Packages changed: ed (1.19 -> 1.20) kernel-source (6.6.11 -> 6.7.1) ncurses (6.4.20240113 -> 6.4.20240120) pam (1.5.3 -> 1.6.0) pam-full-src (1.5.3 -> 1.6.0) python-kiwi (9.25.22 -> 9.25.19) === Details === ==== ed ==== Version update (1.19 -> 1.20) - update to 1.20: * New command-line options for jumping to a line number or match * Improved handling of file names containing control characters * Tweak workflow for fewer 'buffer modified' warnings * Tilde expansion is now performed on file names * Warn on modifying a buffer from a read-only file * Create missing intermediate directories when writing to a file * Documentation updates - drop obsolete makeinfo marcos ==== kernel-source ==== Version update (6.6.11 -> 6.7.1) - Linux 6.7.1 (bsc#1012628). - mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (bsc#1012628). - docs: kernel_feat.py: fix potential command injection (bsc#1012628). - scripts/decode_stacktrace.sh: optionally use LLVM utilities (bsc#1012628). - coresight: etm4x: Fix width of CCITMIN field (bsc#1012628). - PCI: Add ACS quirk for more Zhaoxin Root Ports (bsc#1012628). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (bsc#1012628). - parport: parport_serial: Add Brainboxes device IDs and geometry (bsc#1012628). - parport: parport_serial: Add Brainboxes BAR details (bsc#1012628). - uio: Fix use-after-free in uio_open (bsc#1012628). - binder: fix comment on binder_alloc_new_buf() return value (bsc#1012628). - binder: fix trivial typo of binder_free_buf_locked() (bsc#1012628). - binder: fix use-after-free in shinker's callback (bsc#1012628). - binder: use EPOLLERR from eventpoll.h (bsc#1012628). - Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (bsc#1012628). - ksmbd: free ppace array on error in parse_dacl (bsc#1012628). - ksmbd: don't allow O_TRUNC open on read-only share (bsc#1012628). - drm/amd/display: Pass pwrseq inst for backlight and ABM (bsc#1012628). - bus: moxtet: Add spi device table (bsc#1012628). - bus: moxtet: Mark the irq as shared (bsc#1012628). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (bsc#1012628). - ALSA: hda: cs35l41: Support more HP models without _DSD (bsc#1012628). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (bsc#1012628). - ALSA: hda/realtek: enable SND_PCI_QUIRK for Lenovo Legion Slim 7 Gen 8 (2023) serie (bsc#1012628). - ALSA: hda: Add driver properties for cs35l41 for Lenovo Legion Slim 7 Gen 8 serie (bsc#1012628). - ALSA: hda: cs35l41: Prevent firmware load if SPI speed too low (bsc#1012628). - ALSA: hda: cs35l41: Support additional Dell models without _DSD (bsc#1012628). - ALSA: hda/realtek: Add quirks for Dell models (bsc#1012628). - f2fs: explicitly null-terminate the xattr list (bsc#1012628). - commit b2e8ed6 - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (fix build and make it faster). - Delete patches.rpmify/Revert-minmax-allow-comparisons-of-int-against-unsig.patch. - Delete patches.rpmify/Revert-minmax-allow-min-max-clamp-if-the-arguments-h.patch. - Delete patches.rpmify/Revert-minmax-fix-indentation-of-__cmp_once-and-__cl.patch. - Delete patches.rpmify/Revert-minmax-relax-check-to-allow-comparison-betwee.patch. Replace the reverts by an upstream workaround. - commit 9bff21f - mm: huge_memory: don't force huge page alignment on 32 bit (bsc#1218841). - Delete patches.suse/Revert-mm-align-larger-anonymous-mappings-on-THP-bou.patch. Replace the revert by an upstream fix. - commit d54abef - Update patches.suse/futex-Avoid-reusing-outdated-pi_state.patch (bsc#1218801). Update to v2. - commit eeba83a - Revert "mm: align larger anonymous mappings on THP boundaries" (bsc#1218841). - commit 69537e9 - futex: Avoid reusing outdated pi_state (bsc#1218841). - commit 9859079 ==== ncurses ==== Version update (6.4.20240113 -> 6.4.20240120) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240120 + improve formatting/style of manpages (patches by Branden Robinson). + amend discussion of aliases in tput.1 + use ansi+sgrbold, ansi+sgrdim, ansi+sgrso, ansi+sgrul, ansi+tabs ecma+color, ecma+sgr, vt100+4bsd, vt100+pfkeys, vt220+pcedit xterm+256color, xterm+acs, xterm+nopcfkeys, xterm+pcf2 to trim -TD + modify configure scripts/makefiles to omit KEY_RESIZE if the corresponding SIGWINCH feature is disabled. ==== pam ==== Version update (1.5.3 -> 1.6.0) Subpackages: pam-32bit - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of '\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \r and \n exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. - pam_unix: implemented string to number conversions validation. - pam_unix: fixed truncation of very long user names. - pam_unix: corrected rounds retrieval for configured encryption method. - pam_unix: implemented reliable usernames handling when remembering passwords. - pam_unix: changed to always run the helper to obtain shadow password entries. - pam_unix: unix_update helper binary is now built only if SELinux support is enabled. - pam_unix: added audit support to unix_update helper. - pam_userdb: added gdbm support. - Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. - The following patches are obsolete with the update: - pam_access-doc-IPv6-link-local.patch - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch - disable-examples.patch - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. ==== pam-full-src ==== Version update (1.5.3 -> 1.6.0) - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of '\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \r and \n exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. - pam_unix: implemented string to number conversions validation. - pam_unix: fixed truncation of very long user names. - pam_unix: corrected rounds retrieval for configured encryption method. - pam_unix: implemented reliable usernames handling when remembering passwords. - pam_unix: changed to always run the helper to obtain shadow password entries. - pam_unix: unix_update helper binary is now built only if SELinux support is enabled. - pam_unix: added audit support to unix_update helper. - pam_userdb: added gdbm support. - Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. - The following patches are obsolete with the update: - pam_access-doc-IPv6-link-local.patch - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch - disable-examples.patch - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. ==== python-kiwi ==== Version update (9.25.22 -> 9.25.19)