SUSE-IU-2026:2647-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container

[sle-container-updates at lists.suse.com]

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:2647-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.134 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 7.134
Severity          : moderate
Type              : recommended
References        : 1259963 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 648
Released:    Tue Mar 31 11:46:01 2026
Summary:     Recommended update for rust-keylime
Type:        recommended
Severity:    moderate
References:  1259963
This update for rust-keylime fixes the following issues:

- Suggests only the IMA policy package, and keep it as example (bsc#1259963)
- Add a patch to re-generate TSS bindings
- Update to version 0.2.9+8:
    * build(deps):
        + bump thiserror from 2.0.17 to 2.0.18
        + bump docker/login-action from 3 to 4
        + bump docker/metadata-action from 5 to 6
        + bump docker/build-push-action from 6 to 7
        + bump actions/upload-artifact from 6 to 7
        + bump mockoon/cli-action from 2 to 3
        + bump http from 1.3.1 to 1.4.0
        + bump serde from 1.0.219 to 1.0.228
        + bump clap from 4.5.45 to 4.5.54
        + bump actix-web from 4.11.0 to 4.12.1
    * Remove generate-bindings feature from tss-esapi
    * Use port constants instead of hardcoded values in tests
    * push-attestation:
        + use registrar TLS port when TLS is enabled
        + drop support for mTLS to registrar
        + drop mTLS support and require PoP authentication
        + drop self-signed mTLS certificate generation
    * dist: Make the services to conflict with each other
    * cargo:
        + bump tracing_subscriber to version 0.3.20
        + bump time to version 0.3.47
    * Update reqwest from 0.12 to 0.13
    * auth:
        + load CA certificate in authentication client
        + reuse existing ContextInfo to avoid duplicate TPM objects
    * packit: add missing e2e tests
    * registrar: rename insecure option to disable_tls
    * config:
        + add missing config options to keylime-agent.conf
        + add support for 'default' in registrar_api_versions option
        + add support for 'default' in registrar_tls_ca_cert option
        + drop unused config options and constants
  * resilient_client: reauthenticate if a 403 error is received


The following package changes have been done:

- libfreebl3-3.112.5-160000.1.1 updated
- mozilla-nss-certs-3.112.5-160000.1.1 updated
- mozilla-nss-3.112.5-160000.1.1 updated
- libsoftokn3-3.112.5-160000.1.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-fd00978474d4d1aa32857d6e9d0894bd2517f8aad2e47a672fe1376ad19dd139-0 updated