Removed rpms ============ - samba-ad-dc-libs Added rpms ========== Package Source Changes ====================== cups +- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch + improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error + that fixes bsc#1191467, bsc#1198932: + "lpr reports 'No such file or directory' for missing catalogue files" + "/usr/bin/lpr: No such file or directory" +- after-network_target-sssd_service.patch + is derived from https://github.com/apple/cups/issues/5550 with its + https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee + and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch + to add "After=network.target sssd.service" to the systemd unit + source files cupsd.service.in and cups.cups-lpdAT.service.in + to fix bsc#1201234, bsc#1200321: + "Missing network dependency in systemd unit for cups-2.2.7" + "CUPS may not always start if sssd is in use" + +- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff + is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7 + which belongs to https://github.com/OpenPrinting/cups/issues/308 + that fixes bsc#1191525, bsc#1203446: + "Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)" + "/usr/bin/lpr: Error - The printer or class does not exist." + ghostscript +- CVE-2023-28879.patch fixes CVE-2023-28879 + Buffer Overflow in s_xBCPE_process + cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 + (bsc#1210062) +- 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch + fixes compilation with FreeType 2.10.3+ + cf. https://bugs.ghostscript.com/show_bug.cgi?id=702985 + haveged +- Synchronize haveged instances during switching root (bsc#1203079) + * Add haveged-switch-root.patch + kernel-default +- supported.conf: Move ns to kernel-*-extra (bsc#1209965) +- commit 54d8531 + +- s390/uaccess: add missing earlyclobber annotations to + __clear_user() (bsc#1209858). +- commit 7e310c6 + +- supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) +- commit 90db4f1 + +- bcache: fix wrong bdev parameter when calling bio_alloc_clone() + in do_bio_hook() (git-fixes, bsc#1205493). +- bcache: put bch_bio_map() back to correct location in + journal_write_unlocked() (git-fixes, bsc#1205493). +- bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). +- commit 7971642 + +- ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). +- commit 54b5b79 + +- scsi_disk kABI: add back members (bsc#1209092). +- scsi: sd: Revert "Rework asynchronous resume support" + (bsc#1209092). +- commit 15e2238 + +- Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. + Add corresponding upstream commit metadata and sort. +- commit ac8f8e6 + +- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). +- commit 2ee3a6c + +- scsi: smartpqi: Replace one-element array with flexible-array + member (bsc#1207315). +- scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). +- scsi: smartpqi: Initialize feature section info (bsc#1207315). +- scsi: smartpqi: Add controller cache flush during rmmod + (bsc#1207315). +- scsi: smartpqi: Correct device removal for multi-actuator + devices (bsc#1207315). +- scsi: smartpqi: Change sysfs raid_level attribute to N/A for + controllers (bsc#1207315). +- scsi: smartpqi: Correct max LUN number (bsc#1207315). +- scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). +- scsi: smartpqi: Convert to host_tagset (bsc#1207315). +- commit b83f575 + +- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). +- commit 14ee2c8 + manpages-l10n +- Update to version 4.18.1: Updated and added many translations. + samba +- Make (32bit) samba-libs conflict with old samba-ad-dc-libs + package to satisfy installcheck. + +- Make samba-libs conflict with old samba-ad-dc-libs package + to satisfy installcheck. + +- Remove non functioning ifup/ifdown samba-winbindd scripts; + (bsc#1207414). + +- libdsdb-module-samba4 should be packaged as part of samba-libs and + not samba-ad-dc-libs. Additionally no need for it to be + removed conditionally. + +- Clean up logic for PAM migration settings in spec file. + +- Change with_dc default to 0 (for non TW builds), ADDC feature is + deprecated and will no longer be included in >= SLE15-SP5; + (jsc#PED-1122). + +- Update to 4.17.4 + * CVE-2022-44640 Upstream Heimdal free of user-controlled + pointer in FAST; (bsc#14929); + * CVE-2021-20251 Bad password count not incremented atomically; + (bsc#14611); + * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; + (bsc#15203); + * CVE-2022-37966 rc4-hmac Kerberos session keys issued to + modern servers; (bso#15237); + * CVE-2022-37967 Kerberos constrained delegation ticket forgery + possible against Samba AD DC; (bso#15231); + * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak + and should be avoided; (bso#15240); + * pam_winbind uses time_t and pointers assuming they are of the + same size; (bso#15224); + * Heimdal session key selection in AS-REQ examines wrong entry; + (bso#15219); + * filter-subunit is inefficient with large numbers of + knownfails; (bso#15258); + * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; + (bso#15252); + * The KDC logic arround msDs-supportedEncryptionTypes differs + from Windows; (bso#13135); + * libnet: change_password() doesn't work with + dcerpc_samr_ChangePasswordUser4(); (bso#15206); + * Heimdal session key selection in AS-REQ examines wrong entry; + (bso#15219); + * Memory leak in snprintf replacement functions; (bso#15230); + * RODC doesn't reset badPwdCount reliable via an RWDC + (CVE-2021-20251 regression); (bso#15253); + * Prevent EBADF errors with vfs_glusterfs; (bso#15198); + * %U for include directive doesn't work for share listing + (netshareenum); (bso#15243); + * Stack smashing in net offlinejoin requestodj; (bso#15257); + * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; + (bso#15197); + * Heimdal session key selection in AS-REQ examines wrong entry; + (bso#15219); +- Remove deprecated if-{down,up} scripts; (bsc#1206444); +- Adjust the systemd drop-in file for named service; (bsc#1201689); + * Paths are additive so do not repeat paths from named.service + * Prefix the samba DLZ directory with "-" to ignore this path + if it does not exists + timezone +- timezone update 2023c: + * Revert changes made in 2023b +- timezone update 2023b: + * Lebanon delays the start of DST this year. +- timezone update 2023a: + * Egypt now uses DST again, from April through October. + * This year Morocco springs forward April 23, not April 30. + * Palestine delays the start of DST this year. + * Much of Greenland still uses DST from 2024 on. + * America/Yellowknife now links to America/Edmonton. + * tzselect can now use current time to help infer timezone. + * The code now defaults to C99 or later. +- Refresh tzdata-china.diff + yast2-storage-ng +- Adjusted detection of Dell BOSS devices (bsc#1200975). +- Partitioner: improved column Type for disks (bsc#1200975). +- 4.5.20 +