Packages changed: MicroOS-release (20250917 -> 20250918) cups (2.4.12 -> 2.4.14) libjpeg-turbo openssl-3 (3.5.2 -> 3.5.3) openssl (3.5.2 -> 3.5.3) sdbootutil (1+git20250909.8b2878e -> 1+git20250917.7aab076) systemd === Details === ==== MicroOS-release ==== Version update (20250917 -> 20250918) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cups ==== Version update (2.4.12 -> 2.4.14) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.14: See https://github.com/openprinting/cups/releases The hotfix release brings fix for installation process of localized templates and CUPS web UI home pages. - Version upgrade to 2.4.13: See https://github.com/openprinting/cups/releases The release 2.4.13 brings two CVE fixes fix for important CVE-2025-58060 "Authentication bypass with AuthType Negotiate" (bsc#1249049) and fix for moderate CVE-2025-58364 "Remote DoS via null dereference" (bsc#1249128) together with several bug fixes. The release includes a new feature - new attribute for printer and job objects - print-as-raster - which allows enforce rasterization of the file for IPP Everywhere/AirPrint printers, which supports PDF and raster document formats. The feature is useful for working around internal PDF issues in the printer firmware, for example missing diacritic when printing a PDF. Detailed list (from CHANGES.md): * Blocked authentication using alternate methods in cupsd (CVE-2025-58060) * Fixed extension tag handling in 'ipp_read_io()' in libcups (CVE-2025-58364) * Added 'print-as-raster' printer and job attributes for forcing rasterization (Issue #1282) * Updated documentation (Issue #1086) * Updated IPP backend to try a sanitized user name if the printer/server does not like the value (Issue #1145) * Updated the scheduler to send the "printer-added" or "printer-modified" events whenever an IPP Everywhere PPD is installed (Issue #1244) * Updated the scheduler to send the "printer-modified" event whenever the system default printer is changed (Issue #1246) * Fixed a memory leak in 'httpClose' (Issue #1223) * Fixed missing commas in 'ippCreateRequestedArray' (Issue #1234) * Fixed subscription issues in the scheduler and D-Bus notifier (Issue #1235) * Fixed media-default reporting for custom sizes (Issue #1238) * Fixed support for IPP/PPD options with periods or underscores (Issue #1249) * Fixed parsing of real numbers in PPD compiler source files (Issue #1263) * Fixed scheduler freezing with zombie clients (Issue #1264) * Fixed support for the server name in the ErrorLog filename (Issue #1277) * Fixed job cleanup after daemon restart (Issue #1315) * Fixed handling of buggy DYMO USB printer serial numbers (Issue #1338) * Fixed unreachable block in IPP backend (Issue #1351) * Fixed memory leak in _cupsConvertOptions (Issue #1354) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.14 ==== libjpeg-turbo ==== - version update to 3.1.2 * The libjpeg-turbo source tree has been reorganized. * cjpeg no longer allows GIF input files to be converted into 12-bit-per-sample JPEG files. * Added support for lossless JPEG images with 2 to 15 bits per sample to the libjpeg and TurboJPEG APIs. * All deprecated constants and methods in the TurboJPEG Java API have been removed. * TJBench command-line arguments are now more consistent with those of cjpeg, djpeg, and jpegtran. * Added a new TJBench option (-pixelformat gray) that can be used to test the performance of compressing/decompressing a grayscale JPEG image from/to a packed-pixel grayscale image. * Fixed an issue whereby, if TJPARAM_NOREALLOC was set, TurboJPEG compression and lossless transformation functions ignored the JPEG buffer size(s) passed to them and assumed that the JPEG buffer(s) had been allocated to a worst-case size returned by tj3JPEGBufSize(). * The TurboJPEG C and Java APIs have been improved. * TJExample has been replaced with three programs (TJComp, TJDecomp, and TJTran) that demonstrate how to approximate the functionality of cjpeg, djpeg, and jpegtran using the TurboJPEG C and Java APIs. - modified patches * libjpeg-turbo-1.3.0-tiff-ojpeg.patch (refreshed) ==== openssl-3 ==== Version update (3.5.2 -> 3.5.3) Subpackages: libopenssl3 - Update to 3.5.3: * Added FIPS 140-3 PCT on DH key generation. * Fixed the synthesised OPENSSL_VERSION_NUMBER. - Rebase patches: * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch * openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch * openssl-FIPS-limit-rsa-encrypt.patch ==== openssl ==== Version update (3.5.2 -> 3.5.3) - Update to 3.5.3 ==== sdbootutil ==== Version update (1+git20250909.8b2878e -> 1+git20250917.7aab076) Subpackages: sdbootutil-dracut-measure-pcr sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20250917.7aab076: * Revert "PCR#15 workaround for LVM devices" * measure-pcr-generator: escape the device name * Fix boot_root for systemd 258 ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Move systemd-pcrlock out from the experimental sub-package to udev (bsc#1248261) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Sign aarch64 and riscv systemd-boot EFI binaries (bsc#1247474)