Packages changed: checkpolicy (3.5 -> 3.6) glibc libselinux (3.5 -> 3.6) libselinux-bindings (3.5 -> 3.6) libsemanage (3.5 -> 3.6) libsepol (3.5 -> 3.6) netcfg policycoreutils (3.5 -> 3.6) python-authheaders python-netaddr (0.9.0 -> 0.10.1) python-semanage (3.5 -> 3.6) python311 (3.11.6 -> 3.11.7) python311-core (3.11.6 -> 3.11.7) update-alternatives (1.22.1 -> 1.22.2) === Details === ==== checkpolicy ==== Version update (3.5 -> 3.6) - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * checkpolicy: Add the command line argument -N, --disable-neverallow * dispol: add option to display users, drop duplicate option to display booleans, show number of entries before listing them * dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies * dispol: add options: --actions ACTIONS, --help * dismod: add options: --actions ACTIONS, --help * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== glibc ==== Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is expected to exist (BZ #30789) - ldconfig-process-elf-file.patch: elf: Fix wrong break removal from 8ee878592c - tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment (BZ #29039) - getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - libio-wdo-write.patch: libio: Check remaining buffer size in _IO_wdo_write (BZ #31183) ==== libselinux ==== Version update (3.5 -> 3.6) Subpackages: libselinux1 libselinux1-32bit selinux-tools - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * libselinux: performance optimization for duplicate detection * Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== libselinux-bindings ==== Version update (3.5 -> 3.6) - The PEP517 python build requires setuptools - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * libselinux: performance optimization for duplicate detection * Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== libsemanage ==== Version update (3.5 -> 3.6) Subpackages: libsemanage-conf libsemanage-migrate-store libsemanage2 - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== libsepol ==== Version update (3.5 -> 3.6) - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * struct cond_expr_t bool renamed to boolean The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== netcfg ==== - Add krb-prop entry, fix for bsc#1211886. ==== policycoreutils ==== Version update (3.5 -> 3.6) Subpackages: policycoreutils-lang policycoreutils-python-utils python3-policycoreutils - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach - Remove reproducible-build.patch since it is upstream now - Fix issues in get_os_version.patch ==== python-authheaders ==== - Fix importing resources * Added authheaders-importlib-resources.patch ==== python-netaddr ==== Version update (0.9.0 -> 0.10.1) - update to 0.10.1: * Get rid of some warnings * Add an :data:`INET_ATON` flag to explicitly request ``inet_aton()`` IPv4 parsing semantics from :class:`IPAddress`. * Add an :meth:`IPAddress.is_ipv4_private_use` convenience method. * Add an :meth:`IPAddress.is_global` convenience method to allow determining if an address is considered globally reachable. * Add an :meth:`IPAddress.is_ipv6_unique_local` convenience method. * Improve Python 3.13 compatibility, thank you John Eckersberg. * Deprecate Python 3.7 support. * Deprecate abbreviated CIDR format support in :class:`IPNetwork` * Deprecate accepting leading zeros when parsing IPv4 addresses in :data:`INET_PTON` mode (it's been allowed on some platforms). If you need to allow and discard leading zeros use the :data:`ZEROFILL` flag. * Raise an exception if invalid flags are passed to ``IPAddress``, ``IPNetwork`` or ``IPRange``. * Improve the documentation substantially. * Update the DB files to the latest versions (2023-12-23). ==== python-semanage ==== Version update (3.5 -> 3.6) - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach ==== python311 ==== Version update (3.11.6 -> 3.11.7) Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Update patch fix_configure_rst.patch - Update to 3.11.7: - Core and Builtins - gh-112625: Fixes a bug where a bytearray object could be cleared while iterating over an argument in the bytearray.join() method that could result in reading memory after it was freed. - gh-112388: Fix an error that was causing the parser to try to overwrite tokenizer errors. Patch by pablo Galindo - gh-112387: Fix error positions for decoded strings with backwards tokenize errors. Patch by Pablo Galindo - gh-112266: Change docstrings of __dict__ and __weakref__. - gh-109181: Speed up Traceback object creation by lazily compute the line number. Patch by Pablo Galindo - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds - gh-111366: Fix an issue in the codeop that was causing SyntaxError exceptions raised in the presence of invalid syntax to not contain precise error messages. Patch by Pablo Galindo - gh-111380: Fix a bug that was causing SyntaxWarning to appear twice when parsing if invalid syntax is encountered later. Patch by Pablo galindo - gh-88116: Traceback location ranges involving wide unicode characters (like emoji and asian characters) now are properly highlighted. Patch by Batuhan Taskaya and Pablo Galindo. - gh-94438: Fix a regression that prevented jumping across is None and is not None when debugging. Patch by Savannah Ostrowski. - gh-110696: Fix incorrect error message for invalid argument unpacking. Patch by Pablo Galindo - gh-110237: Fix missing error checks for calls to PyList_Append in _PyEval_MatchClass. - gh-109216: Fix possible memory leak in BUILD_MAP. - Library - gh-112618: Fix a caching bug relating to typing.Annotated. Annotated[str, True] is no longer identical to Annotated[str, 1]. - gh-112509: Fix edge cases that could cause a key to be present in both the __required_keys__ and __optional_keys__ attributes of a typing.TypedDict. Patch by Jelle Zijlstra. - gh-94722: Fix bug where comparison between instances of DocTest fails if one of them has None as its lineno. - gh-112105: Make readline.set_completer_delims() work with libedit - gh-111942: Fix SystemError in the TextIOWrapper constructor with non-encodable “errors” argument in non-debug mode. - gh-109538: Issue warning message instead of having RuntimeError be displayed when event loop has already been closed at StreamWriter.__del__(). - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when pass invalid arguments, e.g. non-string encoding. - gh-111804: Remove posix.fallocate() under WASI as the underlying posix_fallocate() is not available in WASI preview2. - gh-111841: Fix truncating arguments on an embedded null character in os.putenv() and os.unsetenv() on Windows. - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. - gh-110894: Call loop exception handler for exceptions in client_connected_cb of asyncio.start_server() so that applications can handle it. Patch by Kumar Aditya. - gh-111531: Fix reference leaks in bind_class() and bind_all() methods of tkinter widgets. - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and io.IncrementalNewlineDecoder to io.__all__. - gh-68166: Remove mention of not supported “vsapi” element type in tkinter.ttk.Style.element_create(). Add tests for element_create() and other ttk.Style methods. Add examples for element_create() in the documentation. - gh-111251: Fix _blake2 not checking for errors when initializing. - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly for empty BytesIO. - gh-111187: Postpone removal version for locale.getdefaultlocale() to Python 3.15. - gh-111159: Fix doctest output comparison for exceptions with notes. - gh-110910: Fix invalid state handling in asyncio.TaskGroup and asyncio.Timeout. They now raise proper RuntimeError if they are improperly used and are left in consistent state after this. - gh-111092: Make turtledemo run without default root enabled. - gh-110590: Fix a bug in _sre.compile() where TypeError would be overwritten by OverflowError when the code argument was a list of non-ints. - gh-65052: Prevent pdb from crashing when trying to display undisplayable objects - gh-110519: Deprecation warning about non-integer number in gettext now alwais refers to the line in the user code where gettext function or method is used. Previously it could refer to a line in gettext code. - gh-110378: contextmanager() and asynccontextmanager() context managers now close an invalid underlying generator object that yields more then one value. - gh-110365: Fix termios.tcsetattr() bug that was overwritting existing errors during parsing integers from term list. - gh-110196: Add __reduce__ method to IPv6Address in order to keep scope_id - gh-109747: Improve errors for unsupported look-behind patterns. Now re.error is raised instead of OverflowError or RuntimeError for too large width of look-behind pattern. - gh-109786: Fix possible reference leaks and crash when re-enter the __next__() method of itertools.pairwise. - gh-108791: Improved error handling in pdb command line ... changelog too long, skipping 87 lines ... raise SystemError if these attributes have wrong type. ==== python311-core ==== Version update (3.11.6 -> 3.11.7) Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Update patch fix_configure_rst.patch - Update to 3.11.7: - Core and Builtins - gh-112625: Fixes a bug where a bytearray object could be cleared while iterating over an argument in the bytearray.join() method that could result in reading memory after it was freed. - gh-112388: Fix an error that was causing the parser to try to overwrite tokenizer errors. Patch by pablo Galindo - gh-112387: Fix error positions for decoded strings with backwards tokenize errors. Patch by Pablo Galindo - gh-112266: Change docstrings of __dict__ and __weakref__. - gh-109181: Speed up Traceback object creation by lazily compute the line number. Patch by Pablo Galindo - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds - gh-111366: Fix an issue in the codeop that was causing SyntaxError exceptions raised in the presence of invalid syntax to not contain precise error messages. Patch by Pablo Galindo - gh-111380: Fix a bug that was causing SyntaxWarning to appear twice when parsing if invalid syntax is encountered later. Patch by Pablo galindo - gh-88116: Traceback location ranges involving wide unicode characters (like emoji and asian characters) now are properly highlighted. Patch by Batuhan Taskaya and Pablo Galindo. - gh-94438: Fix a regression that prevented jumping across is None and is not None when debugging. Patch by Savannah Ostrowski. - gh-110696: Fix incorrect error message for invalid argument unpacking. Patch by Pablo Galindo - gh-110237: Fix missing error checks for calls to PyList_Append in _PyEval_MatchClass. - gh-109216: Fix possible memory leak in BUILD_MAP. - Library - gh-112618: Fix a caching bug relating to typing.Annotated. Annotated[str, True] is no longer identical to Annotated[str, 1]. - gh-112509: Fix edge cases that could cause a key to be present in both the __required_keys__ and __optional_keys__ attributes of a typing.TypedDict. Patch by Jelle Zijlstra. - gh-94722: Fix bug where comparison between instances of DocTest fails if one of them has None as its lineno. - gh-112105: Make readline.set_completer_delims() work with libedit - gh-111942: Fix SystemError in the TextIOWrapper constructor with non-encodable “errors” argument in non-debug mode. - gh-109538: Issue warning message instead of having RuntimeError be displayed when event loop has already been closed at StreamWriter.__del__(). - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when pass invalid arguments, e.g. non-string encoding. - gh-111804: Remove posix.fallocate() under WASI as the underlying posix_fallocate() is not available in WASI preview2. - gh-111841: Fix truncating arguments on an embedded null character in os.putenv() and os.unsetenv() on Windows. - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. - gh-110894: Call loop exception handler for exceptions in client_connected_cb of asyncio.start_server() so that applications can handle it. Patch by Kumar Aditya. - gh-111531: Fix reference leaks in bind_class() and bind_all() methods of tkinter widgets. - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and io.IncrementalNewlineDecoder to io.__all__. - gh-68166: Remove mention of not supported “vsapi” element type in tkinter.ttk.Style.element_create(). Add tests for element_create() and other ttk.Style methods. Add examples for element_create() in the documentation. - gh-111251: Fix _blake2 not checking for errors when initializing. - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly for empty BytesIO. - gh-111187: Postpone removal version for locale.getdefaultlocale() to Python 3.15. - gh-111159: Fix doctest output comparison for exceptions with notes. - gh-110910: Fix invalid state handling in asyncio.TaskGroup and asyncio.Timeout. They now raise proper RuntimeError if they are improperly used and are left in consistent state after this. - gh-111092: Make turtledemo run without default root enabled. - gh-110590: Fix a bug in _sre.compile() where TypeError would be overwritten by OverflowError when the code argument was a list of non-ints. - gh-65052: Prevent pdb from crashing when trying to display undisplayable objects - gh-110519: Deprecation warning about non-integer number in gettext now alwais refers to the line in the user code where gettext function or method is used. Previously it could refer to a line in gettext code. - gh-110378: contextmanager() and asynccontextmanager() context managers now close an invalid underlying generator object that yields more then one value. - gh-110365: Fix termios.tcsetattr() bug that was overwritting existing errors during parsing integers from term list. - gh-110196: Add __reduce__ method to IPv6Address in order to keep scope_id - gh-109747: Improve errors for unsupported look-behind patterns. Now re.error is raised instead of OverflowError or RuntimeError for too large width of look-behind pattern. - gh-109786: Fix possible reference leaks and crash when re-enter the __next__() method of itertools.pairwise. - gh-108791: Improved error handling in pdb command line ... changelog too long, skipping 87 lines ... raise SystemError if these attributes have wrong type. ==== update-alternatives ==== Version update (1.22.1 -> 1.22.2) - Update to version 1.22.2. The full changelog is very large. Please check it here: https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/debian/changelog?h=1.22.2