Packages changed: aaa_base (84.87+git20211102.80d7177 -> 84.87+git20211124.5486aad) catatonit libcap (2.59 -> 2.61) lua54 pam sssd (2.5.2 -> 2.6.1) === Details === ==== aaa_base ==== Version update (84.87+git20211102.80d7177 -> 84.87+git20211124.5486aad) - Clear term.sh and term.csh also from file list - Update to version 84.87+git20211124.5486aad: * Remove term.sh and term.csh: no COLORTERM anymore Avoid changing COLORTERM variable in urxvt (boo#1190833) ==== catatonit ==== - Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only once. Fix build with autocnf 2.71 / automake 1.16.5. ==== libcap ==== Version update (2.59 -> 2.61) - libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature ==== lua54 ==== - Update upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 7,8 for build and tests respectively. ==== pam ==== Subpackages: pam_unix - Don't define doc/manpages packages in main build - Add missing recommends and split provides - Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file. ==== sssd ==== Version update (2.5.2 -> 2.6.1) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_sssd-ifp.service.patch * harden_sssd-kcm.service.patch - Update to release 2.6.1 * New infopipe method FindByValidCertificate(). * The default value of the "ssh_hash_known_hosts" setting was changed to false for the sake of consistency with OpenSSH that does not hash host names by default. - Update to release 2.6.0 * Support of legacy json format for ccaches was dropped. * Support of long time deprecated secrets responder was dropped. * Support of long time deprecated local provider was dropped. * The sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands, which was fixed. * Basic support of user's 'subuid and subgid ranges' for IPA provider and corresponding plugin for shadow-utils were added.