Christian Hesse via arch-dev-public firstname.lastname@example.org on Fri, 2021/05/28 17:48:
the testing package libxcrypt 4.4.22-1 was reported to be bad... Andreas was forced to change his password on login, which resulted in him being locked out of his system. We are trying to clarify...
So I removed libxcrypt from [testing] for the time being.
I found the real issue: Our pam configurations for 'login' and 'su' were missing the configuration for 'password', thus updating expired password failed. This is now fixed in util-linux 2.37-2, which will move with libxcrypt 4.4.22.