 2.242.0)