Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240412
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apache2 (2.4.58 -> 2.4.59)
apache2-manual (2.4.58 -> 2.4.59)
apache2-prefork (2.4.58 -> 2.4.59)
apache2-utils (2.4.58 -> 2.4.59)
f2fs-tools (1.15.0 -> 1.16.0)
gnome-text-editor (46.0 -> 46.1)
gom (0.5.0 -> 0.5.1)
grep
gupnp
jack
kernel-source (6.8.4 -> 6.8.5)
lensfun
liblouis
miniupnpc (2.2.5 -> 2.2.6)
openSUSE-build-key
openSUSE-release (20240411 -> 20240412)
ovmf
pam (1.6.0 -> 1.6.1)
pam-config (2.11 -> 2.11+git.20240411)
pam-full-src (1.6.0 -> 1.6.1)
postfix
python-Pillow
update-alternatives (1.22.5 -> 1.22.6)
=== Details ===
==== apache2 ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan , Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
https://github.com/icing/mod_h2/issues/272.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov ]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-manual ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan , Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
https://github.com/icing/mod_h2/issues/272.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov ]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-prefork ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan , Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
https://github.com/icing/mod_h2/issues/272.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov ]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-utils ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan , Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
https://github.com/icing/mod_h2/issues/272.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov ]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== f2fs-tools ====
Version update (1.15.0 -> 1.16.0)
- update to 1.16.0:
* Various bug fixes in fsck and mkfs for zoned device support.
==== gnome-text-editor ====
Version update (46.0 -> 46.1)
Subpackages: gnome-text-editor-lang
- Update to version 46.1:
+ Remove DBusActicatable=true from the .desktop file to fix an
issue where you could spawn Text Editor via D-Bus and not have
the session restored at startup.
+ AppData fixes.
+ Updated translations.
- Drop data-desktop-disable-DBusActivatable.patch: fixed upstream.
==== gom ====
Version update (0.5.0 -> 0.5.1)
- Update to version 0.5.1:
+ Reduce object inflation overhead in GType system usage.
+ Avoid some allocations in hot paths.
+ Avoid hashtables for resourcegroup items.
+ Avoid use of weak pointers when unnecessary.
==== grep ====
Subpackages: grep-lang
- restore texinfo macros for SLE15
==== gupnp ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== jack ====
Subpackages: jack-dbus libjack0
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== kernel-source ====
Version update (6.8.4 -> 6.8.5)
- gcc-plugins/stackleak: Avoid .head.text section (git-fixes).
- commit 542f698
- Linux 6.8.5 (bsc#1012628).
- x86: set SPECTRE_BHI_ON as default (bsc#1012628).
- KVM: x86: Add BHI_NO (bsc#1012628).
- x86/bhi: Mitigate KVM by default (bsc#1012628).
- x86/bhi: Add BHI mitigation knob (bsc#1012628 bsc#1217339 CVE-2024-2201).
- Update config files (set SPECTRE_BHI_ON=y which is the default later).
- x86/bhi: Enumerate Branch History Injection (BHI) bug
(bsc#1012628).
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1012628).
- x86/bhi: Add support for clearing branch history at syscall
entry (bsc#1012628).
- x86/syscall: Don't force use of indirect calls for system calls
(bsc#1012628).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
(bsc#1012628).
- x86/efistub: Remap kernel text read-only before dropping NX
attribute (bsc#1012628).
- x86/sev: Move early startup code into .head.text section
(bsc#1012628).
- x86/sme: Move early SME kernel encryption handling into
.head.text (bsc#1012628).
- x86/boot: Move mem_encrypt= parsing to the decompressor
(bsc#1012628).
- efi/libstub: Add generic support for parsing mem_encrypt=
(bsc#1012628).
- bpf: support deferring bpf_link dealloc to after RCU grace
period (bsc#1012628).
- bpf: put uprobe link's path and task in release callback
(bsc#1012628).
- Revert "x86/mpparse: Register APIC address only once"
(bsc#1012628).
- drm/xe: Rework rebinding (bsc#1012628).
- drm/xe: Use ring ops TLB invalidation for rebinds (bsc#1012628).
- drm/i915/gt: Enable only one CCS for compute workload
(bsc#1012628).
- drm/i915/gt: Do not generate the command streamer for all the
CCS (bsc#1012628).
- drm/i915/gt: Disable HW load balancing for CCS (bsc#1012628).
- drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY
< 13 (bsc#1012628).
- drm/i915/mst: Reject FEC+MST on ICL (bsc#1012628).
- drm/i915/mst: Limit MST+DSC to TGL+ (bsc#1012628).
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1012628).
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1012628).
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1012628).
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1012628).
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_dump_full_key()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1012628).
- smb3: retrying on failed server close (bsc#1012628).
- smb: client: serialise cifs_construct_tcon() with
cifs_mount_mutex (bsc#1012628).
- smb: client: handle DFS tcons in cifs_construct_tcon()
(bsc#1012628).
- smb: client: refresh referral without acquiring refpath_lock
(bsc#1012628).
- smb: client: guarantee refcounted children from parent session
(bsc#1012628).
- smb: client: fix UAF in smb2_reconnect_server() (bsc#1012628).
- riscv: process: Fix kernel gp leakage (bsc#1012628).
- riscv: Fix spurious errors from __get/put_kernel_nofault
(bsc#1012628).
- s390/entry: align system call table on 8 bytes (bsc#1012628).
- selftests/mm: include strings.h for ffsl (bsc#1012628).
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
(bsc#1012628).
- arm64/ptrace: Use saved floating point state type to determine
SVE layout (bsc#1012628).
- riscv: Fix vector state restore in rt_sigreturn() (bsc#1012628).
- aio: Fix null ptr deref in aio_complete() wakeup (bsc#1012628).
- perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last
PEBS event (bsc#1012628).
- x86/coco: Require seeding RNG with RDRAND on CoCo systems
(bsc#1012628).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
(bsc#1012628).
- x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1012628).
- of: module: prevent NULL pointer dereference in vsnprintf()
(bsc#1012628).
- of: dynamic: Synchronize of_changeset_destroy() with the
devlink removals (bsc#1012628).
- driver core: Introduce device_link_wait_removal() (bsc#1012628).
- ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset
(bsc#1012628).
- ASoC: SOF: ipc4-pcm: Correct the delay calculation
(bsc#1012628).
... changelog too long, skipping 395 lines ...
- commit f362b5c
==== lensfun ====
Subpackages: lensfun-data liblensfun1
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== liblouis ====
Subpackages: liblouis-data liblouis20 python3-louis
- Run python tests in %check
==== miniupnpc ====
Version update (2.2.5 -> 2.2.6)
- update to 2.2.6:
* includes charset="utf-8" in Content-Type
* fix memory allocation error in minissdpc.c
* Make User-Agent compliant.
* add new binary listdevices => upnp-listdevices
- added %check section to run unit tests
==== openSUSE-build-key ====
- SLM 6.0 key (ALP / SLF1) RSA 4096 bit key
- gpg-pubkey-09d9ea69-645b99ce.asc
- 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit key
- gpg-pubkey-3fa1d6ce-63c9481c.asc
- SLM 6.0 key (ALP / SLF1) RSA 4096 bit reserve key
- gpg-pubkey-73f03759-626bd414.asc
- 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit reserve key
- gpg-pubkey-d588dc46-63c939db.asc
- obsoleted a incorrectly used DSA1024 key (used in Slowroll).
==== openSUSE-release ====
Version update (20240411 -> 20240412)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ovmf ====
Subpackages: qemu-ovmf-x86_64
- Add ovmf-EmbeddedPkg-Library-Support-SOURCE_DATE_EPOCH-in-Vir.patch
Support SOURCE_DATE_EPOCH in VirtualRealTimeClockLib for reproducible.
(bsc#1217704)
==== pam ====
Version update (1.6.0 -> 1.6.1)
Subpackages: pam-32bit
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
==== pam-config ====
Version update (2.11 -> 2.11+git.20240411)
- Update to version 2.11+git.20240411:
* Configure Himmelblau correctly w/ other services present
* Configure other services correctly w/ Himmelblau present
* Himmelblau session is only optional
==== pam-full-src ====
Version update (1.6.0 -> 1.6.1)
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
==== postfix ====
- Move qshape(1) out of -doc, install it as a binary with the main package
==== python-Pillow ====
- Reenable tests for s390x and ppc, bsc#1222553
gh#python-pillow/Pillow#1204
==== update-alternatives ====
Version update (1.22.5 -> 1.22.6)
- Update to version 1.22.6.
The changelog for this version isn't very large, so it's provided in full:
* dpkg-deb: Fix up compressor parameters for default legacy format.
* Perl modules:
- Dpkg::Vendor::Debian: Make it possible to disable qa=-bug-implicit-func.
- Dpkg::Vendor::Debian: Unconditionally set qa bug-implicit-func.
* Documentation:
- man: Document dpkg versions supporting SOURCE_DATE_EPOCH for various
tools.
* Code internals:
- libdpkg: Use array access instead of pointer arithmetic for meminfo
parser.
- libdpkg: Use a macro to define the zstd default compression level.
* Build system:
- Test with minimal library dependencies in CI.
- Add gen-release script.
* Packaging:
- Fix typo in man page reference in changelog.
* Test suite:
- Refactor OpenPGP backend and commands list.
- Refactor certfile and keyfile filenames for OpenPGP test.
- Skip OpenPGP tests if the backend does not have a verify command.
* Localization:
- Fix typos in Swedish man pages translations.
- Fix typos in Swedish man pages translations.
- Update Dutch man pages translations.
- Update Portuguese man pages translations.
- Update German man pages translation.